8.124575][T12582] Memory cgroup out of memory: Killed process 11885 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 778.143256][T12615] input: syz1 as /devices/virtual/input/input30 [ 778.433862][T12606] input: syz1 as /devices/virtual/input/input31 [ 778.520365][T12582] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 778.530356][T12582] CPU: 1 PID: 12582 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 778.531859][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 778.539456][T12582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 778.539462][T12582] Call Trace: [ 778.539483][T12582] dump_stack+0x172/0x1f0 [ 778.539505][T12582] dump_header+0x10f/0xba6 [ 778.545300][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 778.555240][T12582] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 778.555271][T12582] ? ___ratelimit+0x60/0x595 [ 778.555287][T12582] ? do_raw_spin_unlock+0x57/0x270 [ 778.555312][T12582] oom_kill_process.cold+0x10/0x15 [ 778.593621][T12582] out_of_memory+0x79a/0x1280 [ 778.598283][T12582] ? lock_downgrade+0x880/0x880 [ 778.603127][T12582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.609357][T12582] ? oom_killer_disable+0x280/0x280 [ 778.614531][T12582] ? find_held_lock+0x35/0x130 [ 778.619282][T12582] mem_cgroup_out_of_memory+0x1ca/0x230 [ 778.624823][T12582] ? memcg_event_wake+0x230/0x230 [ 778.629842][T12582] ? do_raw_spin_unlock+0x57/0x270 [ 778.634937][T12582] ? _raw_spin_unlock+0x2d/0x50 [ 778.639772][T12582] try_charge+0x118d/0x1790 [ 778.644288][T12582] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 778.649826][T12582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.656047][T12582] ? kasan_check_read+0x11/0x20 [ 778.660878][T12582] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 778.666419][T12582] mem_cgroup_try_charge+0x24d/0x5e0 [ 778.671699][T12582] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 778.677318][T12582] wp_page_copy+0x408/0x1740 [ 778.681897][T12582] ? find_held_lock+0x35/0x130 [ 778.686671][T12582] ? pmd_pfn+0x1d0/0x1d0 [ 778.691879][T12582] ? lock_downgrade+0x880/0x880 [ 778.696721][T12582] ? swp_swapcount+0x540/0x540 [ 778.701505][T12582] ? kasan_check_read+0x11/0x20 [ 778.706355][T12582] ? do_raw_spin_unlock+0x57/0x270 [ 778.711460][T12582] do_wp_page+0x5d8/0x16c0 [ 778.715862][T12582] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 778.721218][T12582] __handle_mm_fault+0x22e8/0x3ec0 [ 778.726348][T12582] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 778.731900][T12582] ? find_held_lock+0x35/0x130 [ 778.736656][T12582] ? handle_mm_fault+0x322/0xb30 [ 778.741581][T12582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.747808][T12582] ? kasan_check_read+0x11/0x20 [ 778.752654][T12582] handle_mm_fault+0x43f/0xb30 [ 778.757411][T12582] __get_user_pages+0x7b6/0x1a40 [ 778.762355][T12582] ? follow_page_mask+0x19a0/0x19a0 [ 778.767545][T12582] ? perf_trace_lock+0xeb/0x510 [ 778.772387][T12582] ? __vma_adjust+0x1840/0x1840 [ 778.777240][T12582] ? lock_acquire+0x16f/0x3f0 [ 778.781909][T12582] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 778.788352][T12582] populate_vma_page_range+0x20d/0x2a0 [ 778.793825][T12582] __mm_populate+0x204/0x380 [ 778.798423][T12582] ? populate_vma_page_range+0x2a0/0x2a0 [ 778.804060][T12582] __x64_sys_mlockall+0x35c/0x520 [ 778.809081][T12582] do_syscall_64+0x103/0x610 [ 778.813669][T12582] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 778.819550][T12582] RIP: 0033:0x457e29 [ 778.823439][T12582] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 778.843037][T12582] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 778.851445][T12582] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 778.859873][T12582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 778.867939][T12582] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 778.875894][T12582] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 778.883854][T12582] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 778.892612][T12582] memory: usage 307200kB, limit 307200kB, failcnt 8422 [ 778.899528][T12582] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 778.907056][T12582] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 778.913961][T12582] Memory cgroup stats for /syz3: cache:0KB rss:293528KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:231740KB active_anon:43780KB inactive_file:0KB active_file:0KB unevictable:18128KB [ 778.936102][T12582] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12581,uid=0 [ 778.951493][T12582] Memory cgroup out of memory: Killed process 12581 (syz-executor.3) total-vm:72580kB, anon-rss:11960kB, file-rss:53544kB, shmem-rss:0kB [ 778.965891][ T1042] oom_reaper: reaped process 12581 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:01 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x4000000000, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x2000, 0x0) ioctl$CAPI_SET_FLAGS(r1, 0x80044324, &(0x7f0000000040)=0x1) 03:39:01 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x400300, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:01 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) fstat(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = getgid() r4 = getuid() stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = gettid() r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer\x00', 0x10000, 0x0) ioctl$sock_proto_private(r7, 0x89ec, &(0x7f0000000280)="237c2e22d16a4dd067e0e49bb9e513d997c8595c59a7c68eb18b4a8b1047fb60debcbba0b24b35e08a5eb5353f5594d71f4d8c7a4750987047d89b") ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000180)=0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f00000001c0)={{0x80000000, r2, r3, r4, r5, 0x1, 0x8}, 0x3, 0x12000, 0x400, 0x6, 0x6, 0x0, r6, r8}) 03:39:01 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$FS_IOC_ENABLE_VERITY(r1, 0x6685) ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000000)={0x6, 0x0, [{0xfffffffffffffffc, 0x4, 0x0, 0x0, @msi={0xfffffffffffffffa, 0x9, 0x8}}, {0x101, 0x1, 0x0, 0x0, @irqchip={0x4, 0xfff}}, {0x8, 0x7, 0x0, 0x0, @adapter={0x7, 0x8, 0x100, 0x2, 0x2}}, {0x2, 0x3, 0x0, 0x0, @sint={0x4, 0x1d}}, {0x5, 0x2, 0x0, 0x0, @sint={0xc8ee, 0xffffffff}}, {0xfffffffffffffffb, 0x7, 0x0, 0x0, @msi={0x9, 0x7bf, 0x8}}]}) listen(r0, 0x406) accept(r0, 0x0, 0x0) shutdown(r0, 0x0) 03:39:01 executing program 5: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x2, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr="fbc8ea85344a55198c65e7f53bad2035", 0x983f, 0x1, 0x0, 0x8, 0x1, 0xff}, &(0x7f0000000100)=0x20) unshare(0x8000400) r1 = mq_open(&(0x7f0000000080)=' \x00', 0x6e93ebbbcc0884f2, 0x0, 0x0) mq_notify(r1, 0x0) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xf8, 0x800) 03:39:01 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000005780)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f0000000000)=ANY=[@ANYRESDEC=0x0], 0xffffff8f) modify_ldt$write(0x1, &(0x7f0000000040)={0x1, 0x20000000, 0xffffffffffffffff, 0x3, 0x1f, 0x9c9, 0x3, 0x87, 0x100000001, 0xfffffffffffffff7}, 0x10) recvmmsg(r1, &(0x7f0000000a00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000500)=""/113, 0x71}], 0x1}}], 0x2, 0x0, 0x0) [ 779.091941][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 779.097796][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 779.103725][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 779.109511][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:39:01 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x1000000, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:01 executing program 5: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x1) timer_gettime(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(0x0) socket$inet6(0xa, 0x0, 0xffffffff) r1 = socket$inet6(0xa, 0x3, 0x9) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x0, 0x0, 0xff, 0x1, 0x0, 0x0, 0x10000}, 0x20) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) dup2(r0, r1) [ 779.169793][T12638] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 779.203652][T12638] CPU: 1 PID: 12638 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 779.212799][T12638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 779.225774][T12638] Call Trace: [ 779.229079][T12638] dump_stack+0x172/0x1f0 [ 779.233427][T12638] dump_header+0x10f/0xba6 [ 779.237854][T12638] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 779.244247][T12638] ? ___ratelimit+0x60/0x595 [ 779.248844][T12638] ? do_raw_spin_unlock+0x57/0x270 [ 779.253968][T12638] oom_kill_process.cold+0x10/0x15 [ 779.259089][T12638] out_of_memory+0x79a/0x1280 [ 779.263777][T12638] ? lock_downgrade+0x880/0x880 [ 779.268636][T12638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 779.274887][T12638] ? oom_killer_disable+0x280/0x280 [ 779.280092][T12638] ? find_held_lock+0x35/0x130 [ 779.284874][T12638] mem_cgroup_out_of_memory+0x1ca/0x230 [ 779.290427][T12638] ? memcg_event_wake+0x230/0x230 [ 779.295465][T12638] ? do_raw_spin_unlock+0x57/0x270 [ 779.300581][T12638] ? _raw_spin_unlock+0x2d/0x50 [ 779.305444][T12638] try_charge+0x118d/0x1790 [ 779.309964][T12638] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 779.315521][T12638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 03:39:01 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) close(0xffffffffffffffff) r0 = syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x8, 0x40) ioctl$TUNSETLINK(r0, 0x400454cd, 0x0) setsockopt$sock_void(r0, 0x1, 0x3f, 0x0, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0xa) r2 = syz_open_dev$sg(&(0x7f0000000080)='/dev/sg#\x00', 0x200, 0x8000) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000040)={0x0, {0x1, 0x4415, 0x7fffffff, 0x3}}) bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24) ioctl$TUNSETLINK(r2, 0x400454cd, 0x30f) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='/groa\xb2\x00', 0x2761, 0x0) r4 = perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r3, 0x29, 0xcd, &(0x7f0000000100)={{0xa, 0x4e23, 0x5, @mcast1, 0x8}, {0xa, 0x4e24, 0x1ff, @local, 0x80}, 0x5, [0x8, 0x0, 0x9, 0x9f06, 0x0, 0x80000000]}, 0x5c) close(r4) [ 779.321776][T12638] ? kasan_check_read+0x11/0x20 [ 779.326638][T12638] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 779.332198][T12638] mem_cgroup_try_charge+0x24d/0x5e0 [ 779.337492][T12638] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 779.343135][T12638] __handle_mm_fault+0x1e1f/0x3ec0 [ 779.348256][T12638] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 779.353814][T12638] ? find_held_lock+0x35/0x130 [ 779.358667][T12638] ? handle_mm_fault+0x322/0xb30 [ 779.363630][T12638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 779.369882][T12638] ? kasan_check_read+0x11/0x20 [ 779.374749][T12638] handle_mm_fault+0x43f/0xb30 [ 779.379522][T12638] __get_user_pages+0x7b6/0x1a40 [ 779.384480][T12638] ? follow_page_mask+0x19a0/0x19a0 [ 779.389685][T12638] ? perf_trace_lock+0xeb/0x510 [ 779.394549][T12638] ? __vma_adjust+0x1840/0x1840 [ 779.399413][T12638] ? lock_acquire+0x16f/0x3f0 [ 779.404094][T12638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 779.410343][T12638] populate_vma_page_range+0x20d/0x2a0 [ 779.415812][T12638] __mm_populate+0x204/0x380 03:39:02 executing program 5: r0 = socket$inet6(0xa, 0x807, 0x80002) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x4000000000002, 0x4, 0x100000001, 0x7, 0x0, 0x1}, 0x2c) mmap(&(0x7f000029d000/0x200000)=nil, 0x200000, 0x0, 0x8035, r0, 0x1) r1 = socket(0x10, 0x802, 0x0) write(r1, &(0x7f0000000040)="24000000210025f0a85f65021e0dbce9020400020004000182a9000c08000100194a7df5", 0x24) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200)='/dev/hwrng\x00', 0x200000, 0x0) accept4$ax25(r2, &(0x7f0000000040)={{}, [@default, @netrom, @remote, @rose, @default, @default, @default, @bcast]}, &(0x7f0000000240)=0xfffffffffffffd8d, 0x80800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x69, 0x0, 0x0, 0x800000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, @perf_bp={0x0}, 0x4000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x8080e, 0x10057) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000800)='/dev/dlm-monitor\x00', 0x408000, 0x0) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000040)='fou\x00') getpgid(0xffffffffffffffff) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x800, 0x7ff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000300)=0x6, 0x4) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'bond_slave_0\x00', 0x2}, 0x18) openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x0, 0x0) mount(&(0x7f0000000a00)=ANY=[@ANYBLOB="cb2b9b5255175d43fca389e340fe96132329bdfbaa11c5521288697c83a9f28c7ee1d8df70f2c6849d443d5bc274a1f15763852f82112b1d574dd383021e45f811e5acbf81b764dc4babfdf01646fa6053eb4f61d21f7985af9b2fca6ac5cdf9b99e6223658145b3617346e006f4758611d17206000000ddff000030d59dc700c87aa001f8fffffffffffffe7fbc75ddf39ce5106f0031f17ce46095af00d10e3a8db945026d98cd7149bc4db5db0aefb5e6c1a8dc3868a5c79df28f873f98e2bddce125001f8dbd7592b90b3a99e50000000000000000000000000000be803f2d7a95720b65f63c701a4445766ac2f6da6937fb837b620995562d7da1332bd3c09335a296de2b722fe258d443402c1f7c733266751f539245c63ebdf13b942970fba24afe32fabde909b45be9aa923d7dfb873b44b22f750f5c83ca9572897788b28b93b43cb9ff040b99ff8b0bf187ff7a90856b8e2334266ae18e454899e049e4deb587f873976f2ce3dee326be25f3203e74e23d29e52b800b22c149fbb03696debb9333cdeb4fa6b5ff80df42beb052bd76d916ea183d0f68d9306414e03ea311cd2b1594c087c02543f973e4ec256db290272eff75436001dc654cc102627a7666a348dcbd9a33b13fe12b7316299c74cb41f3972055397fd29836feea5d4e7088f50ae28d0b00a04e8565a83f567f72640b9904a8b19a990224409cf0827e460650b0734232e7b4e88d0ebb36f6000000000000c0fe5d322bd0b8bab901800000ffa5f00f790b888320df17fa477e63d0df8e9291f67141939596dfae272d14bb65a63ebf2ef41197160c276cf04f876ff7e985765d4c2bfbafc847d69e9b05a84179fcc9673ccec213cc5238432bf8f843f4b72f0d1cd14d3851510f488e3171e33319e075f8f471cc08e2e114eeb554e40bc3b71dfd2d6bcb221b3bbb3bcfdf631a66abdafe0581db15cd638fa2a0bf282ea002d4d1b42117a84bd83375f00248f872e30000000000000000000000000000000033955d7fcb34c6b40f60414aba524c8e24bfbbcd33fc649ac5683167a1d9f85f6e78194065bc715515d21c5ac5289ad51460b8530dbbfcd2e394a5d6185a992f34cf34964caea9ba5991377061d386cd5efb91570ce834113a9471b28b5ee421a42b0516333b4f06b82a7a1e8152b5cbc0c712dce67f253972c676a00e9a7ea7960dfedf76da905fc1eacc341e9879e6e3ac8394733f03d9e3c0480d5a4c15c075010c4956114acd9a9a36f6a8a766b72febf92530c746b1fdc94c970b05310990070b606f99434d1efeb6cba269518f5eb886c5d2faa99cad404f1c13b9836cfa234bcdf7cb03fe6e04fa6f84d029816f0b3cb30e481add8458248ae5ddc2f3a4955cedbe6f9735eee87fef9f27"], 0x0, 0x0, 0x2, 0x0) ioctl$TIOCNXCL(r4, 0x540d) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000), 0xe) r5 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x1, 0x0) ioctl(r5, 0xffffffdffbffffa4, &(0x7f0000000000)) syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x0, 0x82) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r4, 0x84, 0x1a, &(0x7f0000000180)=ANY=[@ANYRESHEX=r3], &(0x7f00000003c0)=0x1) r6 = add_key(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000140)="b4eadb38b4a9d370d15650c3b071bf19c763fd4f666fdf5c49b447cf3daece0c9e500cbd0a5d6798f9f7f6fff426b45163fce1585b25e2c72896", 0x3a, 0xfffffffffffffffd) r7 = request_key(&(0x7f0000000440)='.request_key_auth\x00', &(0x7f0000000480)={'syz', 0x3}, &(0x7f00000004c0)='\x00', r6) keyctl$instantiate_iov(0x14, r6, &(0x7f00000002c0)=[{&(0x7f0000000340)="9e56ef4bd4950a910aa50efa34396f4d2c1d437bc56a660551a362d5c9c77ea5d7323685e3ef56b0acc507db161858b0c1bfb85f5efb9c519c3c58afe76ca606cd736994743cd1a555a7afcdb982a9d1bcbc0737a3b02b865eb8f92393b5eb9866dff9902aa41b94a361", 0x6a}, {&(0x7f00000001c0)="a5a04b59e8b32e73e519e3e896c6c2139157", 0x12}, {&(0x7f0000000600)="fdb351a2c1df01b71be4bbb85f8ae363f9c195320cfa55c3160a778752b4d02777b091bff0462b8095a8e420c2398236ab946a0b281009141479245230a2c1b03e6240662296f7e840d1bd219929dd73ab2605811291de789de81e80a25a637a544690d54f7931374c26706c848b89e3536a3409455564913a832f5a2651a9df0bcfbb53dd93453a3f1229043f3dd932460f1bffa34367a7c6bce826b302936d7cbf6c615bd33115cb1dd541a98fd38eaeff6c65658cb2d86cf090e91f4af1b6933bc5ccaa36456c67b36523c24396e93c12f5a64e278e2e8eecbbb621506853b8cf2129e575dc77445e0b89f099b89cd57694e7fd970f48", 0xf8}, {&(0x7f0000000700)="4054bbda4f414820f6232ee64fefb5a180cffd266d6081f8194df3c1346410e6a8bf613f4704c213bfd8df2647158d4b0f644e4055a7a215ffee4d56b3c3592ac4863429761473398c2feaf201c778afb3d2789cfa6cde4de2945dec8eef46f697da8a2c8c76d006e9420a74390b70d5c18ef642d3db5c8577442a7747734328b8ed2eaf6ea75a6dffe0c64dbfbbe2548a702c8c5dc9e6086ffdb103169190d6d975ff56a096435f826e839fb15c0e8c26d4810e31bd887d76bfc36c2a0cc21cc9675ee0378a9058c88a4853db6e6f343baaa9076096e949a9c93a27b36ff5bda18d60", 0xe3}], 0x4, r7) r8 = semget$private(0x0, 0x2000000000000001, 0x0) semctl$GETALL(r8, 0x0, 0xd, &(0x7f0000000500)=""/219) [ 779.420413][T12638] ? populate_vma_page_range+0x2a0/0x2a0 [ 779.426067][T12638] __x64_sys_mlockall+0x35c/0x520 [ 779.431104][T12638] do_syscall_64+0x103/0x610 [ 779.435727][T12638] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 779.441621][T12638] RIP: 0033:0x457e29 [ 779.445526][T12638] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:39:02 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x2000000, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:02 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) r1 = syz_open_dev$dspn(&(0x7f0000000300)='/dev/dsp#\x00', 0x55, 0x803) socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000040)={0x0, @in6={{0xa, 0x4e24, 0x400, @loopback, 0x4}}}, &(0x7f0000000100)=0x84) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000140)={r2}, &(0x7f0000000180)=0x8) msgsnd(r0, &(0x7f00000001c0)={0x2, "aafa02d32f42a633d41215f4d6b9a23c1f8712aca60e64661dcefac5694bf52e2356d74ca69ebd879f80c8b9dc4f7c16098ad3ebab036333261db10cff74a155a301da1e228426a123dbe9913bb944f2f441eebfc78f68ee687df0a89af3b2c215cc72a7ae5beb5b6076bc82d16b64e0bb45780f2cdbc9602773e04cb0753fb4b5c12882529564fe79893583736b5a0f648e648556012ff05dc336f97ccec19c101be033eb740c8f6e11a8845d4c55db2b5b6c89eb2d39cb4fd0562f81a7880d4117bcb8d2ec8cbd63ebe2b6b7cb0298e946caefee880a20dc934ce3"}, 0xe4, 0x800) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 779.465131][T12638] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 779.473552][T12638] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 779.481522][T12638] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 779.489497][T12638] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 779.497473][T12638] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 779.505448][T12638] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 779.598623][T12638] memory: usage 307200kB, limit 307200kB, failcnt 8440 [ 779.606464][T12638] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 779.614522][T12638] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 779.621536][T12638] Memory cgroup stats for /syz3: cache:0KB rss:293620KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:239460KB active_anon:43792KB inactive_file:0KB active_file:0KB unevictable:10480KB [ 779.664144][T12638] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=11934,uid=0 [ 779.680760][T12638] Memory cgroup out of memory: Killed process 11934 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 779.703379][ T1042] oom_reaper: reaped process 11934 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 779.853184][T12638] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 779.863282][T12638] CPU: 1 PID: 12638 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 779.872394][T12638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 779.882443][T12638] Call Trace: [ 779.885751][T12638] dump_stack+0x172/0x1f0 [ 779.890094][T12638] dump_header+0x10f/0xba6 [ 779.894512][T12638] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 779.900315][T12638] ? ___ratelimit+0x60/0x595 [ 779.904898][T12638] ? do_raw_spin_unlock+0x57/0x270 [ 779.910007][T12638] oom_kill_process.cold+0x10/0x15 [ 779.915122][T12638] out_of_memory+0x79a/0x1280 [ 779.919814][T12638] ? lock_downgrade+0x880/0x880 [ 779.924672][T12638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 779.930921][T12638] ? oom_killer_disable+0x280/0x280 [ 779.936123][T12638] ? find_held_lock+0x35/0x130 [ 779.940902][T12638] mem_cgroup_out_of_memory+0x1ca/0x230 [ 779.946434][T12638] ? memcg_event_wake+0x230/0x230 [ 779.951463][T12638] ? do_raw_spin_unlock+0x57/0x270 [ 779.956579][T12638] ? _raw_spin_unlock+0x2d/0x50 [ 779.961444][T12638] try_charge+0x118d/0x1790 [ 779.965965][T12638] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 779.971515][T12638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 779.977758][T12638] ? kasan_check_read+0x11/0x20 [ 779.982635][T12638] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 779.988194][T12638] mem_cgroup_try_charge+0x24d/0x5e0 [ 779.993497][T12638] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 779.999144][T12638] wp_page_copy+0x408/0x1740 [ 780.003730][T12638] ? find_held_lock+0x35/0x130 [ 780.008502][T12638] ? pmd_pfn+0x1d0/0x1d0 [ 780.012745][T12638] ? lock_downgrade+0x880/0x880 [ 780.017595][T12638] ? swp_swapcount+0x540/0x540 [ 780.022361][T12638] ? kasan_check_read+0x11/0x20 [ 780.027195][T12638] ? do_raw_spin_unlock+0x57/0x270 [ 780.032300][T12638] do_wp_page+0x5d8/0x16c0 [ 780.036731][T12638] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 780.042115][T12638] __handle_mm_fault+0x22e8/0x3ec0 [ 780.047217][T12638] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 780.052752][T12638] ? find_held_lock+0x35/0x130 [ 780.057513][T12638] ? handle_mm_fault+0x322/0xb30 [ 780.062452][T12638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 780.068672][T12638] ? kasan_check_read+0x11/0x20 [ 780.073526][T12638] handle_mm_fault+0x43f/0xb30 [ 780.078299][T12638] __get_user_pages+0x7b6/0x1a40 [ 780.083232][T12638] ? follow_page_mask+0x19a0/0x19a0 [ 780.088409][T12638] ? perf_trace_lock+0xeb/0x510 [ 780.093254][T12638] ? __vma_adjust+0x1840/0x1840 [ 780.098113][T12638] ? lock_acquire+0x16f/0x3f0 [ 780.102815][T12638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 780.109040][T12638] populate_vma_page_range+0x20d/0x2a0 [ 780.114493][T12638] __mm_populate+0x204/0x380 [ 780.119089][T12638] ? populate_vma_page_range+0x2a0/0x2a0 [ 780.124726][T12638] __x64_sys_mlockall+0x35c/0x520 [ 780.129734][T12638] do_syscall_64+0x103/0x610 [ 780.134322][T12638] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 780.140202][T12638] RIP: 0033:0x457e29 [ 780.144080][T12638] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 780.163668][T12638] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 780.172070][T12638] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 780.180050][T12638] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 780.188005][T12638] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 780.195968][T12638] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 780.203931][T12638] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 780.212108][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 780.217922][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 780.225578][T12638] memory: usage 307200kB, limit 307200kB, failcnt 8452 [ 780.232537][T12638] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 780.239996][T12638] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 780.247041][T12638] Memory cgroup stats for /syz3: cache:0KB rss:293552KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:229684KB active_anon:43784KB inactive_file:0KB active_file:0KB unevictable:20164KB [ 780.270445][T12638] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12637,uid=0 [ 780.285997][T12638] Memory cgroup out of memory: Killed process 12637 (syz-executor.3) total-vm:72580kB, anon-rss:11960kB, file-rss:53544kB, shmem-rss:0kB [ 780.300368][ T1042] oom_reaper: reaped process 12637 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:03 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) unshare(0x400) 03:39:03 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x8, 0x10000) ioctl$TCXONC(r0, 0x540a, 0x8) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000000c0)=0x0) r3 = syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x2, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@loopback, @local, @loopback}, 0xc) r4 = accept4$tipc(r3, 0x0, &(0x7f0000000180), 0x800) kcmp$KCMP_EPOLL_TFD(r2, r2, 0x7, r1, &(0x7f0000000240)={r1, r4, 0x6}) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@RTM_NEWNSID={0x34, 0x58, 0x0, 0x70bd2b, 0x25dfdbff, {}, [@NETNSA_PID={0x8, 0x2, r2}, @NETNSA_NSID={0x8}, @NETNSA_NSID={0x8, 0x1, 0x4}, @NETNSA_FD={0x8, 0x3, r3}]}, 0x34}}, 0xfffffffffffffff9) getsockopt$IP6T_SO_GET_ENTRIES(r3, 0x29, 0x41, &(0x7f0000000280)={'mangle\x00', 0x87, "78c050fb94f8a61c67415c8e4eb94cb6d9544bbbfe01431c05a00e0ef33fd9a5d73d684165e7481fa535332ff307769c66071f4a85b526cc9158dc54707f4a1d88826c14bb9be06dbdd56f539947b93aca4b9aefd7d74b06ac076d0ef7804d9d06265e467f79cc8195d19fe9671be9d67beec9355bb4df2fed0706938b22461be68b05f2ff6c42"}, &(0x7f0000000340)=0xab) 03:39:03 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000400)='/dev/bus/usb/00#/00#\x00', 0x7, 0x2300) ioctl$SIOCNRDECOBS(r1, 0x89e2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = add_key(0x0, 0x0, &(0x7f0000000640)="9cb71e24b0bb6f50a6dc6f63c533eb6c27bd38be519d110af711f1d9d767021c8c92305618b8c5deb7b663f3bfee7695efc496f55c1f9437a4b6d16f38ad5be723ee066cd46431e0faa7f9992da457bc8bcacfd35a416591d429a70972cfff04bf674a3f506aa8aaf6fe998d691be31a65dd124aa279c03534008d9e54423ecdf09b182e6ce0873781f1bab1e9fed3", 0x8f, 0xfffffffffffffff9) r5 = request_key(&(0x7f0000000700)='.dead\x00', 0x0, &(0x7f0000000780)='user\x00', 0xfffffffffffffffb) keyctl$negate(0xd, r4, 0x1, r5) syz_mount_image$hfs(&(0x7f0000001980)='hfs\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB="40617fbb78e620e900fafe7db4d9573d4e410e4659db47a32c188446dde299112d7835e4f911bda4025ab79aa2ad081c517adc49b46a540ae36d20bdeecb2dedc99f73d784464462bb9eae64cd5cf0a4b155f2eaaee1be9c73c3d418d1e043275c5124d7d06f5025bc921eea4089ab17d63885bb6600ad2cd51a5632221656cc64b40a2892422749c62ba9dd259d1f71fbe44b24276be06fc2783aa4e3989037011bb0297db1e68aebb0ce6de4140bc390bbea87b962c91f9b5b08d030e5609c243a947edcbe770d0c6ccde03e6205b63a7c055b5ee184548e391ce187bb20fec333454ff081e89a97d00f", @ANYPTR=&(0x7f0000000740)=ANY=[@ANYRES32=0x0, @ANYRES16=r3, @ANYRES64=r4, @ANYRESDEC], @ANYPTR=&(0x7f0000001800)=ANY=[@ANYRES16=r3], @ANYRES32=r2]) r6 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles\x00', 0xc3, 0x0) r7 = shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x6000) shmdt(r7) ioctl$TUNGETFILTER(r6, 0x801054db, &(0x7f0000000340)=""/74) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r6, 0x84, 0x8, &(0x7f0000000140)=0xe7f, 0x4) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8) add_key$user(&(0x7f00000004c0)='user\x00', &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, r5) getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000000580)=""/94, &(0x7f0000000100)=0x5e) r8 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_read_part_table(0x0, 0x1, &(0x7f0000000480)=[{&(0x7f0000010000)="000068000000000000000000000000008128b14700000000d59863d20000000002000f2020cc00000000ff0700000000000000000000000000000000000000000000000000000000000000000000000000000000000000008a6e94c0000055aa", 0x60, 0x1a0}]) write(r8, 0x0, 0xfd54) add_key(&(0x7f00000002c0)='.dead\x00', &(0x7f0000001940)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) perf_event_open(&(0x7f0000000500)={0x3, 0x70, 0x6, 0x5, 0x9, 0x0, 0x0, 0x0, 0x40, 0x0, 0x9, 0x0, 0x8, 0x0, 0x1, 0x6, 0x5, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x4f0e1827, 0x49b6, 0x0, 0x2, 0xad4f, 0x3f, 0x0, 0x873, 0x3, 0x0, 0x800, 0x0, 0x0, 0x200, 0x0, 0x0, 0x4, @perf_config_ext={0x0, 0x100000001}, 0x404, 0x35a1c1a3}, 0x0, 0xd, 0xffffffffffffffff, 0x8) r9 = semget$private(0x0, 0x1, 0x400) semctl$GETPID(r9, 0x3, 0xb, &(0x7f00000007c0)=""/4096) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x4000, 0x0, 0x0, 0x2) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) ioctl$CAPI_SET_FLAGS(r1, 0x80044324, &(0x7f0000000180)=0x1) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:03 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0xe0000000, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x8000, 0x0) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r1, &(0x7f0000000040)={0x4}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockname$inet(r3, &(0x7f0000000080)={0x2, 0x0, @initdev}, &(0x7f00000000c0)=0x10) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 03:39:03 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x484000, 0x0) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000040)=0x3, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) listen(r0, 0x406) accept(r0, 0x0, 0x0) shutdown(r0, 0x0) 03:39:03 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x12) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f00000005c0)={'dummy0\x00', 0x400}) socketpair(0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)='memory.swap.max\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$cgroup_pid(r1, &(0x7f0000000400), 0x12) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000280)='cgroup.type\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40086602, 0x400007) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0xff4a) write$cgroup_subtree(r1, 0x0, 0x26) accept4$llc(r2, &(0x7f0000000480)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f00000004c0)=0x10, 0x80000) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0x12) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x20032600) close(r0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x10, 0x0, &(0x7f0000000100)="9353b20d6f334e40f92ae15ea0324f8f", 0x0, 0x5}, 0x28) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a0f, 0x1700) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000003c0)={r1, 0x28, &(0x7f0000000300)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000540)={r3, 0x5, 0x10}, 0xc) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) gettid() r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x7ffb, 0x0) ioctl$TUNSETVNETLE(r4, 0x400454dc, &(0x7f0000000440)) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='cgroup.type\x00', 0x2, 0x0) 03:39:03 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0xeffdffff, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:03 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x800000000047) openat$pfkey(0xffffffffffffff9c, 0x0, 0x400, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr="ffe91ccd0922bb9fe7f05e2ffad14a94"}, 0x1c) sendmmsg(r0, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000380), 0x3}, 0x5}], 0x169, 0x0) [ 780.552889][T12694] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 780.591876][T12694] CPU: 1 PID: 12694 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 780.601032][T12694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 780.611100][T12694] Call Trace: [ 780.614401][T12694] dump_stack+0x172/0x1f0 [ 780.618744][T12694] dump_header+0x10f/0xba6 [ 780.623175][T12694] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 780.628987][T12694] ? ___ratelimit+0x60/0x595 [ 780.633582][T12694] ? do_raw_spin_unlock+0x57/0x270 [ 780.638704][T12694] oom_kill_process.cold+0x10/0x15 [ 780.643831][T12694] out_of_memory+0x79a/0x1280 [ 780.648520][T12694] ? lock_downgrade+0x880/0x880 03:39:03 executing program 2: r0 = msgget(0x1, 0x2) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) msgrcv(r0, 0x0, 0xfffffffffffffdc9, 0x0, 0x80000000000000) flistxattr(r1, &(0x7f0000000000)=""/118, 0x76) msgrcv(r0, 0x0, 0x126, 0x1, 0xffffffffffffffff) fcntl$getown(r1, 0x9) msgctl$IPC_RMID(r0, 0x0) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000400)='/dev/rtc0\x00', 0x2, 0x0) getsockopt$X25_QBITINCL(r2, 0x106, 0x1, &(0x7f0000000440), &(0x7f0000000480)=0x316) lseek(r2, 0x0, 0x2) [ 780.653377][T12694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 780.659632][T12694] ? oom_killer_disable+0x280/0x280 [ 780.664839][T12694] ? find_held_lock+0x35/0x130 [ 780.669620][T12694] mem_cgroup_out_of_memory+0x1ca/0x230 [ 780.675168][T12694] ? memcg_event_wake+0x230/0x230 [ 780.680205][T12694] ? do_raw_spin_unlock+0x57/0x270 [ 780.685326][T12694] ? _raw_spin_unlock+0x2d/0x50 [ 780.691031][T12694] try_charge+0x118d/0x1790 [ 780.697116][T12694] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 780.705414][T12694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 780.713102][T12694] ? kasan_check_read+0x11/0x20 [ 780.719685][T12694] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 780.725245][T12694] mem_cgroup_try_charge+0x24d/0x5e0 [ 780.730545][T12694] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 780.736181][T12694] __handle_mm_fault+0x1e1f/0x3ec0 [ 780.741310][T12694] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 780.746865][T12694] ? find_held_lock+0x35/0x130 [ 780.751640][T12694] ? handle_mm_fault+0x322/0xb30 [ 780.756606][T12694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 780.762860][T12694] ? sync_mm_rss+0xa4/0x1c0 [ 780.767379][T12694] handle_mm_fault+0x43f/0xb30 [ 780.772160][T12694] __get_user_pages+0x7b6/0x1a40 [ 780.777126][T12694] ? follow_page_mask+0x19a0/0x19a0 [ 780.782327][T12694] ? perf_trace_lock+0xeb/0x510 [ 780.787184][T12694] ? __vma_adjust+0x1840/0x1840 [ 780.792041][T12694] ? lock_acquire+0x16f/0x3f0 [ 780.792060][T12694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 780.792088][T12694] populate_vma_page_range+0x20d/0x2a0 [ 780.792111][T12694] __mm_populate+0x204/0x380 [ 780.792130][T12694] ? populate_vma_page_range+0x2a0/0x2a0 [ 780.792159][T12694] __x64_sys_mlockall+0x35c/0x520 [ 780.792180][T12694] do_syscall_64+0x103/0x610 [ 780.792200][T12694] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 780.792216][T12694] RIP: 0033:0x457e29 03:39:03 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0xff030000, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 780.803099][T12694] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 780.803108][T12694] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 780.803121][T12694] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 780.803130][T12694] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 780.803138][T12694] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 780.803147][T12694] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 03:39:03 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x40) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='stat\x00') ioctl$IMDELTIMER(r1, 0x80044941, &(0x7f0000000040)) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 780.803156][T12694] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 781.053037][T12694] memory: usage 307200kB, limit 307200kB, failcnt 8493 [ 781.074212][T12694] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 781.099859][T12694] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 781.186543][T12694] Memory cgroup stats for /syz3: cache:0KB rss:293660KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:239456KB active_anon:43796KB inactive_file:0KB active_file:0KB unevictable:10452KB [ 781.232335][ T26] audit: type=1804 audit(2000000343.850:604): pid=12711 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir951611500/syzkaller.syZmRO/955/memory.events" dev="sda1" ino=17506 res=1 [ 781.306324][ T26] audit: type=1800 audit(2000000343.850:605): pid=12711 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="memory.events" dev="sda1" ino=17506 res=0 [ 781.334757][T12694] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=11999,uid=0 [ 781.360750][T12694] Memory cgroup out of memory: Killed process 11999 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 781.406692][ T26] audit: type=1800 audit(2000000344.030:606): pid=12727 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="memory.events" dev="sda1" ino=17506 res=0 [ 781.607262][T12694] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 781.617251][T12694] CPU: 1 PID: 12694 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 781.626334][T12694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 781.636366][T12694] Call Trace: [ 781.639641][T12694] dump_stack+0x172/0x1f0 [ 781.643960][T12694] dump_header+0x10f/0xba6 [ 781.648359][T12694] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 781.654150][T12694] ? ___ratelimit+0x60/0x595 [ 781.658735][T12694] ? do_raw_spin_unlock+0x57/0x270 [ 781.663832][T12694] oom_kill_process.cold+0x10/0x15 [ 781.668923][T12694] out_of_memory+0x79a/0x1280 [ 781.673581][T12694] ? lock_downgrade+0x880/0x880 [ 781.678409][T12694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.684628][T12694] ? oom_killer_disable+0x280/0x280 [ 781.689804][T12694] ? find_held_lock+0x35/0x130 [ 781.694558][T12694] mem_cgroup_out_of_memory+0x1ca/0x230 [ 781.700080][T12694] ? memcg_event_wake+0x230/0x230 [ 781.705087][T12694] ? do_raw_spin_unlock+0x57/0x270 [ 781.710179][T12694] ? _raw_spin_unlock+0x2d/0x50 [ 781.715024][T12694] try_charge+0x118d/0x1790 [ 781.719516][T12694] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 781.725045][T12694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.731269][T12694] ? kasan_check_read+0x11/0x20 [ 781.736104][T12694] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 781.741634][T12694] mem_cgroup_try_charge+0x24d/0x5e0 [ 781.746911][T12694] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 781.752521][T12694] wp_page_copy+0x408/0x1740 [ 781.757100][T12694] ? find_held_lock+0x35/0x130 [ 781.761844][T12694] ? pmd_pfn+0x1d0/0x1d0 [ 781.766067][T12694] ? lock_downgrade+0x880/0x880 [ 781.770901][T12694] ? swp_swapcount+0x540/0x540 [ 781.775648][T12694] ? kasan_check_read+0x11/0x20 [ 781.780481][T12694] ? do_raw_spin_unlock+0x57/0x270 [ 781.785607][T12694] do_wp_page+0x5d8/0x16c0 [ 781.790013][T12694] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 781.795385][T12694] __handle_mm_fault+0x22e8/0x3ec0 [ 781.800482][T12694] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 781.806015][T12694] ? find_held_lock+0x35/0x130 [ 781.810758][T12694] ? handle_mm_fault+0x322/0xb30 [ 781.815688][T12694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.821914][T12694] ? kasan_check_read+0x11/0x20 [ 781.826756][T12694] handle_mm_fault+0x43f/0xb30 [ 781.831504][T12694] __get_user_pages+0x7b6/0x1a40 [ 781.836424][T12694] ? follow_page_mask+0x19a0/0x19a0 [ 781.841598][T12694] ? perf_trace_lock+0xeb/0x510 [ 781.846424][T12694] ? __vma_adjust+0x1840/0x1840 [ 781.851257][T12694] ? lock_acquire+0x16f/0x3f0 [ 781.855912][T12694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 781.862149][T12694] populate_vma_page_range+0x20d/0x2a0 [ 781.867634][T12694] __mm_populate+0x204/0x380 [ 781.872221][T12694] ? populate_vma_page_range+0x2a0/0x2a0 [ 781.877839][T12694] __x64_sys_mlockall+0x35c/0x520 [ 781.882859][T12694] do_syscall_64+0x103/0x610 [ 781.887434][T12694] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 781.893304][T12694] RIP: 0033:0x457e29 [ 781.897179][T12694] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 781.916790][T12694] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 781.925189][T12694] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 781.933149][T12694] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 781.941100][T12694] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 781.949050][T12694] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 781.957017][T12694] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 781.965373][T12694] memory: usage 307200kB, limit 307200kB, failcnt 8520 [ 781.972301][T12694] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 781.980936][T12694] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 781.987879][T12694] Memory cgroup stats for /syz3: cache:0KB rss:293480KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:231704KB active_anon:43784KB inactive_file:0KB active_file:0KB unevictable:18128KB [ 782.010055][T12694] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12690,uid=0 [ 782.025492][T12694] Memory cgroup out of memory: Killed process 12690 (syz-executor.3) total-vm:72580kB, anon-rss:11960kB, file-rss:53544kB, shmem-rss:0kB [ 782.039933][ T1042] oom_reaper: reaped process 12690 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:04 executing program 3: mlockall(0x1) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x2000, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x4) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:04 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0xfffffdef, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:04 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_tcp_int(r0, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000040), 0x4) r1 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x4, 0x8000) setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f00000000c0)=0x6, 0x1) 03:39:04 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x3bf, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = dup(0xffffffffffffffff) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000040)={{{@in=@broadcast, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @remote}}, 0x0, @in6=@mcast1}}, &(0x7f0000000140)=0xe8) getresgid(&(0x7f0000000180), &(0x7f00000001c0)=0x0, &(0x7f0000000200)) getresuid(&(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)=0x0) getresgid(&(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000380)=0x0) r6 = fcntl$getown(r1, 0x9) r7 = fcntl$getown(r1, 0x9) msgctl$IPC_SET(r0, 0x1, &(0x7f00000003c0)={{0x8, r2, r3, r4, r5, 0x2, 0xffffffffffffffff}, 0x0, 0x800, 0x80000000, 0x4, 0x337a, 0x87b, r6, r7}) bind$bt_rfcomm(r1, &(0x7f0000000000)={0x1f, {0xff, 0x6, 0x5, 0x5, 0x80000001, 0x1}, 0x1}, 0xa) 03:39:04 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x12) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f00000005c0)={'dummy0\x00', 0x400}) socketpair(0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)='memory.swap.max\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) write$cgroup_pid(r1, &(0x7f0000000400), 0x12) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000280)='cgroup.type\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40086602, 0x400007) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0xff4a) write$cgroup_subtree(r1, 0x0, 0x26) accept4$llc(r2, &(0x7f0000000480)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f00000004c0)=0x10, 0x80000) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0x12) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x20032600) close(r0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x10, 0x0, &(0x7f0000000100)="9353b20d6f334e40f92ae15ea0324f8f", 0x0, 0x5}, 0x28) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a0f, 0x1700) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000003c0)={r1, 0x28, &(0x7f0000000300)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000540)={r3, 0x5, 0x10}, 0xc) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) gettid() r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/net/tun\x00', 0x7ffb, 0x0) ioctl$TUNSETVNETLE(r4, 0x400454dc, &(0x7f0000000440)) openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000040)='cgroup.type\x00', 0x2, 0x0) 03:39:04 executing program 5: r0 = perf_event_open(&(0x7f0000000600)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = gettid() perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x8, 0x0, 0x9, 0x8, 0x0, 0x3, 0x40, 0xf, 0x1000, 0x1, 0x7fff, 0x8, 0x3, 0x1, 0x40, 0x4, 0x6, 0x3, 0x7fff, 0x7ff, 0x3, 0x7, 0x3f, 0x14bf, 0xc2, 0x67f7, 0x9, 0x63, 0x4296085, 0x9, 0x0, 0x2, 0x0, 0x6da, 0x88, 0xfff, 0x0, 0x0, 0x5, @perf_config_ext={0xffffffffffffffe0, 0x3}, 0x2, 0x1, 0x0, 0x7, 0x7, 0x7fff, 0x544f}, r1, 0xf, r0, 0x8) readv(r0, &(0x7f0000000100)=[{&(0x7f0000000000)=""/83, 0x53}], 0x1) 03:39:04 executing program 5: openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x200000, 0x0) r0 = socket$inet(0x2b, 0x1, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23}, 0x10) getpeername$inet(r0, 0x0, &(0x7f0000000100)) accept4$packet(0xffffffffffffff9c, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000040)=0x14, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'\x00', r1}) 03:39:04 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x4000000000000, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:04 executing program 4: fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000040)={0x0, 0x0}) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000080)=0x0) r2 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video0\x00', 0x2, 0x0) r3 = openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/current\x00', 0x2, 0x0) kcmp(r0, r1, 0x7, r2, r3) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r4, 0x3310, 0x0) [ 782.349494][T12751] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 782.373017][T12751] CPU: 1 PID: 12751 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 782.382170][T12751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 782.392230][T12751] Call Trace: [ 782.395533][T12751] dump_stack+0x172/0x1f0 [ 782.399882][T12751] dump_header+0x10f/0xba6 [ 782.404308][T12751] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 782.410125][T12751] ? ___ratelimit+0x60/0x595 [ 782.414721][T12751] ? do_raw_spin_unlock+0x57/0x270 [ 782.419840][T12751] oom_kill_process.cold+0x10/0x15 [ 782.424963][T12751] out_of_memory+0x79a/0x1280 [ 782.429650][T12751] ? lock_downgrade+0x880/0x880 [ 782.434509][T12751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.440755][T12751] ? oom_killer_disable+0x280/0x280 [ 782.445962][T12751] ? find_held_lock+0x35/0x130 [ 782.450745][T12751] mem_cgroup_out_of_memory+0x1ca/0x230 [ 782.456297][T12751] ? memcg_event_wake+0x230/0x230 [ 782.461342][T12751] ? do_raw_spin_unlock+0x57/0x270 [ 782.466468][T12751] ? _raw_spin_unlock+0x2d/0x50 [ 782.471335][T12751] try_charge+0x118d/0x1790 [ 782.475859][T12751] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 782.481413][T12751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.487663][T12751] ? kasan_check_read+0x11/0x20 [ 782.492531][T12751] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 782.498096][T12751] mem_cgroup_try_charge+0x24d/0x5e0 [ 782.503396][T12751] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 782.509041][T12751] __handle_mm_fault+0x1e1f/0x3ec0 [ 782.514171][T12751] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 782.519721][T12751] ? find_held_lock+0x35/0x130 [ 782.524512][T12751] ? handle_mm_fault+0x322/0xb30 [ 782.529473][T12751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.535725][T12751] ? kasan_check_read+0x11/0x20 [ 782.540588][T12751] handle_mm_fault+0x43f/0xb30 [ 782.545358][T12751] __get_user_pages+0x7b6/0x1a40 [ 782.550315][T12751] ? follow_page_mask+0x19a0/0x19a0 [ 782.555523][T12751] ? perf_trace_lock+0xeb/0x510 [ 782.560372][T12751] ? __vma_adjust+0x1840/0x1840 [ 782.565150][ T26] audit: type=1804 audit(2000000345.000:607): pid=12753 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir951611500/syzkaller.syZmRO/956/memory.events" dev="sda1" ino=17473 res=1 [ 782.565224][T12751] ? lock_acquire+0x16f/0x3f0 03:39:05 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xfffffffffffffff7, 0x10000) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000040)={0x6, 0x6, 0x0, 'queue1\x00', 0x5}) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:05 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x1}], 0x100000c7, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r1, 0x6, &(0x7f0000000040)=""/158) r2 = syz_open_procfs(0x0, &(0x7f0000000200)='mountstats\x00:\xc7U\x18N\x95\'|\x85_\f\x10\x161\f\xb2R\xf1\xf3\xbb\xce\x1c\x19\xe1s\xf5\x7f\xd7\x1eB\xa10\x01\x10I\xab\xaf\xf4x\xd9\xbc\"HAP\xff\xbb\x8e\x81I\xb4\xa5\xeb\x9c\xc0e\x82\v\xc62\xd4\x1c\x1ee\xeb\x04SR*\f=*\xfd\xa8kv\xc9\x11\xce\xec') preadv(r2, &(0x7f0000000480), 0x1000000000000269, 0x0) 03:39:05 executing program 0: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0xc) setresuid(0x0, r2, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x5) [ 782.590790][ T26] audit: type=1800 audit(2000000345.000:608): pid=12753 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="memory.events" dev="sda1" ino=17473 res=0 [ 782.595202][T12751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 782.595225][T12751] populate_vma_page_range+0x20d/0x2a0 [ 782.595248][T12751] __mm_populate+0x204/0x380 [ 782.595269][T12751] ? populate_vma_page_range+0x2a0/0x2a0 [ 782.595301][T12751] __x64_sys_mlockall+0x35c/0x520 [ 782.643224][T12751] do_syscall_64+0x103/0x610 [ 782.643250][T12751] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 782.643263][T12751] RIP: 0033:0x457e29 [ 782.643279][T12751] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 782.643287][T12751] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 782.643306][T12751] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 782.653746][T12751] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 782.653756][T12751] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 782.653766][T12751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 782.653776][T12751] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 782.656224][T12751] memory: usage 307200kB, limit 307200kB, failcnt 8543 [ 782.678325][T12751] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 782.678341][T12751] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 782.711346][T12751] Memory cgroup stats for /syz3: cache:0KB rss:293620KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:239456KB active_anon:43796KB inactive_file:0KB active_file:0KB unevictable:10432KB [ 782.735930][T12751] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12114,uid=0 [ 782.748952][T12751] Memory cgroup out of memory: Killed process 12114 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 783.008105][T12751] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 783.018230][T12751] CPU: 0 PID: 12751 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 783.027555][T12751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 783.037601][T12751] Call Trace: [ 783.040901][T12751] dump_stack+0x172/0x1f0 [ 783.045231][T12751] dump_header+0x10f/0xba6 [ 783.049642][T12751] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 783.055427][T12751] ? ___ratelimit+0x60/0x595 [ 783.060000][T12751] ? do_raw_spin_unlock+0x57/0x270 [ 783.065108][T12751] oom_kill_process.cold+0x10/0x15 [ 783.070210][T12751] out_of_memory+0x79a/0x1280 [ 783.074870][T12751] ? lock_downgrade+0x880/0x880 [ 783.079704][T12751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.085936][T12751] ? oom_killer_disable+0x280/0x280 [ 783.091130][T12751] ? find_held_lock+0x35/0x130 [ 783.095906][T12751] mem_cgroup_out_of_memory+0x1ca/0x230 [ 783.101469][T12751] ? memcg_event_wake+0x230/0x230 [ 783.106492][T12751] ? do_raw_spin_unlock+0x57/0x270 [ 783.111595][T12751] ? _raw_spin_unlock+0x2d/0x50 [ 783.116533][T12751] try_charge+0x118d/0x1790 [ 783.121021][T12751] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 783.126560][T12751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.132918][T12751] ? kasan_check_read+0x11/0x20 [ 783.137765][T12751] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 783.143309][T12751] mem_cgroup_try_charge+0x24d/0x5e0 [ 783.148591][T12751] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 783.154206][T12751] wp_page_copy+0x408/0x1740 [ 783.158864][T12751] ? find_held_lock+0x35/0x130 [ 783.163631][T12751] ? pmd_pfn+0x1d0/0x1d0 [ 783.167887][T12751] ? lock_downgrade+0x880/0x880 [ 783.172760][T12751] ? swp_swapcount+0x540/0x540 [ 783.177518][T12751] ? kasan_check_read+0x11/0x20 [ 783.182358][T12751] ? do_raw_spin_unlock+0x57/0x270 [ 783.187462][T12751] do_wp_page+0x5d8/0x16c0 [ 783.191881][T12751] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 783.197249][T12751] __handle_mm_fault+0x22e8/0x3ec0 [ 783.202355][T12751] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 783.207899][T12751] ? find_held_lock+0x35/0x130 [ 783.212654][T12751] ? handle_mm_fault+0x322/0xb30 [ 783.217591][T12751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.223830][T12751] ? kasan_check_read+0x11/0x20 [ 783.228693][T12751] handle_mm_fault+0x43f/0xb30 [ 783.233454][T12751] __get_user_pages+0x7b6/0x1a40 [ 783.238381][T12751] ? follow_page_mask+0x19a0/0x19a0 [ 783.243566][T12751] ? perf_trace_lock+0xeb/0x510 [ 783.248407][T12751] ? __vma_adjust+0x1840/0x1840 [ 783.253242][T12751] ? lock_acquire+0x16f/0x3f0 [ 783.257900][T12751] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.264138][T12751] populate_vma_page_range+0x20d/0x2a0 [ 783.269591][T12751] __mm_populate+0x204/0x380 [ 783.274164][T12751] ? populate_vma_page_range+0x2a0/0x2a0 [ 783.279785][T12751] __x64_sys_mlockall+0x35c/0x520 [ 783.284805][T12751] do_syscall_64+0x103/0x610 [ 783.289445][T12751] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 783.295318][T12751] RIP: 0033:0x457e29 [ 783.299192][T12751] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 783.318776][T12751] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 783.327175][T12751] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 783.335141][T12751] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 783.343098][T12751] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 783.351058][T12751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 783.359007][T12751] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 783.367383][ C0] net_ratelimit: 10 callbacks suppressed [ 783.367391][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 783.378796][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 783.384717][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 783.390460][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 783.397729][T12751] memory: usage 307200kB, limit 307200kB, failcnt 8591 [ 783.404624][T12751] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 783.413140][T12751] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 783.420036][T12751] Memory cgroup stats for /syz3: cache:0KB rss:293484KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:231700KB active_anon:43780KB inactive_file:0KB active_file:0KB unevictable:18128KB [ 783.443021][T12751] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12746,uid=0 [ 783.458588][T12751] Memory cgroup out of memory: Killed process 12746 (syz-executor.3) total-vm:72580kB, anon-rss:11956kB, file-rss:53544kB, shmem-rss:0kB [ 783.474646][ T1042] oom_reaper: reaped process 12746 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:06 executing program 3: mlockall(0x1) r0 = socket$isdn(0x22, 0x3, 0x25) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000001200)=0xf9a) clone(0x4000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, r1, 0x0) r3 = syz_open_dev$midi(&(0x7f0000001240)='/dev/midi#\x00', 0x5, 0x2400) getsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, &(0x7f0000001280), &(0x7f00000012c0)=0xc) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x200, 0x0) write$vhci(r4, &(0x7f0000000180)=@HCI_EVENT_PKT={0x4, "d1ff9243674791ea8ff977152b846bb1c15d59ba5c4f851ea9c0e51314d9e9edc7ec6249391af2ba2851fb3b43c6ab36934b78df5f83104c852b4112b06a7a9cbce5bf7273c54f24d218ba6c98bd49c1a957615fc537058c4d444232a8e0f577e88454cf7c8e8f7efc7732ec9802b30b4f001e65fe04788c121830b2f0deb655766a0ad92a7c3ca2058ef282366c2bfbf2461f61230e48950d8eb9115932565b30f6ae0813917cb57c01eb98b831b5bc6098bf79002ec080396c0ec23ffd34d3207727dcb67f905f073d52924987553569d004d5c3b262f5db68a426bb3960eb4a3bf40bb16455a2bef9b5bfe575a4bae85415c98efdcd99ea76944f9e680e7c2284f5c43786ffab2a3d8951efe498d5a6302f9916122a49e42bd0d3765926064f33c8a2cb233bccf789ea00dde477f407bbace346564f4cc3f56895424d3e4ab4cb5258dd4779b9288da5cabf961091ef437dce54f55c40e42b107af9ba7821e670f0c286e62183210eaed1e131da3215a4452ebbf52ea9165aa73095496e6070378ab1e3630f2d4cbb77776ea0d7bad7fa519977b91841531d39936e024ff48cb4f694fd6bfbf8486f929f4032ca13524cbf6df1143ec7e252c59338c683ff7db7cb63c0329a0e7b2142b04861c5b9cc2cfe4d104168ea4ec21f65c2d1c6d7d00514141830f4aa64b7c05fd60d2b3cdc31615c05e42e969c8b091df61b011bda2a1c5482a5bcfbaa95ca37daa875d3177af2e7b2df39b61f84ab26bbf0b936ab70204a86c6c896144737542d812bc05a041169e64c7296b9526976ca75cd14a923e1d766d40ec4ab3ee5a0ee9f2b883d035d9a06824ccc1dcd36d36bc362e2908186e516e5e0ec395c403bfe656b3a7e402a4c120c05ca440621c3abcb1fa11f77ee7e48adaf57fb1195ebf7417f02ace817e934f3b095598ece28e2e93c94a0976cc45fc6deea5a0d89d150b8c4f94cee14bccb03f8483d8aa23b7f36a9b298a61c3cfb80923b3f143f5e96ebd1d2ff9c1dc96738beac26acd3328fffb73b24d60629ca4de36d79414456d2eeccb91def66372261c602391ec919912c685c338b3a75ee8299ab988823c14facd862b499a31d834226f668b85809350f7b964b3f56a966423e40f47217f4ae11252307b045e4fce9bca3feb86ef28e8d6d76fb4f0fc2cd3bef308f6e124eec6e30b568bfed70d4346ef83b408d8408fd1b4e0d33c89420052e760aa61f25b703980912c01b9df7402fc418092fb795256bba6d46e2f66f4dd8fc532e06ffa822c0265dcc5a34d598f9724c64a7d738358b34cdfe40f531aeadd923ff588ebef27a2bd71e66c0babb06c2166a87828cc8d9aa693cb19aa3ed861956eb5b846c5a69be57ddd5d731292aa995e645d4a7054c420a8a4d002d77650a689e2442d366b98e3575707de3e28f368ab2d4b35821e3596d138363a31e5a0e72ccbd094b5b40baa9f3f82b8a2d4a7bfd5e1c5b87d3ab56197ffd644f1d50a117aa68a06bfac847c2498c67eace2c8d0313d8dac675e8f6281bc45d14f193205bbe1745ffbaca4aa75dac14a7fcd28cbb988c096aed8a0bdf85136f16912f188e0577682c7ed033c8ff1b7a745abb4dfbb5cdda15713a4479330aa163c0d6430c4f5e5c39c0e5c6bf7fb0c843e1e4914fbda5d17475376a4a3fa3c108e35da5b13204967764bec8382b9946777d7bcaa659d2c45120d50bad5e037ca69aa8401f57a686e7f70258ea9388c3a6a8b8ca2078ae074f8bfb8935455b1e85e18125bb2bd13c152707f82a217482f4dd0dbf9836c7062b10fb5a26a139cf44c1cce9441384246c1d1a2f4781d04e669b66979815073d40f50ed861c52ff3ac1d6889903cbcb24759a6aaf23749659c0dca774eebddf79f2235ec1ec97357b4cd3ca6ce4869aac9922e05e58f53e7bfdaf4cd3e24d8a8716816fdd5e1d29a9741a76b14df5adbb5424f3ea483a297b23c8798d0e70fac77a7141b731fa881bcb29bb0c012aa7bec3b9442f4be17078b1f64d5fc7b42edeaa636e015ce427d0432127400620c9140a52aa02938b078f577dc98e53fb60d9393b2ccfc00c0ba4ba5f38570c57e8ac8ea29e8cbc9fcfabcd65fc04a4e0f3bab53b2709ecc8af8117ea50cf82777562a0fb25955907930b67f53cd8963020971a15bd5f76b16a530a1b631bef1c485f9a63cd2788c62f48b4b83e353cc9611ed46c7846bf81c733cedb5bd82f4997398aab365b5369d601dd6c7fe6fd51164b8939cb035403776dd02183316722eb15e59b16b618e4756394304c659a3fbc2ccacec9b1968f2f70519e96799fc2e2404b223bff0cd0d5dc7e1bca4c9313be2ae609869bea2e8f1b403dd9f4239887aa640efd76500869350e9409ec398ed70f1d431bd5eb81c2cf91f40bf9413c042a7b4f0de3ec1e3e97ad6bfce0d8c6b767fcab00a253da7c609258f6b9d5da8e28c64c77bcb177b341407f3ee3b3ea094fc032ea31bd56b5fbb93196c0fa9ab48fc911a71f04f95cddaf610f5c99ef8eccb617afd98f8518214132404ff8efa796d2f6a930090b28e22ac6b5c8a90b615a6ceb1ea317b08098e338ca33bf9537e08f09eb217f4bcc31cf4b7d53531fbe8ff9333e9ab115423419efc82294112268bbf8cc6d2a9c22b53ebc1b169dd7959c159b3d80d9b5e8b17062c49daddc768dfe7dc331de9b759926bb0817ca03a6e1a128a84851fc1b97a306b4de186e3823c550b8ba0080884ff7f7b2b8a2031289ddc2c0da0d9573a618c8f0ee72d42b6031fda164cb29fdb07edec7fe46dbc31aabdb1c5bf115c7a2a2142d3ad676821b8ce09558ec7d45a0290bd6052ac0a1f89a07f3a9a749937e7b0b7b301e5ba8ccf9145236133dcf67f1f6816e7519696ef32722f4032cd9900ec6a1057d52f3892f601a335487046f9f1ab0a44b59b8e0d20fb6694c04afd341631dc21091b7f00d0b77cb32d76c5dfeef4d6f24a35ffd2bb603d7fa1ecce41c200b0fcad8725f8b2ed887a24410aa2956c86e62b4b83c7e6958432e94ff3cd091c7fa32e6373fffd2c2c64708fead79be9801671eeb4aea76b482c3a5df346472932761614d218cd7840bb2280df90412edb23f2ea9b16d80640cbd87ee58717b2919eb8d190814f488d9ce72f907e6553e8b1e3ef0e62efbbf37f3fa9a5f4f055857b1291c0e4ce7ca193cc6e245ce7c60b04e84a17815138c8f876b9895de02f009ada27b15f7978e53b2008e921274f7b4cee56ab61014ea4db7e5fd515bfdffd29a7943d4ae010b0f1231b4770bfba779dc34bae03420126e1dd0f7a6c895c4968ec9727f2d49bc77d0ff55f0528056c1ac19d17822e73d2511e8d3158f95a037f9d933190ec2d508c146fc7c452b8c94ef499538673af8681cba7561ec79a6b15e0a5b9b3327a9514e478719f3866a61059440a42b0e75ea76c791e1e633e247969eff7a44d5a833ce8fd79e8fe1d5f6372ff14664cb723510f46c17e8dc4571c3519755ba39fd8ea8e04d2d048c81c6f171292e935275529fb734796abaf2ec6794bcff63f23d9dd37993c11a472d226b681abd36e5202c15586e854c835a891e86b866c8ddcd8d000fbb809d80bba20cb02c58d8c8619be925b6976b13636a88ea55acb3b189b567b5967c3013ec36ae5d93efafca6d0c14d9e4669b29368df05e4047d0c9890eeb537110a29eaaff5720c21c8710e363c1647dc0fbddb0652d54e6da8c851d5052e150c51c10f425515338264021c6e8359ae6fb32e630f9f7e2d2b4a8816e4cff212a147c9d2de21b16eb2d9af980e565fe2ac88d11587af2cd844daf92d9b8c1d32590d1239306faf68c1b3058ad92529b63f3ce8ae190ceb97f7c654d43148931ae856ea13aa8368b9e15cf027d1c23981d1dbedc86b4ad28b129016618bc5b9e54be3802bc59fb52efa7761874f133b2bdf833ad7e9e83b899a794bae0e254135162a82a3599a7b84825f72cda8b14ee582cfbb6aaa73f15b8414d51a2301ed23dacfca9ae819989d084a862f98dbff214e571987bad6fca6bd0c779e399d2f71fb2e2fbd9750291c6656b5d59006a73f95f13a2a84891d236c9a41564a56450068035e3827f5a880b06ff76c2d5365042acb30bf39e9e9537e6275b30d919fa01e2f6ea600d3eb2d306e4baef8c2de6c7e2ba4133acab9d960867577161e4bbfe8d48d3d2f494d435b734dcb7fba194f8b536816b9ce02e0f8aee15617ee94f07b91f4b2fd0ea63e1e6a75da56fdf0e939b0f056288b28216c13d7863cb63bab210a4293d9c58eddcdc3787509f83fd804ae22a5a52e8eadd347d1e4c33710b513dea19a3b5be84fefe6316f001d6b03b4a3eedac08eb3f1e025fe4bb836b620b6cb98d8d9c2858445ba3c2b431e7435ba857ef86161646893476d5f0dcf743b32f3caecae7057a8792c5f7a5f8f2318c6c363d74f80bcb088f3338ea590025f486efdf54a508ce2b1f8215b15dcb2ae761a3a94e1b69b034beb8792c3a9adccc82c0af4291fc3284e7a0946745a30e509d0c2d68505b7f0aa3d07db9cadf9ef77a8155308acd6daa2d295abb42c6528cfa5b0948f0598baec23c522d1adcf25a14c63aa6ccf028545fbca4fd9709d04a4a9f404527b3bd288a6815aa9490f91310382cf77dafadbfa1cabe6dc9c99e733f21fc943059dd3b7c6f01301272b99e516e8531454975061d8d2ab09edee4ff1fc8cbaa726f3df1543bb62b7933854599eb7995d2848944ed04dd00ef1b887fca3940322ac4d97145c1cc8f1fc04bf183bb0449717905edff5cebc7248fa54bf6dcbb3d5e9f9f122c5da6d9fa0c53a424966bd72cb043e0ffbc1db3ff476852f03d8a7683cac11f78612455c03008c7d40b422ae7954a34dd21b1f6ec3cafb24e1b4c4ca26c58035c51842e3a4cc2c14398e5927af221e465f1297e244ec8fe1b2d299dd26d04375e329df02f92dce2b2eddd88938854829e390f27537b2faf1d10b9c93552280e8baaed7e17811bb33124ff5d73da86b41d455791c88b58ebdd516bd9a30b35b616f93c104285b81bcc12f4f139149f94605926fce1a77b6ec4d2ca22117358fff422fe99a9ede69e1e5af8ac84d65114a8b1e1160a87d72044af5e0248649b4a825568986499dd9923e376dc8b1891a5b8cd125c130d4086e3be0557226c463a6b1d992f483fd0e326007060ebd38e9d85335db8b0aa379de3023274b26bce4640d467912f5142d51c7dcb26aeec1f1cb34b25664d138ba12fc39168412e1e7eaba3128efe2fffdefeecd623521ce3fac953f77d207bc92ef7811dedae35fab1179eeb728e5a334fddea71de96a09813b973e3ebcb4a7a4e865c3bf8e243bd134b176539c23047a27fcc535bc567e70fbf1002232125e1a8cf5e8d5fa8f2d53a948b0f22716772d36d2281f6a700b552df71a48ee69502a266d55bf54ac4c351d0c27641d9d40180350f79971249d7a8bc992095937a28213d6ea01060420eeb8cce6c75a6f3aae75871a6cba1e6144d1530b33251f31d0ccb2087b73668541e14ba0d24deccaba1f568ef5a90977263c795de37fe3d2ef0bbf1bae2c029d4e2d93b6ed6ec45efd1895ca814f93bb0bb5b1de556bca7d11d0e6cafe5fb786d54ee8fca353689051f5c240d02d1471c1dcb977a471e936be6abaa2a24c2f13f0058703de189742fedb563583a9de226ea6d3552dab9f6ad238d6860f5a957b01084edd9b41bc4125e59d887138e3c888a34fd0e416671e285cdcc0905b82d7b4361334e4c7fe3e73541b4f10841dae74b3bbe09236"}, 0x1001) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000040)={0x0, 0x1}, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/sequencer\x00', 0x10000, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc4c85512, &(0x7f0000001300)={{0x1, 0x1, 0x1, 0x2, '\x00', 0x3f}, 0x0, [0xad, 0xfffffffffffffffd, 0x40, 0x2, 0x1, 0x3, 0x4, 0x3, 0x4, 0x4, 0x10001, 0x7, 0x80000001, 0xffffffff, 0x5, 0xfffffffffffffffb, 0x2, 0xfffffffffffffff9, 0x1, 0x3, 0x7ff, 0x7, 0x3ff, 0x0, 0x8, 0x8000, 0x4b9, 0x6, 0x8deb, 0x0, 0x80000000, 0x7, 0x8001, 0xffffffffffff11a5, 0x2, 0xffffffff, 0x9, 0x4, 0x8000, 0xf47, 0xaa, 0xbb6, 0x3, 0x10001, 0x1f092013, 0x1, 0x79, 0x5, 0x9, 0x1, 0x7c3a, 0x889, 0x1, 0x7, 0x1ff, 0x2, 0x5ebdeda8, 0x5, 0x80, 0x7, 0x6, 0x8001, 0x0, 0xb1, 0xffffffffffffffe0, 0x8001, 0x1e5, 0x8, 0x1, 0x1, 0x2, 0x4, 0x4c9c023b, 0x344d, 0x3, 0x1, 0x4, 0x6, 0x6, 0x0, 0x7, 0x7, 0x4, 0x4, 0x4, 0x10001, 0x9, 0x6, 0x9fb9, 0x7, 0x2, 0x2, 0xffffffff, 0x3, 0x0, 0x8000, 0x7, 0x43, 0x8000, 0xc04e, 0x20, 0x6, 0x9, 0x0, 0x1, 0x78bb72d4, 0x5b120000, 0x7, 0x3, 0x6, 0x7fff, 0x0, 0x2, 0x0, 0x1ff, 0x4, 0x3, 0x6, 0x8, 0x7, 0x9, 0x8, 0x1f, 0x9, 0x1, 0x2, 0xfffffffffffffe01, 0x2], {0x77359400}}) getsockopt$inet_sctp6_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={r5, 0xaad}, &(0x7f0000000100)=0x8) 03:39:06 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'nr0\x01\x00', 0x2}) r1 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x8000, 0xe000) write$P9_RUNLINKAT(r1, &(0x7f0000000100)={0x7, 0x4d, 0x1}, 0x7) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000000)) ioctl$SIOCGIFHWADDR(r0, 0x8927, &(0x7f0000000080)) 03:39:06 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$SCSI_IOCTL_STOP_UNIT(r1, 0x6) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x20, 0x22, 0x1, 0x0, 0x0, {0x4}, [@nested={0xc, 0x16, [@generic="e2abb4ec76"]}]}, 0x20}, 0x1, 0x300}, 0x0) 03:39:06 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x40030000000000, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:06 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0xc000, 0x0) connect$bt_rfcomm(r1, &(0x7f0000000040)={0x1f, {0x10001, 0x800, 0x100000000, 0x8, 0xac8c, 0xd55}, 0x508b}, 0xa) msgctl$IPC_RMID(r0, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000000, 0x110013, r1, 0x0) 03:39:06 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x141000, 0x1) setsockopt$inet_tcp_TLS_RX(r1, 0x6, 0x2, &(0x7f0000000080), 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="d800000018008100e00f80ecdb4cb904021965000b007c05e87c55a11200e1730000000000000000000000000000812fa80015000f0063e3e558f030035c3b61c1d67f6f94007134cf6efb5d5da007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4c02631631fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683e4f6d0200000000000070784e5c25ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace80ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703", 0xd8}], 0x1}, 0x0) 03:39:06 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x100000000000000, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 783.604679][T12788] netlink: 'syz-executor.5': attribute type 21 has an invalid length. 03:39:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = dup(r0) ioctl$KVM_ENABLE_CAP_CPU(r1, 0xc008ae05, &(0x7f0000000080)={0x400000000}) 03:39:06 executing program 5: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket$netlink(0x10, 0x3, 0x4) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000200)="0af51f023c123f3188a070") sendmsg$nl_generic(r0, &(0x7f0000005000)={&(0x7f0000000040)={0x10, 0xf0ffffff00000f00}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x48, 0x14, 0x207, 0x0, 0x0, {0x2, 0xf0ffff, 0x600}, [@nested={0x0, 0x0, [@typed={0x0, 0x0, @fd}]}]}, 0x24c}}, 0x0) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000080)=0x4) recvmmsg(r0, &(0x7f0000006780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 03:39:06 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x4000, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x810c5701, &(0x7f0000000080)) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'\x00\xf9\x00'}) ioctl$TUNSETSNDBUF(r1, 0x800454e0, 0x0) 03:39:06 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) msgctl$IPC_RMID(r0, 0x0) 03:39:06 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x200000000000000, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 783.792412][T12801] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 783.868939][T12801] CPU: 0 PID: 12801 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 783.878096][T12801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 783.888151][T12801] Call Trace: [ 783.891429][T12801] dump_stack+0x172/0x1f0 [ 783.895769][T12801] dump_header+0x10f/0xba6 [ 783.900208][T12801] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 783.906014][T12801] ? ___ratelimit+0x60/0x595 [ 783.910587][T12801] ? do_raw_spin_unlock+0x57/0x270 [ 783.915691][T12801] oom_kill_process.cold+0x10/0x15 [ 783.920799][T12801] out_of_memory+0x79a/0x1280 [ 783.925478][T12801] ? lock_downgrade+0x880/0x880 [ 783.930332][T12801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.936569][T12801] ? oom_killer_disable+0x280/0x280 [ 783.941753][T12801] ? find_held_lock+0x35/0x130 [ 783.946508][T12801] mem_cgroup_out_of_memory+0x1ca/0x230 [ 783.952033][T12801] ? memcg_event_wake+0x230/0x230 [ 783.957057][T12801] ? do_raw_spin_unlock+0x57/0x270 [ 783.962156][T12801] ? _raw_spin_unlock+0x2d/0x50 [ 783.966991][T12801] try_charge+0x118d/0x1790 [ 783.971493][T12801] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 783.977038][T12801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 783.983277][T12801] ? kasan_check_read+0x11/0x20 [ 783.988114][T12801] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 783.993645][T12801] mem_cgroup_try_charge+0x24d/0x5e0 [ 783.998915][T12801] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 784.004531][T12801] __handle_mm_fault+0x1e1f/0x3ec0 [ 784.009641][T12801] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 784.015191][T12801] ? find_held_lock+0x35/0x130 [ 784.019958][T12801] ? handle_mm_fault+0x322/0xb30 [ 784.024908][T12801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.031159][T12801] ? kasan_check_read+0x11/0x20 [ 784.036016][T12801] handle_mm_fault+0x43f/0xb30 [ 784.040792][T12801] __get_user_pages+0x7b6/0x1a40 [ 784.045754][T12801] ? follow_page_mask+0x19a0/0x19a0 [ 784.050944][T12801] ? perf_trace_lock+0xeb/0x510 [ 784.050962][T12801] ? __vma_adjust+0x1840/0x1840 [ 784.060640][T12801] ? lock_acquire+0x16f/0x3f0 [ 784.060660][T12801] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.060684][T12801] populate_vma_page_range+0x20d/0x2a0 [ 784.077130][T12801] __mm_populate+0x204/0x380 [ 784.081701][T12801] ? populate_vma_page_range+0x2a0/0x2a0 [ 784.087323][T12801] __x64_sys_mlockall+0x35c/0x520 [ 784.092349][T12801] do_syscall_64+0x103/0x610 [ 784.096945][T12801] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 784.102840][T12801] RIP: 0033:0x457e29 [ 784.106732][T12801] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 784.126332][T12801] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 784.134733][T12801] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 784.142825][T12801] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 784.150779][T12801] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 784.158751][T12801] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 784.166700][T12801] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 784.177407][T12801] memory: usage 307200kB, limit 307200kB, failcnt 8615 [ 784.177421][T12801] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 784.213115][T12801] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 784.220016][T12801] Memory cgroup stats for /syz3: cache:0KB rss:293496KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:239456KB active_anon:43796KB inactive_file:4KB active_file:0KB unevictable:10424KB [ 784.242621][T12801] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12206,uid=0 [ 784.258085][T12801] Memory cgroup out of memory: Killed process 12206 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 784.287191][ T1042] oom_reaper: reaped process 12206 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 784.381943][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 784.387770][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:39:07 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x99ac, 0x20, 0x6d0, 0x74752d22, 0xfffffffffffffff9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:07 executing program 4: r0 = socket(0xa, 0x4000000000080002, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'ip_vti0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @dev}, 0x14) write$binfmt_misc(r0, &(0x7f0000000000)=ANY=[], 0x0) 03:39:07 executing program 0: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x2d25, 0x0, 0x0, 0x9}, 0x1c) sendmmsg(r0, &(0x7f0000006ac0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000100)=@tipc=@nameseq={0x1e, 0x2}, 0x80, 0x0}}], 0x2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000040)={r0}) 03:39:07 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x1, 0x0) r2 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x100000001, 0x20000) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000080)={0x2}) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) socket$packet(0x11, 0x3, 0x300) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) 03:39:07 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/net/tun\x00', 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f00000001c0)={{{@in6=@empty, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@ipv4={[], [], @initdev}}}, &(0x7f00000002c0)=0xe8) mount$9p_rdma(&(0x7f00000000c0)='127.0.0.1\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x1000008, &(0x7f0000000480)=ANY=[@ANYBLOB='trans=rdma,port=0x0000000000004e24,uname=/dev/net/tun\x00,rq=0x0000000000000006,rq=0x0000000000000040,timeout=0x00000000000005d8,version=9p2000.u,access=', @ANYRESDEC=r2, @ANYBLOB="2c66736e616d653d5e6574683073656c696e75787d2c0063e4725c4662c72f72840e55a90c75c16f37cfc5ea69e6ccca21ebd63215b8f555a042c7d0b5a28e5480dbd6d61940a7702edba0a5e57698ed5a859002977c383ba073b4373e5a459d820634bface4f0d7063a0cce943a506552450cd55c1770be38fbda31e58360dab3bc1d3a75186352163e19dce2dc9b73f0c3b2727b79ea35114c536a57745268bc87c8437539fffe23d80620e562e342c8528b6d5fcbb00cabbd246cb45632be68a7bebe8f979b8fa8a07351e895a476"]) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x3001}) r3 = syz_open_dev$midi(&(0x7f0000000300)='/dev/midi#\x00', 0x4, 0x10002) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r3, 0x40485404, &(0x7f0000000340)={{0x0, 0x3, 0x0, 0x3, 0x300000000000}, 0x6, 0x83}) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfdef) ioctl$EVIOCGABS2F(r3, 0x8018456f, &(0x7f00000003c0)=""/173) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, &(0x7f0000000040), &(0x7f0000000080)=0x4) 03:39:07 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0xe000000000000000, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:07 executing program 5: r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000040)={0xc9, 0x4, 0x48000000000}) r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0) setsockopt$rose(r1, 0x104, 0x3, &(0x7f00000000c0)=0x1011, 0x4) 03:39:07 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0af51f023c123f3188a070") r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2}, {@in6=@ipv4={[0xfffffff0], [], @broadcast}, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000140)='/dev/usbmon#\x00', 0x757, 0x10000) ioctl$KVM_GET_REG_LIST(r2, 0xc008aeb0, &(0x7f0000000180)={0x4, [0x7f, 0x9b5c, 0x7, 0x9]}) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x92180, 0x0) ioctl$PPPIOCGDEBUG(r3, 0x80047441, &(0x7f0000000100)) 03:39:07 executing program 0: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-simd\x00'}, 0x58) ioctl$KVM_SET_TSS_ADDR(r0, 0xae47, 0xd000) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) write$binfmt_elf64(r1, &(0x7f00000002c0)=ANY=[@ANYRES16], 0x3bf) splice(r0, 0x0, r3, 0x0, 0x2000000000a, 0x0) 03:39:07 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0xeffdffff00000000, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:07 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000680)={0x0, 0x1000, "7468bd260faebd3a5484c112d3769c30d0c15f9ccaba8722572ab358cda17df5af82a961305240260e15bf38fcaf522ca8342a8bff5e8dc31e53a68074b4b69cf69f87b3a9309822457ff0fcce4edf7fb39332821e5c75f3c6cd7df990703db310884d80ef89deb8327f1da26854b1912c8589b030f871740da9827a5de9e00e3ca1891f7af923af1cef1851c8c6159ac6192e3e8c982641fd880cf57bfe7b9a2f5e92cdc709314e489a134179d3c76ae71ee30147f62c971e8e6aa6a04b41a2cce61d10983742e3b1bd9266dec6b0b53722b073144a8a328cb620513b8630f2d0cd1ed84fd68ec1d684dd492932429a553e4bac2227063d1d4d557de02b02de459845b6823f0030fab73490c8c7053d5558ab85789a1b1d0505906dcff7e350860280c844887916b9f2b95cf9e1f3658a53f905b2e1adf790250f59554c30f43a0d479eb512354cb8d805e5fef692aebb27e19dc5f9b7e10fafcecc3c5d0e8f54261361ae7a7978032e0087d2b91f24eaa8bf5b5c326c2a3c74f1cbce06ee3ab8fdd56a5903031fab2b432f07de3208f8f654862e683559b7c290715b66100780356c000ee7ab767b79893956bb8af0473a26544a1b1524378ca06dff6432e8b4c96666cd82af69b6b57af7404cc1b3b96752c08a3bde708bcbb593910fa5fd1855c37267408f1ee9e1ef57fc201300311cb8513384df8065e921116bafa3c890fd00b0d623c95d6c247aec88449ca35dd42b4839b90dcdea595bee72eac4d6897627e83b4e0f61801e453c6bdd445094ab95391b904699a2ecded3c2b15a963d46b36d9a74851017fdb9e7f2dc1d76d13408be5b6fd3ee8325c8c6ca56e90617784df04c83340c66d1c1a143d98dde51b4c3dd1c359dd1a2b787cd2850afcfa79309efae9c587a3ffcacee7b2132976ee288d4c9e7c6217251abb8e3be7a28a87fa9fdb6c78a7ad8a7be5ebf3ae6c49bb3b88b5d83db7144f97319a9936f9b7894bb15de29d447a3552f09c1b0f65f6d3d7a975f3ff6bd133830d7e1215afe554386cdb9aeebfa60a31d7e59a7a96c174694500a8e818ca6f6d76b5578ba435ec3ea7f5a65d2271a792b9be533198be773ff48a602bae8ecd7cb1b38cae769897be5c4807c9cbe8b7cc039b4229ffcf939e93c33c6819c17a07080c29cd0141db283e510a9521d1e80360705054bb0d488f3d695a1b2a35d6d7b9a12f4ba630f16ea8afe5ba0cda6b7b5918dcf933f5ec2fec68a68a13912f63e9198262a14e1d17c0866964c56c45c1381ae1cb53a22a099bbd15b94e9a04f56023aab156da4b5813de7fe347ff97837aaaf756d3550891d6ff76ea99929a674fbbcceca3bebae146606d6fbdea0448046d3c9b7594338f017484a5311bb9520fe0fb0ebaf5c42a8d49a625ea2e8566738b6142a52f4a9c9b535ef07a2bcf01579e46aaf2aa18447a238b605fd062f302d27e068017e8418349b708a0ab4bbe62b00181bce554edacccb556c709d66cf0c67f97ea0d0dc3b70005eed288a401052485a20b852bdac517cc2e46a7d07f86da0d69c0131d504b769ef2ab8074091a1b6a9cedbaed539c9f95efe1ec7d75a03deaf9818373b5f24430b298a2701a6277b52a61cb586ab39159ac921585733aa6edc76bebf770b9898ad30ee43a230d63209b2f380d60e3430566bace65a3648df5822e6a1ac74dcadbaedb7a4c23e0200997c84ae9e796af32b7b0f6aeb47b7d549ac1befaf8c319ca3a89e962811a99682985eec4d289eb4a0c5930d68839b1f42475992e41672bb6084d1f4940f4af6303cd2d29ea7807cc069df4a7b4ed5b3cb2e4add5a0fa425132849f67949d9c1967ce196399af65e70b82e5fe3c5a8dcf677880ccfe63a0cc1127fa9ce3eb02dc2f8d3e457a9f51eeb584dcba7bf69f9f2c637ffe60db6dffe4f8a6155734ee65b19fbc41b555f1d3b17443133db77d4d034b64fad1edfcbb446eaf693f292cec61822931cffe0a0e0cab407e73b5a4a1b4fa0569ec2dfff9636e1c2c9d7f6463ef19371435c1b41ebcb4e6e79a935dc7eba867c73aca3d5e2f9c81961f4493d99bb31fd8c3772384d88936f5954ccd194d8db47ac6404d294658d06a97de0ddff5e8ded6bb7f3c7e8fa6cfbaaaac0c54cbcbbff8609f9fa498965e2636bbe4734afec0f1322fd71f0df7d492b3ebec063668d5cf00e9eef26599286be760ba37e061af9f2c0167b21f2c98e77bf1ca379f0c0198651e240b18174c380e1d458c7a6d3cab5a3809c6a64fbd61006f4c45814ec7cae0cdfe4268e153ee120a3d3a81c68bc4688456de5fc56ba91829b2e4e5d9880dc50f1cfa746cb00185edb8fef9f8a042a7ae9353725e350c59f5a8c4c66e8fecf8cff3e8e0854f5173984b56ad3a25d02f03fa1e301b4e9ba3678cce340226975fbc50a6ca3d28e001b60dfab59685cb53da501d401c1a07365d3f8d5b1f26c5cb17b7e61d8af951581d01f78b18d61f2e57a9f9bb6bde43953ecbc54be1d05f80350a0f7d73e0e2b80dcca773f3d910dba394f66f570bf19ac4a16691b519884efcfb85ea78440882d3f583de8142cd55a01ca6a35c47ece754c545099f5c986235db923c088f1a021559e3bd8dc0d4124068305448fdd471c0117a02138b8e1275fe1203c588fe55bfc24012ae78a232e889f4d06d8908db7d46f02f3fac2cbebae59952ff3cf036b4432ab2ff3d21ad2ae6187d6a5afc5c03ad20678ab59ea6486aa48b7ceb18f75cc1c84204b3fa8c4abeb97dbd4fcb48132767ca2d3886ab9cf3ef16e62095d091cd3e6de043ebfd4180122b0d5056977ef311461a9167a95085a47bff7549306349911f7440f6c3d515b4816e096d070cbeb6f18082c24d1e510d57d7887bc2f9a2baee82f606113453b6c4545b7b8615d5b84febcb03db0901b492f0fd2b362e9e4d19b18ded0f7281d40f217dd9555ffd330182fc191da2c962ff83b6dfbae534bb2de86618079eb45b48fbc339b60e6a25bf6d763173a1f4f0d6a26f348056335c68c304cdadf984fc19e8584cea41b608b8f86d799c21eaef9e08c9607985a53751cecec83e266d04c5ebd6a8f200ebd226b497924fd1360e3fb9926919a190178da4260fd6b00f10f438ddeb7833a2431719df94c87a9d179ac19b51d5855db92e45e1911b026b53a4728f48cf8386b307f5ee18fb0a3c047edb0ed634506dfd09e65d39163cb407f2b0fbcf3ee938100f9f6139b6c7be0649c0cf7cf542635bf11760b1c6373c8118a6733bd34fc7d6bd151a45b261eb1df3ed445d2194008b4ed5b72ede3b2641d0bcf8338875bbe96c408758f4c7589f5f0882c5f65747885be7a22a60b79c84ceddc75c1e76ba709d0e37f65d01ae21df29ee8b3782b5ee29887e41e508985457d2a3f9f931bcd501825b53baa97f6f745df0eb20dfc59499fbb5c329a8d89e4bd5f5a0c53edabec6be67310e09b8991d5505d8ce5be4a95ff798a9e2a8118a473d8e14292b1b922b09324875c4c212d67d3733ab4a73c4f19fcc128d527f7d7513ca66cf1c757ce8da72a05c009bce42d172c60d02be39b245179b33e122b96ed9d76ae9e170d577bf84f37180e13f84edd9e32c00b18a14b399ed8475713bb3899c07802cba2d79299e0c4eca164367494c43cda08e35c6f0f117974284062b5443dbdc24a55695e04d507f63df923145f638a6c206cb6dad374b2e1a7bda0d586589d2a50e4908deb9ef48c1b4f46c57499a55b12198f38314493ab0c862862a9574911d3b05d9e49c595ae6cd3b4544fdea28878ed6869f6f5ac63c7d8e90e237463b1e12d7178604c375e31bd81202b5a095f9e9f8973cd66ecfc2650194d08ecbe72871a406c6290c4bd7a8e83cb6621e6a6c8784553fc6e0320ab0ec0b3eca118551532cbd6f19583468320d864e8433fc7443d74bb7a2a0c6b90561ba198a74c6e8e4d4ee49d7577c79ef62630132e10c79f8fe79adcf5bb38091e57852c95226ce53c8a3e4585268218d0c0d5eeb618cede5e8735acab91eba1dcac5f6920bd74463962bb509fc21c346f2e13a2a782c4a11bf3cf319639d337bd2533d053511dee2166acee6fe02dc10c5aaccd56adc3600ff50798080167542ddaadf832cda2d97eeae1dd8c6bb25cecc5fda87c718a1a889db81037a8471389de84d78865fd460eb270de864121edbdc8713b82d9d82a66ebeb9b0757b1277daa5e95ec427407a7706df3323706df4342b836bc65e9d169b2c85180e14e42c00bae0b05b5027319906a0838189b16a354a0c19eaf15af5ed28632232f11d068de37bef5962c7331a85a2e8a0aa8f4212b6cff248c0bb9234cc86f3ba0f8e04269ff1155c1c181c2407bbe6451075a37852bf9664acaa8355686ff6d5a4e7af022fc7c5ba8e025aceb2e60b16b9ba78609c38bc9f1e958e15db43504ddd548cb5ccc8950469ad1f997eb1f69ae48e62f0b02d202145c36906c9f4bc7b637417d44f36d4659796537a28fe75df4a2cc8ba16e72350dd68535edfaf3560193f3bfa1093a663fbcdf83e6a28e182ee641369d3ee761f58669fde985e59068e9de8e924ecad9ad2abcbbf3d6898f9372006d421ff73b48558e97e0a1b286dd448d07a5ec0f80cd38992f08fc8ee72f4e22f7145b8cad8d2ef0dc828760b59ce073ffb177142550904220d733d2698261ce51880a92c85435ccfca575c11b8731f80e6f3358be971425f990af5834f91a86640dcf21f8fb8939c6153ce9c184fd161aea72cc11bc5ffc740b471b83b4de6e53540b40bb23ec1e9a6865596c1dfcf1c327a26bd7387f36a6c6fb29accb7bcc6ffc70fa9918e529b99374e0daa1b8663eb53898f46ffa99c0cfb125724acf08015332a9861437d7ed6d4f3a7948967f78ea0a8e30aa530fe8f03e9ab573350321d343b1bd2ae1d7d3521838c8eb65a3676a6e92397fe3a7cfa9d8f5c5be29f5383b5fa5779c0d3ab1c28cde8bf6e8a0da1a3b52c5dd21d37979be2e1d383a3052044e69800ae7c137e71933372f42d7007bece4f1abd43ca24c610ea2d68a9d3b70edfaeefe7af62d0c723a291ba9de79af1ef7d43c5cdd3c6999a8f92266743bc6a6efbda8697ed8c2e2303a823cda921218d5d7fb6fa3ca311e75015d9ba06abbac107c266bbdcffa3d6b4b9484474d8a1300d7e7961ec6f597f06414111e1c2f27c7f8e2f1a3836e3537c9a5acbe356e0ec6bc5b99a7693452d832e2fbf0ec69af9fe2be182fef46cf1f80c0c5bf2bfecf8e51663ae4c31bcd00a614f01d893c75d37f1902356d9c2543778bbb015fed5d94f757fbda6ebe7281e710d295af6a3d71a696b673136ff4a0acfd00a73a2ba8a6fef10245dc41aae9d32ec37341488d715f9b6356c0736c142fb12bfad15b3fb4a83cea6ba8da7632611d7179753e634ed97714d1262831f1768cb519308a3ac6a818ba35ea049601ce9c1c172198a75a3f29caf3bddd1b1f853daf6e1a27d626bdf6429886d450c96088a533efee9ec66205eb4b265292d312e2d09b52e2cfd2600c698c9502cda7edac62d5d0571cdb550cb492c43cb6b377950d208d5087e65f0c08eb3433c76930e42c10cc059006c1469560bda61d145c30f816da5e36c15b41bb8c3a376252d35f2f1814363e8bb13e84d44c28753a1da206b3452ba74d0cff50a9fc68c6d20ef3572bfdd0e8f6acdc81b46ee29f4c23a076104be70231e0a12f7642c59467ea7b0601fa6dd52eba35c8efb22b7b23316aad3b5d4cd7bd1bb3ab4c47ff0e228865b44dcd140dfdde8914bdbec0123e"}, &(0x7f0000000100)=0x1008) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000300)={r3, @in6={{0xa, 0x4e24, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x3}}, 0x10000, 0x3}, &(0x7f0000000400)=0x90) ioctl$CAPI_CLR_FLAGS(r1, 0x80044325, &(0x7f0000000080)=0x1) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") setsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000040)=0x1, 0x4) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000180)=ANY=[@ANYBLOB="44010000100021060000000000000000ac141400000000000000000000000000ac1414bb0000000000000000000001000000000000000000000000000000", @ANYRES32=0x0, @ANYRESOCT=0x0, @ANYBLOB="fe8800000000000000000000000000000000000032000000ac1414aa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200010000000000000000004c00120067636d5f62617365286563622d74776f666973682d6176782c67686173682d63652900000000000000000000000000000000000000000000000000000000000000000000000000000800160000000000"], 0x4}, 0x1, 0x0, 0x0, 0x2000000000003}, 0x0) r5 = socket$rxrpc(0x21, 0x2, 0xa) syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x8000, 0x8000) bind$rxrpc(r5, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e21, @multicast2}}, 0x24) [ 784.710916][T12848] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 784.767937][T12848] CPU: 0 PID: 12848 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 784.777091][T12848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 784.787150][T12848] Call Trace: [ 784.790451][T12848] dump_stack+0x172/0x1f0 [ 784.794805][T12848] dump_header+0x10f/0xba6 [ 784.799224][T12848] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 784.805022][T12848] ? ___ratelimit+0x60/0x595 [ 784.805042][T12848] ? do_raw_spin_unlock+0x57/0x270 [ 784.805060][T12848] oom_kill_process.cold+0x10/0x15 [ 784.805077][T12848] out_of_memory+0x79a/0x1280 [ 784.824526][T12848] ? lock_downgrade+0x880/0x880 [ 784.829386][T12848] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.835636][T12848] ? oom_killer_disable+0x280/0x280 [ 784.840844][T12848] ? find_held_lock+0x35/0x130 [ 784.845625][T12848] mem_cgroup_out_of_memory+0x1ca/0x230 [ 784.851170][T12848] ? memcg_event_wake+0x230/0x230 [ 784.856654][T12848] ? do_raw_spin_unlock+0x57/0x270 [ 784.861780][T12848] ? _raw_spin_unlock+0x2d/0x50 03:39:07 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0xff03000000000000, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 784.866643][T12848] try_charge+0x118d/0x1790 [ 784.871159][T12848] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 784.876715][T12848] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.882978][T12848] ? kasan_check_read+0x11/0x20 [ 784.887853][T12848] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 784.893408][T12848] mem_cgroup_try_charge+0x24d/0x5e0 [ 784.898711][T12848] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 784.904358][T12848] __handle_mm_fault+0x1e1f/0x3ec0 [ 784.904381][T12848] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 784.904397][T12848] ? find_held_lock+0x35/0x130 [ 784.904413][T12848] ? handle_mm_fault+0x322/0xb30 [ 784.915055][T12848] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.915076][T12848] ? kasan_check_read+0x11/0x20 [ 784.915094][T12848] handle_mm_fault+0x43f/0xb30 [ 784.915115][T12848] __get_user_pages+0x7b6/0x1a40 [ 784.945535][T12848] ? follow_page_mask+0x19a0/0x19a0 [ 784.950755][T12848] ? perf_trace_lock+0xeb/0x510 [ 784.955619][T12848] ? __vma_adjust+0x1840/0x1840 [ 784.960486][T12848] ? lock_acquire+0x16f/0x3f0 [ 784.965160][T12848] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 784.971606][T12848] populate_vma_page_range+0x20d/0x2a0 [ 784.977051][T12848] __mm_populate+0x204/0x380 [ 784.981622][T12848] ? populate_vma_page_range+0x2a0/0x2a0 [ 784.987241][T12848] __x64_sys_mlockall+0x35c/0x520 [ 784.992256][T12848] do_syscall_64+0x103/0x610 [ 784.997010][T12848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 785.002878][T12848] RIP: 0033:0x457e29 [ 785.006757][T12848] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 785.026639][T12848] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 785.035033][T12848] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 785.042995][T12848] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 785.050943][T12848] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 785.058903][T12848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 785.066864][T12848] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 785.075109][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 785.080917][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 785.093117][T12848] memory: usage 307200kB, limit 307200kB, failcnt 8635 [ 785.100080][T12848] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 785.108015][T12848] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 785.115037][T12848] Memory cgroup stats for /syz3: cache:0KB rss:293564KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:241496KB active_anon:43804KB inactive_file:4KB active_file:0KB unevictable:8368KB [ 785.137351][T12848] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12269,uid=0 [ 785.153050][T12848] Memory cgroup out of memory: Killed process 12269 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 785.193189][ T1042] oom_reaper: reaped process 12269 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 785.338052][T12848] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 785.348032][T12848] CPU: 0 PID: 12848 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 785.357129][T12848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 785.367176][T12848] Call Trace: [ 785.370467][T12848] dump_stack+0x172/0x1f0 [ 785.374792][T12848] dump_header+0x10f/0xba6 [ 785.379196][T12848] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 785.384999][T12848] ? ___ratelimit+0x60/0x595 [ 785.389580][T12848] ? do_raw_spin_unlock+0x57/0x270 [ 785.394675][T12848] oom_kill_process.cold+0x10/0x15 [ 785.399786][T12848] out_of_memory+0x79a/0x1280 [ 785.404455][T12848] ? lock_downgrade+0x880/0x880 [ 785.409299][T12848] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 785.415522][T12848] ? oom_killer_disable+0x280/0x280 [ 785.420707][T12848] ? find_held_lock+0x35/0x130 [ 785.425474][T12848] mem_cgroup_out_of_memory+0x1ca/0x230 [ 785.431015][T12848] ? memcg_event_wake+0x230/0x230 [ 785.436028][T12848] ? do_raw_spin_unlock+0x57/0x270 [ 785.441120][T12848] ? _raw_spin_unlock+0x2d/0x50 [ 785.445967][T12848] try_charge+0x118d/0x1790 [ 785.450471][T12848] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 785.456006][T12848] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 785.462413][T12848] ? kasan_check_read+0x11/0x20 [ 785.467355][T12848] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 785.472894][T12848] mem_cgroup_try_charge+0x24d/0x5e0 [ 785.478185][T12848] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 785.483812][T12848] wp_page_copy+0x408/0x1740 [ 785.488400][T12848] ? find_held_lock+0x35/0x130 [ 785.493171][T12848] ? pmd_pfn+0x1d0/0x1d0 [ 785.497407][T12848] ? lock_downgrade+0x880/0x880 [ 785.502252][T12848] ? swp_swapcount+0x540/0x540 [ 785.507017][T12848] ? kasan_check_read+0x11/0x20 [ 785.511866][T12848] ? do_raw_spin_unlock+0x57/0x270 [ 785.516977][T12848] do_wp_page+0x5d8/0x16c0 [ 785.521377][T12848] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 785.526757][T12848] __handle_mm_fault+0x22e8/0x3ec0 [ 785.531898][T12848] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 785.537427][T12848] ? find_held_lock+0x35/0x130 [ 785.542180][T12848] ? handle_mm_fault+0x322/0xb30 [ 785.547131][T12848] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 785.553475][T12848] ? kasan_check_read+0x11/0x20 [ 785.558310][T12848] handle_mm_fault+0x43f/0xb30 [ 785.563073][T12848] __get_user_pages+0x7b6/0x1a40 [ 785.568021][T12848] ? follow_page_mask+0x19a0/0x19a0 [ 785.573207][T12848] ? perf_trace_lock+0xeb/0x510 [ 785.578036][T12848] ? __vma_adjust+0x1840/0x1840 [ 785.582883][T12848] ? lock_acquire+0x16f/0x3f0 [ 785.587558][T12848] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 785.593791][T12848] populate_vma_page_range+0x20d/0x2a0 [ 785.599233][T12848] __mm_populate+0x204/0x380 [ 785.603823][T12848] ? populate_vma_page_range+0x2a0/0x2a0 [ 785.609450][T12848] __x64_sys_mlockall+0x35c/0x520 [ 785.614457][T12848] do_syscall_64+0x103/0x610 [ 785.619031][T12848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 785.624910][T12848] RIP: 0033:0x457e29 [ 785.628813][T12848] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 785.648403][T12848] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 785.656804][T12848] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 785.664764][T12848] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 785.672725][T12848] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 785.680699][T12848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 785.688656][T12848] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 785.696973][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 785.702797][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 785.709739][T12848] memory: usage 307200kB, limit 307200kB, failcnt 8668 [ 785.716766][T12848] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 785.724267][T12848] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 785.731199][T12848] Memory cgroup stats for /syz3: cache:0KB rss:293476KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:233716KB active_anon:43792KB inactive_file:0KB active_file:0KB unevictable:16068KB [ 785.753447][T12848] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12846,uid=0 [ 785.768882][T12848] Memory cgroup out of memory: Killed process 12846 (syz-executor.3) total-vm:72580kB, anon-rss:11960kB, file-rss:53544kB, shmem-rss:0kB [ 785.787109][ T1042] oom_reaper: reaped process 12846 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:08 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_procfs(0x0, &(0x7f0000000400)='net/ip_vs_stats\x00') openat$cgroup_ro(r1, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) fcntl$notify(r0, 0x402, 0x2) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x40000, 0x0) ioctl$EVIOCGBITSND(r2, 0x80404532, &(0x7f0000000180)=""/223) getsockopt$llc_int(r2, 0x10c, 0x9, &(0x7f0000000300), &(0x7f0000000340)=0x4) ioctl$KVM_SET_ONE_REG(r2, 0x4010aeac, &(0x7f0000000040)={0x4, 0x1}) ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x0) getsockopt$inet_dccp_int(r2, 0x21, 0x1e, &(0x7f0000000280), &(0x7f00000002c0)=0x4) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r2, 0xc0845658, &(0x7f0000000080)={0x0, @bt={0x1000000000, 0x5, 0x0, 0x0, 0x443, 0x8, 0xe8, 0x3, 0x20, 0x401, 0x401, 0xfffffffffffffff9, 0x8, 0x9f54, 0x0, 0x8}}) getsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f0000000380), &(0x7f00000003c0)=0xc) 03:39:08 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[]}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa0802000000000000000000000105000600200000000a00000000000000000500e50000070000001f000000000000250000000000000200010000000000000000020000627c05000500000000000a00000000000000ff1700000000000000000000000001170000000000000000"], 0x80}}, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x2, 0x2) ioctl$RTC_UIE_ON(r1, 0x7003) sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, 0x0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r3 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$setperm(0x5, r3, 0x400) readlinkat(r2, 0x0, 0x0, 0xfffffffffffffd45) 03:39:08 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0xfffffffffffffe1a, 0x0, 0xfffffffffffffffd) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:08 executing program 5: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$IMGETVERSION(r1, 0x80044942, &(0x7f0000000300)) r2 = shmget$private(0x0, 0x6000, 0x1880, &(0x7f0000ffa000/0x6000)=nil) shmctl$IPC_RMID(r2, 0x0) r3 = semget(0x0, 0x3, 0x1) fstat(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0xc) lstat(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r7 = getgid() semctl$IPC_SET(r3, 0x0, 0x1, &(0x7f0000000240)={{0x6, r4, r5, r6, r7, 0x4b, 0x3ff}, 0x4000000000000, 0x8, 0x1}) 03:39:08 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") r1 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0xe, 0x401) ioctl$FS_IOC_FSGETXATTR(r1, 0x8004551a, 0x0) ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f0000000040)={0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000080)={r2}) 03:39:08 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0xffffffff00000000, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:08 executing program 5: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(0xffffffffffffffff, 0x0, 0x0) io_setup(0x7, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000380), &(0x7f00000003c0)=0xc) setreuid(0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net\x00') sendfile(0xffffffffffffffff, r1, 0x0, 0x2b428a52) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) setsockopt$inet_tcp_TLS_RX(r1, 0x6, 0x2, &(0x7f0000000100), 0x4) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000240)={0x0, 0x105000}) ioctl$TIOCLINUX6(r1, 0x541c, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000002840)={0x0, 0x1c9c380}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100]}) ioctl$KVM_NMI(r4, 0xae9a) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 03:39:08 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffff00000010}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:08 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000000)=ANY=[@ANYRES64], 0x0) 03:39:08 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0xa, 0x19, 0x100000000000914, 0x5, 0x2a, 0xffffffffffffffff, 0x2}, 0x2c) write$FUSE_NOTIFY_INVAL_ENTRY(r0, 0x0, 0x0) r1 = dup(r0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000000)={0x2b, 0x4, 0x0, {0x3, 0x7, 0x3, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) 03:39:08 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x400000, 0x0) ioctl$SIOCRSGL2CALL(r1, 0x89e5, &(0x7f0000000080)=@default) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r2, 0x29, 0x5b, &(0x7f0000b67000), &(0x7f0000000040)=0xfffffffffffffd0b) 03:39:08 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) r1 = gettid() r2 = accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000080)=0x1c) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f00000000c0)={0x0, 0x8, 0x2b581706, 0xffff, 0x8, 0x3, 0x2, 0x5, {0x0, @in6={{0xa, 0x4e20, 0x7c91, @mcast1, 0x3ff}}, 0x4a4, 0x9, 0x1ff, 0xffffffff80000001, 0xaf24}}, &(0x7f0000000180)=0xb0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r2, 0x84, 0x17, &(0x7f00000001c0)={r3, 0x1, 0x32, "cb808728646bd94ffe6a78756dae0be2c6d7ad835d97563124ad17171317ad7cb421ec7f3b8a27d806dc6cf6a49e082134c8"}, 0x3a) ptrace$getenv(0x4201, r1, 0x8001, &(0x7f0000000000)) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 786.073990][T12894] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 786.132105][T12894] CPU: 0 PID: 12894 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 786.141256][T12894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 786.151322][T12894] Call Trace: [ 786.154616][T12894] dump_stack+0x172/0x1f0 [ 786.158942][T12894] dump_header+0x10f/0xba6 [ 786.163365][T12894] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 786.169183][T12894] ? ___ratelimit+0x60/0x595 [ 786.173784][T12894] ? do_raw_spin_unlock+0x57/0x270 [ 786.178913][T12894] oom_kill_process.cold+0x10/0x15 [ 786.184038][T12894] out_of_memory+0x79a/0x1280 [ 786.188729][T12894] ? lock_downgrade+0x880/0x880 [ 786.193590][T12894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.199847][T12894] ? oom_killer_disable+0x280/0x280 [ 786.205045][T12894] ? find_held_lock+0x35/0x130 [ 786.209833][T12894] mem_cgroup_out_of_memory+0x1ca/0x230 [ 786.215380][T12894] ? memcg_event_wake+0x230/0x230 [ 786.220446][T12894] ? do_raw_spin_unlock+0x57/0x270 [ 786.225559][T12894] ? _raw_spin_unlock+0x2d/0x50 [ 786.230397][T12894] try_charge+0x118d/0x1790 [ 786.234894][T12894] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 786.240437][T12894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.246677][T12894] ? kasan_check_read+0x11/0x20 [ 786.251523][T12894] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 786.257076][T12894] mem_cgroup_try_charge+0x24d/0x5e0 [ 786.262361][T12894] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 786.268000][T12894] __handle_mm_fault+0x1e1f/0x3ec0 [ 786.273107][T12894] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 786.278639][T12894] ? find_held_lock+0x35/0x130 [ 786.283395][T12894] ? handle_mm_fault+0x322/0xb30 [ 786.288347][T12894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.294597][T12894] ? kasan_check_read+0x11/0x20 [ 786.299471][T12894] handle_mm_fault+0x43f/0xb30 [ 786.304248][T12894] __get_user_pages+0x7b6/0x1a40 [ 786.309205][T12894] ? follow_page_mask+0x19a0/0x19a0 [ 786.314411][T12894] ? perf_trace_lock+0xeb/0x510 [ 786.319249][T12894] ? __vma_adjust+0x1840/0x1840 [ 786.324101][T12894] ? lock_acquire+0x16f/0x3f0 [ 786.328762][T12894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.334997][T12894] populate_vma_page_range+0x20d/0x2a0 [ 786.340454][T12894] __mm_populate+0x204/0x380 [ 786.345039][T12894] ? populate_vma_page_range+0x2a0/0x2a0 [ 786.350659][T12894] __x64_sys_mlockall+0x35c/0x520 [ 786.355671][T12894] do_syscall_64+0x103/0x610 [ 786.360264][T12894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 786.366156][T12894] RIP: 0033:0x457e29 [ 786.370040][T12894] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 786.389634][T12894] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 786.398025][T12894] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 786.405977][T12894] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 786.413930][T12894] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 786.421888][T12894] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 786.429958][T12894] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 786.444239][T12894] memory: usage 307200kB, limit 307200kB, failcnt 8695 [ 786.475317][T12894] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 786.495113][T12894] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 786.509735][T12894] Memory cgroup stats for /syz3: cache:0KB rss:293476KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:243544KB active_anon:43804KB inactive_file:4KB active_file:0KB unevictable:6272KB [ 786.532298][T12894] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12322,uid=0 [ 786.547805][T12894] Memory cgroup out of memory: Killed process 12322 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 786.706825][T12894] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 786.716857][T12894] CPU: 0 PID: 12894 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 786.725951][T12894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 786.736007][T12894] Call Trace: [ 786.739303][T12894] dump_stack+0x172/0x1f0 [ 786.743633][T12894] dump_header+0x10f/0xba6 [ 786.748034][T12894] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 786.753908][T12894] ? ___ratelimit+0x60/0x595 [ 786.758479][T12894] ? do_raw_spin_unlock+0x57/0x270 [ 786.763572][T12894] oom_kill_process.cold+0x10/0x15 [ 786.768688][T12894] out_of_memory+0x79a/0x1280 [ 786.773372][T12894] ? lock_downgrade+0x880/0x880 [ 786.778214][T12894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.784526][T12894] ? oom_killer_disable+0x280/0x280 [ 786.789717][T12894] ? find_held_lock+0x35/0x130 [ 786.794486][T12894] mem_cgroup_out_of_memory+0x1ca/0x230 [ 786.800099][T12894] ? memcg_event_wake+0x230/0x230 [ 786.805143][T12894] ? do_raw_spin_unlock+0x57/0x270 [ 786.810237][T12894] ? _raw_spin_unlock+0x2d/0x50 [ 786.815069][T12894] try_charge+0x118d/0x1790 [ 786.819556][T12894] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 786.825083][T12894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.831318][T12894] ? kasan_check_read+0x11/0x20 [ 786.836153][T12894] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 786.841713][T12894] mem_cgroup_try_charge+0x24d/0x5e0 [ 786.846992][T12894] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 786.852611][T12894] wp_page_copy+0x408/0x1740 [ 786.857184][T12894] ? find_held_lock+0x35/0x130 [ 786.861931][T12894] ? pmd_pfn+0x1d0/0x1d0 [ 786.866723][T12894] ? lock_downgrade+0x880/0x880 [ 786.871554][T12894] ? swp_swapcount+0x540/0x540 [ 786.876315][T12894] ? kasan_check_read+0x11/0x20 [ 786.881150][T12894] ? do_raw_spin_unlock+0x57/0x270 [ 786.886244][T12894] do_wp_page+0x5d8/0x16c0 [ 786.890653][T12894] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 786.896099][T12894] __handle_mm_fault+0x22e8/0x3ec0 [ 786.901196][T12894] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 786.906723][T12894] ? find_held_lock+0x35/0x130 [ 786.911463][T12894] ? handle_mm_fault+0x322/0xb30 [ 786.916400][T12894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.922621][T12894] ? kasan_check_read+0x11/0x20 [ 786.927455][T12894] handle_mm_fault+0x43f/0xb30 [ 786.932202][T12894] __get_user_pages+0x7b6/0x1a40 [ 786.937123][T12894] ? follow_page_mask+0x19a0/0x19a0 [ 786.942304][T12894] ? perf_trace_lock+0xeb/0x510 [ 786.947218][T12894] ? __vma_adjust+0x1840/0x1840 [ 786.952054][T12894] ? lock_acquire+0x16f/0x3f0 [ 786.956712][T12894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 786.962935][T12894] populate_vma_page_range+0x20d/0x2a0 [ 786.968375][T12894] __mm_populate+0x204/0x380 [ 786.972946][T12894] ? populate_vma_page_range+0x2a0/0x2a0 [ 786.978563][T12894] __x64_sys_mlockall+0x35c/0x520 [ 786.983583][T12894] do_syscall_64+0x103/0x610 [ 786.988160][T12894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 786.994026][T12894] RIP: 0033:0x457e29 [ 786.997903][T12894] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 787.017494][T12894] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 787.025882][T12894] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 787.034148][T12894] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 787.042100][T12894] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 787.050061][T12894] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 787.058020][T12894] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 787.067424][T12894] memory: usage 307200kB, limit 307200kB, failcnt 8729 [ 787.074393][T12894] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 787.081916][T12894] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 787.088757][T12894] Memory cgroup stats for /syz3: cache:0KB rss:293480KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235708KB active_anon:43780KB inactive_file:0KB active_file:0KB unevictable:14032KB [ 787.111165][T12894] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12893,uid=0 [ 787.126656][T12894] Memory cgroup out of memory: Killed process 12893 (syz-executor.3) total-vm:72580kB, anon-rss:11960kB, file-rss:53544kB, shmem-rss:0kB [ 787.141048][ T1042] oom_reaper: reaped process 12893 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:09 executing program 3: mlockall(0xfffffffffffffffb) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, &(0x7f0000000040)=0x8, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x8000, 0x101000) 03:39:09 executing program 5: r0 = creat(&(0x7f0000000200)='./file0\x00', 0x0) io_setup(0xb, &(0x7f0000000240)=0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@security={'security\x00', 0xe, 0x4, 0x448, 0x228, 0x0, 0x0, 0x228, 0x120, 0x378, 0x378, 0x378, 0x378, 0x378, 0x4, &(0x7f0000000000), {[{{@uncond, 0x0, 0xf8, 0x120, 0x0, {}, [@common=@frag={0x30, 'frag\x00', 0x0, {0x4, 0x7, 0xffffffff, 0x10, 0x3}}]}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0xf940}}}, {{@ipv6={@dev={0xfe, 0x80, [], 0x16}, @empty, [0xff000000, 0xff, 0x0, 0xffffffff], [0xffffffff, 0xffffffff, 0xffffffff, 0xffffff00], 'veth1_to_team\x00', 'team0\x00', {0xff}, {}, 0x87, 0x9, 0x0, 0x18}, 0x0, 0xc8, 0x108}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x100000000, 0x10, "498e1ae3a5a7cd187d6bed854b2470bc5afc3cd06112b4fee0c48992a0ae"}}}, {{@uncond, 0x0, 0xf0, 0x150, 0x0, {}, [@common=@eui64={0x28, 'eui64\x00'}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [0xffffffff, 0xffffff00, 0x0, 0xffffffff], 0x4e21, 0x4e23, 0x4e21, 0x4e24, 0x9, 0xffffffff, 0x10001, 0x9, 0x9}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4a8) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000100)) io_submit(r1, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000, 0x407000}]) lseek(r0, 0x0, 0x3) 03:39:09 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffff10000000}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:09 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:09 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="fabc1f023c02003188a070") mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0xfffffffffffffffe, 0x32, r0, 0x0) r1 = socket$inet(0x2, 0x3, 0x20000000084) r2 = socket$inet6(0xa, 0x1, 0x1f) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000000c0)={0x0, 0x7}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000180)={0x0, 0x5}, &(0x7f00000001c0)=0x8) acct(&(0x7f00000013c0)='./file0\x00') getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f00000012c0)={r3, 0xdc, 0x8, 0x0, 0x7ff, 0x7, 0x10001, 0x5, {r4, @in6={{0xa, 0x4e24, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7}}, 0x7fffffff, 0x9, 0x3ff, 0x2, 0x6}}, &(0x7f0000001380)=0xb0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000001400)=ANY=[@ANYRES32=0x0, @ANYBLOB="e60b06008d10060004e27c279f48d0330f760d00"], &(0x7f0000000040)=0x14) setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000080)={r5, 0x45b}, 0x8) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x83, &(0x7f0000001200)={'nat\x00', 0x0, 0x0, 0x90, [], 0x0, &(0x7f00000001c0), &(0x7f0000000200)=""/4096}, &(0x7f0000001280)=0x108) 03:39:09 executing program 4: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB="141439a0ece7286f014c78e02cc8204807001c00090100000000fff2c45c031f086f"], 0x14}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 03:39:09 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x500, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000240)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x64, r2, 0x14, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x200}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x800}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffffffffff800}]}]}, 0x64}}, 0x4000000) ioctl$KVM_S390_UCAS_MAP(r1, 0x4018ae50, &(0x7f0000000040)={0xffffffff, 0x8, 0x100000000}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:09 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:09 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$VIDIOC_CROPCAP(0xffffffffffffffff, 0xc02c563a, &(0x7f0000000080)={0x3, {0x7, 0xc54d, 0x7}, {0x100000000, 0xca67}, {0x0, 0x9}}) close(r0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='vcan0\x00', 0x10) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x3de) ioctl$KVM_GET_REGS(0xffffffffffffffff, 0x8090ae81, &(0x7f00000001c0)) sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000380)={0x0, 0x9, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="000000000000f507000000000000"], 0x9b8}}, 0x5000000) 03:39:10 executing program 5: r0 = gettid() r1 = perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x0, 0x0, 0x0, 0x7, 0x0, 0x8, 0x0, 0x8, 0x0, 0x0, 0x0, 0x7, 0x0, 0x200, 0x0, 0x0, 0x5, 0x105, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1, 0x3, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, @perf_config_ext={0xfffe00}, 0x0, 0xfffffffffffffffa, 0x0, 0x0, 0xfee}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg(0xffffffffffffff9c, &(0x7f0000000700)={&(0x7f0000000340)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000002c0)=""/15, 0xf}, {&(0x7f00000003c0)=""/246, 0xf6}, {&(0x7f00000004c0)=""/195, 0xc3}], 0x3, &(0x7f0000000600)=""/206, 0xce}, 0x20) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r2, 0x84, 0x1a, &(0x7f0000000100)=ANY=[@ANYRES32=0x0, @ANYBLOB="6f00000063e5242155e1d78ed2661c7c659ac501a7574452351862fb72f8e8d78945fbb1422aee2af0646c54ad5b29c59122fdf787ca177ceafdb4e7ffbcc6fc18a0a0d18753a6b1549fd784256734f030664200b9b5aef967276a8466d4c12976434c093fc6f9"], &(0x7f0000000000)=0x77) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000740)={r3, 0x3}, &(0x7f0000000780)=0x8) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000080)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x3) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = syz_genetlink_get_family_id$net_dm(0x0) sendmsg$NET_DM_CMD_STOP(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5, 0x300, 0x70bd29, 0x25dfdbfc, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x8040}, 0x80) sched_setaffinity(0x0, 0xfffffecd, &(0x7f00000000c0)=0x9) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, 0x0) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) r7 = dup(r6) setsockopt$bt_BT_SNDMTU(r7, 0x112, 0xc, &(0x7f0000000880)=0x9, 0x2) perf_event_open(&(0x7f0000000800)={0x0, 0x70, 0x5f, 0x200, 0xd39c, 0x0, 0x0, 0x6, 0x4080a, 0x2, 0x0, 0x7, 0x80000, 0xffffffff, 0x200, 0x800, 0xfffffffffffffff9, 0x3, 0x2, 0x3, 0x4, 0x1d, 0x4, 0x10000, 0x3, 0x6, 0x46b, 0x8, 0x8001, 0x0, 0x4, 0x3, 0x2, 0xff, 0x8, 0xfd, 0x3f, 0x5, 0x0, 0xd3d7, 0x3, @perf_bp={&(0x7f00000007c0), 0x4}, 0x24000, 0x10001, 0x4, 0x0, 0x20, 0x2, 0x8}, r0, 0x10, 0xffffffffffffffff, 0x1) ioctl$TCSETS(r6, 0x40045431, &(0x7f00003b9fdc)) r8 = syz_open_pts(r6, 0x805) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000900)={0x3f, @empty, 0x4e21, 0x3, 'rr\x00', 0x25, 0x2, 0x5d}, 0x2c) ioctl$TCSETSW(r7, 0x5403, &(0x7f00000000c0)={0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}) r9 = dup3(r8, r7, 0x0) write$UHID_INPUT(r9, &(0x7f00000036c0)={0x8, "e52aac313baccb9b551156a2d7c12b7711c32a17d3c4c9ceef08c2046fe288a7036e513019e5e114cc4ae935d23a9990952824f5d0c1f52e2eb94e5301ba9dc9a02818038eaef46fc2c3ebbe46e4a6024c93823f66462ba3d68913fdeadd1087b06846aa3ddf6ed3dc2b61b4960f48c2edf5cdf23c7e8d3f2e6daa71e66b29bc19e377d7df4637d735194a52da503a0ac44383ba5b3da867e09ceae02a9bfc21e7f28814c2fab7da41344e207ca706dc37592abdb685e4b80eb6dc2b1dc550a1d16166d163a4a220a54d7844facbbb2648ee90aa05c3c03ee447d79e517df8ffe70c215bd0bf69e86a5f48d571b9337590d05e9947727c0d77d18a117f110252735ca6700a55fd26838935808cce7b7c222a75339e44230bdeb99bc39c0c1cc20de74fcb9744f4c4a988f3874a846d31abcf5504d78a3e14f35f6cbd123fcff22890cc17c730c3ea9f74616dfe60064552ec25568a6211bdc39483a28bed0df0afc7d7c6d13d301e080c8846eab1a9d914b0695b16dd3009feaf204d22e32c5ecc333e616159d55328d375e59194c5c9a0b3843afb283d1d26f59e03105e91aa552386468432a09be73220e942394f34c559797b74bfe7c5c2c639a40e4d2e81e1004b127540a0bdd6be2f95698e75e4f1203a47d61f506ac9364be9d98ae46536f74afe08c450ecb902e00f188c9f32aed0677455e10bbe82c763a464f10f64c403c35376b7a675546835209f0e2809e9c2bd191f784dda4b727bfac512497a07474e6d3e13233601df81abcdb6fbfb152483ec61baaee45a5d733c62107f63c55a046401a5ddef70cef8d52cb4784e3efc34de554c8ff48f7ae3d6dc1ed4eb70fe1e610355fd66ce1a375b63b6641fb3dadfab8a9b0b1f26ca11f7287258ad4766e08340f8f2fd53e7e5f287bb73c186f0290f225687040c762776a02e5e65f1b9b713e8ef98ffe111b3e4e7b761dd3ed763ed8dafd67625fb300ac752c0ff9c0c04b75be292c3f0247bd0b3560f1c76aff38791037fcf2b812f1601934a8fc769f7198e0df685841489263a1495a8a8bab1a63cb12b3089a3e30aab15ae872437e52a6f0dbc4df2d0e8df4c6bcd47beefc179d85b70b42b319453e6efaff96a509420bec299f227c4b676c58038916897f15430ff52087dd97dd329c6b6e207378053accaa31843a333e4f69586103424f44bd67eb355c1fbe078e62f07ebaae46c3e335372127dc5fa70a4579af715e531bda52761dc206aded4678079720603a577ef7e5fb5a81a525b7c96a4047d9d6bb80d7e0ce55cc0a4f73256ae9c515307f13fe54126786de425d7a674b05116104176faac5b9365b33fd2f5a710a5159d342abecede83ad421bbb712cd5b006671a958cec907311719eb3e0b5dc4fb51054e06656a7a2a066c0aac65ceb434ca3f242cb2b1d7a22179a85cbbeeacc2f0135d8dd4d1363a98d2543fa4973e19eb359e956d27f142c75f62c7aecaf47090236b9791847725bc6fde15cd4a119a4976a3f0f2d622973ad9000aae56f88b396fa1881ec0b0a5de9955fc8f864b36eacd635b88826e0a64897d605fa4a14f7786b037cf308bef61c7f860e38f1ae67fe8cb7802dbe85f9c0c082eed1a13e645370d0c95d63bba215ac8a637b8f968aef06329d62ba131b56b46bfcfa6a5e82016d5eeb6e7db45595d1acaaa5ec9886315d3dced9d0a15c44c043ac91e4ae7077139774607b76cbc017f636145beb84c128cf35ddf4a895a56b8d141f743c9189a71387893f785804f85927a23ccd79c432ab686b621ec91706ef082b4ea4fa608ce2daca0d2e2e07ff51e6a8fdc22f1c8ee5ae53720f93b4547704fae580e5560e3c7b1ac2a38ffc294d3c96635e3b919339394843c8a171c7912ceb9c0a11be25783694b177b399e7a495538e293a59d3ab44b176afed6894aa0e501d9b98981be3f2057bf6c9869403a34cb83ad57150c674301f39524a026f3608a3414287bc4e507355823c6f8640bb803a392fb8847023d1db3c39753e72414682c617de9bd0d5b6a55d46004d49f20d2f8f53cdd8eb11402f7895cd7c01b4964fd005c564b0b0e156969ccde818dda3a7cae02d1d3af95081e6549f28976fa81b5e90fbb0a62fea850ffaf0220132189c11a74996261f6de6001c50364f08c4f48fd46a0417ec8ee4d003efeead64b87d64b43cd6868f365e72e26dd9f5f9f74d135f64464cb38dd62051ae70c5a4daabebe700eb9b290b8ed4142db0090219e6186f8f71fa8fe1ebe42f621b8eed182ee8ad0401f0a3530fd48e4d1eb2637f1fbd2a7032b0f85715203c12ab8ff48131bc4ff28272b57119a76bc0b30fef5294c23c0b2bcadfbba37a00502b5e43d72148d9acc7cb7cb39dc830cd6f30262a09eecf29d1055c2edc3926cfd5076aa5f9f172ed145359fc974ca5ded652433d212607bed155df1aff269414548a39a644b6ce927de5de6e6750575c4fd7ea7fe10b1e51fde6975c0c23fc012a8b12fe3fa64e972e4e09eafea165ae5c1ffc9d761e1314a781959c223b96eefde0f4f45c7ac032a8d3f1bd304114c3329a3e4966eddcc8d44ae70bad2932f963100955e2d2d487347c2aa8356bc6bc3c84e418163c758f1372246884e6d80d87d7ab3fe660dda13ada65f200b4fb365223b93bbc29493ae6dbbbb1823edb8e9f045b60414edab955e1046b67a8d4908ab08ad90216125d2ffd8c7814a9a4940df0a653b1cf53cf456412228445ebc8e1584adfe13207ff24fe602e2a506218710483b5544347a3d515b7d2ddcaa1bb7ae3578841918a8ed00659d5f260d23ae17a9ffc77f79758844586fe53517097838a92dde8873e8be1cd5934f1a4bfdd9d0b5725b811c4a2c121b7729946993a736bd195c55684ea680304af4844a1b2f74e2c2b2ccaeceb00b9c2c515b70912efb27643c5624025e358b44853cc0efddc103ee514471af902cd9b68f102c95a91d2b825b473ce842e6367b0b7305ce8be6f9c812abe860bb632e00b69a0370e5c8f9ba0cebbcbe1b9276949c303a4e9e3b6db37a0716520c07512192364abb58399fca973a1b32106096eda8bb85745562e8a35c5e917fdf858091a4c29d6549e10098d6b205fc5cad546fe07b3a70756cf7079c88f3708f0c8527002b99e80cbd584a3737fb37953cd6dccf21add4d4b6e65894490840c008578737d5e208649d1cd34beb403c2226300297853a29cf6c661b426c13306575d81f6fd21712e0ec4366013883b95a71d5094acbf156e42de11cb873744983ec1ff9cfbee2278053b8b4e523388bd41dfd3c2ecaacc5d9d2958bbfa94f4bd0ac1c61c98ab295dd5c69020f1329818df9a2aa88ced03f4e6a4d1f8cb020afcd24000000000000000ba0c13a03dd32e8d4ccf0246008f35ef5184f81b8fed73b4aae4998bd8c7d784210042247d39396ba881bf43555d0ec58deede7b4729e79d31b2a346527594ca3a47a1723a792a701dc18d0124365e2c4a4fefed48c29a9f2fc747b302eaf92a100b2da211c91de4ab79d4aede483d852635c6f14d38095a5739d475c7aa67fdd54767a056eeb3098dfd8d1c21f32e76f0247f04118448273586856e641b83f540a643e72dc15804b78bac475f39e23291798aa45a2c10aa5fef2d5e4d7b8f529a66535d11c6149e9797f2fcce2804f2a5370345e98b0c02c7dd27135d414fe72f0740423920d68b64f6b8c05788c6692ceb4831b5d4593a970dc3ee2528765fb739964f4fed7200d7e796a9f3d0d60834e638dd8c29d4e85011e4ba4f127fe765954a5b5bb5d1cc69f2376599d5a3e8c30714893f763c06061072c10cb0eee17eb2a2514acc584b04e169d4a33a330367bb725ff9462f5d50282a2e393293eec8ea1eaab8297cc108798a4a57eccdb00647ab9f07318993f7c59c395a93cbd681d0a967a56e3f13c832c48dcc0d0096870b0d51b754e70b12a849b6f376923f7f7d909f64d64e1d6e338d39166b725265b96ed21e36b12057288d66e5df04b7b734ed0957d47fde172be2473b9ac6fdb823abe3e11ec69a170a14511d5572d6c0d9f6b749acad7003f0567bb6f9381649e42d02764077330d5af3d93185968a9f8dfed16c4a7c768a2bb98304946a557182c0ce93e82b340074e384cc6bd6129483386c654a6ab3bb12fe8e86adafa93f218fdf5019c09292858ae38ef7aa6a78e3f846215856d630ae9c5fc4009693b2767ea55c469f9099693287b35d43ee0f7a5baf3328d37b2c536f2abd6e21e472c105ae982cdd26a5a20562122e71efb1486c28d9409c3114b608f297695958c5604cf0918c0c70c56c79170260d73bde297e47cae1c404cca0a96eed51a2dc8f6f6ad862fe767ee5b5e68f231096825d935b809b3c1b5d9a2cd76cae22652bed7d263b42612ed717eba0aaf2a3989c4520c402d294285497a42736454ccb62fb3fdd073b91d4e2f6895fba9639ee78bd8ccb5bc3ce442fbeb9a1521314b82804293159fd7df4db66b78a06fe93e705bbc4e0d294a787c3cbf271b2acd15e7b4998c822f7724d3191e2265bd0d694dfb08063c9ff26a424884b46e26b5560d756c114ad1a7b92eee3f49dc2883b604ecc49c5ce92ce467778301326588a6577d44758e8d90710248d110dbf3d3d568779bd1c616369f84619dd089e38b51634f7c5d2ac9f1547a342877815a3864ad70b68b196bde9d810512f411d5235633ef65088788dfa3f152df7cee3a0803f6ac7ae192301dec07ff870ff3d7cf1c09cc9093263b225d01222376531007af9e6fb96e5ccaa8274f70adc786db7f33a20a752717b56b9a03bfce15a1aacd78c4adf8bdf41de8aaf421684c27526088c54322b5eea9175ef9c574c1f873218cc6f5df233892d7d5b0b0649ffc5a1c4909f2967a8c1f15b419ecde0448f071fa71e553f4f12cfa5e35022e75ddc5509edddc3de82d9097759b27f7c24776702e0ff64559281f796f11c1a9c77a156f390d2d18d1759b6be0347eb5bb4df912e9cfafa0db3be3243bacb378ca0946cece695a8099d6d7a24fc8bcca4c09695e3208f17f00bf404f6eb7852dfe73c163a19fd4e890e0edd5c7a727984b6f47a952373b95200bba061756c699c218b52c265b22bcd5cb24fdf056621fdd2126cede171e435320ca34e56e4c82a2afc9a59d3bf4647877658b6f23a6484f37acd8e2e184926993b5d1bbe6cdba64f486b4fb41bb94a644140540894f8fc14e585bc8beae88eabf926add289c82eb8cea99743baed842d76eb5c5573f7a7f3f2693960d6bfed697b5619afd942f41689dbd281a35e32478ba3a388dada82a2f4164481aa6a8f3946a84ea6186b20ce388c202be42996ae90feec7258d4a4a276353df84c96b160ac003d81cf395c0e61b0f0a9e692c32fab307f754cae5de7716a00cb96160cd39c931f4885d612862cecf6ba76502c9d266f97e4cf6cf0a16f787788e5471458a0dc24d3f2a28caa0f7ee00cf8bb113bd9c2b086037d765b5ec9a849df6f482fc01b48261e44299b0bc88321d837b6e2d221ebf2996b4140cd82e531de27f8de445f31c64469a5a145b031cd2569d19e27369c31ec63a989f0c9aaba7cc9d36d652001d40004f83a90d6465854f31bf15d1ef6bff4c02d60b948a37e3f50d250d7f85f545f507014aae5a35908283168c034f654acbb9d0fc261671d612e3d74261653e69e5e9cf7c8fda298b4d6c879cbbb97eafe648ba70150599089d65c1fdc0d5af879a2d46a443ac6dd21b33f72510742db4faf7eeb1580580ffe26e2d5ff", 0x1000}, 0x1006) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f00000008c0)={0x0, r4, 0xfffffffffffffff7, 0x3c4, 0xffffffff, 0x7ff}) 03:39:10 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000100)='/dev/input/event#\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0adc1f023c123f3188a070") r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x40, 0x0) write$P9_RREAD(r2, &(0x7f0000000180)={0x100b, 0x75, 0x2, {0x1000, "f59a992b269b68316a02a3a00828f66d8cb1b0b14b02c92519d7bc456f25fc1303054e4b18f35488c050137ed3241cc93d9eb55dfa6c712b5615cba4ce1469c230c16322adf7cc6c0c832c687dfb2c53c7cd0cdd182fa1c4190350252befd178d81349d3cc35eb9210d32d680d8ebbdc07971c94c3926dac2164d0419446f6bf38744515ba6d8bdcdf35ac3ba4436d2d17509a67dce8acb40b9dd0067f2b9474fc0ca87f17ed3f2a59b7a57558b561cd1d76564a9d8e0de3a2046f693d0f143df0d9e743c76153935c6eb84f5e28e85d5d86b86741babc264f4eecd5bfdf0c8e056ef7f18a7f276c833a2d7d3b28f6ce429f824b929ec815ebc772468f96ef317aba87623837ee067cfd0c15cec51e32060241159531e630087f1c5c32594788d36557605972b87c64956fcefdca773fa36966299213e003223eb6df0cd9526faf42725d90e81060c19e12a67be1728ecefe64104d78699db99c4e16afd26f7c93858086aafb67e6e5c14cf1aed703c6f224d3b23ce8934485f393040d485139ccf50d92fd4765941695526f0e3c69edfea8171a0d6de1ea3b689f91a70607d57600dade7f7d5baa80adbdbaf271f7c1f93efae9541c029ca1c1bea4e239d6f911afbd36db65f1aae1a7486dbd2e5730c996624d85005200c9e885a7a7dc9e68ef770cc90303fa851416e2ba4ba61b7993b6a72d1abdeaa394228360302cce0f1b786178f1d4f168b4ef1a40d2cc0386ce62d4fcfa947387d8395f4a36e5b23ae67b35b1f0f1a0a44ca09277c48616dc9fb2dc086fc0be831fa2ab3c801f3905b608f681ef5229ea9ad4705d415c36f6f354eb17b2c245ce70c8f230ecee5f6728672a8aabb6a9d3a05d3c573ea540fb2d4337cb88742081bea206bc16aaeb07cb4170eca690705494997266282a118fd7825207fe6e73bba9e13a208477ff9aae62cbc512d9daed6d68d11c8dd45acea382def30d214174aed0d3e8a9c4ead0d54211c61f3faf1370ce29cc329d16de912e4381c94812120fb1e8ddb4b3ee8fa50eab1dba11dd3236762329eb140ab5b989dee9b2b0b80623e41d61e5df1a17863c36bf1b59e8435a3998db1692f9eb8571c2fe07ffb8946d2359574fe709f35fb6a59b5e4d28d0f59088be721f4310c09ee2776bac18f0f339755257d1141c4a96a36788972d42bd4c1fe66476ee7ca438538820b76715b10c1a00f3318eb1b07bb7234ea0c9c2cc7cdec0f60b206669697dc0bc92e6b253bcba6fb1852e136185a4913e41f085162d7104878eea8e70326a03ff869392924b797e407b99c1d14adfe2ef0fcf345abb88b602f606cd981272193d7b779489bc7e80effc50ed54230989ee75072735fbc281c0ac8adcf5a9f54eafb284350603d3371484d7e2d39ec141c82edc28a76121f7191da0ec38bd29b88b9bfb199ad508ca30f2ea80b693675d660d5a38b3e09e10d3dda1145680258adc1df6890419de7a15ec8b0a9a43a89e64f8aa9a3cb6911686a617d389c2032b9cb04df1b87b38309a11883287cd68e67a66322c06d5f3c0f9724aa8d2f2c4bd24733ac16440ad501232860af406b1455d11201b04cc4cedccf6b75d138578b1b8c228a1fb2cc614a6a94607e19f1a6db15c363353e6337ef5c762cec63e8e1451fdc40f27c16af124c093a09767b35a5529712e6603a8badb76718d16bc6291a535de3ffd4cec74a4615e2e34c39d1ecfe74f17f1c613bd262ff87d318cef92fd0ef6c6ca3cb7d92babb3561d65959bdf1f0718cf796afb622613af6426a6bfaf3bea850ae182a56f19b74e4e03823c92658868816cf1959e8ac18d039486757ea882090886c948d4bdad7756674744ca8b3067582ee510172bcb1c38dec472e6770ab94b249345ca7436bde134dfbe3c7ae38468dba52345a4c641bc65b71b96326c55112437d9a0138ad0e508b2df170db695fbfc1cc3e20c1e0c7cb605b84416a68d3f5d239bd4d5e91713b920d6ffe0921d3284ea3934eab907a6c417861aca4c296cc8388b500ae4ac646aa516ab7e3f825c47a8ce68123d38d9ebf0d412bc3f233a81039bec69282109cde0b1316ef7abbcdb0de280c5c7c897b18359b0b69aa2d3ab35c44355435903d61d2ed3ed930df43b403e67153a24888868952272b29a6448f8aa76fce8e4fa430996cf7e7044409297849c75e75061c11cc0b809fa122500ede091ee7815b10c1d75eb86cfb704ca078af45f99a2204cb6f6f74ec1376b2b65fa95ee0d9ebbf91f8da0c2a0b11b6c1bad636a606e7b0bed6b5a38937d5970a5d5152f257dd524c31d29f16b1f36b0350ab74227e0500a938efd0d96bbaed97631b06e17b84f24556ab0efb1e244d174a942eca872da17e5bd874dd24a996ab4854abc1c41d50eab91ec4cf653ff608931fe9ab2b69e2827ca89e63fa4c30997bb01ee1c313e8a304ee632d843ef876fcf91a3c73ca6817f98735910f3d883f0b48bc6cda967b21f35b5e7e9ed88072a2b8ca523099791eb6e2c98fdbbce5e2c65fffab6d18b3ce2bdbf94a1199d0c02d421e789fea15cd5aecbadbe6e912d073ce5faa31b13fee0eca70721ebd838be1410896caaa1a09e1b83e24d9af4bca33335a8b5b708b5e89515ff6790b1d526c821a89d71c561b9cfc98b48aa939d128bc61bb9af72fe477fd1e3a115ea4b054460d7bd28125c9a42c5abfa73a6fff80ac765b97e48984f5d1a2e75efe994ea8e5c7b8b509713963be1bba8fd07d7173e1d78aa8aa7bad522376ad13a263f8efa2a11fed9a78c2a41c459a20878363a2945886b97bf50083fd7407b3ba0dfcc7ac720fa98e8444375648cc017a1122243a47abbdaf5c7587e7806774277c2bc249e45ce736d7e3939ff021156b6c1937a35705288733da896ed6c1a5902772d95773c338fbc7b10f47afeb7db9aa0a7ee3d490993cb810e071dc3597a4a9e0f8702adc23acd975791a242aaf4970efd016954e36f80bfcf720817ef41d535fa0a4970cc3e40704b0a08c799cbd8aa809dc4098d97b5cef7894d39cf893c2b21ae00ad6b1a718fbe0089cbf5c615d72b9632d8ec6e3530d185c99563ff3eae89ed696107d9cafe8e46acdb66e01a4f8f7f7c6a1a4749b7a037fe826dc36923847aa97ee725969425305acbe82aaacb15a4294f8fd3fd6aaa54332f79d8b9ad40f16b6d69bca252df064d6efb291417117de9dfd94abd3daef364166e04e916bc65304ded95f2db85dfcb4a5111ad2c4807e1bb87a38218102586f65510b73ff39115e827f0b09b07317d2d10dd6399322e83946d721aedc9f6275242a6620a6f38920585b0144a1a82602eb631fd3a539b4ed0562aededcc0d788c2f33fcc23a8aa78c5e7b006c2dfb0a06d3be9f029afa05ff42587a222e0a9ea9e036d7db7ea1844e072ff48a7dc3370ba860b6446807a8a3c97f19527b6608aab7ceffd4eb3c209e828e0fd34b5567163057bbe1e2bf951e19108fb394a346136b17b54118b0271adcdfa9038669c2462c00617cae4a95622e5923de14f613fce0d275b00f757be677a13097ad6f002da31fd8b1b7075625ecb154f1b0f934c25de5bdfea56ef8752f705e547890ae0d1375db0055dadedbd8954fc8fdbd4a9c8577503b267219df952e2fad5ad57f28fecd46f16939198180e641b9dadf72f868b0bd3014fa4e7e2d56b65d622e82e86ae4b9854e14b34de07b776cc99288d8702df4ba5ff1e01c43c4a92626cb0f89e2e5f58f3d6ffaf914d1b8a8021a672460d535cc971237398fffd38b17a90956857bd67fcabcea8ee1d3b102919a869086f2ffc5cb6bb46bde971671e31ea8b29f4edcfcd65491030e034dde46546d5757058cb6ec2b2f615c5981dbbd9c6bdfdf43c136dedcbab5b291ada18cd4a392cf692c822aaef8017da0e9e2de9dc108c2f6aaa147424e6855acd1011d7605632de1ce629e20695effb6b0e2385cd49aa277354c7d22d812bc7928fe8b76121bd17d985f7bfe59c5006e2974f8588833c7304365df50c2a8b39299d9018d04f801b77b86e2d4a6833d223921bf274d6e217cc8ceadfdd927c9eb936551c644f1ec53fa75eb7e61a1e2d256fc4c94dddaea1e593cc140ad68bfc5ddb94cadc2659a9a25e920525821eac56dbfda7f477802c36f68fb1ba7a5aba9ec9d813ffb4bfce78546b85cc1703ef61ecb84f2c93dc1832c5261193b0a95cb84e37e5baad8e69b1116867de1ef7e0e6f7bda505a4015f70727b1f22a71bad77cb0e55c454b15b71f3fd7632ac1e4a61c2b64c4e04bf386ad9489d351c28197f26448e64878d6c2cb95de67e1d1f664801d57858d36bbe8c3b021343f826e8e6a44867e7040b158b94dfda53db4f2657cae684ebd3f1c32f946aa1161881f244c3e6a0b5469053ce053db5a373a49e32a474901bba818d969328e38fa92359114e91af4eaaa53df7b6e3ca6730898273f0bf5ffd45767c8545050c9593936319b53b9973163523a597fafda204297ef72378ecbd5c032e08b8e223ad3d8082c7f489f4c78b029c0f483634a9ad4fb62074ecc04276630b56dd35a6baaa1ebb563e75e0dcb3a6ab63d8c4442367fce3ef2abaf8ee58dbedc2b4e868177f6c137b772964275bb154bc49f39e82bba708e629459efb2cac7ec36e9fbc2f10c9595a9aec6eb54663ef34c79003d3e30599708d583f199e7c7b3bea1ea6f6befd54443c772c4dce53b489fb0db51969cdbf06927e1f15e5083738e972ab75aef46a00609830ce08da849b524f5a313df2808072bdc2c141760afde279529c38ce71be547be4f65e98ae63b0853f897f949e5744d46ef8e8c22892cf99015b92f81c026ca82081ba5d40028d04ea98e5aa860a693ac42caf89395a039d07182d3d530c874c593c3d678ae676e63c9be11fa414d3f70ecba992df18ea1813d7263c08ec7581510f614b92b2b5852bc0d8d7442b2af7c3be7b558c4f3ffccf2aaf544abf83e5871f38027e3c54ca1dea362bc2ef791f2deba787e85b4bfbae08dd7635d2be4d3553aafb24d32ef45bd332f02b4602ea18f2816ea6a46ad923b48d3fbde7b87312dc98083d8ca451ecc5eeafe44c01d17cd05f2dc436f50a306c2507357a04f84263d7307a2b366fa55793f9662cb6bcd6358d41356dd3ef7466594761b6d501124a5ead92b45bc8f77fab9f067393ccd4b8520d14d975d3c927a0588b32afbcbb72f40e5dbd7299fcdc9ab95fe6f8f19404738d8ce47d3e1b031ae7ff49e119f00acd03573e97c9407abccb6ff781275813cdcb0e1e1f6a75d5cf3a20e2b68335a970e79a85fcb47f5460a8bff9abd58ea685ddc0e7b7b22acf543bf0f966c47ae9f3af0b244a2d9ec3541e4b7e386092d322561b371e88675b6ab8e3c7796de6a8ee3387309170a55b588396bacf7e9fbbb6b6520208c5bf05e1fe5659bbe3b6cc993cc28f68aefc8ba1712ee892a1517ba885cae2650c696c31f21b5b756608d881b3ea1e3a838cec133ded6ebf93e37f105603e8cae29ec610ed43f11925622ca96c760cfde7c3677be2c7ff1f041aa0c6c9e98cc302cfa66cffe342fab01aa30c16971fe73aed22f56f5f2db0bed2907b3b3737301e1fabd104b9c08f29bfacef0818df23c76f48f5ab686207b3eb3170c80149a7fa5579393e89b473661db6ac6c2ebea34ee3e56a6d8175c7158c1e6b998a6a2f0e00124c8cbb1ca1dc6738f3d5e05deca24b0069ea465a242af11a732d090eb14145cc00a72ad2ca81acd04aad4c821d5b14486b1eddc7be7829904bbd5c7148b557cb9751701"}}, 0x100b) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000140)=""/61) socket$bt_hidp(0x1f, 0x3, 0x6) r3 = dup(r1) ioctl$sock_SIOCOUTQ(r3, 0x5411, &(0x7f0000000000)) 03:39:10 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ip_vs\x00') ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000080)={0x9, 0x9, 0x1, r2}) setsockopt$CAIFSO_REQ_PARAM(r2, 0x116, 0x80, &(0x7f00000000c0)="567082e30444ff0baadc2cd36255d230e19f1f8cadfeddbd724645194c84ecfec151643a9bc5fc9b620dd4e929181225a8a4653fa43ec5f8df314cabb12db3600724fd49651e0f3d024b74eb3e154780874c5b16ac202e0466531d0763f793b24ee044f61931def8b0d9a7d54f5f08358215308b8b6d0e26b6d1aee8a3d3af60891c191c7f9f37af652415a1e25015a28ca4333acf57d113b21af93b7afbcac7371e231ecbe19cbcb0140136ee1c0b45b4d8cd6cd53894d1b6e10405632bc0994bd517dd9389c64533f01f0e66145e5d6b25b57c59130d3386b5026d92cc11017ad6f4ccb695abe9d32dabd4b54ecf7aea122df14367629aff98", 0xfa) [ 787.492511][T12952] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 787.534667][T12952] CPU: 1 PID: 12952 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 787.543810][T12952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 787.553870][T12952] Call Trace: [ 787.557182][T12952] dump_stack+0x172/0x1f0 [ 787.561541][T12952] dump_header+0x10f/0xba6 [ 787.565965][T12952] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 787.571777][T12952] ? ___ratelimit+0x60/0x595 [ 787.576372][T12952] ? do_raw_spin_unlock+0x57/0x270 [ 787.581491][T12952] oom_kill_process.cold+0x10/0x15 [ 787.586624][T12952] out_of_memory+0x79a/0x1280 [ 787.591308][T12952] ? lock_downgrade+0x880/0x880 [ 787.596173][T12952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.602417][T12952] ? oom_killer_disable+0x280/0x280 [ 787.607620][T12952] ? find_held_lock+0x35/0x130 [ 787.612397][T12952] mem_cgroup_out_of_memory+0x1ca/0x230 [ 787.617944][T12952] ? memcg_event_wake+0x230/0x230 [ 787.622975][T12952] ? do_raw_spin_unlock+0x57/0x270 [ 787.628090][T12952] ? _raw_spin_unlock+0x2d/0x50 03:39:10 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x4000000000080002, 0x8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000000)=0x8, 0x4) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0x8, 0x1, 0x0, 0x0, 0xfffffffffffffc00, 0x10001}, 0x20) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x14) 03:39:10 executing program 0: timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000003, &(0x7f0000000080)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f00000005c0), 0xc005002000003fd6, 0x0, 0x0, 0x0) r3 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) writev(r1, &(0x7f0000000040)=[{&(0x7f0000000000)="84", 0x1}], 0x1) r4 = syz_open_dev$adsp(&(0x7f0000000140)='/dev/adsp#\x00', 0x9, 0x0) connect$caif(r4, &(0x7f0000000180)=@dgm={0x25, 0x0, 0x4}, 0x18) tkill(r3, 0x14) [ 787.632939][T12952] try_charge+0x118d/0x1790 [ 787.637441][T12952] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 787.642986][T12952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.649304][T12952] ? kasan_check_read+0x11/0x20 [ 787.654167][T12952] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 787.659813][T12952] mem_cgroup_try_charge+0x24d/0x5e0 [ 787.665116][T12952] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 787.670756][T12952] __handle_mm_fault+0x1e1f/0x3ec0 [ 787.675886][T12952] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 787.681443][T12952] ? find_held_lock+0x35/0x130 [ 787.686213][T12952] ? handle_mm_fault+0x322/0xb30 [ 787.691174][T12952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.697432][T12952] ? kasan_check_read+0x11/0x20 [ 787.702300][T12952] handle_mm_fault+0x43f/0xb30 [ 787.707082][T12952] __get_user_pages+0x7b6/0x1a40 [ 787.712036][T12952] ? follow_page_mask+0x19a0/0x19a0 [ 787.717243][T12952] ? perf_trace_lock+0xeb/0x510 [ 787.722107][T12952] ? __vma_adjust+0x1840/0x1840 [ 787.726974][T12952] ? lock_acquire+0x16f/0x3f0 03:39:10 executing program 5: getpid() r0 = syz_open_dev$radio(&(0x7f0000000140)='/dev/radio#\x00', 0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x0) ioctl$DRM_IOCTL_GET_SAREA_CTX(r0, 0xc010641d, 0x0) close(0xffffffffffffffff) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$VIDIOC_ENUM_DV_TIMINGS(r1, 0xc0945662, &(0x7f0000000080)={0x0, 0x0, [], {0x0, @reserved}}) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) [ 787.731658][T12952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 787.737909][T12952] populate_vma_page_range+0x20d/0x2a0 [ 787.743379][T12952] __mm_populate+0x204/0x380 [ 787.747981][T12952] ? populate_vma_page_range+0x2a0/0x2a0 [ 787.753633][T12952] __x64_sys_mlockall+0x35c/0x520 [ 787.758667][T12952] do_syscall_64+0x103/0x610 [ 787.763272][T12952] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 787.769913][T12952] RIP: 0033:0x457e29 [ 787.773810][T12952] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 787.796282][T12952] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 787.804706][T12952] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 787.812686][T12952] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 787.820671][T12952] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 03:39:10 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x2000001000000, 0x10, r0, 0x0) r1 = syz_open_dev$cec(&(0x7f0000000700)='/dev/cec#\x00', 0x0, 0x2) ioctl$SIOCX25CALLACCPTAPPRV(r1, 0x89e8) ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/autofs\x00', 0x10000, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000680)={0x0, r2, 0x7, 0x5b, 0x5}) r3 = syz_open_dev$media(&(0x7f0000000600)='/dev/media#\x00', 0xe3bb, 0x42002) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000640)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x0, 0x0) ioctl$sock_x25_SIOCDELRT(r4, 0x890c, &(0x7f0000000040)={@null=' \x00', 0x8, 'nlmon0\x00'}) ioctl$PERF_EVENT_IOC_QUERY_BPF(r2, 0xc008240a, 0x0) clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getgid() request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00\x00\b', 0xffffffffffffffff, 0x4c00000000006800}, &(0x7f0000001fee)='R\trist\xe3cusgrVid:De', 0x0) getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000740), &(0x7f0000000780)=0x2) ioctl$SIOCAX25ADDFWD(r3, 0x89ea, &(0x7f0000000940)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}) write$uinput_user_dev(r4, &(0x7f0000000140)={'syz1\x00', {0x1, 0x4, 0x0, 0x606d}, 0x28, [0x6, 0x80, 0x400, 0x0, 0x0, 0x0, 0x4, 0x20, 0x6, 0x5, 0xffff, 0x8, 0x7, 0x25c9387, 0x2, 0x2, 0x2, 0xfffffffffffffffc, 0x40, 0x4, 0x80000000, 0x3, 0x7ff, 0x200, 0x0, 0x400, 0x7fff, 0x40, 0xfffffffffffffffd, 0x3, 0x1, 0x4, 0x5, 0xfffffffffffffff7, 0x400, 0xeec, 0xce1, 0x5, 0x4, 0x76, 0x0, 0x6, 0x8, 0x5c, 0x6, 0x7ff, 0x9, 0x7fffffff, 0x2, 0x80, 0x81, 0x6017, 0xb05, 0x2, 0x1, 0x6, 0x3f, 0x1, 0xfffffffffffffffb, 0x9, 0x400, 0xffffffffffffffe0, 0x7, 0xfffffffffffffff8], [0x0, 0x9, 0x8486, 0x100, 0x20, 0x1f, 0x0, 0x0, 0x6, 0x22a, 0x80000001, 0x0, 0x9, 0x1, 0x1ff, 0xc56, 0x1, 0x16e, 0x0, 0x7, 0x27c, 0xa64, 0x8, 0x6, 0x0, 0x8, 0x9, 0x4, 0x0, 0x7, 0x6, 0x0, 0xe623, 0x0, 0x7ac7, 0x6, 0x7ff0, 0x0, 0xd, 0x200, 0xafe4, 0x8, 0x3ff, 0x10001, 0x5, 0x4, 0xfffffffffffffffd, 0x0, 0x80, 0x3, 0x3, 0x6, 0x4, 0x20, 0x0, 0x100000000, 0x37, 0x0, 0xf3, 0xf5b, 0x5, 0x1, 0x101, 0x80000001], [0x0, 0x0, 0x80000001, 0x3, 0x101, 0x0, 0x2, 0x622, 0x6, 0xfffffffffffffffd, 0x1000, 0x3, 0xfffffffffffffff8, 0x6, 0x101, 0x1, 0x7ff, 0x509, 0x1, 0xdf, 0x80, 0x2, 0x3, 0xfffffffffffff4db, 0x9, 0x80, 0xffff, 0x1, 0x1, 0x0, 0x5, 0x4980, 0x9, 0x1, 0x0, 0x200, 0x0, 0x3, 0x6, 0x2bb8, 0x1800000000000, 0x40, 0x12b2df2f, 0x8, 0x5, 0x401, 0x20, 0x4, 0x6, 0x81, 0x5, 0x7, 0x6, 0x6, 0x65, 0x20, 0x1ff, 0xaec5, 0x400, 0x1, 0x80, 0x7ff, 0x6, 0x580], [0x20, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, 0x100000000, 0x9, 0x7, 0x2, 0x6, 0xffff, 0x5, 0x80000001, 0x9, 0xfffffffffffffe00, 0x4, 0x0, 0x5, 0x6, 0xc6d, 0x9, 0xb4, 0x8, 0x0, 0xfffffffffffffeff, 0xfff, 0x4, 0x10a, 0x0, 0xff, 0xffffffff, 0x8, 0x0, 0x9, 0xfff, 0x9, 0x7, 0x0, 0x3, 0x0, 0x10000, 0x1, 0xa871, 0xfff, 0x8000, 0x15, 0x7, 0x8001, 0x7ff, 0x1ff, 0x0, 0x3, 0x5, 0x6, 0x9, 0x9, 0x5, 0x4, 0x0, 0x0, 0x0, 0x4c]}, 0x45c) 03:39:10 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 787.828648][T12952] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 787.836633][T12952] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 787.857405][T12952] memory: usage 307200kB, limit 307200kB, failcnt 8761 03:39:10 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 787.884966][T12952] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 787.900313][T12952] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 787.907877][T12952] Memory cgroup stats for /syz3: cache:0KB rss:293288KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:243548KB active_anon:43900KB inactive_file:0KB active_file:0KB unevictable:5980KB [ 787.951106][ T3874] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3 [ 787.960076][T12952] ,task=syz-executor.3,pid=12374,uid=0 [ 788.000720][T12952] Memory cgroup out of memory: Killed process 12374 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 788.231067][T12952] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 788.241169][T12952] CPU: 1 PID: 12952 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 788.250761][T12952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 788.260796][T12952] Call Trace: [ 788.264090][T12952] dump_stack+0x172/0x1f0 [ 788.269392][T12952] dump_header+0x10f/0xba6 [ 788.273798][T12952] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 788.279583][T12952] ? ___ratelimit+0x60/0x595 [ 788.284165][T12952] ? do_raw_spin_unlock+0x57/0x270 [ 788.290404][T12952] oom_kill_process.cold+0x10/0x15 [ 788.295585][T12952] out_of_memory+0x79a/0x1280 [ 788.300255][T12952] ? lock_downgrade+0x880/0x880 [ 788.305119][T12952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.311362][T12952] ? oom_killer_disable+0x280/0x280 [ 788.316544][T12952] ? find_held_lock+0x35/0x130 [ 788.321330][T12952] mem_cgroup_out_of_memory+0x1ca/0x230 [ 788.326877][T12952] ? memcg_event_wake+0x230/0x230 [ 788.331897][T12952] ? do_raw_spin_unlock+0x57/0x270 [ 788.337004][T12952] ? _raw_spin_unlock+0x2d/0x50 [ 788.341857][T12952] try_charge+0x118d/0x1790 [ 788.346368][T12952] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 788.351907][T12952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.358127][T12952] ? kasan_check_read+0x11/0x20 [ 788.362975][T12952] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 788.368526][T12952] mem_cgroup_try_charge+0x24d/0x5e0 [ 788.373832][T12952] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 788.379464][T12952] wp_page_copy+0x408/0x1740 [ 788.384054][T12952] ? find_held_lock+0x35/0x130 [ 788.388818][T12952] ? pmd_pfn+0x1d0/0x1d0 [ 788.393047][T12952] ? lock_downgrade+0x880/0x880 [ 788.397883][T12952] ? swp_swapcount+0x540/0x540 [ 788.402641][T12952] ? kasan_check_read+0x11/0x20 [ 788.407497][T12952] ? do_raw_spin_unlock+0x57/0x270 [ 788.412600][T12952] do_wp_page+0x5d8/0x16c0 [ 788.417002][T12952] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 788.422379][T12952] __handle_mm_fault+0x22e8/0x3ec0 [ 788.427503][T12952] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 788.433039][T12952] ? find_held_lock+0x35/0x130 [ 788.437782][T12952] ? handle_mm_fault+0x322/0xb30 [ 788.442719][T12952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.448952][T12952] ? kasan_check_read+0x11/0x20 [ 788.453794][T12952] handle_mm_fault+0x43f/0xb30 [ 788.458539][T12952] __get_user_pages+0x7b6/0x1a40 [ 788.463501][T12952] ? follow_page_mask+0x19a0/0x19a0 [ 788.468692][T12952] ? perf_trace_lock+0xeb/0x510 [ 788.473526][T12952] ? __vma_adjust+0x1840/0x1840 [ 788.478362][T12952] ? lock_acquire+0x16f/0x3f0 [ 788.483030][T12952] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 788.489262][T12952] populate_vma_page_range+0x20d/0x2a0 [ 788.494705][T12952] __mm_populate+0x204/0x380 [ 788.499277][T12952] ? populate_vma_page_range+0x2a0/0x2a0 [ 788.504911][T12952] __x64_sys_mlockall+0x35c/0x520 [ 788.509932][T12952] do_syscall_64+0x103/0x610 [ 788.514514][T12952] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 788.520391][T12952] RIP: 0033:0x457e29 [ 788.524274][T12952] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 788.543875][T12952] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 788.552284][T12952] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 788.560237][T12952] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 788.568197][T12952] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 788.576156][T12952] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 788.584114][T12952] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 788.592651][ C1] net_ratelimit: 10 callbacks suppressed [ 788.592663][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 788.604105][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 788.610934][T12952] memory: usage 307200kB, limit 307200kB, failcnt 8798 [ 788.617872][T12952] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 788.625371][T12952] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 788.632279][T12952] Memory cgroup stats for /syz3: cache:0KB rss:293192KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235428KB active_anon:43888KB inactive_file:0KB active_file:0KB unevictable:14020KB [ 788.654430][T12952] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12951,uid=0 [ 788.669830][T12952] Memory cgroup out of memory: Killed process 12951 (syz-executor.3) total-vm:72580kB, anon-rss:11960kB, file-rss:53544kB, shmem-rss:0kB [ 788.684185][ T1042] oom_reaper: reaped process 12951 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:11 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_FPEXC(0xc, 0xa0000) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:11 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x80003, 0x3) sendto$inet(r1, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x10) setsockopt$inet_int(r1, 0x0, 0x17, &(0x7f0000000040)=0x5, 0x4) recvmmsg(r1, &(0x7f00000004c0)=[{{&(0x7f0000000400)=@ethernet={0x0, @dev}, 0x0, &(0x7f0000000480)}}], 0x6fdaec, 0x22, 0x0) 03:39:11 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) setrlimit(0x2, &(0x7f0000000100)={0x7, 0xffffffff}) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x53, 0x0, 0x4) msgctl$IPC_RMID(r0, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x22000, 0x0) getpeername$packet(0xffffffffffffff9c, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000080)=0x14) ioctl$TUNSETIFINDEX(r1, 0x400454da, &(0x7f00000000c0)=r2) 03:39:11 executing program 5: mknod$loop(&(0x7f00000004c0)='./file0\x00', 0x6008, 0xffffffffffffffff) timer_create(0x0, 0x0, &(0x7f0000000200)=0x0) timer_gettime(r0, &(0x7f0000000280)) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xed}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000040)='./bus\x00') r2 = socket$inet6(0xa, 0x800, 0xffffffff) ptrace$pokeuser(0x6, 0x0, 0xa, 0x1000) r3 = creat(&(0x7f0000000440)='./bus\x00', 0x4) rmdir(&(0x7f0000000300)='./bus\x00') ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000280)={'veth1\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r2, 0x890c, &(0x7f0000000900)={@mcast2, @empty, @mcast2, 0x2, 0xfffffffffffffffe, 0x7fffffff, 0x100000000000400, 0x84, 0x617, r4}) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000007c0)=ANY=[], 0x0) ioctl$PIO_UNISCRNMAP(r3, 0x4b6a, &(0x7f0000000c00)="31d96da88b0c3a12cc6d93a899f18f77ce5062747ce237ca24f05b05df66b34814c1cdb2db3642a7c880224c03d6cffd67b36c7f1a51ae9aeaa3892b040ba2105d77d4e4579d745ad601f19c26d1260bcd5435ae4ad35d123f7e809a7b0576431fea9f78c3260a3837b52ef6437c404147add96c92a9d3a67dcf933e860ac5727cd266c20c5e584c28ae0843064b8f7f199db8641f71a407775e0090bbedee63a4640e1f012e5ca95bd14b5aa0da642b552ae4aa2b869458dec283c16f25c67068fc528a793f75c81acac8ee6596d79c449ade5eeee332c460ebc0d46c076e871b6426d521c571a95d0fa800de30a110e719ffde8f103773daaaec8c14d85e1b8b13b7c386313aa3be0bdaa6e7e796df3975a8e37aee6d10579f8afe6552f187c262b32eced8b5f01e40ab8904400f00000000000000000000000000000058b4721949da012002cb7f4ac8fe195c1388861be8cd45020083b0089b23f86603321faf83e794bea1ece8051e9996306347bd562aa2437fa6bdb57086302926b8af069b8d331ebf5c0e1a7f163e6d711af330efdfae413fafef9acf1d53e6aaf4f2dec9ddfb4ca321583e35a14a92e82bdbea3c127a033b32059fbadce23a3e87957f8238886aa9380000000018888c4c20ba104342e8c9d85a9dcf06abbb7a2905d37839bff6f8641ebce172c60a8d368cd4a94af484749dc4ccdd380bbf5d501302d50e79d3536eab5a12abdd347dac985c4349ec712661df947315514e45a515417e6b00000000000000002bdacdb2631c83a90dbca3aa7e5936f8aa413a75c7780309e1c178bce65ed205154ab4f55241cd2b6e83b29fc6cefe050d7d562360718e25bbdb2d34264d") getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000400)={0x0, 0x0}, &(0x7f0000000540)=0xc) r6 = getgid() chown(&(0x7f00000000c0)='./bus\x00', r5, r6) r7 = socket$inet6(0xa, 0x3, 0x9) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000140)=0x1, 0x4) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x100800, 0x0, 0xff, 0x1, 0x1, 0x2, 0x10000}, 0x20) fcntl$setownex(r1, 0xf, &(0x7f0000000180)={0x2}) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000480)=0xfffffffffffffd3b) ioctl$sock_inet_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f00000004c0)) clock_getres(0x1, &(0x7f00000001c0)) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000040)={@loopback, 0x0, 0x0, 0x1, 0x3}, 0x20) ioctl$TIOCLINUX5(r3, 0x541c, &(0x7f0000000500)={0x5, 0x9, 0x7, 0x400100000000, 0x40001}) fcntl$setownex(r3, 0xf, &(0x7f0000000100)={0x1}) ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0x8001) r8 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r1, r8, &(0x7f00000002c0)=0x202, 0xdd) 03:39:11 executing program 0: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x121000, 0x0) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f00000000c0)={0x1}) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x6}}}}}}}, &(0x7f0000000040)) 03:39:11 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:11 executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) r0 = request_key(&(0x7f0000000400)='encrypted\x00', &(0x7f0000000440)={'syz', 0x1}, &(0x7f0000000480)='em1locpusetvboxnet1&.:+\x00', 0x0) r1 = add_key(&(0x7f0000000380)='.dead\x00', &(0x7f00000003c0)={'syz', 0x0}, 0x0, 0x326, r0) add_key$user(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000340)="7524d631a0e3", 0x6, r1) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-control\x00', 0x101000, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffff9c, 0x84, 0x71, &(0x7f00000001c0)={0x0, 0x8000}, &(0x7f0000000200)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r2, 0x84, 0x7c, &(0x7f0000000240)={r3, 0x1000, 0xfff}, &(0x7f0000000280)=0x8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x2001002, 0x0) mount$bpf(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0xf0ffff, 0x0) [ 788.842101][T13010] mmap: syz-executor.2 (13010): VmData 18550784 exceed data ulimit 7. Update limits or use boot option ignore_rlimit_data. 03:39:11 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:11 executing program 4: socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) pipe(&(0x7f0000000a00)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r4 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ENABLE(r4, 0x40086432, 0x0) recvmmsg(r1, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f00000002c0)=""/211, 0xd3}], 0x2, 0x0, 0x0, 0x4ae}}, {{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1, &(0x7f0000000500)=""/232, 0xe8, 0x7}, 0x8}, {{&(0x7f0000000700)=@in6={0xa, 0x0, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000a40)=""/37, 0x25, 0x8001}, 0x9}, {{0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x100000001}, 0x40}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, {{0x0, 0x0, &(0x7f0000002400)=[{&(0x7f0000001140)=""/67, 0x43}, {&(0x7f0000001280)=""/145, 0x91}, {&(0x7f0000001340)=""/12, 0xc}, {0x0}, {0x0}], 0x5, 0x0, 0x0, 0xff}}], 0x6, 0x41, 0x0) r5 = dup2(r3, r1) sendmsg$netlink(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000019000), 0x0, &(0x7f0000000280)=[@rights={0x20, 0x1, 0x1, [r0, r5, r1, r2]}], 0x20}, 0x0) recvmmsg(r2, &(0x7f0000000b80)=[{{&(0x7f0000000200)=@l2, 0x80, &(0x7f00000005c0), 0x0, &(0x7f0000000600)=""/84, 0x54}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0)=""/147, 0x93}}], 0x2, 0x62, 0x0) accept4(r5, &(0x7f0000002680)=@hci, &(0x7f0000002700)=0x80, 0x800) setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, &(0x7f00000007c0)=0x5, 0x4) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000780)={0x400}, 0x4) renameat(r4, &(0x7f0000000080)='./file0\x00', r5, &(0x7f0000000100)='./file0\x00') 03:39:11 executing program 2: msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/exec\x00', 0x2, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x1, 0x5}, 0x8) fsetxattr$security_capability(r0, &(0x7f0000000040)='security.capability\x00', &(0x7f0000000080)=@v1={0x1000000, [{0x5, 0x1}]}, 0xc, 0x0) msgctl$IPC_RMID(0x0, 0x0) [ 788.974111][T13025] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 03:39:11 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_int(r0, &(0x7f0000000040)='cgroup.clone_children\x00', 0x2, 0x0) fstatfs(r1, &(0x7f0000000180)=""/4096) sendfile(r1, r2, 0x0, 0x7) [ 789.032067][T13025] CPU: 0 PID: 13025 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 789.041313][T13025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 789.051377][T13025] Call Trace: [ 789.054696][T13025] dump_stack+0x172/0x1f0 [ 789.059036][T13025] dump_header+0x10f/0xba6 [ 789.063472][T13025] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 789.069288][T13025] ? ___ratelimit+0x60/0x595 [ 789.073982][T13025] ? do_raw_spin_unlock+0x57/0x270 03:39:11 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 789.079109][T13025] oom_kill_process.cold+0x10/0x15 [ 789.084238][T13025] out_of_memory+0x79a/0x1280 [ 789.088927][T13025] ? lock_downgrade+0x880/0x880 [ 789.093787][T13025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.100034][T13025] ? oom_killer_disable+0x280/0x280 [ 789.105226][T13025] ? find_held_lock+0x35/0x130 [ 789.105253][T13025] mem_cgroup_out_of_memory+0x1ca/0x230 [ 789.105266][T13025] ? memcg_event_wake+0x230/0x230 [ 789.105289][T13025] ? do_raw_spin_unlock+0x57/0x270 [ 789.105306][T13025] ? _raw_spin_unlock+0x2d/0x50 [ 789.105332][T13025] try_charge+0x118d/0x1790 [ 789.135133][T13025] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 789.140694][T13025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.146956][T13025] ? kasan_check_read+0x11/0x20 [ 789.151830][T13025] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 789.157406][T13025] mem_cgroup_try_charge+0x24d/0x5e0 [ 789.162717][T13025] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 789.168361][T13025] __handle_mm_fault+0x1e1f/0x3ec0 [ 789.173504][T13025] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 789.179060][T13025] ? find_held_lock+0x35/0x130 [ 789.183835][T13025] ? handle_mm_fault+0x322/0xb30 [ 789.188795][T13025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.195052][T13025] ? kasan_check_read+0x11/0x20 [ 789.199918][T13025] handle_mm_fault+0x43f/0xb30 [ 789.204697][T13025] __get_user_pages+0x7b6/0x1a40 [ 789.209652][T13025] ? follow_page_mask+0x19a0/0x19a0 [ 789.214855][T13025] ? perf_trace_lock+0xeb/0x510 [ 789.219736][T13025] ? __vma_adjust+0x1840/0x1840 [ 789.224588][T13025] ? lock_acquire+0x16f/0x3f0 [ 789.229268][T13025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.235509][T13025] populate_vma_page_range+0x20d/0x2a0 [ 789.240963][T13025] __mm_populate+0x204/0x380 [ 789.245571][T13025] ? populate_vma_page_range+0x2a0/0x2a0 [ 789.251220][T13025] __x64_sys_mlockall+0x35c/0x520 [ 789.256254][T13025] do_syscall_64+0x103/0x610 [ 789.260860][T13025] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 789.266756][T13025] RIP: 0033:0x457e29 [ 789.270661][T13025] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 789.290272][T13025] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 789.298697][T13025] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 789.306667][T13025] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 789.314630][T13025] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 789.314640][T13025] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 789.314649][T13025] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 789.315089][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 789.344595][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 789.352336][T13025] memory: usage 307200kB, limit 307200kB, failcnt 8842 [ 789.359485][T13025] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 789.367399][T13025] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 789.374534][T13025] Memory cgroup stats for /syz3: cache:0KB rss:293264KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:245596KB active_anon:43912KB inactive_file:4KB active_file:0KB unevictable:3892KB [ 789.397205][T13025] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12458,uid=0 [ 789.413586][T13025] Memory cgroup out of memory: Killed process 12458 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 789.432333][ T1042] oom_reaper: reaped process 12458 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 789.580072][T13025] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 789.590043][T13025] CPU: 1 PID: 13025 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 789.599146][T13025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 789.609183][T13025] Call Trace: [ 789.612458][T13025] dump_stack+0x172/0x1f0 [ 789.616775][T13025] dump_header+0x10f/0xba6 [ 789.621176][T13025] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 789.626962][T13025] ? ___ratelimit+0x60/0x595 [ 789.631533][T13025] ? do_raw_spin_unlock+0x57/0x270 [ 789.636626][T13025] oom_kill_process.cold+0x10/0x15 [ 789.641723][T13025] out_of_memory+0x79a/0x1280 [ 789.646397][T13025] ? lock_downgrade+0x880/0x880 [ 789.651238][T13025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.657457][T13025] ? oom_killer_disable+0x280/0x280 [ 789.662631][T13025] ? find_held_lock+0x35/0x130 [ 789.667386][T13025] mem_cgroup_out_of_memory+0x1ca/0x230 [ 789.672918][T13025] ? memcg_event_wake+0x230/0x230 [ 789.677927][T13025] ? do_raw_spin_unlock+0x57/0x270 [ 789.683024][T13025] ? _raw_spin_unlock+0x2d/0x50 [ 789.687855][T13025] try_charge+0x118d/0x1790 [ 789.692342][T13025] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 789.697875][T13025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.704096][T13025] ? kasan_check_read+0x11/0x20 [ 789.708931][T13025] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 789.714459][T13025] mem_cgroup_try_charge+0x24d/0x5e0 [ 789.719729][T13025] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 789.725365][T13025] wp_page_copy+0x408/0x1740 [ 789.729950][T13025] ? find_held_lock+0x35/0x130 [ 789.734695][T13025] ? pmd_pfn+0x1d0/0x1d0 [ 789.738922][T13025] ? lock_downgrade+0x880/0x880 [ 789.743752][T13025] ? swp_swapcount+0x540/0x540 [ 789.748498][T13025] ? kasan_check_read+0x11/0x20 [ 789.753328][T13025] ? do_raw_spin_unlock+0x57/0x270 [ 789.758429][T13025] do_wp_page+0x5d8/0x16c0 [ 789.762828][T13025] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 789.768221][T13025] __handle_mm_fault+0x22e8/0x3ec0 [ 789.773318][T13025] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 789.778853][T13025] ? find_held_lock+0x35/0x130 [ 789.783598][T13025] ? handle_mm_fault+0x322/0xb30 [ 789.788523][T13025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.794749][T13025] ? kasan_check_read+0x11/0x20 [ 789.799584][T13025] handle_mm_fault+0x43f/0xb30 [ 789.804381][T13025] __get_user_pages+0x7b6/0x1a40 [ 789.809311][T13025] ? follow_page_mask+0x19a0/0x19a0 [ 789.814489][T13025] ? perf_trace_lock+0xeb/0x510 [ 789.819323][T13025] ? __vma_adjust+0x1840/0x1840 [ 789.824162][T13025] ? lock_acquire+0x16f/0x3f0 [ 789.828824][T13025] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 789.835063][T13025] populate_vma_page_range+0x20d/0x2a0 [ 789.840508][T13025] __mm_populate+0x204/0x380 [ 789.845078][T13025] ? populate_vma_page_range+0x2a0/0x2a0 [ 789.850697][T13025] __x64_sys_mlockall+0x35c/0x520 [ 789.855704][T13025] do_syscall_64+0x103/0x610 [ 789.860276][T13025] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 789.866145][T13025] RIP: 0033:0x457e29 [ 789.870019][T13025] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 789.889642][T13025] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 789.898134][T13025] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 789.906088][T13025] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 789.914040][T13025] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 789.921989][T13025] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 789.929967][T13025] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 789.938475][T13025] memory: usage 307200kB, limit 307200kB, failcnt 8853 [ 789.942083][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 789.945449][T13025] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 789.951126][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 789.951242][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 789.951278][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 789.976124][T13025] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 789.983021][T13025] Memory cgroup stats for /syz3: cache:0KB rss:293264KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237432KB active_anon:43896KB inactive_file:0KB active_file:0KB unevictable:11984KB [ 790.005200][T13025] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13024,uid=0 [ 790.020607][T13025] Memory cgroup out of memory: Killed process 13024 (syz-executor.3) total-vm:72580kB, anon-rss:11960kB, file-rss:53544kB, shmem-rss:0kB [ 790.035013][ T1042] oom_reaper: reaped process 13024 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:12 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x40000, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @rand_addr=0x400}, @in={0x2, 0x4e20, @multicast2}, @in6={0xa, 0x4e22, 0x0, @rand_addr="180d8d493a28b8fea2125e4f9f1070dd", 0x2}, @in={0x2, 0x4e20, @remote}, @in6={0xa, 0x4e21, 0x8, @remote, 0x3}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x23}}, @in={0x2, 0x4e22, @rand_addr=0x4}, @in6={0xa, 0x4e22, 0x800000000000, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x800}], 0xa4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0xb73e, 0x2000) fsetxattr$security_smack_entry(r2, &(0x7f0000000180)='security.SMACK64IPIN\x00', &(0x7f00000001c0)='/dev/admmidi#\x00', 0xe, 0x3) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:12 executing program 0: r0 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000180)={0x0, {{0x2, 0x0, @multicast1}}}, 0x88) prctl$PR_SET_TSC(0x1a, 0x2) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x9ab0, 0x4001) setsockopt$CAIFSO_LINK_SELECT(r1, 0x116, 0x7f, &(0x7f0000000280)=0x9b5, 0xc0) ioctl$VIDIOC_S_FREQUENCY(r1, 0x402c5639, &(0x7f0000000040)={0x1, 0x5}) openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles\x00', 0x501080, 0x0) 03:39:12 executing program 5: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm-control\x00', 0x2, 0x0) symlinkat(&(0x7f0000000140)='./file0\x00', r0, &(0x7f00000001c0)='./file0\x00') r1 = creat(&(0x7f0000000080)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) write$cgroup_type(r1, &(0x7f0000000240)='threaded\x00', 0xf96d) fallocate(r1, 0x3, 0x0, 0x8000fff5) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f00000000c0)={0x0, 0x8001}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000040)={0x4, [0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000100)=0x14) 03:39:12 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) r1 = dup(r0) ioctl$KVM_GET_XSAVE(r1, 0x9000aea4, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000000)='team\x00') 03:39:12 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='io.stat\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, &(0x7f0000000040)={0x2e39ab7d, 0x40, 0x40, 0x8, 0x8f9c, 0x6}) msgctl$IPC_RMID(r0, 0x0) 03:39:12 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:12 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x0, 0x0) setsockopt$ax25_SO_BINDTODEVICE(r1, 0x101, 0x19, &(0x7f00000000c0)=@netrom={'nr', 0x0}, 0x10) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f023c123f3188a070") mkdir(&(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c7766646eef3d5a4083e1a020902d4bd5b19a54e1eda6860c095dcb786066dd63c1be88a02bf2c8ff0e9187be2dfc52dcc1fff1d9cfd1240bd37d49e036528c0987a9dd2d1c852e323573ac55b27c5792ac60b01bd06dc170ee30d6ea739b4a6d67976747dc01309402a8bd8029cb1ea31bbeb09b0da7c65eff845ba11dc1afdb17afac14ac4ffb849905605008697ddd02604033a9c3a8af5149a1e57e50d15aa98de304a77558262af285c66505a3ccbb", @ANYRESHEX=r3, @ANYBLOB=',access=Qser,\x00']) 03:39:12 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:12 executing program 0: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) shutdown(r0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000000180)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x20400040c2, 0x0) r3 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0x10000) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) syz_open_procfs(0x0, 0x0) 03:39:12 executing program 5: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) rt_sigpending(&(0x7f0000000100), 0x8) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x40, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x1, 0x0) r2 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x4, 0x800) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x4001fe) setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000000), 0x4) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) recvmsg$kcm(r1, &(0x7f0000002400)={&(0x7f0000000200)=@nfc_llcp, 0x80, &(0x7f0000002380)=[{&(0x7f0000000280)=""/212, 0xd4}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/4096, 0x1000}], 0x3, &(0x7f00000023c0)=""/27, 0x1b}, 0x40000000) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000140)='tls\x00', 0x4) shutdown(r0, 0x0) 03:39:12 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:13 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) [ 790.299988][T13083] 9pnet: Insufficient options for proto=fd [ 790.334481][T13074] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 790.382808][T13092] 9pnet: Insufficient options for proto=fd [ 790.391369][ T26] audit: type=1800 audit(2000000353.010:609): pid=13091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16773 res=0 [ 790.402512][T13074] CPU: 1 PID: 13074 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 790.420884][T13074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 790.430943][T13074] Call Trace: [ 790.434242][T13074] dump_stack+0x172/0x1f0 [ 790.438585][T13074] dump_header+0x10f/0xba6 [ 790.443011][T13074] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 790.448821][T13074] ? ___ratelimit+0x60/0x595 [ 790.453456][T13074] ? do_raw_spin_unlock+0x57/0x270 [ 790.454728][ T26] audit: type=1804 audit(2000000353.020:610): pid=13091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir951611500/syzkaller.syZmRO/972/file0" dev="sda1" ino=16773 res=1 [ 790.458571][T13074] oom_kill_process.cold+0x10/0x15 [ 790.458591][T13074] out_of_memory+0x79a/0x1280 [ 790.458610][T13074] ? lock_downgrade+0x880/0x880 [ 790.497846][T13074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 790.504102][T13074] ? oom_killer_disable+0x280/0x280 [ 790.509324][T13074] ? find_held_lock+0x35/0x130 [ 790.514111][T13074] mem_cgroup_out_of_memory+0x1ca/0x230 [ 790.519662][T13074] ? memcg_event_wake+0x230/0x230 [ 790.524701][T13074] ? do_raw_spin_unlock+0x57/0x270 [ 790.529824][T13074] ? _raw_spin_unlock+0x2d/0x50 [ 790.534678][T13074] try_charge+0x118d/0x1790 [ 790.539165][T13074] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 790.544703][T13074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 790.550932][T13074] ? kasan_check_read+0x11/0x20 [ 790.555766][T13074] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 790.561315][T13074] mem_cgroup_try_charge+0x24d/0x5e0 [ 790.566611][T13074] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 790.572225][T13074] __handle_mm_fault+0x1e1f/0x3ec0 [ 790.577331][T13074] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 790.582880][T13074] ? find_held_lock+0x35/0x130 [ 790.587645][T13074] ? handle_mm_fault+0x322/0xb30 [ 790.592599][T13074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 790.598868][T13074] ? kasan_check_read+0x11/0x20 [ 790.603744][T13074] handle_mm_fault+0x43f/0xb30 [ 790.608510][T13074] __get_user_pages+0x7b6/0x1a40 [ 790.613464][T13074] ? follow_page_mask+0x19a0/0x19a0 [ 790.618661][T13074] ? perf_trace_lock+0xeb/0x510 [ 790.623497][T13074] ? __vma_adjust+0x1840/0x1840 [ 790.628338][T13074] ? lock_acquire+0x16f/0x3f0 [ 790.633003][T13074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 790.639227][T13074] populate_vma_page_range+0x20d/0x2a0 [ 790.644667][T13074] __mm_populate+0x204/0x380 [ 790.649239][T13074] ? populate_vma_page_range+0x2a0/0x2a0 [ 790.654858][T13074] __x64_sys_mlockall+0x35c/0x520 [ 790.659869][T13074] do_syscall_64+0x103/0x610 [ 790.664441][T13074] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 790.670309][T13074] RIP: 0033:0x457e29 [ 790.674186][T13074] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 790.693773][T13074] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 790.702176][T13074] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 790.710127][T13074] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 790.718077][T13074] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 790.726039][T13074] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 790.733988][T13074] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 790.742290][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 790.748062][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 790.755131][T13074] memory: usage 307200kB, limit 307200kB, failcnt 8897 [ 790.763039][T13074] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 790.778168][T13074] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 790.787549][T13074] Memory cgroup stats for /syz3: cache:0KB rss:293360KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:245592KB active_anon:43916KB inactive_file:0KB active_file:0KB unevictable:3888KB [ 790.812193][T13074] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12519,uid=0 [ 790.830774][T13074] Memory cgroup out of memory: Killed process 12519 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 790.860700][ T1042] oom_reaper: reaped process 12519 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 791.025187][T13074] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 791.035631][T13074] CPU: 0 PID: 13074 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 791.044742][T13074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 791.054800][T13074] Call Trace: [ 791.058096][T13074] dump_stack+0x172/0x1f0 [ 791.062425][T13074] dump_header+0x10f/0xba6 [ 791.066838][T13074] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 791.072635][T13074] ? ___ratelimit+0x60/0x595 [ 791.077214][T13074] ? do_raw_spin_unlock+0x57/0x270 [ 791.082351][T13074] oom_kill_process.cold+0x10/0x15 [ 791.087487][T13074] out_of_memory+0x79a/0x1280 [ 791.092169][T13074] ? lock_downgrade+0x880/0x880 [ 791.097020][T13074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.103253][T13074] ? oom_killer_disable+0x280/0x280 [ 791.108450][T13074] ? find_held_lock+0x35/0x130 [ 791.113217][T13074] mem_cgroup_out_of_memory+0x1ca/0x230 [ 791.118759][T13074] ? memcg_event_wake+0x230/0x230 [ 791.123778][T13074] ? do_raw_spin_unlock+0x57/0x270 [ 791.128877][T13074] ? _raw_spin_unlock+0x2d/0x50 [ 791.133717][T13074] try_charge+0x118d/0x1790 [ 791.138251][T13074] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 791.143809][T13074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.150044][T13074] ? kasan_check_read+0x11/0x20 [ 791.154894][T13074] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 791.160447][T13074] mem_cgroup_try_charge+0x24d/0x5e0 [ 791.165805][T13074] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 791.171471][T13074] wp_page_copy+0x408/0x1740 [ 791.176068][T13074] ? find_held_lock+0x35/0x130 [ 791.180839][T13074] ? pmd_pfn+0x1d0/0x1d0 [ 791.185103][T13074] ? lock_downgrade+0x880/0x880 [ 791.189954][T13074] ? swp_swapcount+0x540/0x540 [ 791.194721][T13074] ? kasan_check_read+0x11/0x20 [ 791.199566][T13074] ? do_raw_spin_unlock+0x57/0x270 [ 791.204671][T13074] do_wp_page+0x5d8/0x16c0 [ 791.209077][T13074] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 791.214476][T13074] __handle_mm_fault+0x22e8/0x3ec0 [ 791.219602][T13074] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 791.225148][T13074] ? find_held_lock+0x35/0x130 [ 791.229902][T13074] ? handle_mm_fault+0x322/0xb30 [ 791.234836][T13074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.241067][T13074] ? kasan_check_read+0x11/0x20 [ 791.245906][T13074] handle_mm_fault+0x43f/0xb30 [ 791.250660][T13074] __get_user_pages+0x7b6/0x1a40 [ 791.255662][T13074] ? follow_page_mask+0x19a0/0x19a0 [ 791.260870][T13074] ? perf_trace_lock+0xeb/0x510 [ 791.265717][T13074] ? __vma_adjust+0x1840/0x1840 [ 791.270595][T13074] ? lock_acquire+0x16f/0x3f0 [ 791.275319][T13074] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 791.281553][T13074] populate_vma_page_range+0x20d/0x2a0 [ 791.287024][T13074] __mm_populate+0x204/0x380 [ 791.291619][T13074] ? populate_vma_page_range+0x2a0/0x2a0 [ 791.297270][T13074] __x64_sys_mlockall+0x35c/0x520 [ 791.302329][T13074] do_syscall_64+0x103/0x610 [ 791.306977][T13074] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 791.312913][T13074] RIP: 0033:0x457e29 [ 791.316845][T13074] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 791.336444][T13074] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 791.344846][T13074] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 791.352812][T13074] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 791.360785][T13074] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 791.368751][T13074] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 791.376734][T13074] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 791.387481][T13074] memory: usage 307200kB, limit 307200kB, failcnt 8930 [ 791.395283][T13074] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 791.402894][T13074] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 791.409736][T13074] Memory cgroup stats for /syz3: cache:0KB rss:293080KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237404KB active_anon:43900KB inactive_file:0KB active_file:0KB unevictable:11984KB [ 791.433207][T13074] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13072,uid=0 [ 791.449036][T13074] Memory cgroup out of memory: Killed process 13072 (syz-executor.3) total-vm:72580kB, anon-rss:11960kB, file-rss:53544kB, shmem-rss:0kB [ 791.463732][ T1042] oom_reaper: reaped process 13072 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:14 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket(0x200000000000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000002180)={'sit0\x00', 0x0}) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000000)=0x100, 0x4) bind$packet(r2, &(0x7f0000000040)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @remote}, 0x14) sendmsg$key(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000240)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ADD(r2, &(0x7f0000000500)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x240000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000280)={0x218, r4, 0x8, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x84, 0x4, [@TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x57}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4bb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd9}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x58ef}]}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffffffffff7}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @multicast2}}, {0x14, 0x2, @in={0x2, 0x4e20, @local}}}}]}, @TIPC_NLA_MON={0x3c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x20}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1ff}]}, @TIPC_NLA_MEDIA={0xcc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x200}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa0}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xcc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9b27}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_NET={0x3c, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xe1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4e}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}]}]}, 0x218}, 0x1, 0x0, 0x0, 0x404c000}, 0x40) r5 = dup(r2) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080)={0x0}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r5, 0xc010641d, &(0x7f00000000c0)={r6, &(0x7f0000000180)=""/73}) r7 = dup2(r2, r0) write$P9_RLOPEN(r7, 0x0, 0x0) recvmmsg(r2, &(0x7f0000001b00)=[{{0x0, 0x0, 0x0}}], 0x1a8, 0x2040, 0x0) dup(r2) 03:39:14 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:14 executing program 5: r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x3, 0x800) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000000c0)={0x20000000, 0x2, 0x31}) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0) r2 = socket$inet(0x2, 0x2000000080002, 0x0) ioctl$VIDIOC_G_DV_TIMINGS(r1, 0xc0845658, &(0x7f0000000340)={0x0, @bt={0x6, 0x5, 0x1, 0x1, 0x9f1d, 0x2, 0x6, 0x3, 0x7f, 0x3, 0xffffffffffffff21, 0x6, 0x3, 0x8000, 0x1, 0x6}}) ioctl$EVIOCGSND(r1, 0x8040451a, &(0x7f0000000400)=""/212) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x2, 0x1d8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200005c0], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000001100000000000000000076657468315f746f5f7465616d000000736974302000000000000400000000006272696467653000000000000000000076657468305f746f5f627269646765000180c2000000000000000000aaaaaaaaaa0000000000000000007000000070000000a80000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff01000000110000000000000000007465716c30000000000000000000000073797a5f74757e000000000000000000697036677265300000000000090000007663616e30000000d53fa73b00000000ffffffffffff000000000000aaaaaaaa98aa00000000000000007000000070000000a000000041554449540000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000ffffffff00000000"]}, 0x250) setsockopt$EBT_SO_SET_ENTRIES(r2, 0x0, 0x80, &(0x7f0000000100)=@broute={'broute\x00', 0x20, 0x1, 0x1c0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000180], 0x2, 0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000010110000000000000000006263000000000000000000000000000073010030000002000000ffff000000007663616e300000000000000000000000766c616e300000000000000000000000ffffffffffff0000000000000000000000000000000000000000b8000000b80000003001000056696d69740000000000000000000000000000000000000000000000000000002000000000000000faffffff090000000000000000000000000000000000000000000000000000006e666c6f6700000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000002ce715c99cffcbf4d7e80e410bb5007c6981466b6431c7e6b129fcead3f149b589996102627779dc3b23bf8250fc3acd9e8be08a4bbab9be219f504cae3a7e4d0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff000000002d73c21189099e1d87c1c24cfa"]}, 0x245) 03:39:14 executing program 3: mlockall(0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000500)=ANY=[@ANYBLOB="08000001010000000900000000000000ae0b00e6e5f309c6040c60e2f4000000cd75d62657db9a2052f2cc7c7c58fd88ea68f26d4276d8c252f956ea62518f7cb6dd56278f1a06109f4a6e879158cbb9b6cd8e21643f8afa619e87f39acdad4788d4154018ea4b3a379df1eab7791fc8dfabecb4c5cddb59f24e17f39adee3257e078f01aa903f82e675011b5567d99b9e72d1ca0301d255ae3e86a5df00000000000000000000", @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r0, @ANYBLOB="0e000000f8030000000000000000000000000000000100f4aff33f9938e3632c598902000000000029078a7612515302436d62496bae8bf8f25d1aadb823cbf007709e50c7e62b33f4869be905d9b74e45c4ac9fdbe369543112dddb53dbf564d95979615840993373996661ef8a77f139bb0940fc04b42a713d9f920afadfeaa87ff3cfa9c01f6ecb75b6da7b843f0b661ad814a0213c6eb4a22a553b26853ccc9f6a427881d84ce915f921127c5fd89119fb8e39cf114d5484b76c3aeb3c2ac6b31fc7ce5c8bfb8787067f4c848a230000000000000000", @ANYRES32=r1, @ANYBLOB="00000000faffffffffffffff00000000000000000000000000000000", @ANYRES32=r1, @ANYBLOB="0000f7f23cb3220000000000feff00000000000000"]) getsockopt$inet_dccp_buf(r1, 0x21, 0xe, &(0x7f0000000000)=""/246, &(0x7f0000000100)=0xf6) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:14 executing program 2: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x400100, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000180)=0x8, 0x4) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000040)={0x1, 0xfffffffffffffffb, 0xfffffffffffffff8, 0x3}) r1 = msgget(0xffffffffffffffff, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f00000000c0)=0x20000, 0x4) ioctl$BLKSECDISCARD(r0, 0x127d, &(0x7f0000000080)=0x7) msgrcv(r1, 0x0, 0x0, 0x0, 0x800) read$eventfd(r0, &(0x7f0000000200), 0xffffffffffffff65) msgrcv(r1, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgctl$IPC_RMID(r1, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000140)={0x40, 0x7}) 03:39:14 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 791.622589][T13114] kernel msg: ebtables bug: please report to author: Wrong len argument [ 791.659564][T13121] kernel msg: ebtables bug: please report to author: Wrong len argument 03:39:14 executing program 4: r0 = socket$inet(0x10, 0xf, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)="24000000220007031dfffd946f610500000000000543000000000000421ba3a20400ff7e280000001100ff5613d3475bb65f64000000000004000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) 03:39:14 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r1, 0x0) write$P9_RWALK(r1, &(0x7f0000000080)=ANY=[], 0xfffffffffffffd75) perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 791.802138][ T26] audit: type=1804 audit(2000000354.430:611): pid=13091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir951611500/syzkaller.syZmRO/972/file0" dev="sda1" ino=16773 res=1 03:39:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000040)={0x101, 0x4, 0x6, 0x9}) ioctl$TCFLSH(r0, 0x5405, 0x8000000100000001) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x7, 0x0) ioctl$RTC_ALM_READ(r1, 0x80247008, &(0x7f00000000c0)) 03:39:14 executing program 2: r0 = msgget(0xffffffffffffffff, 0x100000000) r1 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f0000000000)={'filter\x00'}, &(0x7f0000000080)=0x78) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) write$P9_RLCREATE(r1, &(0x7f00000000c0)={0x18, 0xf, 0x2, {{0x81, 0x1}, 0x9}}, 0x18) msgctl$IPC_RMID(r0, 0x0) 03:39:14 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:14 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) utimes(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)={{r1, r2/1000+30000}, {0x0, 0x7530}}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:14 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02090000020000000000e4ffffff0042"], 0x10}}, 0x0) socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="021000001100000026bd7000fcdbdf2501001400790000000800120003000000000000003800000046003270b4a69956a98fe40000000000ac1414bb10000000000000000004000000004000000000000400000000000000040004003cb800001f000000000700003f00000000000000030000000000120002fd0a00050000000100000000000000"], 0x88}}, 0x0) sendmmsg(r0, &(0x7f0000000840), 0x40000000000022c, 0x20000000) syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x81, 0x80000) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/ipx\x00') ioctl$SIOCGIFMTU(r1, 0x8921, &(0x7f00000000c0)) [ 791.915025][ T26] audit: type=1804 audit(2000000354.430:612): pid=13091 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir951611500/syzkaller.syZmRO/972/file0" dev="sda1" ino=16773 res=1 03:39:14 executing program 0: getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0xf, 0x80001, 0xfff, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000009c0)={0x0}, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000a40)={r3, 0x4, 0x7f}, 0x8) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) r4 = getpid() rt_sigqueueinfo(r4, 0x3a, 0x0) r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000280)='/dev/cachefiles\x00', 0x8000, 0x0) rt_sigqueueinfo(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_RES_CTX(r5, 0xc0106426, &(0x7f0000000b00)={0x2, &(0x7f0000000ac0)=[{}, {}]}) ioctl$DRM_IOCTL_GET_CTX(0xffffffffffffffff, 0xc0086423, 0x0) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast1, @in=@local}}, {{@in6=@loopback}, 0x0, @in6=@initdev}}, &(0x7f0000000240)=0xe8) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000880)={{{@in=@dev={0xac, 0x14, 0x14, 0xd}, @in=@loopback, 0x4e22, 0x8, 0x4e23, 0x0, 0xa}, {0x10001, 0x7, 0x0, 0x101, 0x8, 0x0, 0x4, 0xa447}, {0x7, 0x6, 0x3f, 0xfff}, 0x1, 0x0, 0x3, 0x1, 0x2, 0x3}, {{@in=@remote, 0x4d5, 0x3c}, 0x0, @in6=@loopback, 0x3501, 0x3, 0x3, 0x1, 0x4, 0x3, 0x3}}, 0xe8) r6 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r6, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) setsockopt$bt_hci_HCI_FILTER(r5, 0x0, 0x2, &(0x7f0000000180)={0x80000000, 0x10000, 0x6, 0xfffffffffffffc00}, 0x10) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ubi_ctrl\x00', 0x44000, 0x0) connect$bt_sco(r2, &(0x7f00000001c0)={0x1f, {0x80000000, 0x81, 0x8, 0x1eaa, 0x7, 0x4}}, 0xffa0) sendmmsg(r6, &(0x7f0000005fc0), 0x800000000000059, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000a80)={{0x0, 0x3, 0x1, 0x0, 0x4}}) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000100)) 03:39:14 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 792.004071][T13141] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 792.051572][T13141] CPU: 1 PID: 13141 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 792.060708][T13141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.070775][T13141] Call Trace: [ 792.074076][T13141] dump_stack+0x172/0x1f0 [ 792.078418][T13141] dump_header+0x10f/0xba6 [ 792.082847][T13141] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 792.088660][T13141] ? ___ratelimit+0x60/0x595 [ 792.093260][T13141] ? do_raw_spin_unlock+0x57/0x270 03:39:14 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) seccomp(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000000)=[{0x1c}, {0x101, 0x0, 0x0, 0x6}]}) [ 792.098383][T13141] oom_kill_process.cold+0x10/0x15 [ 792.103505][T13141] out_of_memory+0x79a/0x1280 [ 792.108202][T13141] ? lock_downgrade+0x880/0x880 [ 792.113061][T13141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.119315][T13141] ? oom_killer_disable+0x280/0x280 [ 792.124514][T13141] ? find_held_lock+0x35/0x130 [ 792.129290][T13141] mem_cgroup_out_of_memory+0x1ca/0x230 [ 792.134840][T13141] ? memcg_event_wake+0x230/0x230 [ 792.139878][T13141] ? do_raw_spin_unlock+0x57/0x270 [ 792.145000][T13141] ? _raw_spin_unlock+0x2d/0x50 03:39:14 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 792.149863][T13141] try_charge+0x118d/0x1790 [ 792.154385][T13141] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 792.159938][T13141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.166195][T13141] ? kasan_check_read+0x11/0x20 [ 792.171060][T13141] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 792.176619][T13141] mem_cgroup_try_charge+0x24d/0x5e0 [ 792.181923][T13141] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 792.187568][T13141] __handle_mm_fault+0x1e1f/0x3ec0 [ 792.192694][T13141] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 792.198254][T13141] ? find_held_lock+0x35/0x130 [ 792.203029][T13141] ? handle_mm_fault+0x322/0xb30 [ 792.207988][T13141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.214238][T13141] ? kasan_check_read+0x11/0x20 [ 792.220078][T13141] handle_mm_fault+0x43f/0xb30 [ 792.226397][T13141] __get_user_pages+0x7b6/0x1a40 [ 792.231357][T13141] ? follow_page_mask+0x19a0/0x19a0 [ 792.236560][T13141] ? perf_trace_lock+0xeb/0x510 [ 792.241418][T13141] ? __vma_adjust+0x1840/0x1840 [ 792.246279][T13141] ? lock_acquire+0x16f/0x3f0 03:39:14 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 792.250964][T13141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.257210][T13141] populate_vma_page_range+0x20d/0x2a0 [ 792.262684][T13141] __mm_populate+0x204/0x380 [ 792.267289][T13141] ? populate_vma_page_range+0x2a0/0x2a0 [ 792.272933][T13141] __x64_sys_mlockall+0x35c/0x520 [ 792.272957][T13141] do_syscall_64+0x103/0x610 [ 792.272981][T13141] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 792.272993][T13141] RIP: 0033:0x457e29 [ 792.273009][T13141] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 792.273017][T13141] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 792.273032][T13141] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 792.273041][T13141] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 792.273050][T13141] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 792.273065][T13141] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 03:39:14 executing program 2: r0 = msgget(0x2, 0x20) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0xffffffffffffffff, 0x0) connect$rds(r1, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x7) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) setsockopt$inet_udp_int(r1, 0x11, 0xb, &(0x7f0000000000)=0x5, 0x4) ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f00000000c0)={{0x0, 0xd000, 0x3, 0xffffffffffffffe0, 0x7, 0x3, 0x0, 0xff, 0x8, 0xffffffffffffff7f, 0x0, 0x9}, {0x6000, 0x11005, 0xe, 0x100000000, 0xfffffffffffffffc, 0x9, 0x0, 0x221, 0x8, 0x0, 0x4f3, 0x2}, {0x100000, 0xf005, 0x1f, 0x3, 0x101, 0x10001, 0x2, 0x7fff, 0x100, 0xffffffffffffff8f, 0x0, 0x40}, {0x10d000, 0x1f004, 0x9, 0x2, 0x4, 0x0, 0x401, 0x0, 0x0, 0x5, 0x8, 0x9}, {0x0, 0xd000, 0xf, 0x8, 0x9, 0xff, 0x7fd, 0x88, 0xffffffffffff95db, 0x1, 0x889, 0x3e1}, {0x7001, 0x4, 0xf, 0x10001, 0x6a00000, 0x1, 0x0, 0xb785, 0xe4e9, 0x10000, 0x7fff, 0xecfe}, {0x1006, 0x5000, 0x8, 0x6, 0x0, 0xfffffffffffffffe, 0xa35, 0x1, 0x4, 0xfffffffffffffff7, 0x7, 0x4}, {0x10000, 0x0, 0x1e, 0x4, 0xfff, 0xffffffffffffffe1, 0x81, 0x8, 0x8, 0x8000, 0x6, 0xfffffffffffffffc}, {0x1, 0x101000}, {0x7000, 0xf000}, 0x10, 0x0, 0xf000, 0x0, 0x6, 0x0, 0x2001, [0x7ce, 0x1000, 0x4, 0xfffffffffffffff7]}) socket$rds(0x15, 0x5, 0x0) 03:39:15 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = accept4(r0, 0x0, 0x0, 0x20000000000000) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x98) 03:39:15 executing program 5: unshare(0x8000400) r0 = mq_open(&(0x7f00000000c0)=' \x00@Kx\xb9\tW\xba\xb5\\B\x18v0\xcd\xce1\b\xfeY\xfe\xa3\x968\xf7 9~\xb1\xfcC\x7f\xe5\xc5\v/K\x9e\xee\xcd\x90\x1by\x8d\xd3\xb0\xa7\xc6\xb5U\xf7ph\x10Ld\xcf\xab\xf2\x0f\xec\xe8\x99\x8e\a\xa9t\x19\xe6?i\xd9S\x84\x00%\xeb\xe6\x1e\x93:\xecJ<[\xf9k\x98\x9d\xdd\x8c\xb0\x8d\x1d\xc2O\xa9<\xecd\xae\xe9\xe5X\x83\rK\xfd\xad\xac0\\F\x90N-\xa2\x9b\xd7\x91\\\x180\xeboG;zp\x10\xf9b\x15\xec\x95\xa9k\xf5\xd4 \x93\x1f\xad\x05%\xc2n\xaad\x19)\x83y\xdc\xeff\xfa\xac\xf8\xc3>s4\x7f\xc8\xce', 0x6e93ebbbcc0884f2, 0x0, 0x0) sendfile(r0, r0, 0x0, 0x0) fchmod(r0, 0xe0) pause() prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x0) [ 792.282642][T13141] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 792.411952][T13141] memory: usage 307200kB, limit 307200kB, failcnt 8945 [ 792.419017][T13141] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:39:15 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:15 executing program 2: prctl$PR_GET_NAME(0x10, &(0x7f0000000000)=""/4096) r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) r2 = syz_open_dev$vbi(&(0x7f0000001000)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000001080)={0x800, 0x5, 0x4, 0x4000, {0x0, 0x2710}, {0x7, 0x0, 0x2, 0x6, 0x6, 0x81, "49530390"}, 0x3, 0x3, @planes=&(0x7f0000001040)={0x20, 0x10000, @fd=r2, 0x3}, 0x4}) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 792.489471][T13141] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 792.543357][T13141] Memory cgroup stats for /syz3: cache:0KB rss:292896KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:245728KB active_anon:44104KB inactive_file:4KB active_file:0KB unevictable:3108KB [ 792.631997][T13141] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12566,uid=0 [ 792.655727][T13141] Memory cgroup out of memory: Killed process 12566 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 792.684973][ T1042] oom_reaper: reaped process 12566 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 792.854319][T13141] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 792.864548][T13141] CPU: 0 PID: 13141 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 792.873660][T13141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 792.883702][T13141] Call Trace: [ 792.886982][T13141] dump_stack+0x172/0x1f0 [ 792.891300][T13141] dump_header+0x10f/0xba6 [ 792.895720][T13141] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 792.901533][T13141] ? ___ratelimit+0x60/0x595 [ 792.906120][T13141] ? do_raw_spin_unlock+0x57/0x270 [ 792.911214][T13141] oom_kill_process.cold+0x10/0x15 [ 792.916318][T13141] out_of_memory+0x79a/0x1280 [ 792.920975][T13141] ? lock_downgrade+0x880/0x880 [ 792.925807][T13141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.932058][T13141] ? oom_killer_disable+0x280/0x280 [ 792.937236][T13141] ? find_held_lock+0x35/0x130 [ 792.941986][T13141] mem_cgroup_out_of_memory+0x1ca/0x230 [ 792.947517][T13141] ? memcg_event_wake+0x230/0x230 [ 792.952530][T13141] ? do_raw_spin_unlock+0x57/0x270 [ 792.957624][T13141] ? _raw_spin_unlock+0x2d/0x50 [ 792.962461][T13141] try_charge+0x118d/0x1790 [ 792.966962][T13141] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 792.972506][T13141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 792.978744][T13141] ? kasan_check_read+0x11/0x20 [ 792.983598][T13141] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 792.989126][T13141] mem_cgroup_try_charge+0x24d/0x5e0 [ 792.994398][T13141] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 793.000019][T13141] do_huge_pmd_wp_page+0x99d/0x3660 [ 793.005211][T13141] ? munlock_vma_page+0x45d/0x700 [ 793.010239][T13141] ? __split_huge_pmd+0x2c00/0x2c00 [ 793.015425][T13141] ? __lock_acquire+0x55d/0x4710 [ 793.020862][T13141] ? putback_lru_page+0xd6/0x140 [ 793.025787][T13141] ? pmd_val+0x85/0x100 [ 793.029922][T13141] ? add_mm_counter_fast.part.0+0x40/0x40 [ 793.035638][T13141] ? perf_trace_lock+0xeb/0x510 [ 793.040485][T13141] __handle_mm_fault+0x1651/0x3ec0 [ 793.045580][T13141] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 793.051116][T13141] ? find_held_lock+0x35/0x130 [ 793.055881][T13141] ? handle_mm_fault+0x322/0xb30 [ 793.060841][T13141] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.067093][T13141] ? kasan_check_read+0x11/0x20 [ 793.071943][T13141] handle_mm_fault+0x43f/0xb30 [ 793.076695][T13141] __do_page_fault+0x5ef/0xda0 [ 793.081445][T13141] do_page_fault+0x71/0x581 [ 793.085944][T13141] page_fault+0x1e/0x30 [ 793.090097][T13141] RIP: 0010:__put_user_4+0x1c/0x30 [ 793.095194][T13141] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 00 ee 01 00 48 8b 9b 18 14 00 00 48 83 eb 03 48 39 d9 73 3c 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 793.114779][T13141] RSP: 0018:ffff8880a887fe18 EFLAGS: 00010293 [ 793.120826][T13141] RAX: 0000000000000003 RBX: 00007fffffffeffd RCX: 0000000020000140 [ 793.128782][T13141] RDX: 00000000000003d9 RSI: ffffffff8198e363 RDI: 0000000000000286 [ 793.136744][T13141] RBP: ffff8880a887fee0 R08: ffff88803d2c44c0 R09: 0000000000000001 [ 793.144696][T13141] R10: ffff88803d2c4d40 R11: ffffffff8a0699d8 R12: 0000000000000005 [ 793.152650][T13141] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000000 [ 793.160641][T13141] ? __might_fault+0x1a3/0x1e0 [ 793.165392][T13141] ? __sys_socketpair+0x11f/0x5e0 [ 793.170397][T13141] ? __ia32_sys_socket+0xb0/0xb0 [ 793.175324][T13141] ? kasan_check_write+0x14/0x20 [ 793.180250][T13141] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 793.185692][T13141] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 793.191143][T13141] ? do_syscall_64+0x26/0x610 [ 793.195814][T13141] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 793.201862][T13141] ? do_syscall_64+0x26/0x610 [ 793.206522][T13141] __x64_sys_socketpair+0x97/0xf0 [ 793.211543][T13141] do_syscall_64+0x103/0x610 [ 793.216133][T13141] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 793.222045][T13141] RIP: 0033:0x457e29 [ 793.225927][T13141] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 793.245520][T13141] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 793.253922][T13141] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 793.261883][T13141] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 793.269853][T13141] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 793.277810][T13141] R10: 0000000020000140 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 793.285761][T13141] R13: 00000000004c6411 R14: 00000000004db758 R15: 00000000ffffffff [ 793.302858][T13141] memory: usage 307200kB, limit 307200kB, failcnt 8979 [ 793.309723][T13141] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 793.321943][T13141] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 793.329943][T13141] Memory cgroup stats for /syz3: cache:0KB rss:291868KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:227672KB active_anon:44076KB inactive_file:0KB active_file:0KB unevictable:20164KB [ 793.352271][T13141] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13140,uid=0 [ 793.367768][T13141] Memory cgroup out of memory: Killed process 13140 (syz-executor.3) total-vm:72580kB, anon-rss:17940kB, file-rss:53540kB, shmem-rss:0kB [ 793.382187][ T1042] oom_reaper: reaped process 13140 (syz-executor.3), now anon-rss:17932kB, file-rss:53536kB, shmem-rss:0kB 03:39:16 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x20000, 0x0) r2 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x1000, 0x101000) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000080)={0x4, r2}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:16 executing program 0: r0 = msgget(0x3, 0x20) msgrcv(r0, 0x0, 0xfffffffffffffeeb, 0x0, 0x2000) r1 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x100) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x4, 0x20, 0x1, 0x98ec}, &(0x7f0000000080)=0x18) r3 = getuid() fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = getgid() getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000280)={{{@in6=@ipv4={[], [], @remote}, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in=@empty}}, &(0x7f0000000380)=0xe8) lstat(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000480)={{{@in=@initdev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@initdev}}, &(0x7f0000000580)=0xe8) stat(&(0x7f00000005c0)='./file0/file0\x00', &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000680)={{{@in6=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@broadcast}}, &(0x7f0000000780)=0xe8) getgroups(0x2, &(0x7f0000000800)=[0x0, 0x0]) r12 = getuid() stat(&(0x7f0000000840)='./file0/file0\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$video(&(0x7f00000001c0)='/dev/video#\x00', 0xffffffffffffff81, 0x200041) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000900)={0x3c8, 0xf4029f3d218bfce3, 0x2, [{{0x3, 0x2, 0x1ff, 0x2, 0x8, 0x101, {0x3, 0x4, 0x3, 0xfffffffffffffffa, 0x8000, 0x0, 0x21f6, 0x7, 0x7, 0x40, 0x7f, r3, r4, 0x9, 0x1f}}, {0x1, 0x8e, 0x1, 0x5, '-'}}, {{0x3, 0x0, 0x100000000, 0xfffffffffffffff8, 0x40, 0x100000001, {0x2, 0xac6, 0x9, 0x9, 0x4, 0x8001, 0x3f, 0x3f, 0x1f, 0x101, 0x10001, 0x0, r5, 0x9, 0x1}}, {0x3, 0x38000000000, 0x0, 0x7fffffff}}, {{0x6, 0x3, 0x100, 0x0, 0x0, 0x2, {0x2, 0x5, 0x6, 0xffffffff, 0x80, 0x0, 0x2, 0xfffffffffffffff9, 0x4, 0xfffffffffffff000, 0xff, r6, r7, 0x760, 0x1}}, {0x5, 0x6, 0x0, 0x1}}, {{0x6, 0x1, 0x4, 0x5, 0x7d, 0x8, {0x4, 0x3, 0xeb3a, 0xfffffffffffffff8, 0x2, 0xdb, 0x3, 0x7, 0xffffffff80000001, 0x8, 0x4c20, r8, r9, 0x2, 0xffffffffffff0001}}, {0x1, 0x40, 0xc, 0x3, 'wlan1selinux'}}, {{0x2, 0x2, 0x38, 0xff, 0x9, 0x3af4f084, {0x2, 0x68e6, 0x11, 0xffff, 0xbb1, 0x7, 0x2, 0x5, 0x9ba, 0x8, 0xbce, r10, r11, 0x1}}, {0x6, 0x80, 0x0, 0x84000}}, {{0x4, 0x1, 0x2, 0x1, 0x5, 0xc3, {0x1, 0x1, 0x100000001, 0xffff, 0x4, 0x0, 0x101, 0x7fff, 0x400, 0x4, 0xa4d, r12, r13, 0xacfe, 0x45c3c76e}}, {0x3, 0x1, 0xa, 0x3, '-%cgroup-^'}}]}, 0x3c8) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000000c0)={r2, 0xde}, &(0x7f0000000100)=0x8) setsockopt$inet_opts(r1, 0x0, 0x4, &(0x7f0000000d00)="45b19399fd8d759caf07be7e3acd51aac40f4581536f9c03afee05fadc4421c31f89a118f7ff6288e8a88d71ed1c2359eed87c6c502151ff0cf7cef25be2d41862bb11ae08182c497f518cc72281af450458eb0ed44f302684d0ffeafee4ab75d001508de4f6bb19956f518f8f74b11b69f3b4a3da6660de3a50df6dc10713a87f564599f49daaf36bb6f5b5f0bc912be8050ec944f09f5369075f27d65704e17edbb200542900c8ba9401cc9739500b064828c0c5913b194f2d6a4f78458d5579633d60ab57a9ab51d464be328de56905b0990c6b81214e1739d621967e414aca709135873122826fda8aee8c339bafbbfcb43b51a4ea525d76f3d974b053ff83dcb841b2cfea49bc3579f4b2a592e3f2996b1deb1b188b55e792a51eab53114a92e93b028c3b2a64ace5cd3a8126a999094fef13e6f56eef5f9d487dfba198926df83ab25c3aa94bbb32429915de2b4d37d1373c80ca4cdc9fe5f5afb3229206988c559b855372d626b8a35022a05791281bdf5c081637f1b3d067237ae15532abdfa28bd92cb31e8e8cb0a0a004a9bdb9871a5127bf1f19d72fae881eca322c3fc696f643fedb8ff50a8d92f9447a3082534d57d1f3da5493ecc24a6b8558ce80f2515973436aa9f7e8f045569ba9b6cf3192aa6035b17429471626a9f9a1d82c2c28c539505b3357298e5355e3eb30d0759820cfcbed3cbefb85aa86f24a8a33f8508d224e94a64cd14c6febe205fa9f32c511f9a339898723b8f02ff94951f8f1daa0f94ea5fa9f88b645e034b03222207d55d494c4903c5c1a499a8720aefb8d0e576808ef8677f0fb802a38ad7b48fc476ca0aea817b71328a16edc24dde1d0cfc5b21c79539b1d1fc2015ee7a14c19dfc438880360dc2095e872e5c0e1324013debf91ffdf7e24be8347d4cf2dae1730c3ddd938aaed81e79274b86664cf688f327d713e70a69e51303863cf8a174e9be6276a82ac8edf09713e6e157c8110384412ea884aa6227b36fb87ef4b8224cdb7b9517dbb8864a9f759fe1afffc6826305553a0676ade38d2b7d4e2a6e7f67018658db963937f00e6583762c7e3d0cac1219886813d8b93bffb92f893b2f3bde1c83b9dc1109b4a91fd415b6837ffdd1dbaa4f40ded465646d599fffaeb045c5bc14865ded1c11f35872bfe20c358a8ae7857049f1a2ae84de54a431c6337dfb242bb66657a5165acd429bb89338aaf1657e96add90acc6ce3451cebe48febcebde3d7261e6403bcb1612a87a8b871b6cff62ecb046a95a160e1c7fc9302254f9d32d815e7cc6a2b925e0673d26e9ca8cfd8724f4dc2f1bfd71a0059d3607a50ffcc94ddd569b4e0553ca6a68166ce9213a9941a86531302b1295003d97606d415b49db3b1b0e45f61751b99a2b25afa7e46d700b4739054afc02bcd48616ba4ef0746d78971967569de900226d7eedb416411caf6d2011f92ad268e41a30289bb4fbed196dffd5fe4553607986044c302433e594aa01e1a02ca6f82a9acaaa3e526b191e55046cff4077722c2613ca96ac1d7bbc085f157519725bcf965b78777a6693c29ba0d56f3f2fd47615b3c40101d761b237c6c1508ed9245bbbf99ba9ba9073f200499cf5c77ea3c6af229fb639833712ea9d861cffc645cb9a08dcf001c4f2290c60f3f59e2fcb7b573f7abc02c3b4f94f7847ccf2d25baf3a6d566a3ba69fdc0805d189d9957ee66e06cc572c761de9fb765e4f633a6cb681f63021a93ef91dc9fa19a310d277327eaa3e2cd25a295a60d9918dcbe77f67b25be98d801c175d8d2fcc790262668b3c164938bf2ee51316e8499fba6d7317700964141e99edab8e76924f68404ee9f552743a863d46933ce936d185349ee39d53bc0682a2ef6ef954f93a9f47a6f493c1fa0092f3d383fd8ed624d3221d5922972c2f2366810f3c08466dac7b393fa0601d991001e7d14e2e5fd00238c2876ad2958d3d9e99724d8158bf92ea425b5b9916554eae9e6138568f728ec7788ecb0c7e61fe9e6209d309d30d48fee7092343b6554705630c54f5add83fe14b2eb236f1bd7868282e4bb4241cf6ad5b8f39e984ad54a5832f88ced306dba854c6e52af1aa959ed7042a374174620cb5f73d9d62308496ee40c7241028bf909ca855d2a4125a54b9a6200293b76d3225a5517ce8e714a511f48da82c3e1a08009d93e12645020d0c3bae65ee9d6924d58a835a2a9fae604253ddbfa2a5e5687de64a6293d084617861a281e04e223ecfca084dfaa073f2ad36a7fe9ef53c5c1b2d0b4d0fea75ff6b6a9c64e4740dd4448bd80f4b43703f15ee304e02714014605470c8fbd195fd1b55d1242ca42462b1488bb603b9c1223243732e2285658a15dd2505d769c167cdf365a556d0e900f39fa295a22a7f7a5b6a68e87eec7fa4cd7d649cbb31bbdbc8feac2965ed08145860e17738f294d91a60f50c05b2f51a091789d4923e3ec798847925c49b857e6e04e984e12a2dcdb1c2a2b053403ba7d74fff1a8e63f576bffaa0ba19ae578a0bf3e7cf8ea6d60e4d091e68cf858ac9e15f13a8e7238db3811afa5f3105d498ef6ea35f3953bb1ff607b20db451d8d6db5780b47cd3dda87d0b4df762b2775d9bfb91898e662aadbbd93a330fac35a2a68225f2da7abc8b4f3b667477a157a3e858445485cf195b128253e6049fe281ebb5943d246adc5eeba465c29e6ab18efe55a6e502810fdc91573f07f5b2d8c3454f9c47bd855bb0902b986c69c2cd0b7ea89f2006695d94ebca823cc929f2075a1536cec5c591008a9773af562b67b9e36edd8235cb32a3ac162d0cfa6726cb9cc233770576912d4b68e24ecb979d387664b09f2ae0eddc28d1da09975263fe0d3a1068e6dfc88fd684cb75bd9c3e22b0fa93b670d568588213f04e93598fa3b8bd2ad98c070efe3d98be4384c633e5581b4997563bc911e30ae8ce650dae285ed4999409cef29324203ef381165d8dcd19f4e2e4006acbe8442f5d1f21421405f0cd359ce8bae454dcdcceeb7cde5b47f8ff0ddaef1fce80dce392b292aa57417b396a9a87dc2597c1e741846ec4b70c6f0fbedcd2cb1eb1c864086883d32e7548b73ab587e3873d33d9205518f0a88d4e9c96e7317809e7382a3761a51ee8398af6af0b7b68c8ff882f66b1d7fe3793332582113605a7efbae576209640c70d5336d954cbc84df97e3a59b01ecad71328793630c698c471be9704d33122b2169c6a8709eb48bad08e7630d98153569dafd0b293655a23fa3f6d4a613d400c9f15974ee82bb130572f3d563c9c6de8049a3563cc21e0295f33a5c4f67ae13cfde2f0dcd5940361955c2fad69eb8b1d2c48597abf379ca355c6d19233bdbe35ddcd338246da762ac689ff480c77ac4e07ecc05cdc72f707ed7245ab547545c0bb5ba0e63167a3a1e87a3c1598862a99c6e4da72be55a7d32c49ce9b935c449f0e8c248b92b97a482affc0c6bbdfe06f2a06d146a1df359f617867e8cc8bba972ab2417711a4bdc7444daca2d8b94906407dde7b7e25d67b4b526e33069359e9ec277049edee94f14b557d83e1d1253e1db438395b63a75aa53885300b89e20f27af7036bc8c7729f0092b00c6a03da05ab5bd70f06680338552ca405acb89ae6cd47e95782465e4bb6eeec376c8f6237a7d98cd1a1bce5e47843c37bd626709aa37113ad95d4e2c914181715b93b257a1ad811abdc3712c326f65c6ffcde999573cb1405a87c77228213b8f2e72df6e2f7084a358ae32f93eb6d792a19c1a650c32c64d63eb7135a0abb6c972875b9edc04f2f722fa7886abd148a12246ae896e5f79e441b0e8cbf46b3c50b2f0e911b8036f098bfd84638c595cdfe8fef4e660f83c6d2f5bc4897c3d465264abe6028f29c01b6731733da428e05f3483108a817ae778035b4a6e3c3394f2a2ca4a6559fbe64c1bb80d46bab05de507b4009a87d4eeeec03eebe58d7e58da49fc316f5ec446576834965e621a408ca5e489762b5064c8ec592f80bbb5b97b1758021ce192578fcb7ecb549fa0e50f5ab7900377b156ec98e368c7dc82deed56873a7a31236e42007221bfeb284555a27d45c9f30b358b06057d42baa9a03f485323864827ef44a5b5abc2b1966b9ccc6e7f7f84c7bf6ccf0adf8a297b0c132e0f841fff4195926e4414d068456fad4453c45880cce1c88b255c0ee3db7eb28dad63dbd1c8da381bdd533d92c5fd700d7025c6dfec86b5e302284aec8ca26957944cfcd3205419df2763b1fcc1e99ac8a96ba25d300ff1830ad35cb7e03d79e55e1dd66f5beda6ceab2e77b70bce274fe66a59f17d877906960137457a7618c5e8242ba1591b8fcdf6de4c5df467256604935b22a03b58fc25fcdbac0ebc1945eeeacaf309cce3edc3d47bd32ae9c00e7042ef4451db447e606f17a91c24c6e17ff6adb7b0eab14f403d0e0061b3e9763997612aa1592acf789c11c916280cf6e01ea07eb07c25f28738039484e9fb0ad101905bc6bd68690b996631a05ae264c292fafc1c94d9879d68260f65b3ca7596192e56117b6fefbc70a511eab7cb40f7aa650502e69e8bfd518e7e49a27e7f7647bb18830834c0e3507c5fcd542be3eddf55376390df6316fc6601c41e440571f9582e996eb804505c035db28b5b22234848a7502731ecfc917e2dff825fc094e78c36e93f2e56b77722e2f35c811838f8235d618713768af98e90a25a5f16b9ce8423dec74aeb927f5a8aa447cbd04c062285e3bba3897062a0038d6ef09c56796c45db82d03e383111ae671d8b8a59d59cea2b9ef7fd8ba729c706012b7be21a7d82a69eabf03b26ca8d583cfce6a8a9f62571f9c15f66d6fe2b0aa3cef1805649f1e379697f2207f4b84e0000540dede322b25689e6355f390716afb499f4c609ab53082cbcf06544a8ed520a52af114b52c5537ce1117c5bcd573f5a4986c09e713a8deda3093f0b381e88ead2a2fc8fe308c7aeea6ca50112cb69209a626d641cf6d05fe943a025e20ed74d538a90f999c42bdcfd1821c449cd60cfaee67bc8148818b357480a755aacb2100d2470b95410225b0caaf509e8e0646af23effd70fe3166a159ed5e51a330cb1f362b5a1a578f7a6714e437b1b733f0f753cee645294d53ead5ccc19814106534fba2de8c73281507c6db0e81d7d8f6c71f5b3c71a72a4a48efec3eca33e1fc6139f0dbbd79d366ca1cf8883bef47ea2017904cb9661c9f6e65b41830ce823e8bddc4a4a53bdc6672c549dda1ea10e0f7197fc3135fdf7d4e9564c09552bdc91338fa27dba9505586df9fe65a65cd7c943e9113bedabf023f47d234672f664363a68263f4fee608074dc0cd490211a93bbd4335756a07030b984d3d6a26cadcee32d5c6980b0cf58fd5169af8b95d84de36cb8e70a15331b996dbe32ae0199a0c6594c81cafb26a3b0a8d788bffc2b318654df883c5d45e23e5c2654d63c0c4757d194363ba0c37a801105d7aa39771123edbbe43a1330fbf7ce52a12ea7ce6132be8496b47ac6c13b3fdbfa1904a1c7e8374663d10761d807f38f92dc79fea7a46a181028a1851b2f878c548ffd9d3580e12430999ee821fe2129122806c04eef079c89af5104526649fc45117ad9c03f36489025d68e059f5e654c423b2d99694733e75cd3f5f460907f1410575657734d0d24245941f59493c48bbee358bd71ecdf36ade76d4f89cb7b4f5015c455b691b21822c957e0a27cd0c42391226fa0a9b7550aac2a576519bddaec522047c3aa3607bd89dd8c486396129ddda02afdf5b70aad", 0x1000) 03:39:16 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) getsockopt$IP6T_SO_GET_ENTRIES(r1, 0x29, 0x41, &(0x7f0000000180)={'raw\x00', 0x9d, "8f6d672e5b920bfdaf15c94340c9eaa50f64442d319c9d700af69ea94c205c67b2b9f2e1d8b6d9fc4f4cf6a62593b9821a9d127b096d48e285ea64376a43cc357786db703a2c87731ab342cd0c63205e4b530a368c2d07031ca59132d1664235f1a676dc1575adcd167a4bf07e6937ff9bb8af037c12007a625e819d3ce60713519b4dcca7521989cdf1cf84a19e5d81c0f23461f6311da3238cf769e5"}, &(0x7f0000000000)=0xc1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'veth0\x00', 0x0}) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote, r2}, 0x14) 03:39:16 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:16 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x1f0, 0x4, 0x3000) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:16 executing program 5: r0 = socket$inet6_sctp(0xa, 0x4, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000040), 0xfb01cbdd028b91c2) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20081, 0x0) ioctl$VIDIOC_QUERY_DV_TIMINGS(r1, 0x80845663, &(0x7f0000000100)={0x0, @reserved}) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x7d, &(0x7f0000000080), &(0x7f00000000c0)=0x8) mmap(&(0x7f00001d7000/0x4000)=nil, 0x4000, 0x7, 0x32, r0, 0x1f) 03:39:16 executing program 4: mknod$loop(&(0x7f00000004c0)='./file0\x00', 0x6008, 0xffffffffffffffff) timer_create(0x0, 0x0, &(0x7f0000000200)=0x0) timer_gettime(r0, &(0x7f00000002c0)) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xed}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000300)='./bus\x00') fcntl$setownex(r1, 0xf, &(0x7f0000000180)={0x2}) ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000500)={0x5, 0x9, 0x5, 0x100000000, 0x40001}) r2 = syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x3, 0x2) ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0x6) r3 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') pwrite64(r1, &(0x7f0000000000)="98a1", 0x2, 0x43) sendfile(r1, r3, &(0x7f00000000c0)=0x202, 0xdd) 03:39:16 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:16 executing program 0: r0 = socket$inet6(0xa, 0xfffffffffffb, 0x108) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, 0x0, &(0x7f0000000100)) syz_open_dev$loop(0x0, 0x100000000000003, 0x0) getpid() r1 = syz_open_dev$media(&(0x7f0000000300)='/dev/media#\x00', 0x5, 0x80) ioctl$sock_bt_cmtp_CMTPCONNADD(r1, 0x400443c8, &(0x7f0000000000)={r1, 0x31d}) io_cancel(0x0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x5, 0x8, r0, &(0x7f0000000740)="f8e4408a19ed7b2d2be2dfec05e6a91560cdc832402b9052342412b213433a7abbe62476ee33698e07eecfdc0b2424c462cdb15131a16dafdcd536bd1545df2c5d6274e711e6c758cc235bacb9be9f92e4f2c9f877ff187e13bdf2c22ee9f978494c69ee1bea56d3a86a55bf142a264a2f5dda3dbd3ea632c3355af213603a180b385f0033b1ea641ba5537b964f772b32d649e5aeefcead158e1cf74bd5090caf1a5a6ebb031fc2ffbc8619f815ea161bc245c669cc9fcf764bc8fd24a9b1b3ef2f5ac44d994c47b27074bc2c68d84fb2e6dbd4d4f10491ea5b50d585afe08e326d26044cc1de219e09e7b675a841ba23cd70beb71e4da5697f8f8d71735eea6c9223b963293283e04dbd11531cdd01e38d082d1e413b70e21973bc85411db9f94f558645beea00a0feec58a44b9b874cc52b9529580aa7bce0ae5bcd30802494a435b6ac19f17c8fc03d01ee1f0c04ae92cf8308b581d0e5ca00ef5e38911c838c8b70789e4bfa739eab1e4d5e20fa6e60b2d7c677b977548894c8f0cc314892767cd88fa0724c421adb38904194ac93e84a4ebb9a3ec70422c50f5e711336af65871534af23a0237fec2f86096a160872918990a8babb9e395ecbf68ea702f39aa9eff8cebae3cbe9411e44121fb880fab52b8a232408c9e3e037f52b941283a90071d5f23bfec03eb66d5feee6d0f9b349702e07563b33b5daf8a56f9f6ec3ecf903832546983cf37eda30fa3b661e9d97cd1a7b350f7fd1f1c2c3c779211c3b69d8484160c4d27ab36b1645985dbc80a48ad022e7a524925c5b512408e7fecac5e798f12947d38a5f7330849aaba77f25d49238c2d520206a37dd74bd05e9ef1de97183e3adb3c5b706d5084df1e94bbfcc9c08f1801f8651be6287d9dce092d6a10a3005c16624659fec1490941544c8ae7afd4f4e2278d7f07e706df10e07d05c3482f20aea5fcf7ecdfd03f829795dff154c2e365d15421a198081b4637161ad73e77b6325f4f873f51cd8d65fced7662d9f007e1926dc547f7f2b2bf1e0fae8dc74883fad1c5e77876d56c6e9cc8eae60a3a0518ddc36024268fa96eb542104734ec956f7b9cfd30e9086bb3008b362cf22f5bce405f1a384e1ad2b957861e56666c3e780f48e1d2a9c172c08f8103ec94cd24a202350391bf6d4cbcae285f04baf4485af0c48d10493df2cb56f897c06e59693c66317d0e68e6f073dcb3888fec5bca222dd31bd54ba76a092f21d3c2aacf4c5c626813d48f3c147413fd1048a8609917e0bdff50afd0f26a10b27fff915d7c1a1147f32cf6c3825384bfa75c86b79df0e607ac60f8b741c84de8bd811b653d7d4eb4f2db75f1a8684b5e9d59e6047a2d508338f793a7bef14164928242c5ed0ebb9bce93f27646b4ddca76606a0eb4398f45e6c95132cbe133c2eb6831a3b8c62722bbde89aa4062b71e2c25e8344c3d0790cbd0bad7f02087cddb2ad2d09688f5684c561b5927a55d9f8ab318906c0a6252435b6a39a2e264ba3eb088b6f8ccb612c8448beae9ad50869e530054b9389d690af2702c6ce7e1452b4f8a2ea773b8905ed41a301a218ae720ca24d7ed386453d47cb22f48da4d599520333d43b73149ff585cedc93dbfcca657d8b71c7407a929782e1507ec8e5c9a227722c2e23db67301a12e50df167f3c0f1235cab4c0188afb76a18e0a45e208cad8a409aff7997573bcc905e0ca1c7fd5cf463069d8cf22535045003d1438185dd8fe1662826c6951653165b81ebb7535929eec5f55158a9fdcfbb7aaf158b216456ee0dbc6fe4dddc03043ac5e4986339752526ec31f1f9bbec92cd7f8971f70f8cbaa1d81294263e8c61e3746a2a509928902f5d88ca7ae23a8cf2482c40254a32081fe68279a3b5e1cf8b0f2034806090cb1ca82ad8b3f19f85986764b6ca89d156d870bfd9d3182198b1229f18c602c2f8e2300b5d147dc75f32abcb11412f970a62d977e8c128794d8a0606ba00b9c61b542f0231ca919cfae48beb3a94b150d591eb90b3ad8e57ac1b614ed514516bf8db3a6cac6bc3fa3e9a7d7ae4faa588b6230e63d26e3e277255acdde61e526a2c63773136ec12b16d235029ddf2a951ba2a2c1ec93b18f74b9143a3480c0ce6215f71071cd1932579b867a9ebb16830eb8fda7484281636f5f4c6aa8b538dde35fd6d3635f468501f881951bca91a8c4dfa123b5fa858d5721782695e0f58562e8fa90ba10e60b97c76fabd934e7df7f97ce81a7109a147a6dacfef9346c53676a01345ee0fb6e19fe2c73dd7b79b9c1d2d8fd4e7c14d95a5b10a4a26144dcd9427527d7de4819824a12eff51c5f30b2b8739b5d0bfc91041b40ca37743cb3558b088fdad9e65c2a874d5aaf1c28b2853e6b55b867a884036d0ecf5d16b99fce45e687b40dab054252a2fb302ceb63ce334654059ee0fc59d5749ef878647245b3c684cab9d9033b5172b4530ea5126a5a0771727bcbbee45491f1a8f5b7e1a19faa4beb64c1d697513770c46707f3814443ad93736e379336a1f5b69ddd4c5dc389062243c932e179a52e63738ddcd783576058d71c1f8ae2c2ae14e199e7d92ea86046195aca9d9445b04ee3c9e39bc56b570a1b8617715fe62b211ec786bbcefce41c36fd95dc156f05a11f79cb4433210f822cb12bb1c64c65fa1102dc1c2095f80cea2ade063253a7b4235a1086e6d39e7a3bb71e27b990b5850eaee843b8810032fb2fa56028ae14cc9c275d3543f3301a0627f344eb7940a2b52535645fc108e0f78190ed99e34a3bf5b3cf0d5541e414f59fc480647ca487a0490af1f133fc254d7b56ef748235b31b61e518634b4510ed417debdbb1de545e9b16d7bd5a2a9e1b858b5d2d0355aae40ab53ac048b586c44a3c984d6624d2198db77144fb1e744fa312213b0e504550f658be8ea9b62d063630584c377390489a30a31f066adf2a0222e1cfe5507d4f86b58a7bf094f40798cf83b1ce7a310fb23bf992e5dd14234dedb307ca84e63791d64fb9663526adaa6ce5188007bad9ed6d1b2b16946ec8a1b324335b68309bb9c7abbd445bf2927771ff7e68e998a9a8ccf971879dbf50475ee5976579fa6cee2e80123a2810cd1f9a030d27a74928ff8eb746784221157441f1715f46bc1c6ee7084d4d0f74f5c0ebfbfe3e85bb80c28d11727d29b26d0f121e934471c0e6e10bb3658c90f811ee8f72304ec9a9efdeb77020e3261f07497bf5293660fa8d1120553303128236af88f86bfc506c5473d8fb21580cc321c99c9f4b48a641bd8d4beac79900bd554c0ce7a5da06c8b9c33c0c8503746006096181caf08a72456b048aaa8078d69ad8e68773b19e563521384534c7ebf9c5de2020cb2292d138f333804d407950825ae114650d8112b383ef99c8bf9888efd09bd69a46e37b48b6c4e0728b7f7b7ad83ca5e6d17049da7392f6442d9a654d5d0506353ea7dd529d448264c891a94567c8aecbc28688b1f3a9fd7cf6566f1e62ebbf6202c8b6c2f433c1d845fa7ed24126083de75967cef88b179e4549f9afc3d71e4fa5e2a915914973e510e755798b36dbaf58d9807fdf24b43465cf9c27b74eb810450b55c13d03fb63610d3c470a9e576e79d9161fc27570163bf40a13d79d22dbb628461023813e4d156cf252f65a011bffd0568ab87f4d2ec3be4e28bc3b7169db8d222a9eebaf57ca2451a173f54d43a954e91d5c32b1e4c51e946c2636138ac95c7260ea6bf89dea4ea043f2767d96eff4ac5ef074787b5bb4c903948c1c22b542d2191c327e438eec9ebf1038d81e0dd73c157959d3e6dd6a997dadc9fc9b475ebfc08ffe0ee6d92191fe1ce0b6d4bf6fb78f9e86e77841ecb4f7232ac07940a8be2a88335363b22cf4097b58043f79bda294201f6ee86cb4c320957569639617e5118694385bfa37dc6111c35577293e9c51d29acb0b72c047acc860ce311953366e9e5f46fe6c869cbbb1ca4bdfb78e34555ff45a73b58222a088fc1fb6b535f58506cac2bd25b0e9daffc38b515161a918ad34f3ab66d7d9f17504fd459db0b737967be4d9bfcbd03cb83e6bb033856cf0e21f0c928dd92bab2d691e73a493e1fa3da175c507575543f51e920feb35b0f639e59d409abd7079e091b1c64d21a229aaeb4c118c091a05007c21f6398dfc955528b771b7fee2a820a203d8a8801c971a0404646fb4057254254dbe29ad83e0f8d532d6d2d2e7602e4dbbd96790a8bac31ed427e1927f1fd8478fddfa636c321a21fc02fc4b1cc49541e24b22e4f659691081ea57d82f9b5d4b6c3ad3eff268b48ce865f66f7539662808842f06912996650f93ad2c15bf75772c90b7a2053a088bdc4d44cb94ff97712c4e987e51289911cca06e246463d68139f7001cf4fe001e6908071f50bda21e1321440a774a62212a0492cc51552850b4561f1e20865c4ab05a995be3977b604ea0cb8946aa04dd727dafba10263974d7885ccaa3a47fadc7a1b9117b2cd117fa48383155d4777822a2bd9d1066c3e1adb19693bc6aa8f80a0fcfda31d64071e60d735ba89b81047071a619a0669d6de5ad3d819d78d9dbe8d97304103ba877b0171aac0e7e4cf1731d157326e9e69bd49bde03ffa92f3b8a3fdcaa9603abf46a4510cc8c787488658aff8b0a3d0d7d5ff0225f0a6fb33cf75f54f155cd6559e6b39993a07266b373c187885d922a2d0cc7e3d6862fb08ddd4170622338da35e07d4975cc9d6d6bef8e6a38c50047abb095fc3b128147f7fa3955314509e93ff4d01ef53e8b82486a633fe3707270f7954c6fd05c49e52d2c9cd4da7919b5f691dda9558ccee5a3491cd12607a551b730063effeea69e5f5127ffd26aa922492b8cce524faa7f326aed62a2ec6af06c695bb9e14a03097b13898a979e857bb1373b625dcb52d68dc1c9dba006ea04ac322982e05c9aaa8da70e5ac1b4cdcfabe19a411f8bcb2a4f90f030d858054a4a879b4ccb924853da421dda85fd177b985221cd703daa847b5d1648f6bfa68fcdea93c31d61d1913c0a1d79d2232adf014608704ee61463b79167135a63b9f2a31800512d74a957999a46a46ef88bdfd60664589c81494e94a5bee3ff820b705a13eae0a5b7d6bf697edbd9770d6a5239f6d38af2947b91c9d2521174cca245457ac8b0015de3086aae50c2b52ce69a898bb4430109f2aee4b0d9c8fa89ee90e297597fbe8f955ab1e08dd87625af268e05d874902877b85affcf5c6446312a5c303ba9b3405fc8e83a61fcb3509e79139dad56213bbc24238fb645dbecc6d62017564992d427ad86d86b15cf37725a435d0da2d98a51782cfb56b87af7ee32a7343e54f4c40b78e1f14a01abf5291d4492bfcca29019b0768d0faaeafcb1091959f8c589dad6929e7b1ce08accf02875cb6dff7ba8e2e611ada0371a48c098b4be738", 0xf00, 0x61, 0x0, 0x2}, 0x0) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f00000001c0)=0x100000000) r3 = openat$audio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x140202, 0x0) ioctl$UI_SET_PROPBIT(r3, 0x4004556e, 0x5) r4 = syz_open_dev$sndpcmp(0x0, 0x0, 0x405) write$P9_RFLUSH(r4, &(0x7f00000000c0)={0x7, 0x6d, 0x1}, 0x7) dup2(r4, r3) writev(r4, &(0x7f0000000080)=[{&(0x7f0000000040)="6ccb35aab24be644ab70f7d9ce56d7523e6efe8d23d4cab35698d930f922ced0ce04372ae7b47c5d5ba5b2ff2156d4", 0x2f}], 0x1) io_setup(0x8, &(0x7f0000000140)) ioctl$FS_IOC_FIEMAP(r3, 0xc020660b, &(0x7f00000004c0)=ANY=[@ANYBLOB="070000000000000000000000ffffffff000000000000000003000000000000007dffffffffffffffffffff7f000000004d9a000000000000000000000000000000000000000000008000000000000000000000000000000006000000000000000002000000000000000808000000000000000000000000000000000000000000800200000000000000000000000000000600000000000000000000000000000000000000000000000000020000000000000000000000000000"]) [ 793.674422][T13217] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 793.692138][T13217] CPU: 1 PID: 13217 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 793.701273][T13217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 793.711314][T13217] Call Trace: [ 793.714597][T13217] dump_stack+0x172/0x1f0 [ 793.718915][T13217] dump_header+0x10f/0xba6 [ 793.723319][T13217] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 793.729109][T13217] ? ___ratelimit+0x60/0x595 [ 793.733684][T13217] ? do_raw_spin_unlock+0x57/0x270 [ 793.738778][T13217] oom_kill_process.cold+0x10/0x15 [ 793.743878][T13217] out_of_memory+0x79a/0x1280 [ 793.748542][T13217] ? lock_downgrade+0x880/0x880 [ 793.753381][T13217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.759609][T13217] ? oom_killer_disable+0x280/0x280 [ 793.764788][T13217] ? find_held_lock+0x35/0x130 [ 793.772623][T13217] mem_cgroup_out_of_memory+0x1ca/0x230 [ 793.779538][T13217] ? memcg_event_wake+0x230/0x230 [ 793.784564][T13217] ? do_raw_spin_unlock+0x57/0x270 [ 793.789661][T13217] ? _raw_spin_unlock+0x2d/0x50 [ 793.794591][T13217] try_charge+0x118d/0x1790 [ 793.799083][T13217] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 793.804615][T13217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.810841][T13217] ? kasan_check_read+0x11/0x20 [ 793.815679][T13217] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 793.821223][T13217] mem_cgroup_try_charge+0x24d/0x5e0 [ 793.826509][T13217] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 793.832130][T13217] __handle_mm_fault+0x1e1f/0x3ec0 [ 793.837230][T13217] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 793.842767][T13217] ? find_held_lock+0x35/0x130 [ 793.847516][T13217] ? handle_mm_fault+0x322/0xb30 [ 793.852447][T13217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.858672][T13217] ? kasan_check_read+0x11/0x20 [ 793.863510][T13217] handle_mm_fault+0x43f/0xb30 [ 793.868272][T13217] __get_user_pages+0x7b6/0x1a40 [ 793.873213][T13217] ? follow_page_mask+0x19a0/0x19a0 [ 793.878406][T13217] ? perf_trace_lock+0xeb/0x510 [ 793.883236][T13217] ? __vma_adjust+0x1840/0x1840 [ 793.888076][T13217] ? lock_acquire+0x16f/0x3f0 [ 793.892738][T13217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 793.898965][T13217] populate_vma_page_range+0x20d/0x2a0 [ 793.904411][T13217] __mm_populate+0x204/0x380 [ 793.908984][T13217] ? populate_vma_page_range+0x2a0/0x2a0 [ 793.914605][T13217] __x64_sys_mlockall+0x35c/0x520 [ 793.919616][T13217] do_syscall_64+0x103/0x610 [ 793.924197][T13217] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 793.930069][T13217] RIP: 0033:0x457e29 [ 793.933951][T13217] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 793.953547][T13217] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 793.961944][T13217] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 03:39:16 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000700)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) setsockopt$inet6_MRT6_ADD_MIF(r1, 0x29, 0xca, &(0x7f0000000000)={0x1ff, 0x1, 0x79, 0x5, 0x7}, 0xc) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x12d) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f00000002c0)={0xe, 0x18, 0xfa00, @id_afonly={0x0, r2}}, 0x20) 03:39:16 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x200000, 0x0) ioctl$SG_EMULATED_HOST(r1, 0x2203, &(0x7f0000000080)) openat$cgroup_ro(r1, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0xfffffffffffffffd, 0x0) [ 793.969899][T13217] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 793.977853][T13217] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 793.985806][T13217] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 793.993759][T13217] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff 03:39:16 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 794.051854][ C0] net_ratelimit: 10 callbacks suppressed [ 794.051863][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 794.063445][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 794.069336][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 794.075160][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 794.177489][T13217] memory: usage 307200kB, limit 307200kB, failcnt 9565 [ 794.202140][T13217] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 794.225971][T13217] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 794.239382][T13217] Memory cgroup stats for /syz3: cache:0KB rss:292856KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:243676KB active_anon:44108KB inactive_file:0KB active_file:0KB unevictable:5156KB [ 794.262724][T13217] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12624,uid=0 [ 794.278489][T13217] Memory cgroup out of memory: Killed process 12624 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 794.307501][ T1042] oom_reaper: reaped process 12624 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 794.425701][T13217] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 794.435896][T13217] CPU: 0 PID: 13217 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 794.445014][T13217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 794.455087][T13217] Call Trace: [ 794.458384][T13217] dump_stack+0x172/0x1f0 [ 794.462794][T13217] dump_header+0x10f/0xba6 [ 794.467213][T13217] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 794.473026][T13217] ? ___ratelimit+0x60/0x595 [ 794.477611][T13217] ? do_raw_spin_unlock+0x57/0x270 [ 794.482717][T13217] oom_kill_process.cold+0x10/0x15 [ 794.487823][T13217] out_of_memory+0x79a/0x1280 [ 794.492497][T13217] ? lock_downgrade+0x880/0x880 [ 794.497344][T13217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.503585][T13217] ? oom_killer_disable+0x280/0x280 [ 794.508787][T13217] ? find_held_lock+0x35/0x130 [ 794.513563][T13217] mem_cgroup_out_of_memory+0x1ca/0x230 [ 794.519118][T13217] ? memcg_event_wake+0x230/0x230 [ 794.524144][T13217] ? do_raw_spin_unlock+0x57/0x270 [ 794.529244][T13217] ? _raw_spin_unlock+0x2d/0x50 [ 794.534120][T13217] try_charge+0x118d/0x1790 [ 794.538633][T13217] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 794.544170][T13217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.550397][T13217] ? kasan_check_read+0x11/0x20 [ 794.555236][T13217] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 794.560769][T13217] mem_cgroup_try_charge+0x24d/0x5e0 [ 794.566057][T13217] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 794.571684][T13217] do_huge_pmd_wp_page+0x99d/0x3660 [ 794.576898][T13217] ? munlock_vma_page+0x45d/0x700 [ 794.581940][T13217] ? __split_huge_pmd+0x2c00/0x2c00 [ 794.587132][T13217] ? __lock_acquire+0x55d/0x4710 [ 794.592054][T13217] ? putback_lru_page+0xd6/0x140 [ 794.596992][T13217] ? pmd_val+0x85/0x100 [ 794.601142][T13217] ? add_mm_counter_fast.part.0+0x40/0x40 [ 794.606857][T13217] ? perf_trace_lock+0xeb/0x510 [ 794.611702][T13217] __handle_mm_fault+0x1651/0x3ec0 [ 794.616818][T13217] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 794.622359][T13217] ? find_held_lock+0x35/0x130 [ 794.627105][T13217] ? handle_mm_fault+0x322/0xb30 [ 794.632033][T13217] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 794.638256][T13217] ? kasan_check_read+0x11/0x20 [ 794.643111][T13217] handle_mm_fault+0x43f/0xb30 [ 794.647872][T13217] __do_page_fault+0x5ef/0xda0 [ 794.652642][T13217] do_page_fault+0x71/0x581 [ 794.657141][T13217] page_fault+0x1e/0x30 [ 794.661279][T13217] RIP: 0010:__put_user_4+0x1c/0x30 [ 794.666383][T13217] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 00 ee 01 00 48 8b 9b 18 14 00 00 48 83 eb 03 48 39 d9 73 3c 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 794.685984][T13217] RSP: 0018:ffff88807ac87e18 EFLAGS: 00010293 [ 794.692066][T13217] RAX: 0000000000000003 RBX: 00007fffffffeffd RCX: 0000000020000140 [ 794.700044][T13217] RDX: 000000000000037d RSI: ffffffff8198e363 RDI: 0000000000000286 [ 794.708001][T13217] RBP: ffff88807ac87ee0 R08: ffff88808dbdc580 R09: 0000000000000001 [ 794.715969][T13217] R10: ffff88808dbdce00 R11: ffffffff8a0699d8 R12: 0000000000000005 [ 794.723937][T13217] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000000 [ 794.731932][T13217] ? __might_fault+0x1a3/0x1e0 [ 794.736707][T13217] ? __sys_socketpair+0x11f/0x5e0 [ 794.741711][T13217] ? __ia32_sys_socket+0xb0/0xb0 [ 794.746640][T13217] ? kasan_check_write+0x14/0x20 [ 794.751562][T13217] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 794.757020][T13217] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 794.762479][T13217] ? do_syscall_64+0x26/0x610 [ 794.767182][T13217] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 794.773264][T13217] ? do_syscall_64+0x26/0x610 [ 794.777928][T13217] __x64_sys_socketpair+0x97/0xf0 [ 794.782955][T13217] do_syscall_64+0x103/0x610 [ 794.787557][T13217] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 794.793430][T13217] RIP: 0033:0x457e29 [ 794.797307][T13217] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 794.816897][T13217] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 794.825299][T13217] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 794.833262][T13217] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 794.841227][T13217] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 794.849184][T13217] R10: 0000000020000140 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 794.857138][T13217] R13: 00000000004c6411 R14: 00000000004db758 R15: 00000000ffffffff [ 794.866799][T13217] memory: usage 307200kB, limit 307200kB, failcnt 9631 [ 794.872312][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 794.873792][T13217] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 794.880090][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 794.887554][T13217] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 794.900102][T13217] Memory cgroup stats for /syz3: cache:0KB rss:291732KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:225604KB active_anon:44068KB inactive_file:0KB active_file:0KB unevictable:22204KB [ 794.922388][T13217] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13216,uid=0 [ 794.937952][T13217] Memory cgroup out of memory: Killed process 13216 (syz-executor.3) total-vm:72580kB, anon-rss:17872kB, file-rss:53540kB, shmem-rss:0kB [ 794.952480][ T1042] oom_reaper: reaped process 13216 (syz-executor.3), now anon-rss:17864kB, file-rss:53536kB, shmem-rss:0kB 03:39:17 executing program 3: mlockall(0x1) r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1}, &(0x7f0000000040)=0x10) mmap(&(0x7f0000eb7000/0x1000)=nil, 0x1000, 0x0, 0x100150, r0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:17 executing program 5: r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000100)='/dev/capi20\x00', 0x1, 0x0) ioctl$CAPI_GET_MANUFACTURER(r0, 0xc0404309, &(0x7f0000000000)=0x5) 03:39:17 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0xc8, &(0x7f0000000200), 0x28e) setsockopt$inet6_MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000000)={0x1, 0x1, 0x0, 0x4, 0xfffffffffffffffd}, 0xc) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xc9, &(0x7f0000000180)={{0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, {0xa, 0x0, 0x4000000000000000, @remote}}, 0xb) 03:39:17 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:17 executing program 0: r0 = syz_open_dev$sg(&(0x7f0000001940)='/dev/sg#\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'vcan0\x00', 0x0}) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000400)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in6=@mcast2}}, &(0x7f0000000500)=0xe8) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380)='/dev/zero\x00', 0x100, 0x0) sendmsg$tipc(r4, &(0x7f0000001b80)={&(0x7f00000018c0)=@id={0x1e, 0x3, 0x0, {0x4e20, 0x4}}, 0x10, &(0x7f0000001a80), 0x0, &(0x7f0000001ac0)="608daad9089518619febaf200eda97afecb957f7027d4160f66daec06fbbc3224ff2567067bd4c8ad4a78b4a09de23b6d42a66e8dcbd24c436333137834fd935037a", 0x42, 0x10}, 0x40000) setsockopt$inet_group_source_req(r1, 0x0, 0x2b, &(0x7f0000000000)={0x5, {{0x2, 0x4e21, @multicast1}}, {{0x2, 0x4e24, @multicast2}}}, 0x108) syz_mount_image$erofs(&(0x7f0000000140)='erofs\x00', &(0x7f0000000240)='./file0\x00', 0x5f2, 0x4, &(0x7f0000001740)=[{&(0x7f0000000640)="66e81003fd7bd9767ee7d554317c4b895ce5e78d599bdf71fda753c513d2eb0a0eeb3f3f89ad61943a6ea01de9cd60ef5f4950fdf1ad9f655dd530f9ea57c3ce53eda87d0f1dcd79f075bb18cfd11ee78d723205e9258529e1701412263200f82a078ac96377ade4a7c29967c9498765a9c222cc07a056ba5f515a62d212f67aa892ed96024f11a5c0d44698d6ca10515c44e47992022cfb7a5663dfba5ff14acf2176fb7ad7ae7927ffa8d180fdd4cee55a34c704ec06a034b4a89e771653cdc31dec584e797800259778d239afaad68954a9046f6120281c576bd2325b26ea88de3939cbea062251196287c718d8abc84ba60fc17d92f6ce54c4a621698f876add546a7998d6a298d6204fc875dc02053cd2408731bc3065e41976e838192676afe669a1074e028303713719ea3713fcacae218a0ff42ad1a9e34701fddd919415e7d18484fdfba1e0c4558e36a58915000a81dbb5d792be213796baa1d8f922f07468cb9d47402a863c2353fa382eae8c03eec7629e7ea6258169d2019d2356149ea455a372a1fcfd598a9fa8a826cb3dd75e74c72fdf19f2a74333d994f17f55fdba1b5daa7dcf2fd5eb1a7dd9cbc898d9308827978b9008fe56a3ff51ee8bc133c0042cafe96c200971e66b25c8ee2c0231243f04a57ca9bf578999707ac7a07828336d64034c1720e5203b02532278bd56e1d76a7e2f7209c7261334894f4bf522d4c56bc1365794501b833d8fef32791eae173fe7029be7558d80ef6e04e1a0c11069cb49ca8f78e580c4729e5d37f7dc4b45351534ed61928fbccfc15f468a6698695ac8b2f1711560d0f1226f213ad4ddd7949da8f2270730b5350c72250308fcb52c557a93756812052b35de0a7ece03aa0e44e87e4c50f53f05471aeecc8c9b28f6d9ed46436a3733f0fc6da6119051f409d0772cf644e16377fb1373bbe77c42411f54d40a771451c12164b15ae7dfa0878cede341fc1e1a7504d252613da7350b3f4d2a70c79f2b64fab1ae8e3b605ae70f3bc683db84dce6ce5bdcc3048135e5c47ac24195219aebccbeab1a0b2a5f68df59b0f6da441186d2749874382e8f50927dd74389c4fae119e38313f90fda66a075def60b666f5100acdb8ac7972617657e7b6e2104375679c2ade60f233192e7a13662ab40a6aefb7d9770c3c65267862e977528ab6768980d06564ce32a60281c7698927ff0585c00c48bb36db3792c73c842ef7d0db83a4844658b3ab8e6913a94095ea12c2ba1e4c4731fd652ac924859b6653b2d5201f3c810579c9053c882d08e446814c48512547896154ff0aab03b82857b86ed8cfc1ef4969c53d4ff418c6bc418ed4ae412d91a258427e1b1132a0695f656482491d641299f45b4b265cf9443c93c4fba0e5052e3dfd2fce40d955023842c03b10c333a38ccb014feb62106746fb58c6a22bc653569d5dd370e2f9c10571ddd4f6b4ec8fc5fc61ae19b7b2de78816e96ddb17431826bfc4d2c07e50dc778c373f2dae0daf079bcc930e3ed2f8bb75b21d193bd6197d8735deffc11b83e643f9d0743bee529a31d097f9375e9b3bdff0b7e303282a114feb9680b1c6b316bd7f488e79e23acbad9b7cc85b1ecf6f6c7bbc1ce90576f40502b021b3798a2213cb89d8dca1bf650b67e17fa9eb45220befb2487e2ea8c0f75905b9f4e6ef15593733a64d29556ea9ed989dd743b23bb09360b1ff27f14bc9a94f93b7f57ec9442228ee91a71ed0936bc9305f7bfcd4fb9e63125d63dd51951fa1f9a839cc76ba39bc6120e0a4d8e8a2741104d93187fb281725c71ab77a0dd069d3c1991bc631d7f01c7ca345d6f062ca1b502bba2bcd22b0a1cd8b70326b06680b0b43cd13ec109a1b6952a4730dceff98445ad4b95d5a931cf1b38ee4ec60475650d4f392a64270c934460179e5678f8ef69b5f946d166e69e8731ce2ebc44d6f3dc123961df9d43af7fd380577ef617576bd2d2367be2b2319417a61e2121af7367d2307c6e53d6902f928a886eca3e6845eba30d10f492049a06812cd929578f5d296ac8aa3fcb89eca12d3211f757c518766df6eb537f731019609e7d56161dfc6c0c0f3eadba4178b61aa315ae3e39d1596aaf4e506ed62b07d707c26b422e6c5b62a26fc912b23b4006da45da27287eca1e13a3f4c11dab7f5f4c99353b0938954b8748824351a5db70b4f0d12f53e85b2081115eaca36a1286cb8a175f521e5221074f1b386e3f62ab6e71e6b37a04e0c0962a71fea6e4d317770f2dc94e967df01bc0e66c657297f3ff9eb17695dc444a91f11642c2e6aafd7561d76be2a07f37d72bc81bc32e4d3e3fdcc5fc99c2549397f8ad5eb7e0f23f7c94aafe0c65334b95ba7ebda31c849162d762158c92f3898b9e4ff79401c76b0dd65ec64020745fe2aa183840e9b3a9ae2648bccd7900d769d418600e1c9db61bfb8a02742059d235eb644b1da6ccc43a5649ebc7faf362d3baf07c4aa8e7f66ace27c965c2738a9767ebee38f221689d75da65d0e2be7c119d9440f5acc75f7c7aa1796597602fb186de6993a30259fe161302af446c4054bd53a245c0ba980b49ea0c9eabc4ff62a39047b715471bbd882d1d4701eba1dafd70410eac048c0d5881713716cc4c6431e0940cb13261a1ae403e06e1beedb29d3332ee00ea48d1062bed802788b75810f2de0d07441a0392138c6eae432c09f225e4e48a2173ee965d86a0c6a38364a1aa63e3e238231c5c8e2f43a9a0c9213eec3dc8ebfac357775cc712cbdc2dfdb29ad34c041955b186cf4e200619cb214990b6bf82b7d255e30d3c98efa262b70717c7dfd19ce5350202d16e46f2804e18ada5df355cdaf56bf5bd43aa2b6fc13791909bdd337065350c900f5175709b8bf9e0783f734e41b6cd69b30a5d871651691e3da6c9f96163c26691dbf5570b15065189ad13a0d7442c210f0b506b8f0277952afbeb5dbda98813ddf816744db3127672cefc4eee18ca5b8992748e01a410327c5ea2eec1d77fb9f00134dfe068f2fe4f7c107efad6d94966ac2d363634d094e8c9719f39a2258fd5eb4809c8b6cda6482f8e0f942af165aac0cf5a6b252a941457258fe5d549d78b819739ade6905158c709bf223a25dcc5b1a9bc8a07ab41a060dfea6218ede2a367067e1f13f56dc9e7018ec798e2b1ee9f4df0e6e95563d50cb0e7bf2bdf970eed733a6b5455dfb8d2010989d0000f369192984accd650b253c6cfb2578172504733b6fe112f259253484146c40b5cb073a1582ab3c44ada3bd911648a739ad2b3d1b75b3eb1672adb6ce5f4eb663686ebbe2b426f50240846714df7113ff42bf27e24168f7ec24e12f2462bd562ede65172addc29a14b68943799c4c87eab3e381e961b95f505ef33ae1f596350e5415020e666cec286a141c60e951de9889dc2fc81f399e7166593517cd913beb43baadaaabd68fe74cb9f4b4b97b138486786629a47eb66393028d322e8774670fe57de0b6b9e8a9d028b38ab5d62682cbe74af5c59cd4a89429aa9b0e08df67e0a2c2e6e9f11e202750df10520db15515031bb47f30cce49ee0670af7e1ca2806da260e7dc15c849b1e0f52d66180f43b8e76ab3c726faaf3cad272e370f2ea43e3c65216998e46b39bbb909c816022b62da3ec291bb6a73cd921e3f0461c70c7a752698be73069138c7c091e7f7ccd48d897bfc43e0153f69651166b9ecde839e47623f5bb8200aaf8183578b2865723f6bd21e39d60a197aebd27950822231a58bbf24e784b432bca93d1f832bd9e2b136b72bfb7d205c33b4e2ad52b14ee893ee2e7b847b2f020240f10f2651379cbc421f186dcfdf6143b7ee3964620cc1daec04744e681de287d307a50a582136822327ce746e8cca19130a337236bbded8ebbae5912a522342c429d363161ddc595235e7155cb83a32031d95201240b0121f8c267d2d90e2a103865674c7e42e0204ec1ece7c671100bb9017578be4c50552a3e4cb7268ab001c97893724e1c20b44aa74356f06be523b3a7092aac7e0caa0db25bbf71f3f808e79cd5ad408d5f9fdbf91ed0442bf6349d14a71f80703761011b6c91a40c7833024c3be3b5f2ecac1fe60508aedb25de7c2da2b868525f5d0b3fcc20e10e445540d4703c42d04f587431a63a8ebef0e199f220af95250de6f62099b5b913892a502e9be82a56aeb020244faf33d7d14f4872ce4994f2dfe3efffb320f0b48057b51a2f1e30d4af9f972101a336dfd2635f251185b4d7296a3099e9d46e53e0bef219f415bbf4991c57dbe7f7840b7c6a44102f711da497733fce34013c173c98d5ea556685ab83684b9d401d356d10b74367ecdcb48e275e00057ad5919799c4956fd89cfb8a349b4befda2160bbb35a9cd88173da2fbee29a3398627618bbc53305b4ba7fc282285f8ce227a410d35f12df7d9fd5476786ae59ba7a55e04a068673752814bcffad0c3e8edc3b97d74ba5e6bd2dcdf9d5b2ff3580934f6177e06e19af02db1e7f034a355a82c71de76638301b8cad0a78a1c10019d6a4a24a6cebb8729d7cdefea5a6ba5f9a08afa9db40bbcc68d0643b24d416e0d1afddcfea85c12555a1b8e89c04d39c14c287623e7e4a2352414b2c6b91e6994ce661aa65355757ce24e0ea95ddf050bbd9328e2fe8c745090444327c030f229ae8a42f8c7b377643ebe869b864c5aa32f85153bb7b6b317632a35944af9083c2fb5eeb4031940c6ff01cb05adae74b63a13229c967cd924459e819ef4aa502804494e7f6f8d209e2509fc4e2410b8863e61a38ed9e8507d9c681e47beac65ebc36ce210cc57a2bfce2b667b6479b4081eb66ec0408fcec347565122aec58f6b466ec98a1c339590c4aeead205a428b71fe34842a8877435b81e7c88db5a5f5cc76c026cf020edd5c190da9549be0d15d029bd6e78192d7f30eb43f00c1134c03a781e2ac287c9e825abc105a0bd91f8eadd5bc4b1727798da70016f3dbd0f37d2307dca212ef86652390a4a19d3820280ad74343585507edf432c6e1b677a609cf635cde5d83af7060b3f453a153be5672baf478fe49810b35cacb58b718e69be678a808d5ab8a614ae242f065b033baa1cdc24a664319c1461a87e1f3c3bbbab681f01be35ce34e39f30470cb329d868bc0ff2c0727442787e81204b0750dc57a22b20ed8f4ec8c844ae930192be3942a46866473b256df8a091568bbc170d219852a8174e199e8bfa9005d19c679566f1a46347945ac333b08d14854f3a50289bafab8303d32c31e030f271998cd99dc491f38af7faeb3a3819357ad565a263e4ca15d5bf6baecaf0d614b3f4fef889a7ecd8892e6aa6c7b306f0f908b6c6ef024b62a64c62a55ab270360293653bb9b0a6d15d22e7b346f9b3266a1b60ec4cb55432efbcaf383cbf3d86d9c1512aeb9783f9d9a2aec80d49bd8c86a81256e3341a47a39239f22c41d66d02b542da82348b62752f8fdccad774dd4d7fffd1a1c4c33f7a2be113ea131af65d2437f95ec44b1d9e32866e8926c6f087fedcd852abb4c7a637e6a2f0ff1a177ca5ba70517cedd2e7a096a1e30dd8e98c09deddff21587b8f8802146fc3b64ef5006251104424f914f0726f2d1d8994b031b47bdea57113e078328fdd300ea1253dc568b1dc2a8983d3816f845027ff9ee78550368fe56e5b3da7c906a0a37daf2eed8468c2a51a95a482b3051c1374da335035674332090c1ebf2f45a2951ca521cfc6ba3744f3ea1a822ab3c73b4b8061e02c97bc1da6f24b08a954119efce467214105fa1", 0x1000, 0x1000}, {&(0x7f0000000280)="9980e818b9309c24671a38ac463ce5f6e3a1890fd344ef8dbca2b3b04622da1142a11fd150afffebc917d95e215d5118ea0cf72808f160908b4da9ac0571681266dc784d4ef849230f5c9298c69b86c0115b3e433f401f334ac3e489a0fadb49598fb0f68e7dc0d6b3d9046bb50072cef449f4588fadb55feefb12416861831d57b30cc0db93f55e32ee33555fe6d549647da0a1d37ee98319664baab0e5e5059b8860a2d1aecfd0808d29c59a422e339825d20c7f4aee63c99709ba069a7f72f29c63c0f1ccb6acc58bf330ead9521f51141d8b7371ba6899d66e1e2efc2b71a5bdf81f86269d2c807bd46c41af4b9bce50d3", 0xf3, 0x7ff}, {&(0x7f0000001640)="2d16d4719d24a198525d01ff99bb7bbf6d0f995633e87071b338fd25b64ec4a42877acf4876e0ef7fff8fa1af283cc085c6e263b3a78f4da6d5b1c15bef7920dcebc8fb7b9a11abcf35e358e8c56402d77f849d5af7bef2707c738e7be3948126c61734f", 0x64, 0x6ecd}, {&(0x7f00000016c0)="074dbd61ac75adbc5919d734e828abd7d1182d4e47a5f4460f74dbe1ac02ac0c51e29911e8ef9b33a1ad2044cf415a541be7cc56dec9524a25cc8eca64e797d17bbaa1875dcff73066b9a08cfe4a8af748f578d1c7f33512b2ff94d2a65b4ab950b6", 0x62, 0x766}], 0x810, &(0x7f00000017c0)={[{@acl='acl'}, {@fault_injection={'fault_injection', 0x3d, 0x7fff}}], [{@fsmagic={'fsmagic', 0x3d, 0x6}}, {@permit_directio='permit_directio'}, {@hash='hash'}, {@uid_eq={'uid', 0x3d, r3}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@obj_type={'obj_type', 0x3d, '+.\''}}, {@subj_type={'subj_type', 0x3d, 'vcan0\x00'}}, {@obj_type={'obj_type', 0x3d, '/dev/sg#\x00'}}, {@appraise='appraise'}]}) setsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000540)={{{@in6=@rand_addr="82fcfd787340e3f1e5a44128f43f0b9b", @in=@broadcast, 0x4e23, 0x1, 0x4e20, 0x80000000, 0x2, 0xa0, 0x0, 0x1, r2, r3}, {0x9, 0x7, 0x2, 0xfffffffffffffc01, 0x2, 0x0, 0x100000000, 0xfffffffffffffffa}, {0x2, 0x1, 0x3ff, 0x6}, 0x0, 0x6e6bc0, 0x2, 0x1}, {{@in6=@rand_addr="51d3b47f883bc279da7dc8b7b98cadc0", 0x4d5, 0xff}, 0xa, @in6=@ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x11}}, 0x3503, 0x4, 0x3, 0x80, 0x2, 0x6, 0x6}}, 0xe8) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x9) ioctl$BLKTRACESTART(r0, 0x2272, 0x709000) accept$ax25(0xffffffffffffffff, &(0x7f0000000180)={{0x3, @bcast}, [@netrom, @bcast, @bcast, @rose, @bcast, @remote, @remote, @rose]}, &(0x7f0000000200)=0x48) 03:39:17 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x800) msgctl$IPC_RMID(r0, 0x0) 03:39:17 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x177, 0x4) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000140)=0xffffffffffffff91, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f000020d000)={0xa, 0x4e20, 0x0, @local}, 0x1c) r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) write$P9_RREADDIR(r1, &(0x7f0000000040)={0xc5, 0x29, 0x2, {0x4, [{{0x2, 0x2, 0x2}, 0x5, 0x1000, 0x7, './file0'}, {{0x81, 0x1, 0x5}, 0x9, 0x4, 0x7, './file0'}, {{0x80, 0x0, 0x1}, 0x8, 0x700000000, 0x7, './file0'}, {{0x0, 0x0, 0x7}, 0x10001, 0x1, 0x7, './file0'}, {{0x80, 0x4, 0x8}, 0x0, 0x9, 0x7, './file0'}, {{0x60, 0x0, 0x3}, 0xfffffffffffffff9, 0x9, 0x7, './file0'}]}}, 0xc5) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000180)=0x1ff) recvmmsg(r0, &(0x7f0000009500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2040, 0x0) 03:39:17 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:17 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000000), 0x4) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 795.178730][T13268] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 795.237249][T13268] CPU: 0 PID: 13268 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 795.246396][T13268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 795.256461][T13268] Call Trace: [ 795.259768][T13268] dump_stack+0x172/0x1f0 [ 795.264115][T13268] dump_header+0x10f/0xba6 [ 795.268547][T13268] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 795.274364][T13268] ? ___ratelimit+0x60/0x595 [ 795.278977][T13268] ? do_raw_spin_unlock+0x57/0x270 [ 795.284540][T13268] oom_kill_process.cold+0x10/0x15 [ 795.289679][T13268] out_of_memory+0x79a/0x1280 [ 795.294367][T13268] ? lock_downgrade+0x880/0x880 [ 795.299222][T13268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.305557][T13268] ? oom_killer_disable+0x280/0x280 [ 795.310765][T13268] ? find_held_lock+0x35/0x130 [ 795.315550][T13268] mem_cgroup_out_of_memory+0x1ca/0x230 [ 795.321101][T13268] ? memcg_event_wake+0x230/0x230 [ 795.326139][T13268] ? do_raw_spin_unlock+0x57/0x270 [ 795.331254][T13268] ? _raw_spin_unlock+0x2d/0x50 [ 795.336195][T13268] try_charge+0x118d/0x1790 [ 795.340708][T13268] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 795.346254][T13268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.352498][T13268] ? kasan_check_read+0x11/0x20 [ 795.357450][T13268] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 795.363004][T13268] mem_cgroup_try_charge+0x24d/0x5e0 [ 795.368298][T13268] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 795.373943][T13268] __handle_mm_fault+0x1e1f/0x3ec0 [ 795.379068][T13268] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 795.384615][T13268] ? find_held_lock+0x35/0x130 [ 795.389376][T13268] ? handle_mm_fault+0x322/0xb30 [ 795.394326][T13268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.400578][T13268] ? kasan_check_read+0x11/0x20 [ 795.405443][T13268] handle_mm_fault+0x43f/0xb30 [ 795.410214][T13268] __get_user_pages+0x7b6/0x1a40 [ 795.415173][T13268] ? follow_page_mask+0x19a0/0x19a0 [ 795.420378][T13268] ? perf_trace_lock+0xeb/0x510 [ 795.425231][T13268] ? __vma_adjust+0x1840/0x1840 [ 795.430089][T13268] ? lock_acquire+0x16f/0x3f0 03:39:18 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 795.434763][T13268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 795.441006][T13268] populate_vma_page_range+0x20d/0x2a0 [ 795.446475][T13268] __mm_populate+0x204/0x380 [ 795.451068][T13268] ? populate_vma_page_range+0x2a0/0x2a0 [ 795.456715][T13268] __x64_sys_mlockall+0x35c/0x520 [ 795.461741][T13268] do_syscall_64+0x103/0x610 [ 795.466339][T13268] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 795.472236][T13268] RIP: 0033:0x457e29 03:39:18 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) shutdown(r0, 0x0) bind(r0, &(0x7f0000000000)=@caif=@dgm={0x25, 0x1, 0x6}, 0x80) r1 = fcntl$dupfd(r0, 0x406, r0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x19}}, @in={0x2, 0x4e20, @rand_addr=0x6a8}, @in={0x2, 0x4e22, @broadcast}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e22, 0x1fb, @mcast1, 0x7}, @in={0x2, 0x4e23, @broadcast}], 0x6c) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x12000, 0x0) ioctl$KDSKBMODE(r2, 0x4b45, &(0x7f0000000140)=0x101) shutdown(r0, 0x0) 03:39:18 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0xf, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 795.476141][T13268] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 795.495755][T13268] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 795.504172][T13268] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 795.512158][T13268] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 795.520127][T13268] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 795.528087][T13268] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 795.528097][T13268] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 795.539297][T13268] memory: usage 307180kB, limit 307200kB, failcnt 10231 [ 795.551778][T13268] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 795.559496][T13268] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 795.566638][T13268] Memory cgroup stats for /syz3: cache:0KB rss:292800KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:241616KB active_anon:44120KB inactive_file:0KB active_file:0KB unevictable:7164KB [ 795.588850][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 795.594811][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 795.661891][T13268] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12678,uid=0 [ 795.683832][T13268] Memory cgroup out of memory: Killed process 12678 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 795.745954][ T1042] oom_reaper: reaped process 12678 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 795.988439][T13268] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 795.998444][T13268] CPU: 1 PID: 13268 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 796.007544][T13268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.017579][T13268] Call Trace: [ 796.020877][T13268] dump_stack+0x172/0x1f0 [ 796.025205][T13268] dump_header+0x10f/0xba6 [ 796.029609][T13268] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 796.035417][T13268] ? ___ratelimit+0x60/0x595 [ 796.039995][T13268] ? do_raw_spin_unlock+0x57/0x270 [ 796.045095][T13268] oom_kill_process.cold+0x10/0x15 [ 796.050188][T13268] out_of_memory+0x79a/0x1280 [ 796.054856][T13268] ? lock_downgrade+0x880/0x880 [ 796.059709][T13268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.065948][T13268] ? oom_killer_disable+0x280/0x280 [ 796.071132][T13268] ? find_held_lock+0x35/0x130 [ 796.075897][T13268] mem_cgroup_out_of_memory+0x1ca/0x230 [ 796.081438][T13268] ? memcg_event_wake+0x230/0x230 [ 796.086449][T13268] ? do_raw_spin_unlock+0x57/0x270 [ 796.091546][T13268] ? _raw_spin_unlock+0x2d/0x50 [ 796.096377][T13268] try_charge+0x118d/0x1790 [ 796.100875][T13268] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 796.106425][T13268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.112648][T13268] ? kasan_check_read+0x11/0x20 [ 796.117481][T13268] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 796.123008][T13268] mem_cgroup_try_charge+0x24d/0x5e0 [ 796.128289][T13268] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 796.133905][T13268] wp_page_copy+0x408/0x1740 [ 796.138475][T13268] ? find_held_lock+0x35/0x130 [ 796.143238][T13268] ? pmd_pfn+0x1d0/0x1d0 [ 796.147463][T13268] ? lock_downgrade+0x880/0x880 [ 796.152297][T13268] ? swp_swapcount+0x540/0x540 [ 796.157132][T13268] ? kasan_check_read+0x11/0x20 [ 796.161968][T13268] ? do_raw_spin_unlock+0x57/0x270 [ 796.167074][T13268] do_wp_page+0x5d8/0x16c0 [ 796.171482][T13268] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 796.176856][T13268] __handle_mm_fault+0x22e8/0x3ec0 [ 796.181951][T13268] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 796.187480][T13268] ? find_held_lock+0x35/0x130 [ 796.192227][T13268] ? handle_mm_fault+0x322/0xb30 [ 796.197159][T13268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.203386][T13268] ? kasan_check_read+0x11/0x20 [ 796.208221][T13268] handle_mm_fault+0x43f/0xb30 [ 796.212980][T13268] __get_user_pages+0x7b6/0x1a40 [ 796.217972][T13268] ? follow_page_mask+0x19a0/0x19a0 [ 796.223154][T13268] ? perf_trace_lock+0xeb/0x510 [ 796.227987][T13268] ? __vma_adjust+0x1840/0x1840 [ 796.232889][T13268] ? lock_acquire+0x16f/0x3f0 [ 796.237552][T13268] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.243775][T13268] populate_vma_page_range+0x20d/0x2a0 [ 796.249219][T13268] __mm_populate+0x204/0x380 [ 796.253790][T13268] ? populate_vma_page_range+0x2a0/0x2a0 [ 796.259408][T13268] __x64_sys_mlockall+0x35c/0x520 [ 796.264448][T13268] do_syscall_64+0x103/0x610 [ 796.269036][T13268] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 796.274913][T13268] RIP: 0033:0x457e29 [ 796.278799][T13268] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 796.298403][T13268] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 796.306801][T13268] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 796.314974][T13268] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 796.322963][T13268] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 796.330931][T13268] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 796.338904][T13268] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 796.347597][T13268] memory: usage 307200kB, limit 307200kB, failcnt 10287 [ 796.351987][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 796.360361][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 796.374976][T13268] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 796.382942][T13268] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 796.389802][T13268] Memory cgroup stats for /syz3: cache:0KB rss:292660KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:230624KB active_anon:44084KB inactive_file:0KB active_file:0KB unevictable:18104KB [ 796.412727][T13268] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13266,uid=0 [ 796.428685][T13268] Memory cgroup out of memory: Killed process 13266 (syz-executor.3) total-vm:72580kB, anon-rss:11956kB, file-rss:53544kB, shmem-rss:0kB [ 796.443751][ T1042] oom_reaper: reaped process 13266 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:19 executing program 3: mlockall(0x1) clone(0x203fffffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:19 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000780)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x20) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/anycast6\x00') preadv(r2, &(0x7f0000000540)=[{&(0x7f0000000380)=""/175, 0xaf}], 0x1, 0xaf) msgctl$IPC_RMID(r0, 0x0) 03:39:19 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x2000, 0x0) fchmod(r0, 0x20) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) umount2(&(0x7f00000001c0)='./file0/file0\x00', 0x0) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000340)={0x46, 0x6, 0x0, {0x1, 0x0, 0x1d, 0x0, '/selinux/avc/cache_threshold\x00'}}, 0x46) syz_mount_image$nfs4(0x0, &(0x7f0000000080)='./file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) umount2(&(0x7f0000000180)='./file0\x00', 0x3) 03:39:19 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x1c, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:19 executing program 0: r0 = memfd_create(&(0x7f0000000280)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) r1 = dup(r0) write$P9_RREAD(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="0200e671a3e88dd31694253d9bcc806f4a"], 0x8) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) clock_gettime(0x5, &(0x7f00000000c0)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {r2, r3+10000000}}, 0x0) 03:39:19 executing program 4: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000680)={0x1, @win={{0x0, 0x0, 0x20303159}, 0x0, 0x0, 0x0, 0x0, 0x0}}) ioctl$VIDIOC_G_EDID(r0, 0xc0285628, &(0x7f0000000040)={0x0, 0x7, 0xff, [], &(0x7f0000000000)=0x225c}) 03:39:19 executing program 0: mknod$loop(&(0x7f0000001000)='./file1\x00', 0x0, 0xffffffffffffffff) syz_mount_image$nfs4(&(0x7f0000000000)='nfs4\x00', &(0x7f0000000040)='./file1\x00', 0x200, 0xad6, &(0x7f00000005c0)=[{&(0x7f0000000080)="f077f3865de8943472dff9730436b1d481af6a9b0fa57418edc351a334fe97fd7a8ff60cb7e321581760a1f5a74e7920d0028ad5a6f8d7e9ae5aa2c5c183b9683ae7b7dbd70a5d02a1b6a89aa601776a8af0dcc0f04fc97f3aec0254a2ad1a3ab9228368b47057fcfee2b3cf6826dbeca6b953891e6e06adb5570b0af3ba0f1454e13cf5ab44ccb51c5a5464f901eb9fd11c3415874ccb7b56fa7ad911138ad1212eae142ff60c54c032a0ff746c9aa21c40528afa0f41796e8990415870f292ce2085206c3bc3adaefe3d296efc930031e2eb7c1ac58f7d2d4906059c34c5223ea8ce45231c7eb75cdacda3b3a800b62d5fbb74f1d0b6", 0xf7, 0x100000fff}, {&(0x7f0000000180)="aa9ec0ef9623923a7ee87d775acf3e2c16bc3efdcd3f3e5ed6", 0x19}, {&(0x7f00000001c0)="af163d5b91f61913cb7c1e4d4efb0796d165f91f0951d90df2b1cd5c0c9c1faa71e3e5532e3be172957b96cc90dac32c9b48cc20dc3b042e2b8ff9232c342284ab91cdfb9a4f", 0x46, 0x800000000000017}, {&(0x7f0000000240)="46cc5d704a89b99cea91d3de43bd8bd95f114a8c9baf66a32206cc79ae7d31634737ac5c69915789c3e69f6dd724a174fb821df2447090b2892bb25d61ecbfd49b243af2b6b517b89aed7d72194d430d18bd60dcb403f716ed5a99160d6eb000092ec2318e0ae7d3f0e6713d01f59372383adee746802a3d3eacc7b83ad12daa2ef192455e8cedc3de222a5cdffed6ac6535a8a62a0b271f7f14e7", 0x9b, 0x3}, {&(0x7f0000000300), 0x0, 0x1}, {&(0x7f0000000340)="85f4a70c6824009e75ccecfb79220e1b8e2330e1dca78636782a5c53f0b634b4df4ceb69897ea1692cd02a16bdbbbaca86ac108dbe28bd4b390b588b9c60ed394a13bae9c38052b7b3f93060544e1afea230c6aaf7ade38d1fba36421488120161acd45acfffec9153844092a2a0193ddf392257638d8e6335b84264845dc146e7c74f3316b8191b220fb7ba6b320d325d8ca1e442", 0x95}, {&(0x7f0000000400)="b5ddce5f779ca6e15804d9aa49b3b4f96b6956a34e06f3fc60a2dccee261b84f22f74d542521c3913dfed906fe4327412754e07229a1c6b0a74ec12bb2c2d624b817bedb430bf25c5943218851b24d1f63dd9697f7811a17fef030b8e8a37ab0afc06d585aa355775ca089839cc90a5967bef3f03a0d9a07eb1b9092", 0x7c}, {&(0x7f0000000480)="57f5041b4f547c9b46db0a4c91015793f5ec1fb6dd5ddd1ea1e15d1ae8318faea694a669c67d3ad02eebc5", 0x2b, 0x2}, {&(0x7f00000004c0)="16da3d90b480386fbe2bafbf93243cfaa1abf493a35c16c8392d9bde7d7ff92356d695bdf74da449e37cae0ceead962ef38237ff461b0c719f65cf57c17e94e00edae5b563ee2f94f5706038c257afcd1964333de1896e070b7369f48ba0a0e4d437ecaeb6752434024f9f8b3f479960d9df530eaa2f777d4905db56ee71fcd257850ac9ea5b429755cdeb27c7c1b797cb15c133c540069c42745f4f6a751fc802df8e809335d73e686be70de150b0e43a8f33d55ecce4bbdfba670a49d77ac60ba45ea51fd2188e839cfb40d8fcf5e5ce7fd242ca02d612a6b6e618dcda652923ae4a41e6c2fad3c9cd2bb32cb472f3c3cc1c12068448ad", 0xb5, 0x59b}], 0x61000, &(0x7f00000006c0)='\x00') 03:39:19 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(0xffffffffffffffff, 0xc018643a, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r1 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000180)={[{0x800000000002b, 'pids'}]}, 0x6) write$cgroup_subtree(r2, &(0x7f00000000c0)={[{0x2d, 'pids'}]}, 0x6) accept$inet6(0xffffffffffffffff, &(0x7f00000004c0)={0xa, 0x0, 0x0, @local}, 0x0) ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, 0x0) mkdir(0x0, 0xfffffffffd) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:39:19 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x20000190, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:19 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000003c0)={&(0x7f0000000040), 0xc, &(0x7f0000000380)={&(0x7f0000000340)=@dellink={0x28, 0x11, 0x905, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}]}, 0x28}}, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x260001, 0x0) bind$pptp(r1, &(0x7f0000000080)={0x18, 0x2, {0x0, @loopback}}, 0x1e) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x70, r2, 0x0, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xc6}, @IPVS_CMD_ATTR_DEST={0x54, 0x2, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xfffffffffffffd32}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x7f}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x7}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x6}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@dev={0xac, 0x14, 0x14, 0x15}}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@ipv4={[], [], @broadcast}}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x181681556cb83da7}, 0x20040010) [ 796.693283][T13311] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 796.718562][T13311] CPU: 0 PID: 13311 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 796.727711][T13311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 796.737765][T13311] Call Trace: [ 796.737797][T13311] dump_stack+0x172/0x1f0 [ 796.737822][T13311] dump_header+0x10f/0xba6 [ 796.737848][T13311] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 796.745434][T13311] ? ___ratelimit+0x60/0x595 [ 796.745453][T13311] ? do_raw_spin_unlock+0x57/0x270 [ 796.745474][T13311] oom_kill_process.cold+0x10/0x15 [ 796.745494][T13311] out_of_memory+0x79a/0x1280 [ 796.745513][T13311] ? lock_downgrade+0x880/0x880 [ 796.745529][T13311] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.745544][T13311] ? oom_killer_disable+0x280/0x280 03:39:19 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 796.745555][T13311] ? find_held_lock+0x35/0x130 [ 796.745579][T13311] mem_cgroup_out_of_memory+0x1ca/0x230 [ 796.745597][T13311] ? memcg_event_wake+0x230/0x230 [ 796.806779][T13311] ? do_raw_spin_unlock+0x57/0x270 [ 796.811916][T13311] ? _raw_spin_unlock+0x2d/0x50 [ 796.816771][T13311] try_charge+0x118d/0x1790 [ 796.821312][T13311] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 796.826878][T13311] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.833133][T13311] ? kasan_check_read+0x11/0x20 [ 796.837998][T13311] ? get_mem_cgroup_from_mm+0x128/0x2b0 03:39:19 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x200000, 0x0) openat$cgroup_ro(r1, &(0x7f0000000100)='cpuset.memory_pressure\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) ioctl(r2, 0x800000000000937d, &(0x7f0000000000)="5f000000d04910317f") ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f0000000080)={0x6, 0x7, 0x1}) sync_file_range(r2, 0x0, 0x3, 0x4) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x28940) [ 796.843553][T13311] mem_cgroup_try_charge+0x24d/0x5e0 [ 796.848858][T13311] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 796.854912][T13311] __handle_mm_fault+0x1e1f/0x3ec0 [ 796.860039][T13311] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 796.865593][T13311] ? find_held_lock+0x35/0x130 [ 796.870364][T13311] ? handle_mm_fault+0x322/0xb30 [ 796.875324][T13311] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.881575][T13311] ? kasan_check_read+0x11/0x20 [ 796.886434][T13311] handle_mm_fault+0x43f/0xb30 [ 796.891196][T13311] __get_user_pages+0x7b6/0x1a40 [ 796.896123][T13311] ? follow_page_mask+0x19a0/0x19a0 [ 796.901301][T13311] ? perf_trace_lock+0xeb/0x510 [ 796.906131][T13311] ? __vma_adjust+0x1840/0x1840 [ 796.910966][T13311] ? lock_acquire+0x16f/0x3f0 [ 796.915624][T13311] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 796.921886][T13311] populate_vma_page_range+0x20d/0x2a0 [ 796.927339][T13311] __mm_populate+0x204/0x380 [ 796.931918][T13311] ? populate_vma_page_range+0x2a0/0x2a0 [ 796.937549][T13311] __x64_sys_mlockall+0x35c/0x520 [ 796.942558][T13311] do_syscall_64+0x103/0x610 [ 796.947131][T13311] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 796.953017][T13311] RIP: 0033:0x457e29 [ 796.956895][T13311] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 796.976506][T13311] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 796.984924][T13311] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 796.992876][T13311] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 797.000830][T13311] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 797.008790][T13311] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 797.016743][T13311] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 797.032468][T13311] memory: usage 307200kB, limit 307200kB, failcnt 10329 [ 797.039562][T13311] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 797.047439][T13311] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 797.054733][T13311] Memory cgroup stats for /syz3: cache:0KB rss:292868KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:241616KB active_anon:44120KB inactive_file:0KB active_file:0KB unevictable:7172KB [ 797.076953][T13311] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12734,uid=0 [ 797.131157][T13311] Memory cgroup out of memory: Killed process 12734 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 797.190988][ T1042] oom_reaper: reaped process 12734 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:39:20 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_FPEXC(0xc, 0x80000) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x4) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000000c0)={0x8, 0xf, 0x4, 0x2010, {}, {0x4, 0x1, 0x2, 0x1ff, 0x9, 0x9, "7e61b306"}, 0x0, 0x7, @offset=0xffffffff, 0x4}) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xc, 0x8c, 0x5a85cd3c, 0x5, 0x24, r0, 0x6}, 0x2c) ioctl$VT_GETMODE(r0, 0x5601, &(0x7f0000000080)) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x4000, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:20 executing program 5: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000002600)='./file0\x00', 0x0, 0x2001001, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext2\x06', &(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x100032, 0x0) r0 = syz_open_dev$usb(&(0x7f0000000380)='/dev/bus/usb/00#/00#\x00', 0x5, 0x14000) symlink(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='./file0\x00') ioctl$CAPI_INSTALLED(r0, 0x80024322) getresuid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) r1 = getuid() mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='bpf\x00', 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="2c75ddcd85c88bbc0c38d519f2097a1454ea0d06e1e4faadb0f18f4da4f963f6d21a58e38000000015a9f06f7cc35b8277f037894cf1c9a130b88b4faa109b363806cd5d420811ce83718aa08091a28878b1d1f04f320e48983516f7209b929f5462ac66669256fc425a540100f60c599b6f357ab8d09d00000000000023f3af85cdac4643aeb8b68f46690b161657fbdec8b43e6bf3d9702dd7a2410d28db972f9a975e81032bb7bf9f48bb9412be0183f919eea64a2af4b85c6ccd63c463983ecd2ec8695869231eeadb1d39900fbf1d1221f57dda880b5ba930a7a85a286b1f585d57ed042e04b9adcbf3f94a13bb4f60222db6deb53a23dda35236c40b3282b0550c6fcb068eef17d331498881e92ed8e4182da439b875dced02acd85ed61dd837b09fde00cc0cd2609ad2d9b46675a4dfdde8db5cfb8ff73c8737a44ad58ad28ac274e4455092371ae71605f13c6349b1e876ae5592fc05521f1c3a0d9c173d3452c50ee696283ed98a488a1a75a72b2d743b138af07cc294e6d5b5022f605ffd8f0bf8d858218a23569505a2a8514a8187b24bdedfe276b34476a37aa75cbf6877f369ef6e1cb05268d91d17ea08d83dc4c066f3b6bb488ce67df303eff1e54d59b2d0510d892c43b57c9dfc3811cbb313b3eb890c3448abaef7524f3d597de76e762e5233ba2d164c881cd1566cfc2b7dd5e484c4dbae99cb870585ca03f893abd396f73a82a4114f32dbffa27823e7fdcdc4fc109ff61be718b5fc", @ANYRESDEC=r1]) setsockopt$l2tp_PPPOL2TP_SO_SENDSEQ(r0, 0x111, 0x3, 0x0, 0x4) ioctl$IMGETVERSION(r0, 0x80044942, &(0x7f0000000240)) 03:39:20 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f023c123f3188a070") r1 = syz_open_dev$sndctrl(&(0x7f0000000280)='/dev/snd/controlC#\x00', 0x0, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x800, 0x0) ppoll(&(0x7f0000000080)=[{r1}, {r0, 0x100}], 0x2, 0x0, 0x0, 0x0) 03:39:20 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:20 executing program 4: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x1d, &(0x7f0000000040), 0x4) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x0, 0xeb, 0xca, &(0x7f0000000080)="4db721cff53f67ffc1e3ff52a253b6db2120e2f46f4b3335201545d706f0df48010bff115ff7a38beb2be3b2298845d94f75d9f60ae52eeabcd961be141351c30ebbe460e9e6ee65c605e3fc84149ef124b3f506cfe898c13c042b4dcbaa7b01bc6475bdc664e4febc34b2612114de6615fcbf8da619a14a4cc93494646ed349be5c81f8ad970e29d32d87d4d50b3d20cc740bd67c86d24356d911c6028b3d5264037eb91f0407d84d8ece3117d437bd90426af6d779c5dcb859dc0212a08dfd036baaa668576744e853257f36c3e472ff64329be5928aed885094a58f1bfb526208e9c56b96742f9f901c", &(0x7f0000000180)=""/202, 0x80000001}, 0x28) 03:39:20 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = semget(0x3, 0x4, 0x102) semctl$GETPID(r1, 0x7, 0xb, &(0x7f0000000000)=""/144) 03:39:20 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:20 executing program 4: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x3e, 0x1) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000000c0)={@dev={0xfe, 0x80, [], 0x1b}, 0x25, r1}) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, 0x100810, r0, 0x0) ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000100)=0x2) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r0, 0x40045731, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000180)={0x0, 0x10000}, &(0x7f00000001c0)=0xc) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)={r2, 0x6}, &(0x7f0000000240)=0x8) ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f00000002c0)={0x6000, &(0x7f0000000280), 0xf, r0, 0x1}) write$UHID_CREATE(r0, &(0x7f0000000400)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000300)=""/210, 0xd2, 0x8000, 0x4, 0x1, 0x3, 0x5}, 0x120) getpid() ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000540)={0x4, 0xdfa}) clone(0x4080000, &(0x7f0000000580)="df0429fcb6979ca73d895a90c5c718d2f6e48dbd1c18298ad797e73970dfae69ada5c9fa307581f0ec22d1798ddbc7f7d4c71fcece78b4cc3333b03f67ba9a49141f649f5047119cec8d3dba8d97c95d8131735e8530e7034c962e9cc258f6249cf88c39963549f8e1322afd12bd7fa379ecbcd68f1bf27056050f151477e7e45517dcab3a025b1432250a5812ab89c80aa54f473d22af3f3ae5715e610552fddde3391a2e68c95ad1edc772a6961d02438819a536f433fc4947c54ef97817dcfac5978170e04fe4917151f9f487222576c97512126150ced8899dc9c4e4c24c1eb586ac0b28df9b84fdb27bb07b6e80df6b5f20", &(0x7f0000000680), &(0x7f00000006c0), &(0x7f0000000700)="033dfdf6ffec7a61ee19d5440cfa58620ad50b1321014500b681afcff9ed76b9048ce6ce182c1c50b00391c4f465b75809afbc712e70f0d3a37d43bf0c2edacdee3571068adf32a27a2f7735136007f1b2697424dab9ff7baf05f7293dcf6131921c59b5dff9d147469c09d2b5d0781f5c") getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000780)={0x0, @multicast1, @dev}, &(0x7f00000007c0)=0xc) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000800)='\x00') getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000840)={r2, 0x1}, &(0x7f0000000880)=0x8) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000008c0)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000900)=0x18) lsetxattr$trusted_overlay_opaque(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)='trusted.overlay.opaque\x00', &(0x7f00000009c0)='y\x00', 0x2, 0x1) ioctl$UI_DEV_DESTROY(r0, 0x5502) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) r3 = openat$cgroup_ro(r0, &(0x7f0000000a00)='cpuacct.usage_all\x00', 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000f40)={{{@in=@dev, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@multicast2}}, &(0x7f0000001040)=0xe8) syz_mount_image$ext4(&(0x7f0000000a40)='ext2\x00', &(0x7f0000000a80)='./file0\x00', 0x7270, 0x6, &(0x7f0000000e80)=[{&(0x7f0000000ac0)="619cafd30673d361a03d565e39450b5a19b6c29425413f638b3a161a3a6e5e6f48", 0x21, 0x1000}, {&(0x7f0000000b00)="598f29acabf20618155228fc70945d23ba6f2447606b0a86a2c4eb2a3020c299a62948d74d6febb5c124dc99d72db42bc60149bfdbc315f64d4ea9dad5a4fc6e499db35d11eba0246ad59de0b0129f5fee9707f1896aa9f5ce9904a4acbb8ec5e50ceb8b22e220ceb2f0b6d403b822fb3fa8100796f9d81c2adb00b97d26bdc619718938528b2102afb6b95f0a7e454cb7541429d4e94b05e5a6b0922134c9130833eafed6aa53da6a360df8e991fb71134eb3a478e782ff57cb254bf0881fa8c17b0c446c34c818a16563a13df0c567396d60298c4fc9d00c0277a111d49d77b5454757efdfcdeb65ba7956bb1184507c9043aaa36d", 0xf6, 0x9}, {&(0x7f0000000c00)="6dcb5495e80701e1040666412887a844a95dccf3a2d6eefba46b1ef40f18bf7de075ac074be1754054f22cac198e603c438213677eb3e6a01154ad01dfd96245e25593c74bfefb3a8c3e83772db909fba91602e7bba0f05b08ea8c", 0x5b, 0xbd9}, {&(0x7f0000000c80)="a2ddfc9c8baa3bcf4f85547cb57c3c9e107771f0fa4cea02a1b966c8ad88b398b1bfc40827490dfe7f7dfc3d32eba0e760beaa581501345131e9d73f92a654a9077e9df8c305046156b68a4a72987439c5", 0x51}, {&(0x7f0000000d00)="7caa01bc46cbe933ab3c9de7a8b05a464e1b9334b0a40e28540a8ba7ecaa0ae1a1126ed5dbe648b101e2baf7ec5b613a845c23123fe3d47661651300ec82c7eb4584204521866df26c68d4aca08e9973566a48ba36652eaf57290c7a02f1dc268fe851b87274260d191240e3cc177eb975b25a998188cf53e2ae97a2f1a100b28d62c2dd80d871a0c4bf40bac81642272018c6d11c6bad01ba5c6b83cb248306cc2d7293a06f9111684ce26220ffdfc6c734", 0xb2, 0x6}, {&(0x7f0000000dc0)="034806232e6f27f980a617155ca684765ee75da6bb70c69b78e71af47489fc578d83d9fe7597b6d95422f8ac7c88544472a94a7d80d6d231e1fb769f813e5c9a90e947ee929f08060272191058a560c4e8e9795a3c3e6287806324b88674f93b41367604d38b5affcc4250fbc9169761a695adaa9b61c340ab91b422933b5ddbd6cc06fcd10212cda590ec254716be75380f67da57b8d5e3", 0x98, 0x854}], 0x241000, &(0x7f0000001080)={[{@journal_path={'journal_path', 0x3d, './file0/file0'}}, {@nobarrier='nobarrier'}, {@journal_path={'journal_path', 0x3d, './file0'}}, {@jqfmt_vfsv0='jqfmt=vfsv0'}], [{@permit_directio='permit_directio'}, {@fowner_eq={'fowner', 0x3d, r4}}, {@permit_directio='permit_directio'}, {@obj_role={'obj_role', 0x3d, '\\'}}, {@pcr={'pcr', 0x3d, 0x20}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@permit_directio='permit_directio'}, {@seclabel='seclabel'}, {@fsname={'fsname', 0x3d, 'trusted.overlay.opaque\x00'}}]}) ioctl$KVM_NMI(r0, 0xae9a) r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000011c0)={&(0x7f0000001180)='journal_path', r0}, 0x10) ioctl$SIOCAX25GETUID(r3, 0x89e0, &(0x7f0000001200)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, r4}) ioctl$SG_GET_PACK_ID(r3, 0x227c, &(0x7f0000001240)) tee(r5, r5, 0x40, 0x2) ioctl$VIDIOC_CROPCAP(r0, 0xc02c563a, &(0x7f0000001280)={0xf, {0x99a7, 0x3, 0x3, 0x3ff}, {0x254, 0x5a39f020, 0x800, 0x67b}, {0x5, 0x8}}) ioctl$KVM_GET_REGS(r3, 0x8090ae81, &(0x7f00000012c0)) 03:39:20 executing program 0: mkdir(&(0x7f00000000c0)='./file0\x00', 0x56) mkdir(&(0x7f0000000000)='./file0\x00', 0x84) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000040)=@nullb='[d::],0::b:\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ceph\x00', 0x0, 0x0) 03:39:20 executing program 5: syz_open_dev$vcsa(&(0x7f0000000340)='/dev/vcsa#\x00', 0x1, 0x0) r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x1bad, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_TIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) syz_open_dev$evdev(0x0, 0x0, 0x0) 03:39:20 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0xff79, 0x0, 0x3000) msgctl$IPC_RMID(r0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000001640)='/dev/input/mouse#\x00', 0x6, 0x10002) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000370cea89e8d8fdc5e01785a03c7ba62387434371f20fdb87318e260153d9b1a8eb3b44283bf8669ef2a3252ed9f808cbd9df3cba72ffb4b88d8be4ae8b8d0e373e9f6553ab959dee5b9955f0d7a7a7cd846b6b59dae90cb2c4d16e72727a828c8935143ba78aafc9609279b6b49b5b9923999681a9b716d765", @ANYRES32=0x0], &(0x7f00000016c0)=0x8) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000001700)={r2, @in6={{0xa, 0x4e23, 0xf96, @loopback, 0x2}}}, 0x84) 03:39:20 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 798.200394][T13352] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 798.218098][T13352] CPU: 0 PID: 13352 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 798.227218][T13352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 798.237272][T13352] Call Trace: [ 798.240568][T13352] dump_stack+0x172/0x1f0 [ 798.244909][T13352] dump_header+0x10f/0xba6 [ 798.249349][T13352] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 798.255154][T13352] ? ___ratelimit+0x60/0x595 [ 798.259749][T13352] ? do_raw_spin_unlock+0x57/0x270 [ 798.264863][T13352] oom_kill_process.cold+0x10/0x15 [ 798.269979][T13352] out_of_memory+0x79a/0x1280 [ 798.274660][T13352] ? lock_downgrade+0x880/0x880 [ 798.279521][T13352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 798.285764][T13352] ? oom_killer_disable+0x280/0x280 [ 798.290960][T13352] ? find_held_lock+0x35/0x130 [ 798.295739][T13352] mem_cgroup_out_of_memory+0x1ca/0x230 [ 798.301286][T13352] ? memcg_event_wake+0x230/0x230 [ 798.306317][T13352] ? do_raw_spin_unlock+0x57/0x270 [ 798.311429][T13352] ? _raw_spin_unlock+0x2d/0x50 [ 798.316283][T13352] try_charge+0x118d/0x1790 [ 798.320791][T13352] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 798.326342][T13352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 798.332587][T13352] ? kasan_check_read+0x11/0x20 [ 798.337440][T13352] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 798.342989][T13352] mem_cgroup_try_charge+0x24d/0x5e0 [ 798.348286][T13352] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 798.353934][T13352] wp_page_copy+0x408/0x1740 [ 798.358524][T13352] ? find_held_lock+0x35/0x130 [ 798.363297][T13352] ? pmd_pfn+0x1d0/0x1d0 [ 798.367541][T13352] ? lock_downgrade+0x880/0x880 [ 798.372393][T13352] ? swp_swapcount+0x540/0x540 [ 798.377158][T13352] ? kasan_check_read+0x11/0x20 [ 798.382016][T13352] ? do_raw_spin_unlock+0x57/0x270 [ 798.387138][T13352] do_wp_page+0x5d8/0x16c0 [ 798.391562][T13352] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 798.396948][T13352] __handle_mm_fault+0x22e8/0x3ec0 [ 798.402073][T13352] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 798.407619][T13352] ? find_held_lock+0x35/0x130 [ 798.412392][T13352] ? handle_mm_fault+0x322/0xb30 [ 798.417342][T13352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 798.423585][T13352] ? kasan_check_read+0x11/0x20 [ 798.428442][T13352] handle_mm_fault+0x43f/0xb30 [ 798.433215][T13352] __get_user_pages+0x7b6/0x1a40 [ 798.438166][T13352] ? follow_page_mask+0x19a0/0x19a0 [ 798.443363][T13352] ? perf_trace_lock+0xeb/0x510 [ 798.448216][T13352] ? __vma_adjust+0x1840/0x1840 [ 798.453086][T13352] ? lock_acquire+0x16f/0x3f0 [ 798.457761][T13352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 798.464006][T13352] populate_vma_page_range+0x20d/0x2a0 [ 798.469564][T13352] __mm_populate+0x204/0x380 [ 798.474162][T13352] ? populate_vma_page_range+0x2a0/0x2a0 [ 798.479806][T13352] __x64_sys_mlockall+0x35c/0x520 [ 798.484833][T13352] do_syscall_64+0x103/0x610 [ 798.489429][T13352] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 798.495319][T13352] RIP: 0033:0x457e29 [ 798.499215][T13352] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 798.518899][T13352] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 798.527314][T13352] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 798.535286][T13352] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 798.543258][T13352] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 798.551229][T13352] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 798.559194][T13352] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 798.594205][T13352] memory: usage 307200kB, limit 307200kB, failcnt 10361 [ 798.601302][T13352] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 798.612087][T13352] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 798.618988][T13352] Memory cgroup stats for /syz3: cache:0KB rss:292660KB rss_huge:141312KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:232664KB active_anon:44084KB inactive_file:4KB active_file:0KB unevictable:16072KB [ 798.641229][T13352] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13351,uid=0 [ 798.657203][T13352] Memory cgroup out of memory: Killed process 13351 (syz-executor.3) total-vm:72580kB, anon-rss:11960kB, file-rss:53544kB, shmem-rss:0kB [ 798.675736][ T1042] oom_reaper: reaped process 13351 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:21 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fanotify_init(0x63, 0x400) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x101200, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r2, 0xc0f85403, &(0x7f0000000040)={{0x2, 0x3, 0x40, 0x2, 0x2}, 0x2, 0x9, 'id1\x00', 'timer1\x00', 0x0, 0x7, 0x7, 0x3, 0xffffffffffff8000}) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f0000000180)) 03:39:21 executing program 5: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) setxattr$system_posix_acl(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='system.posix_acl_access\x00', &(0x7f0000000040)=ANY=[@ANYBLOB="02004000017ee30000000000000400000000000d001000000000000000200000"], 0x24, 0x0) lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=@known='system.posix_acl_access\x00', 0x0, 0x0) r0 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x80, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x5}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000180)={r1, 0x1, 0x3, [0xbd, 0x80000001, 0x6]}, 0xe) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f00000001c0)) 03:39:21 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x3e7, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:21 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:21 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) timer_create(0x0, &(0x7f0000000000)={0x0, 0x1b, 0x4}, &(0x7f0000000040)=0x0) timer_gettime(r1, &(0x7f0000000080)) perf_event_open(&(0x7f0000000680)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:39:21 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f00000000c0)=0x400100000001, 0x4) r2 = syz_open_dev$media(&(0x7f0000000180)='/dev/media#\x00', 0x2, 0x10000) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000440)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(r2, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x90000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r3, 0x22, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x4000) connect$inet6(r1, &(0x7f0000000080), 0x1c) r4 = dup2(r1, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000040), 0x0) r5 = dup(r4) ioctl$sock_inet_udp_SIOCINQ(r5, 0x541b, &(0x7f00000001c0)) r6 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x2000, 0x0) write$P9_RLCREATE(r4, &(0x7f0000000140)={0x18, 0xf, 0x2, {{0x80, 0x4, 0x6}, 0x4}}, 0x18) fcntl$getownex(r1, 0x10, &(0x7f0000000100)={0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r6, 0xc1105511, &(0x7f00000002c0)={{0x9, 0x6, 0x10000, 0x6, 'syz0\x00', 0x7}, 0x6, 0x0, 0x0, r7, 0x8, 0x0, 'syz1\x00', &(0x7f0000000200)=['%selinux\xd0cgroup{cgroup$@vboxnet0[\x8dem0mime_typevmnet1\x00', '\\systemvmnet0wlan0\\cpuset\\trusted[GPLlo\x00', ')%)wlan0em0\x00', '\x00', 'GPLppp1)\x00', '{.\'vmnet0\x00', '\x00', 'userem1user]GPL:\x00'], 0x8f, [], [0x7ff, 0x0, 0x800, 0xffffffffffffffc9]}) ioctl$UI_SET_SWBIT(r5, 0x4004556d, 0x4) 03:39:21 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8b36, &(0x7f0000000000)='wlan0\x00\xd3\xeb\x18 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 799.242553][T13417] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 799.250998][T13417] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 03:39:21 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000000)={0x0, 0x1ff}, 0x8) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:21 executing program 4: syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x3) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x149082, 0x0) sendto$inet(r0, &(0x7f0000000500)="bc2cbf195c246a66b3d2a22563c5c12e7a323a6d78a98b8caeabefb6c4e39bb37c4c313ff0f2ed9c9980c68731fe09ac71f70fc23c651bf350e8039afef5106a986f70f8849ac47df594ee35de9c472137cec83ef72fa6a963c43963e33d1b3142562a793dc960a837b9496fee583101e321c8fec0f717954a873c54ada81b335d784d1e26a0ff2edb257bf443221956b7f3fcdde5ab6423a075761662826b47b36471417ca6179bf149b10b8d0ac49e", 0xb0, 0x7fe, 0x0, 0x0) write$UHID_GET_REPORT_REPLY(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, 0x2}, 0xfffffffffffffe44) mknod(&(0x7f0000000300)='./file0\x00', 0x8100, 0x4) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000001c0)={{{@in=@dev, @in=@multicast2}}, {{@in=@remote}, 0x0, @in6=@mcast1}}, &(0x7f0000000380)=0x7b) mlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000600)) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r1) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r2 = open(&(0x7f0000000340)='./file0\x00', 0x5, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000040), 0x12) rmdir(&(0x7f00000000c0)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000180), 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000100)) mkdir(&(0x7f00000006c0)='./file1\x00', 0x0) mount(&(0x7f0000000700)=ANY=[@ANYBLOB="9b5be74b866c32a8b5dfa06a3e704dbf30d901495d6e47965152225c0096c30726cee97259ab0d0cc76f7a042b25285bf16419e128d20b971d96a6adc532f21bd16ef8da717c442c0f99b49526030c77871bef7d4210f94d2bd6bf95da2be4fb42af2cec4efaa5816da4392de27ed01e4d45327cd5cf2a7ad804966c074d9cde811af737de8bab7837ed1fd2f77774b4dd2f251300000000edd4a27a6285b78e0946265db00796649d27bef994bbf0d9ef48b24326e5aa79a46bc333ef3414698c93f91e23da7e69ee90b6d9285af0c877090000001c0d51a2f3955fb33d7ce486f68dcc710d553f9f804d1028d1bf56c9decf9a217178cc41cf19fe440000000000"], 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0/file1\x00', 0x0) mkdir(&(0x7f0000000180)='./file1\x00', 0x20) umount2(&(0x7f00000002c0)='./file0/file1/file0\x00', 0x3fffffffffffffc) msync(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x6) setxattr$security_ima(&(0x7f0000000140)='./file0/file1/file0\x00', &(0x7f00000001c0)='security.ima\x00', &(0x7f0000000280)=@md5={0x1, "4190e9938f6da58cc166e3f5bef0254e"}, 0x11, 0x2) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/sequencer2\x00', 0x0, 0x0) listxattr(&(0x7f0000000200)='./file0/file1\x00', &(0x7f00000003c0)=""/226, 0xffffffffffffff6c) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0x3) 03:39:21 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 799.258980][T13417] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 799.266939][T13417] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 799.274901][T13417] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 799.282872][T13417] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 799.329153][T13417] memory: usage 307200kB, limit 307200kB, failcnt 10374 [ 799.350439][T13417] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 799.366018][T13417] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 799.390651][T13417] Memory cgroup stats for /syz3: cache:0KB rss:292832KB rss_huge:141312KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:241620KB active_anon:44116KB inactive_file:0KB active_file:0KB unevictable:7176KB [ 799.416085][T13417] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12785,uid=0 [ 799.444403][T13417] Memory cgroup out of memory: Killed process 12785 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 799.688983][T13417] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 799.699535][T13417] CPU: 0 PID: 13417 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 799.708674][T13417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 799.718718][T13417] Call Trace: [ 799.722009][T13417] dump_stack+0x172/0x1f0 [ 799.726352][T13417] dump_header+0x10f/0xba6 [ 799.730769][T13417] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 799.736594][T13417] ? ___ratelimit+0x60/0x595 [ 799.741192][T13417] ? do_raw_spin_unlock+0x57/0x270 [ 799.746317][T13417] oom_kill_process.cold+0x10/0x15 [ 799.751422][T13417] out_of_memory+0x79a/0x1280 [ 799.756085][T13417] ? lock_downgrade+0x880/0x880 [ 799.760916][T13417] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.767150][T13417] ? oom_killer_disable+0x280/0x280 [ 799.772363][T13417] ? find_held_lock+0x35/0x130 [ 799.777134][T13417] mem_cgroup_out_of_memory+0x1ca/0x230 [ 799.782701][T13417] ? memcg_event_wake+0x230/0x230 [ 799.787722][T13417] ? do_raw_spin_unlock+0x57/0x270 [ 799.792828][T13417] ? _raw_spin_unlock+0x2d/0x50 [ 799.797673][T13417] try_charge+0x118d/0x1790 [ 799.802176][T13417] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 799.807719][T13417] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.813948][T13417] ? kasan_check_read+0x11/0x20 [ 799.818783][T13417] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 799.824327][T13417] mem_cgroup_try_charge+0x24d/0x5e0 [ 799.829626][T13417] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 799.835260][T13417] do_huge_pmd_wp_page+0x99d/0x3660 [ 799.840438][T13417] ? munlock_vma_page+0x45d/0x700 [ 799.845469][T13417] ? __split_huge_pmd+0x2c00/0x2c00 [ 799.850663][T13417] ? __lock_acquire+0x55d/0x4710 [ 799.855624][T13417] ? putback_lru_page+0xd6/0x140 [ 799.860562][T13417] ? pmd_val+0x85/0x100 [ 799.864713][T13417] ? add_mm_counter_fast.part.0+0x40/0x40 [ 799.870708][T13417] ? perf_trace_lock+0xeb/0x510 [ 799.875554][T13417] __handle_mm_fault+0x1651/0x3ec0 [ 799.880652][T13417] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 799.886185][T13417] ? find_held_lock+0x35/0x130 [ 799.890940][T13417] ? handle_mm_fault+0x322/0xb30 [ 799.895869][T13417] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 799.902103][T13417] ? kasan_check_read+0x11/0x20 [ 799.906963][T13417] handle_mm_fault+0x43f/0xb30 [ 799.911730][T13417] __do_page_fault+0x5ef/0xda0 [ 799.916494][T13417] do_page_fault+0x71/0x581 [ 799.920983][T13417] page_fault+0x1e/0x30 [ 799.925133][T13417] RIP: 0010:__put_user_4+0x1c/0x30 [ 799.930236][T13417] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 00 ee 01 00 48 8b 9b 18 14 00 00 48 83 eb 03 48 39 d9 73 3c 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 799.949819][T13417] RSP: 0018:ffff88801fbefe18 EFLAGS: 00010293 [ 799.955867][T13417] RAX: 0000000000000003 RBX: 00007fffffffeffd RCX: 0000000020000140 [ 799.963830][T13417] RDX: 000000000000037d RSI: ffffffff8198e363 RDI: 0000000000000286 [ 799.971800][T13417] RBP: ffff88801fbefee0 R08: ffff8880270446c0 R09: 0000000000000001 [ 799.979765][T13417] R10: ffff888027044f40 R11: ffffffff8a0699d8 R12: 0000000000000005 [ 799.987741][T13417] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000000 [ 799.995716][T13417] ? __might_fault+0x1a3/0x1e0 [ 800.000470][T13417] ? __sys_socketpair+0x11f/0x5e0 [ 800.005490][T13417] ? __ia32_sys_socket+0xb0/0xb0 [ 800.010427][T13417] ? kasan_check_write+0x14/0x20 [ 800.015347][T13417] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 800.020791][T13417] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 800.026242][T13417] ? do_syscall_64+0x26/0x610 [ 800.030914][T13417] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 800.036967][T13417] ? do_syscall_64+0x26/0x610 [ 800.041640][T13417] __x64_sys_socketpair+0x97/0xf0 [ 800.046666][T13417] do_syscall_64+0x103/0x610 [ 800.051254][T13417] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 800.057131][T13417] RIP: 0033:0x457e29 [ 800.061008][T13417] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 800.080599][T13417] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 800.089009][T13417] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 800.096970][T13417] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 800.104932][T13417] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 800.112906][T13417] R10: 0000000020000140 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 800.120869][T13417] R13: 00000000004c6411 R14: 00000000004db758 R15: 00000000ffffffff [ 800.129028][ C0] net_ratelimit: 12 callbacks suppressed [ 800.129039][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 800.140456][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 800.147556][T13417] memory: usage 307200kB, limit 307200kB, failcnt 10443 [ 800.154630][T13417] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 800.163346][T13417] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 800.170289][T13417] Memory cgroup stats for /syz3: cache:0KB rss:291780KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:223552KB active_anon:44080KB inactive_file:0KB active_file:0KB unevictable:24244KB [ 800.192752][T13417] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13416,uid=0 [ 800.208229][T13417] Memory cgroup out of memory: Killed process 13416 (syz-executor.3) total-vm:72580kB, anon-rss:18068kB, file-rss:53540kB, shmem-rss:0kB [ 800.222816][ T1042] oom_reaper: reaped process 13416 (syz-executor.3), now anon-rss:18080kB, file-rss:54308kB, shmem-rss:0kB 03:39:22 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 03:39:22 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket(0x10, 0x3, 0xc) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x200900, 0x0) ioctl$NBD_SET_BLKSIZE(r2, 0xab01, 0x20000000000) write(r1, &(0x7f00000008c0)="130000001000ffdde200f49ff60f050000230a00", 0x14) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000000)=0x1, 0x4) r3 = gettid() getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000100)={{{@in6=@initdev, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@multicast1}}, &(0x7f0000000200)=0xe8) sendmsg$can_raw(r1, &(0x7f0000000340)={&(0x7f0000000240)={0x1d, r4}, 0x10, &(0x7f0000000300)={&(0x7f0000000280)=@canfd={{0x4, 0x0, 0x7, 0x3}, 0x1f, 0x0, 0x0, 0x0, "1c3de6b4b534596099420c4670047256d7aab3b5424bb851831bfe263c1d03c520ba9d793cabeb8f54abcf4560214ee47da140d848f621a5c5ed992a740aff7d"}, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x8000) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x20, 0xffff, 0xffffffff85228d37, 0x800, 0x0, 0xc00000000000, 0x100, 0x1, 0x768, 0x86c, 0x100, 0x7, 0x0, 0x2, 0x8001, 0xffffffffffff7fff, 0xb77, 0xbff5, 0x8, 0x7, 0xfff, 0x3, 0x7, 0x10000, 0x8, 0x2, 0x4558, 0x800, 0x0, 0x4, 0x81, 0x45908417, 0x10001, 0x3, 0x8001, 0xea, 0x0, 0x9, 0x1, @perf_config_ext={0xfffffffffffffffd, 0x3ff}, 0x23052, 0x9, 0x8, 0x5, 0x1, 0x800, 0x7fffffff}, r3, 0xe, r0, 0x0) 03:39:22 executing program 5: bpf$MAP_CREATE(0x0, 0x0, 0x207) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x2000, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = dup(0xffffffffffffffff) openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x4002, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0) ioctl$DRM_IOCTL_NEW_CTX(0xffffffffffffffff, 0x40086425, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r2, 0x0, 0x21, &(0x7f0000000280)={@local, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast2}, 0xc) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/nullb0\x00', 0x0, 0x0) preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x2d000}], 0x1, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x31, 0xffffffffffffffff, 0x0) write(r5, &(0x7f00000001c0), 0xfffffef3) read(r4, &(0x7f0000000200)=""/250, 0x50c7e3e3) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000100)={0x80, 0x0, 0x3, 0x100000001}) ioctl$DRM_IOCTL_AGP_BIND(r1, 0x40106436, &(0x7f0000000140)={r7, 0x2}) pread64(r6, &(0x7f0000002640)=""/207, 0xfffffede, 0x300000000000000) readahead(r6, 0xb38, 0x4) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r6, 0x84, 0x70, &(0x7f0000001400)={0x0, @in={{0x2, 0x4e22, @local}}, [0x200, 0x1f, 0x3, 0x0, 0x7, 0x4, 0xffff, 0x2, 0x7, 0x4, 0x0, 0x0, 0x200, 0x96, 0x3]}, &(0x7f0000000380)=0x100) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000001500)=@assoc_value={r8}, 0x8) mmap(&(0x7f00002a9000/0x1000)=nil, 0x1000, 0x0, 0x31, 0xffffffffffffffff, 0x0) ioctl$KDSETMODE(r4, 0x4b3a, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$IP_VS_SO_SET_DEL(r5, 0x0, 0x484, &(0x7f0000000340)={0x32, @rand_addr=0x5, 0x4e21, 0x2, 'ovf\x00', 0x30, 0xffff, 0x7}, 0x2c) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x0) 03:39:22 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:22 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) capset(&(0x7f0000581ff8)={0x19980330}, &(0x7f00005ccfe8)) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) write$P9_RCLUNK(r0, &(0x7f0000000000)={0x7, 0x79, 0x2}, 0x7) fcntl$getownex(r1, 0x10, &(0x7f0000000200)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r2, 0x0, 0xffffffffffffffff, 0x0) 03:39:22 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x4800, 0x0) ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000040)) msgctl$IPC_RMID(r0, 0x0) 03:39:23 executing program 0: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mkdir(&(0x7f0000000280)='./file1\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file0,workdir=./file1']) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) name_to_handle_at(r0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)={0x2d, 0x8, "ec8a052a7830a3e858f26e5a63138a6aed64f64f20a44a977647d84dc4a034ce05f155806f"}, &(0x7f0000000100), 0x1000) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f00000002c0)={0x0, 0x80000001, 0x1}) 03:39:23 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:23 executing program 4: r0 = socket$inet6(0xa, 0x80001, 0x44) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8948, &(0x7f00000000c0)={'bond0\x00'}) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x8, @remote, 0x3}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000040)={0x403, 0x8, 0x8, 0x5, 0x100000001}, 0x14) r1 = syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x480000) openat$mixer(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/mixer\x00', 0x800, 0x0) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000180)={0x9, 0x8, 0x5, 'queue1\x00', 0x4f6}) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x40, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r2, 0x28, 0x1, &(0x7f0000000100)=0x8, 0x8) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r1, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x68, r3, 0x410, 0x70bd2a, 0x25dfdbfe, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x7bb, @media='eth\x00'}}}, [""]}, 0x68}}, 0x40) [ 800.418752][T13466] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 800.493370][T13473] overlayfs: filesystem on './file0' not supported as upperdir [ 800.514249][T13466] CPU: 1 PID: 13466 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 800.523386][T13466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 800.533462][T13466] Call Trace: [ 800.536782][T13466] dump_stack+0x172/0x1f0 03:39:23 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x200000, 0x0) mq_notify(r1, &(0x7f0000000240)={0x0, 0x14, 0x0, @thr={&(0x7f0000000140)="c4acbf8af25b553c1dd3f00e33b49b1feedc348f66da89cdcdf1512a1e117eef9173c0be345cf879f5b81fbf21b5d426597ac7a9070c4a706472f94d4d2804603b564d2c726fd09ef5bcf5ef2cc2f51876b9d5b26a9c34afa1d93e5ec1742a303dec56c7cb21f58bd49d2b9b7f20817212381590d7f81d4a7696972706e8f10eaa922551aac8fe913c0a009435474a08b3efad1f1a5930cd5d", &(0x7f0000000200)="389ae8e2d607bb1532a8c92404b6"}}) ioctl$sock_inet_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f0000000040)) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x400040, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f00000000c0)={0x5, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000100)={r3, 0x9}) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000280)={0x3, 0x6, 0x0, 0x6000, 0xdaf3, 0x4, 0x4, 0x1, 0x0}, &(0x7f00000002c0)=0x20) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000300)={r4, 0x3f}, &(0x7f0000000340)=0x8) 03:39:23 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 800.541127][T13466] dump_header+0x10f/0xba6 [ 800.545549][T13466] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 800.551365][T13466] ? ___ratelimit+0x60/0x595 [ 800.555961][T13466] ? do_raw_spin_unlock+0x57/0x270 [ 800.561082][T13466] oom_kill_process.cold+0x10/0x15 [ 800.566208][T13466] out_of_memory+0x79a/0x1280 [ 800.570893][T13466] ? lock_downgrade+0x880/0x880 [ 800.575749][T13466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.582001][T13466] ? oom_killer_disable+0x280/0x280 [ 800.587211][T13466] ? find_held_lock+0x35/0x130 [ 800.592000][T13466] mem_cgroup_out_of_memory+0x1ca/0x230 [ 800.597557][T13466] ? memcg_event_wake+0x230/0x230 [ 800.602605][T13466] ? do_raw_spin_unlock+0x57/0x270 [ 800.607733][T13466] ? _raw_spin_unlock+0x2d/0x50 [ 800.612605][T13466] try_charge+0x118d/0x1790 [ 800.617126][T13466] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 800.622685][T13466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.628938][T13466] ? kasan_check_read+0x11/0x20 [ 800.633808][T13466] ? get_mem_cgroup_from_mm+0x128/0x2b0 03:39:23 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 800.639362][T13466] mem_cgroup_try_charge+0x24d/0x5e0 [ 800.644655][T13466] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 800.650293][T13466] __handle_mm_fault+0x1e1f/0x3ec0 [ 800.655413][T13466] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 800.660963][T13466] ? find_held_lock+0x35/0x130 [ 800.665733][T13466] ? handle_mm_fault+0x322/0xb30 [ 800.670690][T13466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.676942][T13466] ? kasan_check_read+0x11/0x20 [ 800.681806][T13466] handle_mm_fault+0x43f/0xb30 [ 800.686582][T13466] __get_user_pages+0x7b6/0x1a40 [ 800.691541][T13466] ? follow_page_mask+0x19a0/0x19a0 [ 800.696733][T13466] ? perf_trace_lock+0xeb/0x510 [ 800.701589][T13466] ? __vma_adjust+0x1840/0x1840 [ 800.706441][T13466] ? lock_acquire+0x16f/0x3f0 [ 800.711103][T13466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 800.717343][T13466] populate_vma_page_range+0x20d/0x2a0 [ 800.722811][T13466] __mm_populate+0x204/0x380 [ 800.727408][T13466] ? populate_vma_page_range+0x2a0/0x2a0 [ 800.733059][T13466] __x64_sys_mlockall+0x35c/0x520 [ 800.738094][T13466] do_syscall_64+0x103/0x610 [ 800.742695][T13466] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 800.748587][T13466] RIP: 0033:0x457e29 [ 800.752495][T13466] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 800.775755][T13466] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 800.784173][T13466] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 800.792146][T13466] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 800.800120][T13466] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 800.808099][T13466] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 800.816074][T13466] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 800.832182][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 800.837994][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 800.843918][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 800.849724][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 800.930145][T13466] memory: usage 307200kB, limit 307200kB, failcnt 11019 [ 800.937336][T13466] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 800.954950][T13466] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 800.973300][T13466] Memory cgroup stats for /syz3: cache:0KB rss:292692KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:239572KB active_anon:44116KB inactive_file:0KB active_file:0KB unevictable:9224KB [ 801.003210][T13466] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12835,uid=0 [ 801.026883][T13466] Memory cgroup out of memory: Killed process 12835 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 801.091868][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 801.097756][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 801.299946][T13466] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 801.309953][T13466] CPU: 1 PID: 13466 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 801.319062][T13466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 801.329101][T13466] Call Trace: [ 801.332376][T13466] dump_stack+0x172/0x1f0 [ 801.336690][T13466] dump_header+0x10f/0xba6 [ 801.341088][T13466] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 801.346905][T13466] ? ___ratelimit+0x60/0x595 [ 801.351498][T13466] ? do_raw_spin_unlock+0x57/0x270 [ 801.356594][T13466] oom_kill_process.cold+0x10/0x15 [ 801.361686][T13466] out_of_memory+0x79a/0x1280 [ 801.366347][T13466] ? lock_downgrade+0x880/0x880 [ 801.371179][T13466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 801.377400][T13466] ? oom_killer_disable+0x280/0x280 [ 801.382591][T13466] ? find_held_lock+0x35/0x130 [ 801.387354][T13466] mem_cgroup_out_of_memory+0x1ca/0x230 [ 801.392881][T13466] ? memcg_event_wake+0x230/0x230 [ 801.397890][T13466] ? do_raw_spin_unlock+0x57/0x270 [ 801.403000][T13466] ? _raw_spin_unlock+0x2d/0x50 [ 801.407846][T13466] try_charge+0x118d/0x1790 [ 801.412354][T13466] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 801.417897][T13466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 801.424139][T13466] ? kasan_check_read+0x11/0x20 [ 801.428992][T13466] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 801.434519][T13466] mem_cgroup_try_charge+0x24d/0x5e0 [ 801.439793][T13466] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 801.445424][T13466] do_huge_pmd_wp_page+0x99d/0x3660 [ 801.450624][T13466] ? munlock_vma_page+0x45d/0x700 [ 801.455638][T13466] ? __split_huge_pmd+0x2c00/0x2c00 [ 801.460832][T13466] ? __lock_acquire+0x55d/0x4710 [ 801.465755][T13466] ? putback_lru_page+0xd6/0x140 [ 801.470685][T13466] ? pmd_val+0x85/0x100 [ 801.474840][T13466] ? add_mm_counter_fast.part.0+0x40/0x40 [ 801.480554][T13466] ? perf_trace_lock+0xeb/0x510 [ 801.485392][T13466] __handle_mm_fault+0x1651/0x3ec0 [ 801.490496][T13466] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 801.496021][T13466] ? find_held_lock+0x35/0x130 [ 801.500766][T13466] ? handle_mm_fault+0x322/0xb30 [ 801.505697][T13466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 801.511922][T13466] ? kasan_check_read+0x11/0x20 [ 801.516755][T13466] handle_mm_fault+0x43f/0xb30 [ 801.521512][T13466] __do_page_fault+0x5ef/0xda0 [ 801.526263][T13466] do_page_fault+0x71/0x581 [ 801.530757][T13466] page_fault+0x1e/0x30 [ 801.534896][T13466] RIP: 0010:__put_user_4+0x1c/0x30 [ 801.540004][T13466] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 00 ee 01 00 48 8b 9b 18 14 00 00 48 83 eb 03 48 39 d9 73 3c 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 801.559586][T13466] RSP: 0018:ffff88801602fe18 EFLAGS: 00010293 [ 801.565635][T13466] RAX: 0000000000000003 RBX: 00007fffffffeffd RCX: 0000000020000140 [ 801.573764][T13466] RDX: 000000000000037d RSI: ffffffff8198e363 RDI: 0000000000000286 [ 801.581716][T13466] RBP: ffff88801602fee0 R08: ffff8880163dc4c0 R09: 0000000000000001 [ 801.589680][T13466] R10: ffff8880163dcd40 R11: ffffffff8a0699d8 R12: 0000000000000005 [ 801.597640][T13466] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000000 [ 801.605614][T13466] ? __might_fault+0x1a3/0x1e0 [ 801.610365][T13466] ? __sys_socketpair+0x11f/0x5e0 [ 801.615368][T13466] ? __ia32_sys_socket+0xb0/0xb0 [ 801.620297][T13466] ? kasan_check_write+0x14/0x20 [ 801.625223][T13466] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 801.630662][T13466] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 801.636104][T13466] ? do_syscall_64+0x26/0x610 [ 801.640781][T13466] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 801.646841][T13466] ? do_syscall_64+0x26/0x610 [ 801.651506][T13466] __x64_sys_socketpair+0x97/0xf0 [ 801.656513][T13466] do_syscall_64+0x103/0x610 [ 801.661105][T13466] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 801.666976][T13466] RIP: 0033:0x457e29 [ 801.670872][T13466] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 801.690474][T13466] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 801.698874][T13466] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 801.706827][T13466] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 801.714789][T13466] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 801.722759][T13466] R10: 0000000020000140 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 801.730723][T13466] R13: 00000000004c6411 R14: 00000000004db758 R15: 00000000ffffffff [ 801.740341][T13466] memory: usage 307180kB, limit 307200kB, failcnt 11049 [ 801.747454][T13466] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 801.754978][T13466] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 801.761865][T13466] Memory cgroup stats for /syz3: cache:0KB rss:291820KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:221520KB active_anon:44064KB inactive_file:0KB active_file:0KB unevictable:26300KB [ 801.785099][T13466] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13455,uid=0 [ 801.801828][T13466] Memory cgroup out of memory: Killed process 13455 (syz-executor.3) total-vm:72580kB, anon-rss:17940kB, file-rss:53540kB, shmem-rss:0kB [ 801.817461][ T1042] oom_reaper: reaped process 13455 (syz-executor.3), now anon-rss:17932kB, file-rss:53536kB, shmem-rss:0kB 03:39:24 executing program 3: mlockall(0x1) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x2000, 0x0) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000040)={0x0, 0x8}, &(0x7f0000000080)=0x8) ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000180)={r1, 0x28, "64923853743b68f983805aea33c2798603c96a7117b8ca5ad7d0dcd912afb85dcf3ce48d40faf6a5"}, &(0x7f0000000100)=0x30) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:24 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:24 executing program 4: socket(0xa, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") r2 = pkey_alloc(0x0, 0xf7ffffdffffffffc) pkey_free(r2) r3 = dup3(r1, 0xffffffffffffffff, 0x80000) futimesat(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={{0x0, 0x7530}}) flock(r1, 0x8) flock(0xffffffffffffffff, 0x100000000000001) r4 = gettid() gettid() syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0xc0, 0x80) dup2(0xffffffffffffffff, r0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)=0x0) timer_settime(r5, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, &(0x7f0000040000)) tkill(r4, 0x1000000000015) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0xfffffffffffffffa, 0xbbbd4adf) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x7, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000880)}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) clock_gettime(0x6, &(0x7f0000000300)={0x0, 0x0}) futimesat(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={{0x77359400}, {r7, r8/1000+30000}}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@dev={0xfe, 0x80, [], 0xd}}, 0xf0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x2000000000, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) 03:39:24 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/loop-control\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000018c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) close(r0) syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) sysfs$2(0x2, 0x9a9, &(0x7f0000000180)=""/161) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x42801, 0x0) write$nbd(r4, &(0x7f0000000240)={0x67446698, 0x1, 0x4, 0x1, 0x2, "717bb8c4072488c605bd023d24e1a161e65d5c581e95620745827c2a4f544f215e7296b9b086844c51a55735da7b4867179e21c7ba60db37188495abaa86ce0c3bea72954a2ffaf7bae0951195e584186bb83711962292b759dd67d7bd869d6c7d061ec56884d63d84a3f1d2bd5375f32d714fb9d9a3f549cb515bddb3be7bd3"}, 0x90) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x1, 0x0) ioctl$SIOCX25GCALLUSERDATA(r5, 0x89e4, &(0x7f00000000c0)={0x5, "43bf33a7f3b1e4f680902c5d5ccfd080b2c80083cee00b0680f864a4c73cfb955aba9587dfa23b917b0aefe9318cf615fd34ea51e04d64dc9b6d321f63d8ae3fc53733ab7ba309535cef7448aab7e62915a4e7377db9355dc90fab35fc48441af2f2cb1f422d3bcf8aa418066772046e8411b63510f9f4b290bae96e52acb553"}) syz_kvm_setup_cpu$x86(r0, r3, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0xffffffffffffff8c, 0x0, 0x0, 0x24f) 03:39:24 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x15a, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:24 executing program 5: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/net/pfkey\x00', 0x2, 0x0) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000140)=0x4) arch_prctl$ARCH_GET_CPUID(0x1011) ioctl$int_in(r0, 0x800000c0045005, &(0x7f00000001c0)=0x1000) getpgrp(0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000200)={@mcast2, 0x62, r2}) setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f0000000280), 0x4) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f00000000c0)=r1) ioctl$DRM_IOCTL_IRQ_BUSID(0xffffffffffffffff, 0xc0106403, &(0x7f0000000040)={0x0, 0x800, 0x8000, 0x7}) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, &(0x7f0000000180)) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) getsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000080), 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu/syz1\x00', 0x1ff) unshare(0x40000000) [ 802.014175][T13516] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 802.023727][T13510] IPVS: ftp: loaded support on port[0] = 21 [ 802.034237][T13516] CPU: 0 PID: 13516 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 802.043385][T13516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 802.053448][T13516] Call Trace: [ 802.056746][T13516] dump_stack+0x172/0x1f0 [ 802.061176][T13516] dump_header+0x10f/0xba6 [ 802.065599][T13516] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 802.071419][T13516] ? ___ratelimit+0x60/0x595 [ 802.076011][T13516] ? do_raw_spin_unlock+0x57/0x270 [ 802.081128][T13516] oom_kill_process.cold+0x10/0x15 [ 802.086240][T13516] out_of_memory+0x79a/0x1280 [ 802.086262][T13516] ? lock_downgrade+0x880/0x880 [ 802.086280][T13516] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.086298][T13516] ? oom_killer_disable+0x280/0x280 [ 802.086314][T13516] ? find_held_lock+0x35/0x130 [ 802.102033][T13516] mem_cgroup_out_of_memory+0x1ca/0x230 [ 802.102048][T13516] ? memcg_event_wake+0x230/0x230 [ 802.102073][T13516] ? do_raw_spin_unlock+0x57/0x270 [ 802.102094][T13516] ? _raw_spin_unlock+0x2d/0x50 [ 802.102114][T13516] try_charge+0x118d/0x1790 [ 802.102139][T13516] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 802.102159][T13516] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.102181][T13516] ? kasan_check_read+0x11/0x20 [ 802.102202][T13516] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 802.102223][T13516] mem_cgroup_try_charge+0x24d/0x5e0 [ 802.102248][T13516] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 802.102268][T13516] __handle_mm_fault+0x1e1f/0x3ec0 [ 802.102288][T13516] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 802.102303][T13516] ? find_held_lock+0x35/0x130 [ 802.102319][T13516] ? handle_mm_fault+0x322/0xb30 [ 802.102345][T13516] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.102372][T13516] ? kasan_check_read+0x11/0x20 [ 802.102393][T13516] handle_mm_fault+0x43f/0xb30 03:39:24 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = syz_open_dev$mice(&(0x7f0000000240)='/dev/input/mice\x00', 0x0, 0x101000) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffff9c, 0x84, 0x6, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x20}}}}, &(0x7f0000000340)=0x84) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000b00)=ANY=[@ANYBLOB="0500d600c46b78d786d2a600bede2ff8c08bdffb56cefd36d03629e6befa55d52439cea0f80312a519461b51a9be4944856836b1d899367ffa35047b4e034cf268bd3a710d2c05982355f5a10f7b53bc4ebda523ee74a9fa7a1302a59ae4246c12349a557f010100000000000063beaaa517f27f7c68c2194a000000000000004b8421d26e2e0410505d2f9246e1d5fd97a59aa746e27a21cef095b987c5872563b7d2c0183ecaeb3b388ee9bc0d0639de6b4b1d723dbf554cb421d10f994c6ed3f1b6837bcf8cd2f86dbe4793990b05834cece045b2332389c469d0cfeff94be9792a3b0f182e14a996ef70231859b0d104e5ab5d856312b7830b48f25557d2074437fbdd27416d56e44b8baf9de1caf69af036b44e2bb9b5724934c01250e316a724673e965fa96e57b61045b533d9c66b364c36ac791c156e05e03a907b7ead02776d7174561bbc96827ff4bb1382607e6934c8f1b132c8b808b947025196e28690066276a5de18b957c6566baef1a1eae63d190f273a4bfdf5a39c103ea8b38f4f99dba22386eedea6c97f3f98b70e0573ef79f0fcd66dfa1b378f3972c00f7d4f3164215f501c764bd61f9fb883ba98ff50c9cbd512be7402e666dad51e81eb218e46591c29b19421bba1963b1c07d2a144742db82b042722ad1a367ff88f3d9fdcd12f4e5eb385be8ab79bf84bc055d64574411707c1506feabe337160f531e6db70453d3be555a8c08937f526b52e"], 0x1) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0xa}, 0x1c) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x5100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000080)={0x100000011, @multicast2, 0x6, 0x0, 'lblc\x00'}, 0x2c) r4 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x11, @dev, 0x0, 0x0, 'lblcr\x00'}, 0x2c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r3, 0x84, 0x1c, &(0x7f0000000480), &(0x7f00000004c0)=0x4) r5 = socket$l2tp(0x18, 0x1, 0x1) mincore(&(0x7f0000ffc000/0x4000)=nil, 0x4000, &(0x7f0000000600)=""/160) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000440)={r2, 0x4}, 0x8) clock_gettime(0x0, &(0x7f00000003c0)={0x0, 0x0}) setitimer(0x3, &(0x7f0000000400)={{r6, r7/1000+30000}}, 0x0) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000380)={r2, 0x4}, 0x8) connect$l2tp(r5, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r4, 0x84, 0x75, &(0x7f00000000c0)={0x0}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, &(0x7f0000000140)={r8, @in6={{0xa, 0x4e21, 0x81, @empty, 0x8000}}}, &(0x7f0000000200)=0x84) fcntl$getownex(r4, 0x10, &(0x7f0000000800)) getresuid(&(0x7f0000000840), &(0x7f0000000880), &(0x7f00000008c0)) lstat(&(0x7f0000000900)='./file0\x00', &(0x7f0000000940)) getpgid(0x0) stat(&(0x7f00000009c0)='./file0\x00', &(0x7f0000000a00)) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000a80), &(0x7f0000000ac0)=0xc) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000d40)) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000d80)={{{@in=@multicast1, @in6=@remote}}, {{@in6=@local}, 0x0, @in6=@mcast2}}, &(0x7f0000000e80)=0xe8) fstat(r5, &(0x7f0000000ec0)) [ 802.102419][T13516] __get_user_pages+0x7b6/0x1a40 [ 802.102448][T13516] ? follow_page_mask+0x19a0/0x19a0 [ 802.102460][T13516] ? perf_trace_lock+0xeb/0x510 [ 802.102475][T13516] ? __vma_adjust+0x1840/0x1840 [ 802.102497][T13516] ? lock_acquire+0x16f/0x3f0 [ 802.112435][T13516] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 802.112456][T13516] populate_vma_page_range+0x20d/0x2a0 [ 802.112478][T13516] __mm_populate+0x204/0x380 [ 802.112497][T13516] ? populate_vma_page_range+0x2a0/0x2a0 [ 802.112525][T13516] __x64_sys_mlockall+0x35c/0x520 [ 802.112546][T13516] do_syscall_64+0x103/0x610 [ 802.112568][T13516] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 802.112581][T13516] RIP: 0033:0x457e29 [ 802.112595][T13516] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 802.112604][T13516] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 03:39:24 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 802.123138][T13516] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 802.123148][T13516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 802.123157][T13516] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 802.123166][T13516] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 802.123176][T13516] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 802.136437][T13516] memory: usage 307200kB, limit 307200kB, failcnt 11635 03:39:25 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = getpid() ptrace$setregset(0x4205, r1, 0x6, &(0x7f0000000140)={&(0x7f00000000c0)="dc4833bd1ef4179819bea0ff38b7821c06c103fdf056a7d9db363c9fdbbba0d8080cbffa8f12e6c7d36ac29ce2252f8d53a8e7737247b0d13bf7b7b97200926f56d1beeb6717e1501a7c1a95acce973a8f0ff4b00433474f0549a161509b8cf09d6b23c09e2938b542ef6bef6e7363", 0x6f}) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) r2 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x1, 0x2) getsockopt$inet_dccp_int(r2, 0x21, 0x10, &(0x7f0000000040), &(0x7f0000000080)=0x4) [ 802.176916][T13516] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 802.201474][T13516] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 802.221843][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 802.231132][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 802.268544][T13516] Memory cgroup stats for /syz3: cache:0KB rss:292896KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237532KB active_anon:44108KB inactive_file:0KB active_file:0KB unevictable:11264KB 03:39:25 executing program 0: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control\x00', 0x20000, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000100)) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) 03:39:25 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 802.290610][T13516] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12882,uid=0 [ 802.427289][T13516] Memory cgroup out of memory: Killed process 12882 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 802.495321][ T1042] oom_reaper: reaped process 12882 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:39:25 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 803.016183][T13516] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 803.026632][T13516] CPU: 0 PID: 13516 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 803.035734][T13516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.045769][T13516] Call Trace: [ 803.045794][T13516] dump_stack+0x172/0x1f0 [ 803.045816][T13516] dump_header+0x10f/0xba6 [ 803.053411][T13516] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 803.063596][T13516] ? ___ratelimit+0x60/0x595 [ 803.068188][T13516] ? do_raw_spin_unlock+0x57/0x270 [ 803.068212][T13516] oom_kill_process.cold+0x10/0x15 [ 803.068231][T13516] out_of_memory+0x79a/0x1280 [ 803.078426][T13516] ? lock_downgrade+0x880/0x880 [ 803.087930][T13516] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.087953][T13516] ? oom_killer_disable+0x280/0x280 [ 803.087971][T13516] ? find_held_lock+0x35/0x130 [ 803.104138][T13516] mem_cgroup_out_of_memory+0x1ca/0x230 [ 803.104154][T13516] ? memcg_event_wake+0x230/0x230 [ 803.104177][T13516] ? do_raw_spin_unlock+0x57/0x270 [ 803.104198][T13516] ? _raw_spin_unlock+0x2d/0x50 [ 803.104217][T13516] try_charge+0x118d/0x1790 [ 803.104240][T13516] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 803.104262][T13516] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.140994][T13516] ? kasan_check_read+0x11/0x20 [ 803.145840][T13516] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 803.151371][T13516] mem_cgroup_try_charge+0x24d/0x5e0 [ 803.156667][T13516] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 803.162319][T13516] wp_page_copy+0x408/0x1740 [ 803.166927][T13516] ? find_held_lock+0x35/0x130 [ 803.171677][T13516] ? pmd_pfn+0x1d0/0x1d0 [ 803.175924][T13516] ? lock_downgrade+0x880/0x880 [ 803.180773][T13516] ? swp_swapcount+0x540/0x540 [ 803.185524][T13516] ? kasan_check_read+0x11/0x20 [ 803.190369][T13516] ? do_raw_spin_unlock+0x57/0x270 [ 803.195478][T13516] do_wp_page+0x5d8/0x16c0 [ 803.199891][T13516] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 803.205254][T13516] __handle_mm_fault+0x22e8/0x3ec0 [ 803.210373][T13516] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 803.215916][T13516] ? find_held_lock+0x35/0x130 [ 803.220733][T13516] ? handle_mm_fault+0x322/0xb30 [ 803.225670][T13516] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.231908][T13516] ? kasan_check_read+0x11/0x20 [ 803.236767][T13516] handle_mm_fault+0x43f/0xb30 [ 803.241544][T13516] __get_user_pages+0x7b6/0x1a40 [ 803.246508][T13516] ? follow_page_mask+0x19a0/0x19a0 [ 803.251701][T13516] ? perf_trace_lock+0xeb/0x510 [ 803.256573][T13516] ? __vma_adjust+0x1840/0x1840 [ 803.261429][T13516] ? lock_acquire+0x16f/0x3f0 [ 803.266126][T13516] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.272367][T13516] populate_vma_page_range+0x20d/0x2a0 [ 803.277838][T13516] __mm_populate+0x204/0x380 [ 803.282434][T13516] ? populate_vma_page_range+0x2a0/0x2a0 [ 803.288074][T13516] __x64_sys_mlockall+0x35c/0x520 [ 803.293100][T13516] do_syscall_64+0x103/0x610 [ 803.297700][T13516] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.303582][T13516] RIP: 0033:0x457e29 [ 803.307458][T13516] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 803.327048][T13516] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 803.335454][T13516] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 803.343424][T13516] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 803.351378][T13516] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 803.359336][T13516] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 803.367291][T13516] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 803.376777][T13516] memory: usage 307200kB, limit 307200kB, failcnt 11665 [ 803.383843][T13516] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 803.391346][T13516] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 803.398246][ T7694] Memory cgroup stats for /syz3: cache:0KB rss:292668KB [ 803.398284][T13516] rss_huge:141312KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:226532KB active_anon:44080KB inactive_file:0KB active_file:0KB unevictable:22196KB [ 803.423888][T13516] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13515,uid=0 [ 803.439373][T13516] Memory cgroup out of memory: Killed process 13515 (syz-executor.3) total-vm:72580kB, anon-rss:11956kB, file-rss:53544kB, shmem-rss:0kB 03:39:26 executing program 3: mlockall(0x1) clone(0x10044000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000340)='/proc/capi/capi20ncci\x00', 0x0, 0x0) getpeername$netrom(r0, &(0x7f0000000380)={{}, [@remote, @netrom, @default, @netrom, @netrom]}, &(0x7f0000000400)=0x48) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x8000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000200)={{{@in6=@ipv4={[], [], @initdev}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@mcast2}}, &(0x7f0000000300)=0xe8) ioprio_set$uid(0x3, r2, 0x2) r3 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x7fffffff, 0x200000) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r3, 0xc10c5541, &(0x7f0000000080)={0x97, 0x800, 0x0, 0x0, 0x0, [], [], [], 0xfffffffffffffff8, 0x7f}) write$P9_RFLUSH(r3, &(0x7f0000000040)={0x7, 0x6d, 0x2}, 0x7) 03:39:26 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x160) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @multicast2, @broadcast}, &(0x7f0000000080)=0xc) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000000c0)={{{@in=@loopback, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@mcast2}}, &(0x7f00000001c0)=0xe8) setsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000200)={{{@in=@local, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e20, 0x6, 0x4e20, 0x1000, 0x2, 0x20, 0x20, 0xff, r2, r3}, {0x6, 0x4, 0x81, 0xe1, 0x2, 0x3, 0x5, 0xe10b}, {0xffffffffffff0000, 0x8b0329, 0x0, 0x100000001}, 0x3ff, 0x6e6bb3, 0x1, 0x1, 0x3, 0x3}, {{@in6=@mcast2, 0x4d6, 0x3f}, 0x2, @in6=@dev={0xfe, 0x80, [], 0x27}, 0x34ff, 0x3, 0x2, 0x9, 0x101, 0xffffffff, 0x3}}, 0xe8) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:26 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="39000000140081ae0000dc676f97daf01e23578134662c300b2c000500018701546fabca1b4e7d06a6580e88370200c54c1960b89c40ebb373", 0x39}], 0x1}, 0x0) recvmsg$kcm(r1, &(0x7f0000002d80)={0x0, 0x0, 0x0}, 0x0) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x0, 0x0) ioctl$PPPIOCSDEBUG(r2, 0x40047440, &(0x7f00000000c0)=0xfffffffffffffb27) ioctl$TIOCGWINSZ(r2, 0x5413, &(0x7f0000000080)) 03:39:26 executing program 4: socket(0xa, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") r2 = pkey_alloc(0x0, 0xf7ffffdffffffffc) pkey_free(r2) r3 = dup3(r1, 0xffffffffffffffff, 0x80000) futimesat(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={{0x0, 0x7530}}) flock(r1, 0x8) flock(0xffffffffffffffff, 0x100000000000001) r4 = gettid() gettid() syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0xc0, 0x80) dup2(0xffffffffffffffff, r0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)=0x0) timer_settime(r5, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, &(0x7f0000040000)) tkill(r4, 0x1000000000015) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0xfffffffffffffffa, 0xbbbd4adf) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x7, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000880)}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) clock_gettime(0x6, &(0x7f0000000300)={0x0, 0x0}) futimesat(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={{0x77359400}, {r7, r8/1000+30000}}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@dev={0xfe, 0x80, [], 0xd}}, 0xf0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x2000000000, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) 03:39:26 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:26 executing program 2: openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x101003, 0x0) r0 = msgget(0x0, 0x20c) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f00000023c0)='/dev/swradio#\x00', 0x1, 0x2) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000002400)=[@timestamp, @window={0x3, 0x4, 0xaf35}, @timestamp, @timestamp], 0x4) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:26 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040), 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r2) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x3, 0x0, @ipv4={[], [], @local}}, 0x1c) io_setup(0x7, &(0x7f0000000240)=0x0) write$binfmt_elf64(r3, 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x6, 0x101000) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffff9c, 0xc0206434, &(0x7f00000000c0)={0x1ff, 0x0, 0x0, 0x6}) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000001c0)={r6, 0x8}) ioctl$void(r0, 0x5450) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r2, 0x0, 0x12f}]) 03:39:26 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 803.689840][T13572] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 803.753797][T13572] CPU: 1 PID: 13572 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 803.762938][T13572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 803.762945][T13572] Call Trace: [ 803.762967][T13572] dump_stack+0x172/0x1f0 [ 803.762989][T13572] dump_header+0x10f/0xba6 [ 803.763009][T13572] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 803.763028][T13572] ? ___ratelimit+0x60/0x595 [ 803.763045][T13572] ? do_raw_spin_unlock+0x57/0x270 [ 803.763062][T13572] oom_kill_process.cold+0x10/0x15 [ 803.763080][T13572] out_of_memory+0x79a/0x1280 [ 803.780869][T13572] ? lock_downgrade+0x880/0x880 [ 803.780889][T13572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.780908][T13572] ? oom_killer_disable+0x280/0x280 [ 803.826768][T13572] ? find_held_lock+0x35/0x130 [ 803.831562][T13572] mem_cgroup_out_of_memory+0x1ca/0x230 [ 803.837109][T13572] ? memcg_event_wake+0x230/0x230 [ 803.842161][T13572] ? do_raw_spin_unlock+0x57/0x270 [ 803.847285][T13572] ? _raw_spin_unlock+0x2d/0x50 [ 803.852147][T13572] try_charge+0x118d/0x1790 [ 803.852173][T13572] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 803.862194][T13572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.862231][T13572] ? kasan_check_read+0x11/0x20 [ 803.873287][T13572] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 803.878846][T13572] mem_cgroup_try_charge+0x24d/0x5e0 [ 803.884148][T13572] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 803.889797][T13572] __handle_mm_fault+0x1e1f/0x3ec0 [ 803.894923][T13572] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 803.900478][T13572] ? find_held_lock+0x35/0x130 [ 803.905257][T13572] ? handle_mm_fault+0x322/0xb30 [ 803.910199][T13572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.916433][T13572] ? kasan_check_read+0x11/0x20 [ 803.921350][T13572] handle_mm_fault+0x43f/0xb30 [ 803.926093][T13572] __get_user_pages+0x7b6/0x1a40 [ 803.931017][T13572] ? follow_page_mask+0x19a0/0x19a0 [ 803.936194][T13572] ? perf_trace_lock+0xeb/0x510 [ 803.941030][T13572] ? __vma_adjust+0x1840/0x1840 [ 803.945865][T13572] ? lock_acquire+0x16f/0x3f0 [ 803.950533][T13572] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 803.956754][T13572] populate_vma_page_range+0x20d/0x2a0 [ 803.962202][T13572] __mm_populate+0x204/0x380 [ 803.966791][T13572] ? populate_vma_page_range+0x2a0/0x2a0 [ 803.972412][T13572] __x64_sys_mlockall+0x35c/0x520 [ 803.977476][T13572] do_syscall_64+0x103/0x610 [ 803.982054][T13572] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 803.987926][T13572] RIP: 0033:0x457e29 [ 803.991802][T13572] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 804.011400][T13572] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 804.019794][T13572] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 804.027746][T13572] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 804.035699][T13572] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 804.043647][T13572] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 03:39:26 executing program 2: r0 = msgget(0x1, 0x0) msgrcv(r0, 0x0, 0xffffffffffffff7b, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 804.051596][T13572] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 804.131927][T13572] memory: usage 307200kB, limit 307200kB, failcnt 11700 [ 804.151269][T13572] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 804.174425][T13572] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 804.188301][T13572] Memory cgroup stats for /syz3: cache:0KB rss:292696KB rss_huge:141312KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237524KB active_anon:44128KB inactive_file:0KB active_file:0KB unevictable:11252KB [ 804.220361][T13572] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=12927,uid=0 [ 804.242039][T13572] Memory cgroup out of memory: Killed process 12927 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 804.288628][ T1042] oom_reaper: reaped process 12927 (syz-executor.3), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 805.261836][ C1] net_ratelimit: 12 callbacks suppressed [ 805.261845][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 805.273355][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:39:27 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x5, 0x9, 0x100000001, 0x7}, 0x11) r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0}, 0x2c) r2 = syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0x9, 0x20000) openat$cgroup_type(r2, &(0x7f00000001c0)='cgroup.type\x00', 0x2, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) bpf$MAP_CREATE(0x4, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x40020820000, r1}, 0x2c) connect(r3, &(0x7f00000000c0)=@can, 0x80) fsetxattr(r3, &(0x7f0000000200)=@known='com.apple.system.Security\x00', &(0x7f0000000240)='\x00', 0x1, 0x2) prctl$PR_CAPBSET_READ(0x17, 0x8) r4 = fcntl$dupfd(r0, 0x406, r3) ioctl$UFFDIO_ZEROPAGE(r4, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x1}) 03:39:27 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:27 executing program 4: socket(0xa, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") r2 = pkey_alloc(0x0, 0xf7ffffdffffffffc) pkey_free(r2) r3 = dup3(r1, 0xffffffffffffffff, 0x80000) futimesat(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={{0x0, 0x7530}}) flock(r1, 0x8) flock(0xffffffffffffffff, 0x100000000000001) r4 = gettid() gettid() syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0xc0, 0x80) dup2(0xffffffffffffffff, r0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)=0x0) timer_settime(r5, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, &(0x7f0000040000)) tkill(r4, 0x1000000000015) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0xfffffffffffffffa, 0xbbbd4adf) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x7, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000880)}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) clock_gettime(0x6, &(0x7f0000000300)={0x0, 0x0}) futimesat(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={{0x77359400}, {r7, r8/1000+30000}}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@dev={0xfe, 0x80, [], 0xd}}, 0xf0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x2000000000, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) 03:39:27 executing program 2: r0 = msgget(0x1, 0x21c) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x4, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0xfff, 0x400000) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000240)={0x56, 0x2, 0xeb, {0x8, 0x3f3}, {0x8}, @rumble={0x3, 0x4}}) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffff9c, 0x84, 0x1d, &(0x7f0000000040)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000080)=0x18) setsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f00000000c0)={r2, 0x1, 0x4, 0x80, 0x74c, 0x2}, 0x14) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000200)={'nlmon0\x00', &(0x7f0000000280)=ANY=[@ANYBLOB="03000000600dc434111553055cdb7e133e5aea298174cfcabf4cce3408175ba5894b1086f909400467649fd0824b2b1bc3ea8173fa2481790b5bebeeb6608798e2840bd4746cae4fb8b10c0eff1be2f4c934ae4bf4c5309334710a675e6a06f436369a4458a9750efd87298d3513c9bc16c551270eb58ad89847e3aa31a2243ef38d7cf9c14d142cc98a376a407264a5d4fd950b08822bf439f76c15e7f205af1bc529b697ac25b2240e82a7cbf0c287d94f75d200a72f03e87d4b7c3d9aa100000000000000000000000100000001000000"]}) 03:39:27 executing program 5: syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x1, 0x2000) perf_event_open$cgroup(&(0x7f0000000940)={0x0, 0x70, 0x100000000, 0x9, 0x0, 0x4, 0x0, 0x17, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x3, 0xfffffffffffffffc, 0x0, 0xffffffffffffffb4, 0x0, 0x0, 0x0, 0x80000000, 0x5, 0x84, 0x6, 0x4, 0x0, 0x2, 0x8, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2, @perf_bp={0x0}, 0x0, 0x5, 0xffffffffffffffaf}, 0xffffffffffffffff, 0xb, 0xffffffffffffff9c, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0xffb7) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x3e8400, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuacct.usage_all\x00', 0x0, 0x0) openat$cgroup(0xffffffffffffff9c, &(0x7f0000000480)='syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000500)='cpu.stat\x00', 0x0, 0x0) socketpair(0xb, 0x5, 0x80000007, 0x0) ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0) r3 = getpid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r3, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) recvmsg(r2, 0x0, 0x2) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={r1, 0x3, 0x1, 0x6, 0x0}, 0x20) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000001100)) sendmsg$kcm(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40004}, 0x20000000) r4 = gettid() r5 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair(0x9, 0x80004, 0xdf8d, 0x0) socketpair(0xd, 0x0, 0x7ff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, 0x0) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, 0x0) write$FUSE_WRITE(r2, &(0x7f0000000000)={0x18, 0x0, 0x3, {0x5}}, 0x18) ioctl$TUNSETVNETHDRSZ(r5, 0x400454d8, &(0x7f00000004c0)=0xffffefffffffffff) socket$kcm(0x29, 0x2, 0x0) perf_event_open(&(0x7f0000000080)={0x3, 0x70, 0x9, 0x94e, 0x1ff, 0x2000000001, 0x0, 0x46, 0x0, 0x0, 0x0, 0x1b957c4a, 0x0, 0x8, 0x0, 0x400, 0x0, 0x0, 0x1, 0x7, 0x5, 0x0, 0x0, 0x7ff, 0x22700000000000, 0x800, 0x0, 0xdabc, 0x0, 0x80000000000000, 0x0, 0x8, 0x0, 0x80000001, 0x8, 0x0, 0xd, 0xce0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, r4, 0x4, 0xffffffffffffffff, 0x9) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8914, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ') 03:39:27 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0xfe0, 0x80002) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f00000000c0)={0xd0, 0x5eb, 0x2, 0x80000001, 0x2, 0x6}) write$FUSE_DIRENT(r1, &(0x7f0000000040)={0x50, 0x0, 0x5, [{0x5, 0x0, 0x3, 0x10000000000000, '-({'}, {0x0, 0x2, 0x2, 0x1, '))'}]}, 0x50) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) [ 805.377214][T13601] device lo entered promiscuous mode 03:39:28 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:28 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x400000) ioctl$KVM_GET_DEBUGREGS(0xffffffffffffffff, 0x8080aea1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28, 0x0, 0x6500}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:39:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000640)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c888c9ff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000540)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x7fff, 0x0, [{}, {}, {}, {0x0, 0x9, 0x0, [], 0x93a2}]}}) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x200040, 0x0) ioctl$IMSETDEVNAME(r3, 0x80184947, &(0x7f0000000040)={0x9, 'syz1\x00'}) 03:39:28 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) setxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:cgroup_t:s0\x00', 0x1e, 0x1) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x800) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x4000, 0x0) write$P9_RREMOVE(r1, &(0x7f0000000100)={0x7, 0x7b, 0x2}, 0x7) msgctl$IPC_RMID(r0, 0x0) 03:39:28 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ubi_ctrl\x00', 0x101000, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000000)='./file0\x00', 0xffffffff, 0x1, &(0x7f0000000100)=[{&(0x7f0000000040)="5846534200001000000000000000014570000000000000000000000000000000984f0b5042b64b06bc86cba3e6cc3f80020000000000000000000000000000800000f9ffffffff8000000000000000821c000001000010000000000100000000000006c034a402", 0x67}], 0x0, 0x0) getpeername$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, &(0x7f0000000180)=0x10) 03:39:28 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") r1 = socket$inet6(0xa, 0x80f, 0x8) setsockopt$inet_int(r1, 0x0, 0xf, &(0x7f0000d10ffc)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e21, 0x0, @dev, 0x6}], 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000008c0)=[@in={0x2, 0x4e21, @multicast2}], 0x10) r2 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x5, 0x4000) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000000900)={0x0, 0x0, 0x2080}) 03:39:28 executing program 4: socket(0xa, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="0a5cc80700315f85715070") r2 = pkey_alloc(0x0, 0xf7ffffdffffffffc) pkey_free(r2) r3 = dup3(r1, 0xffffffffffffffff, 0x80000) futimesat(r3, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={{0x0, 0x7530}}) flock(r1, 0x8) flock(0xffffffffffffffff, 0x100000000000001) r4 = gettid() gettid() syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0xc0, 0x80) dup2(0xffffffffffffffff, r0) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)=0x0) timer_settime(r5, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, &(0x7f0000040000)) tkill(r4, 0x1000000000015) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0xfffffffffffffffa, 0xbbbd4adf) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x7, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000000), 0x0, &(0x7f0000000880)}, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff}) clock_gettime(0x6, &(0x7f0000000300)={0x0, 0x0}) futimesat(r0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={{0x77359400}, {r7, r8/1000+30000}}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x89f1, &(0x7f0000000580)='ip6_vti0\x00') setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@dev={0xfe, 0x80, [], 0xd}}, 0xf0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x2000000000, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) 03:39:28 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/tcp6\x00') ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000180)) msgctl$IPC_RMID(r0, 0x0) 03:39:28 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000200)={0x0, 0x100, 0x0, 0xfff}, 0x10) r1 = syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x3, 0x20000) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, r2, 0x20, 0x70bd2b, 0x25dfdbfd, {{}, 0x0, 0x8001, 0x0, {0x8, 0x11, 0xb20}}, ["", "", "", "", "", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4000) r3 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$BLKBSZSET(r3, 0x80041284, &(0x7f0000000000)=0x10000) recvmsg(r1, &(0x7f00000018c0)={&(0x7f0000000240)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000017c0)=[{&(0x7f00000002c0)}, {&(0x7f0000000300)=""/151, 0x97}, {&(0x7f00000003c0)=""/109, 0x6d}, {&(0x7f0000000440)=""/222, 0xde}, {&(0x7f0000000540)=""/144, 0x90}, {&(0x7f0000000600)=""/4096, 0x1000}, {&(0x7f0000001600)=""/67, 0x43}, {&(0x7f0000001680)=""/2, 0x2}, {&(0x7f00000016c0)=""/251, 0xfb}], 0x9, &(0x7f0000001880)=""/32, 0x20}, 0x0) sendmsg$can_raw(r1, &(0x7f0000001980)={&(0x7f00000002c0), 0x10, &(0x7f0000001940)={&(0x7f0000001900)=@can={{0x2, 0xfffffffffffffffe, 0xffffffff, 0x6}, 0x6, 0x3, 0x0, 0x0, "bf22e75cfcc6d39c"}, 0x10}, 0x1, 0x0, 0x0, 0x1}, 0x4000005) 03:39:28 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 806.105960][T13606] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 806.116063][T13606] CPU: 0 PID: 13606 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 806.125182][T13606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 806.135232][T13606] Call Trace: [ 806.138510][T13606] dump_stack+0x172/0x1f0 [ 806.142834][T13606] dump_header+0x10f/0xba6 [ 806.147232][T13606] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 806.153028][T13606] ? ___ratelimit+0x60/0x595 [ 806.157617][T13606] ? do_raw_spin_unlock+0x57/0x270 [ 806.162711][T13606] oom_kill_process.cold+0x10/0x15 [ 806.167807][T13606] out_of_memory+0x79a/0x1280 [ 806.172466][T13606] ? lock_downgrade+0x880/0x880 [ 806.177300][T13606] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.183565][T13606] ? oom_killer_disable+0x280/0x280 [ 806.188746][T13606] ? find_held_lock+0x35/0x130 [ 806.193502][T13606] mem_cgroup_out_of_memory+0x1ca/0x230 [ 806.199040][T13606] ? memcg_event_wake+0x230/0x230 [ 806.204069][T13606] ? do_raw_spin_unlock+0x57/0x270 [ 806.209270][T13606] ? _raw_spin_unlock+0x2d/0x50 [ 806.214108][T13606] try_charge+0x118d/0x1790 [ 806.218601][T13606] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 806.225128][T13606] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.231365][T13606] ? kasan_check_read+0x11/0x20 [ 806.236208][T13606] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 806.241817][T13606] mem_cgroup_try_charge+0x24d/0x5e0 [ 806.247098][T13606] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 806.252805][T13606] wp_page_copy+0x408/0x1740 [ 806.257376][T13606] ? find_held_lock+0x35/0x130 [ 806.262122][T13606] ? pmd_pfn+0x1d0/0x1d0 [ 806.266444][T13606] ? lock_downgrade+0x880/0x880 [ 806.271276][T13606] ? swp_swapcount+0x540/0x540 [ 806.276033][T13606] ? kasan_check_read+0x11/0x20 [ 806.280866][T13606] ? do_raw_spin_unlock+0x57/0x270 [ 806.285988][T13606] do_wp_page+0x5d8/0x16c0 [ 806.290389][T13606] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 806.295768][T13606] __handle_mm_fault+0x22e8/0x3ec0 [ 806.300865][T13606] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 806.306394][T13606] ? find_held_lock+0x35/0x130 [ 806.311138][T13606] ? handle_mm_fault+0x322/0xb30 [ 806.316076][T13606] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.322300][T13606] ? kasan_check_read+0x11/0x20 [ 806.327135][T13606] handle_mm_fault+0x43f/0xb30 [ 806.331886][T13606] __get_user_pages+0x7b6/0x1a40 [ 806.336907][T13606] ? follow_page_mask+0x19a0/0x19a0 [ 806.342095][T13606] ? perf_trace_lock+0xeb/0x510 [ 806.346924][T13606] ? __vma_adjust+0x1840/0x1840 [ 806.351765][T13606] ? lock_acquire+0x16f/0x3f0 [ 806.356422][T13606] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.362645][T13606] populate_vma_page_range+0x20d/0x2a0 [ 806.368099][T13606] __mm_populate+0x204/0x380 [ 806.372671][T13606] ? populate_vma_page_range+0x2a0/0x2a0 [ 806.378319][T13606] __x64_sys_mlockall+0x35c/0x520 [ 806.383354][T13606] do_syscall_64+0x103/0x610 [ 806.387931][T13606] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 806.393811][T13606] RIP: 0033:0x457e29 [ 806.397715][T13606] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 806.417309][T13606] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 806.425701][T13606] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 806.433654][T13606] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 806.441604][T13606] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 806.449640][T13606] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 806.457591][T13606] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 806.466221][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 806.472084][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 806.479311][T13606] memory: usage 307200kB, limit 307200kB, failcnt 11747 [ 806.486564][T13606] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 806.494398][T13606] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 806.501244][T13606] Memory cgroup stats for /syz3: cache:0KB rss:292688KB rss_huge:141312KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:228552KB active_anon:44100KB inactive_file:0KB active_file:0KB unevictable:20168KB [ 806.527671][T13606] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13603,uid=0 [ 806.547435][T13606] Memory cgroup out of memory: Killed process 13603 (syz-executor.3) total-vm:72580kB, anon-rss:11960kB, file-rss:53544kB, shmem-rss:0kB [ 806.566232][ T1042] oom_reaper: reaped process 13603 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:29 executing program 3: mlockall(0x1) clone(0x40000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x82800, 0x0) ioctl$VT_SETMODE(r2, 0x5602, &(0x7f0000000040)={0x4, 0x5, 0xbe4, 0xc5ce}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) fcntl$notify(r0, 0x402, 0x80000003) 03:39:29 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup2(r1, r1) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000300)=@assoc_value={0x0}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000400)={r3, 0x48, &(0x7f0000000380)=[@in={0x2, 0x4e23, @multicast1}, @in6={0xa, 0x4e24, 0x2, @local, 0x3}, @in6={0xa, 0x4e22, 0x3, @remote, 0x4}]}, &(0x7f0000000440)=0x10) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000004c0)={0xffffffffffffffff, r2, 0x0, 0x2, &(0x7f0000000480)='#\x00', 0xffffffffffffffff}, 0x30) syz_open_procfs(r5, &(0x7f0000000500)='net/protocols\x00') setsockopt$sock_void(r1, 0x1, 0x1b, 0x0, 0x0) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="90000000", @ANYRES16=r4, @ANYBLOB="00062cbd7000fcdbdf250c000000080006010008000800bf72000008000200330000001400010008000200320000000800080001000000100001000c000700080000000000000008000500b808000008000500000800002c00030008000500ac1414aa0800030000000000080004000100000008000700c30800000800040053830000"], 0x90}, 0x1, 0x0, 0x0, 0x80}, 0x80) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000039c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000200)={0x0, 0x5005000000000000, &(0x7f00000001c0)={&(0x7f0000000040)={0x60, r6, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0x2, 0x0, 0x0, @mcast1}}, {0x14, 0x2, @in={0x2, 0x0, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}]}]}, 0x60}}, 0x0) 03:39:29 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) r1 = dup(r0) r2 = semget$private(0x0, 0x1, 0x0) semctl$GETPID(r2, 0x1, 0xb, &(0x7f0000000b00)=""/216) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x73c, 0x4) stat(&(0x7f0000000a40)='./file0\x00', &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$msdos(&(0x7f00000001c0)='msdos\x00', &(0x7f0000000240)='./file0\x00', 0xc97, 0x7, &(0x7f00000006c0)=[{&(0x7f0000000280)="4721ddaa9f3661e2dbacb6ac685fda2f416f891b1179b8a3162f266da6782c8ba7f0d02ba939c6250fdf2d479f464cd3e671e74a23dc828125584a3879df47801e9c6ec1859b05a3c0bf24a5775f3a30feb0e755bc4fecf7f4e4246f2ae811b6bda1c51db1e6163ae327b9e6fcdd7defc9635d980127e37a8bee", 0x7a, 0x5}, {&(0x7f0000000300)="5e8f0c52dd1439e00acb096ee6431fc0f3940e1d314370f12a07853c77eb787635917e53c3c1ac49fe342d3484a20313835ee357b160a7f2e9b46d17aade0e5b4f667245e8aea58e1b2aa936421854d49217374bfdcf1b6a8b8c1560528a80d8e3ac635a3213263fa776a34528651259e9af01f26e47a450563b1e0fca4e158cc4aebf0a4b16388a622b126104a6789cafad04566fd68c08acc0fcf1330196b5fcdc00dbd501365269475d075b50bce1172db6d3b0f4cc21b8ad452e956c5aabb84e3146b95c78ab2f88232946f7ed9ef7c2bdcd25d5b42fde92b6e6b7ca8b9a06f5", 0xe2, 0x3}, {&(0x7f0000000400)="cea54854e42277d3e79a1da3190266627dbbad2f977396cdc9d31bb3c991e3e5d1a5b747ccbd98279a4edd", 0x2b, 0x10000}, {&(0x7f0000000440)="46da5c447791ad456ac5a5aedd473b35bba8d97e0291b411386934c95c681e7eae9039a8e8f20fef297fe1f734760cf721581bca51a0242d6c493d24f48db08494f7294f30aa44b014a21fe88a7fcb6f530cd57dee9ccd3ed0b15f782608815845fe71e6c436dce742bbb12ee441644a4fcab63d4c74c3a59fd628c3971201bb", 0x80, 0x2}, {&(0x7f00000004c0)="8849ac371368302ad76723ae6e854280a1d6338f523803a011325e91b6f3b51b183ba72454022f5a7ee977d273287ae057637ac053d27ed7fec13e0f7ca161f32e07b161e58afb15c0e70bfb232107ab06146e247599751d75e08c1248ff91d4e3c829e293a91d02fa037de57d17edb09e35efe92d1e4b84ffc8eb5907e91fe9e31688323717b488e1b0458a439a34e0993d5fa9c91e08304cec794a9e9cb478cb4b1c90eeb058459b6e77f39641e919f369b56ef1f66e2bc60b04b6abd6a47d38664c53082d6373f4a354ebbe5e4ddb872105cd276ec6f7b6e8c94267fb4160", 0xe0, 0x1000}, {&(0x7f00000005c0)="5b5982cfc91be83c8e34a4669bfbec4359ab1a1daf925c724b2df2536dcd54190f6707", 0x23}, {&(0x7f0000000600)="38c429c983b4583f075ad1df7593c716db06f67d2b06248b4741b7e52463bd8cfd5f7312f9a894753b803332c6f790eeddec6634827d775eedbd80f7d0cabb0f5d21e17b2e16579c08d824fddcad3c66d86cd2a0d16d31c1a440ffd342c8afeae18fd8d8b26f54ae3534ae5ea70c16e01f725147917cec67e21cc4b644bf984666c5edfd6c536d4a4b8076e8a5398e8c8a786f665d156f644c3239b95791ceb27f0eaa5d88dd0f0544bd6a5c9de3844d9b3f97", 0xb3, 0x200}], 0x0, &(0x7f0000000840)={[{@fat=@dmask={'dmask', 0x3d, 0x100}}, {@fat=@dos1xfloppy='dos1xfloppy'}, {@fat=@tz_utc='tz=UTC'}], [{@smackfsdef={'smackfsdef', 0x3d, '/dev/input/mice\x00'}}, {@pcr={'pcr', 0x3d, 0x1b}}, {@uid_gt={'uid>', r3}}]}) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) stat(0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, 0x0}, &(0x7f0000000140)=0xc) fchown(r0, 0x0, r4) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x0) setsockopt$inet6_int(r1, 0x29, 0x43, &(0x7f0000000200)=0x2, 0x4) r5 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0xfffffffffffffffd) socketpair$unix(0x1, 0xffffffffffffffff, 0x0, &(0x7f00000009c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_bt_bnep_BNEPCONNDEL(r1, 0x400442c9, &(0x7f0000000040)={0x9, @random="9b53c0f03835"}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x80040) ftruncate(r5, 0x80080) sendfile(r1, r5, &(0x7f0000d83ff8), 0x2008000fffffffe) 03:39:29 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:29 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x3, 0x0, 0x52f169cb93d76a14) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x40000, 0x0) ioctl$ASHMEM_GET_SIZE(r1, 0x7704, 0x0) 03:39:29 executing program 2: r0 = msgget(0xffffffffffffffff, 0x440) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 806.701271][T13669] Started in network mode [ 806.711470][T13669] Own node identity , cluster identity 4711 [ 806.721808][T13669] Failed to set node id, please configure manually [ 806.728585][T13669] Enabling of bearer rejected, failed to enable media 03:39:29 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x9) r1 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x401, 0x220041) write$UHID_CREATE(r1, &(0x7f0000000240)={0x0, 'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/17, 0x11, 0x6, 0x5, 0x20, 0xf68, 0x800}, 0x120) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000180)=0x580, 0x4) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2, 0x9}, 0x1c) setsockopt$inet6_int(r2, 0x29, 0x8, &(0x7f0000000200)=0x9, 0x4) recvmsg(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=""/36, 0x24}, 0x2000) sendmmsg(r0, &(0x7f00000000c0), 0x182, 0x0) ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xf, 0x1, 0x1, "eb7b151fff623f0c98ddc08a4e158fb00b2b918acd83c495b2747b28736d62567963291e75bc6b498b2ba946c88ddd785cb65bba7862d720d2d1f9b6588e8fbe", "8de73f8cb069e220765165d1a765c7fc37b3c2664dff24802161c8387c7792d2", [0x1, 0x6]}) 03:39:29 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x2, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 806.761685][T13677] FAT-fs (loop4): Unrecognized mount option "smackfsdef=/dev/input/mice" or missing value [ 806.775754][T13686] Started in network mode [ 806.816794][T13686] Own node identity , cluster identity 4711 [ 806.857536][T13682] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 806.884919][T13686] Failed to set node id, please configure manually [ 806.897546][T13685] FAT-fs (loop4): Unrecognized mount option "smackfsdef=/dev/input/mice" or missing value [ 806.913589][T13686] Enabling of bearer rejected, failed to enable media [ 806.928800][T13682] CPU: 1 PID: 13682 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 806.937936][T13682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 806.948005][T13682] Call Trace: [ 806.951315][T13682] dump_stack+0x172/0x1f0 [ 806.955668][T13682] dump_header+0x10f/0xba6 [ 806.960101][T13682] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 806.965935][T13682] ? ___ratelimit+0x60/0x595 [ 806.970570][T13682] ? do_raw_spin_unlock+0x57/0x270 [ 806.975708][T13682] oom_kill_process.cold+0x10/0x15 [ 806.980836][T13682] out_of_memory+0x79a/0x1280 [ 806.985535][T13682] ? lock_downgrade+0x880/0x880 [ 806.990396][T13682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 806.996655][T13682] ? oom_killer_disable+0x280/0x280 [ 807.001953][T13682] ? find_held_lock+0x35/0x130 [ 807.006751][T13682] mem_cgroup_out_of_memory+0x1ca/0x230 [ 807.012311][T13682] ? memcg_event_wake+0x230/0x230 [ 807.017358][T13682] ? do_raw_spin_unlock+0x57/0x270 [ 807.022851][T13682] ? _raw_spin_unlock+0x2d/0x50 [ 807.027725][T13682] try_charge+0x118d/0x1790 [ 807.032340][T13682] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 807.037898][T13682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.044151][T13682] ? kasan_check_read+0x11/0x20 [ 807.049011][T13682] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 807.054582][T13682] mem_cgroup_try_charge+0x24d/0x5e0 [ 807.059889][T13682] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 807.065718][T13682] __handle_mm_fault+0x1e1f/0x3ec0 [ 807.070849][T13682] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 807.076407][T13682] ? find_held_lock+0x35/0x130 [ 807.081177][T13682] ? handle_mm_fault+0x322/0xb30 [ 807.086134][T13682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.092412][T13682] ? kasan_check_read+0x11/0x20 [ 807.097286][T13682] handle_mm_fault+0x43f/0xb30 [ 807.102066][T13682] __get_user_pages+0x7b6/0x1a40 [ 807.107030][T13682] ? follow_page_mask+0x19a0/0x19a0 [ 807.112233][T13682] ? perf_trace_lock+0xeb/0x510 [ 807.117091][T13682] ? __vma_adjust+0x1840/0x1840 [ 807.121964][T13682] ? lock_acquire+0x16f/0x3f0 [ 807.126655][T13682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.132914][T13682] populate_vma_page_range+0x20d/0x2a0 [ 807.138403][T13682] __mm_populate+0x204/0x380 [ 807.143009][T13682] ? populate_vma_page_range+0x2a0/0x2a0 [ 807.148660][T13682] __x64_sys_mlockall+0x35c/0x520 [ 807.153699][T13682] do_syscall_64+0x103/0x610 [ 807.158303][T13682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.164188][T13682] RIP: 0033:0x457e29 [ 807.168066][T13682] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 807.187661][T13682] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 807.196106][T13682] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 807.204081][T13682] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 03:39:29 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000180)='/dev/dri/card#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0xfff) r2 = syz_open_dev$cec(&(0x7f0000000400)='/dev/cec#\x00', 0x2, 0x2) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000002c0)={0x0, 0xb0, &(0x7f0000000200)=[@in={0x2, 0x4e24, @multicast2}, @in={0x2, 0x4e23, @empty}, @in={0x2, 0x4e22, @empty}, @in6={0xa, 0x4e21, 0xffffffff, @remote, 0x4}, @in6={0xa, 0x4e20, 0x9, @mcast1, 0x10001}, @in6={0xa, 0x4e22, 0x1, @mcast2, 0x8}, @in={0x2, 0x4e24, @multicast1}, @in6={0xa, 0x4e23, 0x0, @dev={0xfe, 0x80, [], 0x18}, 0x6}]}, &(0x7f0000000300)=0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000380)={r3, 0x10, &(0x7f0000000340)=[@in={0x2, 0x4e21, @loopback}]}, &(0x7f00000003c0)=0x10) ioctl$TIOCSWINSZ(r2, 0x5414, &(0x7f0000000140)={0x1, 0xb1, 0x5, 0x4}) ioctl$sock_inet6_tcp_SIOCINQ(r2, 0x541b, &(0x7f00000001c0)) ioctl$DRM_IOCTL_VERSION(r0, 0xc0406400, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe7, &(0x7f00000022c0)=""/231}) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x40000, 0x0) ioctl$RTC_AIE_OFF(r4, 0x7002) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000000040), &(0x7f00000000c0)=0x4) 03:39:29 executing program 0: r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mISDNtimer\x00', 0x0, 0x0) r1 = dup2(r0, r0) ioctl$IMGETCOUNT(r1, 0x80044943, &(0x7f0000000000)) ioctl$TUNSETNOCSUM(r1, 0x80044940, 0x712800) 03:39:29 executing program 0: r0 = getpgid(0x0) r1 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x0, 0x80) write$FUSE_DIRENT(r1, &(0x7f0000000100)={0x68, 0x0, 0x2, [{0x3, 0x3ff, 0xe, 0x81, 'oom_score_adj\x00'}, {0x2, 0xfffffffffffffff9, 0x14, 0x400, 'posix_acl_accessuser'}]}, 0x68) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_open_procfs(r0, &(0x7f0000000000)='oom_score_adj\x00') connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x9, @ipv4={[], [], @remote}, 0x7}, 0x1c) sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000007000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000003000ffff000000000000100003000000"], 0x14}}, 0x0) 03:39:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000001c0)={0x0, {0x2, 0x0, @multicast2}, {0x2, 0x0, @remote}, {0x2, 0x0, @multicast1}, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0xeb}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000480)={[], 0x0, 0x1a200}) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 'y\x14\bK\x16^\x9e\xc5/\x15\x95\xab)\xeb\xf0\x15\xf3{T\x1aWP\xac\xb2\xac\x95\xe9\xad9b\xaf5.S#\xb7y\x82\x1f\xa5^\xe1K\xf9'}) r3 = accept4(0xffffffffffffff9c, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, &(0x7f0000000100)=0x80, 0x0) recvfrom$inet(r3, &(0x7f0000000240)=""/221, 0xdd, 0x2, &(0x7f0000000140)={0x2, 0x4e20, @multicast2}, 0x10) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/audio\x00', 0x210000, 0x0) connect$bt_l2cap(r4, &(0x7f0000000400)={0x1f, 0x3, {0x0, 0x5c7, 0x101, 0x7, 0x2}, 0x8, 0x9}, 0xe) [ 807.212037][T13682] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 807.220000][T13682] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 807.227971][T13682] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 807.242083][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 807.247984][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 807.253881][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 807.259929][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 807.277027][T13682] memory: usage 307200kB, limit 307200kB, failcnt 11761 [ 807.284313][T13682] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 807.291936][T13682] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 807.298858][T13682] Memory cgroup stats for /syz3: cache:0KB rss:292872KB rss_huge:141312KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237520KB active_anon:44132KB inactive_file:4KB active_file:0KB unevictable:11248KB [ 807.321260][T13682] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13007,uid=0 [ 807.336729][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 807.336790][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 807.349025][T13682] Memory cgroup out of memory: Killed process 13007 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 807.423517][ T1042] oom_reaper: reaped process 13007 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 807.554006][T13682] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 807.564111][T13682] CPU: 0 PID: 13682 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 807.573217][T13682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 807.583267][T13682] Call Trace: [ 807.586561][T13682] dump_stack+0x172/0x1f0 [ 807.590895][T13682] dump_header+0x10f/0xba6 [ 807.595315][T13682] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 807.601113][T13682] ? ___ratelimit+0x60/0x595 [ 807.605702][T13682] ? do_raw_spin_unlock+0x57/0x270 [ 807.610809][T13682] oom_kill_process.cold+0x10/0x15 [ 807.615901][T13682] out_of_memory+0x79a/0x1280 [ 807.620605][T13682] ? lock_downgrade+0x880/0x880 [ 807.625450][T13682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.631684][T13682] ? oom_killer_disable+0x280/0x280 [ 807.636864][T13682] ? find_held_lock+0x35/0x130 [ 807.641615][T13682] mem_cgroup_out_of_memory+0x1ca/0x230 [ 807.647155][T13682] ? memcg_event_wake+0x230/0x230 [ 807.652192][T13682] ? do_raw_spin_unlock+0x57/0x270 [ 807.657310][T13682] ? _raw_spin_unlock+0x2d/0x50 [ 807.662161][T13682] try_charge+0x118d/0x1790 [ 807.666676][T13682] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 807.672216][T13682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.678462][T13682] ? kasan_check_read+0x11/0x20 [ 807.683317][T13682] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 807.688858][T13682] mem_cgroup_try_charge+0x24d/0x5e0 [ 807.694132][T13682] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 807.699748][T13682] do_huge_pmd_wp_page+0x99d/0x3660 [ 807.704945][T13682] ? munlock_vma_page+0x45d/0x700 [ 807.709979][T13682] ? __split_huge_pmd+0x2c00/0x2c00 [ 807.715163][T13682] ? __lock_acquire+0x55d/0x4710 [ 807.720091][T13682] ? putback_lru_page+0xd6/0x140 [ 807.725023][T13682] ? pmd_val+0x85/0x100 [ 807.729169][T13682] ? add_mm_counter_fast.part.0+0x40/0x40 [ 807.734868][T13682] ? perf_trace_lock+0xeb/0x510 [ 807.739703][T13682] __handle_mm_fault+0x1651/0x3ec0 [ 807.744815][T13682] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 807.750367][T13682] ? find_held_lock+0x35/0x130 [ 807.755115][T13682] ? handle_mm_fault+0x322/0xb30 [ 807.760039][T13682] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 807.766286][T13682] ? kasan_check_read+0x11/0x20 [ 807.771170][T13682] handle_mm_fault+0x43f/0xb30 [ 807.775940][T13682] __do_page_fault+0x5ef/0xda0 [ 807.780702][T13682] do_page_fault+0x71/0x581 [ 807.785206][T13682] page_fault+0x1e/0x30 [ 807.789356][T13682] RIP: 0010:__put_user_4+0x1c/0x30 [ 807.794450][T13682] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 00 ee 01 00 48 8b 9b 18 14 00 00 48 83 eb 03 48 39 d9 73 3c 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 807.814049][T13682] RSP: 0018:ffff888020e37e18 EFLAGS: 00010293 [ 807.820117][T13682] RAX: 0000000000000003 RBX: 00007fffffffeffd RCX: 0000000020000140 [ 807.828081][T13682] RDX: 000000000000037e RSI: ffffffff8198e363 RDI: 0000000000000286 [ 807.836036][T13682] RBP: ffff888020e37ee0 R08: ffff88804fe40480 R09: 0000000000000001 [ 807.844003][T13682] R10: ffff88804fe40d00 R11: ffffffff8a0699d8 R12: 0000000000000007 [ 807.851991][T13682] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000000 [ 807.859977][T13682] ? __might_fault+0x1a3/0x1e0 [ 807.864744][T13682] ? __sys_socketpair+0x11f/0x5e0 [ 807.869762][T13682] ? __ia32_sys_socket+0xb0/0xb0 [ 807.874686][T13682] ? kasan_check_write+0x14/0x20 [ 807.879607][T13682] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 807.885060][T13682] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 807.890520][T13682] ? do_syscall_64+0x26/0x610 [ 807.895183][T13682] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.901231][T13682] ? do_syscall_64+0x26/0x610 [ 807.905913][T13682] __x64_sys_socketpair+0x97/0xf0 [ 807.910934][T13682] do_syscall_64+0x103/0x610 [ 807.915514][T13682] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 807.921382][T13682] RIP: 0033:0x457e29 [ 807.925268][T13682] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 807.944870][T13682] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 807.953284][T13682] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 807.961238][T13682] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000001 [ 807.969192][T13682] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 807.977153][T13682] R10: 0000000020000140 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 807.985117][T13682] R13: 00000000004c6411 R14: 00000000004db758 R15: 00000000ffffffff [ 807.994606][T13682] memory: usage 307200kB, limit 307200kB, failcnt 11806 [ 808.001563][T13682] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 808.009058][T13682] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 808.015930][T13682] Memory cgroup stats for /syz3: cache:0KB rss:291696KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:219460KB active_anon:44096KB inactive_file:0KB active_file:0KB unevictable:28348KB [ 808.038078][T13682] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13679,uid=0 [ 808.053496][T13682] Memory cgroup out of memory: Killed process 13679 (syz-executor.3) total-vm:72580kB, anon-rss:17872kB, file-rss:53540kB, shmem-rss:0kB [ 808.068035][ T1042] oom_reaper: reaped process 13679 (syz-executor.3), now anon-rss:17864kB, file-rss:53536kB, shmem-rss:0kB 03:39:30 executing program 5: openat$cuse(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cuse\x00', 0x2, 0x0) r0 = syz_open_dev$adsp(0x0, 0x3, 0x40) geteuid() r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000280), 0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) listen(r1, 0x7) getpeername$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x15d) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000100)={0x0, 0x9, 0x20, 0x3, 0x3}, &(0x7f0000000180)=0x18) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f00000002c0)=ANY=[@ANYRES32=r2, @ANYBLOB="01f0b500b01925a61834946e1518e86df099a42959ad79a9b50c8d485eb96a5df415dbf79bff0a5f0cb7816ed78e1f43a82856feaca8289d9ad96722039363b1c277ca4a89b29f9e3378bc3932c24c73971458e9a645cf7a70f8cc5dc15a6edd198502a6a6d03a2cbbcc91dbbb4d5472103f4f447b4f0ac94aeb1935f4704bb857f573a1b042831c7fb65e9dcdbabb14fa94c3272b4363bd8cb9d98484467a8df907b5e93d9b210a5cf287435e76f055bfa64a2a4cc85c516c6d93d70e6b351ff013bd2cf5b94f"], 0xbd) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000000)={0x0, 0x4e50}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, 0x0, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) r4 = accept4(r1, 0x0, 0x0, 0x0) ioctl$VIDIOC_ENUMAUDIO(r0, 0xc0345641, &(0x7f00000000c0)={0x2, "20347a8967ace8aa6c9175f8b54574ae3e697d7b84549ebe511dbed00859237d", 0x2, 0x1}) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) close(r4) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) 03:39:30 executing program 3: mlockall(0x1) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) sendmsg$kcm(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000040)="ed8e1fac90b6e70712650784c362f2e08c5afc73449be2bbe485907f50f9d2c2ed22c534ac7358d84f9305b7f3d10b58d34771c9878e8e442a27eca969dfc033369d5603b5c88efc0240c8fca373384bb80e232bbfba8e2c831e498b5c573061adcd032afc6167537b0685b900ab1e513caaa74ac7c1078a5e13e2ccac979865c5f768d8690aab7abddc4e30389b4df4651713628822a637df0eba16788a044d538b2754467ed0920a1fe9d1688caa40d03ee5b70246c9df638100436cc072e5922b662bd94e93b1e81396a849a6d1294014b1a09c672cbc6bad203ff91799a8ada6b19ca8d384354977c949c43bd14ec0", 0xf1}, {&(0x7f0000000180)="fcca80d22a85ab4ccdc0da0148f9611ec9d9de01e8b8fd294f88203999ad3d0b6da3de7f22e635f36111caddd769a8ae925e1c7c2303b5491b8f4c31f61124e607057def3bbcbf4997695341fbd32a16f9574a807d16120a7d83c11572ed2b3200be6297060ffbae7cb8b7c150c6fc3d3953f4e3cedfbd24912b021d931864", 0x7f}, {&(0x7f0000000200)="a217920f9559f8e27f", 0x9}, {&(0x7f0000000240)="f5b70ee11922de9863c519a6708a67c4d8923e017ab3f04444596f00d4012e5c15546ab2dc590f52b247ec0268f5776bd7d15fcbbdf38a83259e4ba40c0ff4818e2c14032c5f518457dc7e39402389916faa4fb6d87cb3e652b4cf12eebc260882471e88c5d0ac7672f39fb7e1a168531cd7c6f70af9efd9a9a4c185e53f417808a166d6b92f5ee17cabaff33e5b4a306e528ece957c19e7bef49d7a09ae0634103b9d9abe04b799b1b0b307d179cbfdc96546752cd348f705106d52dbbd69b9acc5fc06724e15abd7e21534d73fd4d59b622030362f54dcb5557c2975afa392", 0xe0}, {&(0x7f0000000340)="e7c574fd0d93be106e98431c4d3940d91c0ed9685e5f0e1e64eeef3f594d1097a2e2f1aa97c7882b033a522877a97c459d26444aca42cca5d9daa627bdc78e5accfe7df3b941e7cca84c8d0f5188d40ff9de5f7859dd0e9f1d6315c27b96d333c71f39fa0f3c264969f549b99bcb56ed1b8d8b7233500373179f051bf26ad8b5fa31955902168a501d0753d4396b0a6ac4bfa4de678deb7ea405342d8fa86255968a1418d8ab11316bc6b67e27300ae830b51cb15f24e86b22d8d187b15b48a122807d90b090079b6ea44ac2b8d5aca3c9562ab2d8d8abc84cb07e1f7d997238caaa764a1241ca4c", 0xe8}], 0x5}, 0x801) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:30 executing program 0: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, 0x0) futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2f) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="b9020000b87c085401000000180000efff32ef08b0bcf324ed69bb66b60b6585a3073cc0b8a802000000ef0000000014f51aa972afb0fc25242905ab0254"], 0x39) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x101480, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000080)={0x0, 0x3}, &(0x7f00000000c0)=0x8) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000100)=@sack_info={r2, 0x6, 0x100}, 0xc) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000000c0)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:39:30 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x4, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:30 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000000)=0x2) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x40000, 0x0) sendto$inet(r2, &(0x7f0000000080)="df1916dda718a8ad631a649fa37bb0a556f97fba98d51717a2664b3a0ff55655f2db781ab1060e9b130bced5b35a2e0e1962c365a97a82fb3d5c7fa9e04471ee54a38c07f07ea978eb159409eaa5c5aec7acdef5f09445da0cc26f78fe81e37f857eab9a903d4989cad44edf", 0x6c, 0x20000000, &(0x7f0000000100)={0x2, 0x4e22, @local}, 0x10) msgrcv(r0, 0x0, 0x0, 0x4, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:30 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001b80)={0x26, 'skcipher\x00', 0x0, 0x0, 'salsa20\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000028c0)="b7f2288a933d66593ae164c990a0028e", 0x10) r1 = accept$alg(r0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa) recvmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f0000002900)=""/4096, 0xffffffffffffff8f}], 0x1, &(0x7f0000001400)=""/123, 0x242}, 0x0) 03:39:30 executing program 0: setxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.nlink\x00', &(0x7f0000000080)={'U+', 0x800}, 0x28, 0x2) syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x7, 0x20200) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000015c0)={&(0x7f0000001580)='U+'}, 0x10) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) open_by_handle_at(0xffffffffffffff9c, &(0x7f00000003c0)=ANY=[@ANYBLOB="09000000010000000bab9eb161ec7f96fcac927ed29aeb875a62a02958e6c06798cd543d67dc7c68b6ee96aad800cbe649dd78342d531e3a94acb1962b023dce5c945be5793adfa8a72c853035ea22ae51d286277169d263ce5cad1c08770b0bee286d1ae825a764543070376365c2c3975530d55fa55e5786b9da90e48f65edb8c53444aa62adf9f1387d256d7ce4bc5399ecb758ee883ac1b90fb900f76b11fcce40ec4fc052b3788a2efd07dc6de6910070eedb585726d2c93ba1c9f314436158509e363ae2b0c2f69ba7ffbbb59bb98c0a1114e99274fa68e4d1be6c91bc7ce990e3136436fc7f187976740af857e51f93c03e398af1d6f2b44ef0777f3c09a85d666d99cb0a4a2830231cfe389ed68ec490ee8d70d55fb9a712248224041565a8fff7a153f7533219d71a912e0d84d71a7891219ae93300296e2963e53d37c3f7287a36f379ab47020d1ce43b1bd1812485737c25f1d69a1cd64fe8ef5cb47224c1244daa706c0a01076536f27c583da26327786ba9bf76b64b30ad79b8e22f70d269315cbb5609381ac0882afc0fc2d24a47f86c2481263b74f32ab6ffe28e0f7be0f363290b928a74"], 0x2ec3832e) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001600)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) openat$vicodec1(0xffffffffffffff9c, &(0x7f0000002f40)='/dev/video37\x00', 0x2, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000001880)='/dev/rtc0\x00', 0x0, 0x0) syz_open_dev$radio(&(0x7f00000018c0)='/dev/radio#\x00', 0x3, 0x2) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000001900)={0x7f, 0x4, 0x4, 0x40000, {0x77359400}, {0x4, 0xa, 0x80, 0x7, 0x0, 0x53, "d5fdce23"}, 0x20, 0x0, @fd=0xffffffffffffff9c, 0x4}) syz_open_procfs(0x0, &(0x7f0000001980)='net/fib_triestat\x00') getpgrp(0x0) stat(&(0x7f00000019c0)='./file0\x00', &(0x7f0000001a00)) getgroups(0x1, &(0x7f0000001a80)=[0xee01]) openat$ashmem(0xffffffffffffff9c, &(0x7f0000001ac0)='/dev/ashmem\x00', 0x40000, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001b00)='/dev/vga_arbiter\x00', 0x4000, 0x0) openat$vfio(0xffffffffffffff9c, &(0x7f0000001b40)='/dev/vfio/vfio\x00', 0x200, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) openat$vimc0(0xffffffffffffff9c, &(0x7f0000001d00)='/dev/video0\x00', 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000002100)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x2, &(0x7f00000020c0)='U+'}, 0x30) lstat(&(0x7f0000002140)='./file0\x00', &(0x7f0000002180)) fstat(0xffffffffffffff9c, &(0x7f0000002200)) fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f0000002280)) getresuid(&(0x7f00000022c0), &(0x7f0000002300), &(0x7f0000002340)) stat(&(0x7f0000002380)='./file0\x00', &(0x7f00000023c0)) openat$ashmem(0xffffffffffffff9c, &(0x7f0000002440)='/dev/ashmem\x00', 0x800, 0x0) pipe2(&(0x7f0000002480), 0x80000) inotify_init1(0x80000) 03:39:30 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0xe0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 808.319465][T13737] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 808.349782][T13737] CPU: 1 PID: 13737 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 808.358938][T13737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 808.369004][T13737] Call Trace: [ 808.372307][T13737] dump_stack+0x172/0x1f0 [ 808.376655][T13737] dump_header+0x10f/0xba6 [ 808.381091][T13737] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 808.386914][T13737] ? ___ratelimit+0x60/0x595 [ 808.391515][T13737] ? do_raw_spin_unlock+0x57/0x270 [ 808.396646][T13737] oom_kill_process.cold+0x10/0x15 [ 808.401769][T13737] out_of_memory+0x79a/0x1280 [ 808.406448][T13737] ? lock_downgrade+0x880/0x880 [ 808.411294][T13737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.417532][T13737] ? oom_killer_disable+0x280/0x280 [ 808.422709][T13737] ? find_held_lock+0x35/0x130 [ 808.427463][T13737] mem_cgroup_out_of_memory+0x1ca/0x230 [ 808.432989][T13737] ? memcg_event_wake+0x230/0x230 [ 808.438015][T13737] ? do_raw_spin_unlock+0x57/0x270 [ 808.443137][T13737] ? _raw_spin_unlock+0x2d/0x50 [ 808.448001][T13737] try_charge+0x118d/0x1790 [ 808.452508][T13737] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 808.458043][T13737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.464283][T13737] ? kasan_check_read+0x11/0x20 [ 808.469134][T13737] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 808.474681][T13737] mem_cgroup_try_charge+0x24d/0x5e0 [ 808.479968][T13737] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 808.485697][T13737] __handle_mm_fault+0x1e1f/0x3ec0 [ 808.490805][T13737] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 808.496351][T13737] ? find_held_lock+0x35/0x130 [ 808.501122][T13737] ? handle_mm_fault+0x322/0xb30 [ 808.506076][T13737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.512331][T13737] ? kasan_check_read+0x11/0x20 [ 808.517196][T13737] handle_mm_fault+0x43f/0xb30 [ 808.521970][T13737] __get_user_pages+0x7b6/0x1a40 [ 808.526925][T13737] ? follow_page_mask+0x19a0/0x19a0 [ 808.532122][T13737] ? perf_trace_lock+0xeb/0x510 [ 808.536967][T13737] ? __vma_adjust+0x1840/0x1840 [ 808.541811][T13737] ? lock_acquire+0x16f/0x3f0 [ 808.546478][T13737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 808.552702][T13737] populate_vma_page_range+0x20d/0x2a0 [ 808.558169][T13737] __mm_populate+0x204/0x380 [ 808.562746][T13737] ? populate_vma_page_range+0x2a0/0x2a0 [ 808.568399][T13737] __x64_sys_mlockall+0x35c/0x520 [ 808.573423][T13737] do_syscall_64+0x103/0x610 [ 808.578003][T13737] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 808.583875][T13737] RIP: 0033:0x457e29 [ 808.587752][T13737] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 808.607336][T13737] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 808.615730][T13737] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 808.623684][T13737] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 808.631636][T13737] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 808.639601][T13737] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 808.647574][T13737] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff 03:39:31 executing program 0: r0 = creat(&(0x7f0000000180)='./file0\x00', 0x400000100) setsockopt$TIPC_MCAST_BROADCAST(r0, 0x10f, 0x85) mkdir(&(0x7f0000000400)='./file1\x00', 0x4) r1 = inotify_init() r2 = inotify_add_watch(r1, &(0x7f0000000040)='./file0\x00', 0x20000003) inotify_rm_watch(r1, r2) rmdir(&(0x7f0000000080)='./file0\x00') openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/exec\x00', 0x2, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000140)={'U-', 0x2}, 0x28, 0x2) 03:39:31 executing program 5: r0 = socket$isdn_base(0x22, 0x3, 0x0) r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000280)='/dev/uhid\x00', 0x0, 0x0) prctl$PR_GET_FPEMU(0x9, &(0x7f00000000c0)) r2 = accept4$llc(0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x80800) r3 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video2\x00', 0x2, 0x0) ppoll(&(0x7f00000001c0)=[{r0, 0x2cccd190229a849e}, {r1, 0x40}, {r2}, {r3, 0x30}], 0x4, &(0x7f0000000200)={0x0, 0x989680}, &(0x7f0000000240)={0x10001}, 0x8) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x4) syz_open_dev$sndtimer(&(0x7f0000000100)='/dev/snd/timer\x00', 0x0, 0xc000) r5 = dup2(r4, r4) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r5, 0x400442c9, &(0x7f0000000080)={0xfffffffffffffe19, 0x0}) ioctl$VIDIOC_PREPARE_BUF(r5, 0xc058565d, &(0x7f0000000000)={0x9, 0xb, 0x4, 0x0, {}, {0x1, 0x8, 0x2, 0x7f, 0x9, 0x0, "47375ef7"}, 0x0, 0x4, @offset=0x2e46, 0x4}) 03:39:31 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0xe000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:31 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0xffffffffffffff75, 0x0, 0x1ffffffffffff) msgctl$IPC_RMID(r0, 0x0) r1 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000340), 0x4) preadv(r1, &(0x7f0000000680)=[{&(0x7f0000000380)=""/172, 0xac}, {&(0x7f0000000440)=""/221, 0xdd}, {&(0x7f0000000540)=""/26, 0x1a}, {&(0x7f0000000580)=""/47, 0x2f}, {&(0x7f00000005c0)=""/133, 0x85}], 0x5, 0x0) pipe2$9p(&(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) r3 = getuid() r4 = getgid() write$P9_RGETATTR(r2, &(0x7f0000000740)={0xa0, 0x19, 0x2, {0xb2, {0x12, 0x3, 0x6}, 0x8, r3, r4, 0x81, 0x6647, 0x5, 0x3, 0x800, 0x4, 0x5, 0xc3, 0x0, 0x0, 0x7, 0x4, 0x2, 0x4, 0x4}}, 0xa0) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x80000, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000240)={0xffffffffffffffff}, 0x106, 0x100b}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r5, &(0x7f00000002c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000040), r6}}, 0x18) ioctl$EVIOCSABS3F(r5, 0x401845ff, &(0x7f0000000300)={0x867e, 0xc2, 0x7, 0x5, 0x0, 0x3ff}) [ 808.671990][T13737] memory: usage 307200kB, limit 307200kB, failcnt 12443 [ 808.687707][T13737] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:39:31 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) r1 = dup2(r0, r0) setsockopt$nfc_llcp_NFC_LLCP_RW(r1, 0x118, 0x0, &(0x7f0000000040)=0x3b79, 0x4) ioctl$KVM_GET_LAPIC(r1, 0x8400ae8e, 0x0) [ 808.787752][T13737] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 808.800022][T13737] Memory cgroup stats for /syz3: cache:0KB rss:292800KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235472KB active_anon:44132KB inactive_file:0KB active_file:0KB unevictable:13296KB [ 808.855310][T13737] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13058,uid=0 [ 808.900022][T13737] Memory cgroup out of memory: Killed process 13058 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 808.955148][ T1042] oom_reaper: reaped process 13058 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 809.097920][T13737] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 809.111987][T13737] CPU: 0 PID: 13737 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 809.121146][T13737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 809.131228][T13737] Call Trace: [ 809.134512][T13737] dump_stack+0x172/0x1f0 [ 809.138827][T13737] dump_header+0x10f/0xba6 [ 809.143243][T13737] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 809.149037][T13737] ? ___ratelimit+0x60/0x595 [ 809.153612][T13737] ? do_raw_spin_unlock+0x57/0x270 [ 809.158707][T13737] oom_kill_process.cold+0x10/0x15 [ 809.163818][T13737] out_of_memory+0x79a/0x1280 [ 809.168490][T13737] ? lock_downgrade+0x880/0x880 [ 809.173322][T13737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.179561][T13737] ? oom_killer_disable+0x280/0x280 [ 809.184751][T13737] ? find_held_lock+0x35/0x130 [ 809.189520][T13737] mem_cgroup_out_of_memory+0x1ca/0x230 [ 809.195045][T13737] ? memcg_event_wake+0x230/0x230 [ 809.200071][T13737] ? do_raw_spin_unlock+0x57/0x270 [ 809.205180][T13737] ? _raw_spin_unlock+0x2d/0x50 [ 809.210025][T13737] try_charge+0x118d/0x1790 [ 809.214515][T13737] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 809.220042][T13737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.226277][T13737] ? kasan_check_read+0x11/0x20 [ 809.231121][T13737] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 809.236648][T13737] mem_cgroup_try_charge+0x24d/0x5e0 [ 809.241933][T13737] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 809.247577][T13737] wp_page_copy+0x408/0x1740 [ 809.252161][T13737] ? find_held_lock+0x35/0x130 [ 809.256918][T13737] ? pmd_pfn+0x1d0/0x1d0 [ 809.261164][T13737] ? lock_downgrade+0x880/0x880 [ 809.266043][T13737] ? swp_swapcount+0x540/0x540 [ 809.270801][T13737] ? kasan_check_read+0x11/0x20 [ 809.275635][T13737] ? do_raw_spin_unlock+0x57/0x270 [ 809.280725][T13737] do_wp_page+0x5d8/0x16c0 [ 809.285142][T13737] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 809.290507][T13737] __handle_mm_fault+0x22e8/0x3ec0 [ 809.295604][T13737] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 809.301127][T13737] ? find_held_lock+0x35/0x130 [ 809.305881][T13737] ? handle_mm_fault+0x322/0xb30 [ 809.310814][T13737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.317038][T13737] ? kasan_check_read+0x11/0x20 [ 809.321882][T13737] handle_mm_fault+0x43f/0xb30 [ 809.326648][T13737] __get_user_pages+0x7b6/0x1a40 [ 809.331635][T13737] ? follow_page_mask+0x19a0/0x19a0 [ 809.336815][T13737] ? perf_trace_lock+0xeb/0x510 [ 809.341647][T13737] ? __vma_adjust+0x1840/0x1840 [ 809.346521][T13737] ? lock_acquire+0x16f/0x3f0 [ 809.351190][T13737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.357430][T13737] populate_vma_page_range+0x20d/0x2a0 [ 809.362883][T13737] __mm_populate+0x204/0x380 [ 809.367464][T13737] ? populate_vma_page_range+0x2a0/0x2a0 [ 809.373080][T13737] __x64_sys_mlockall+0x35c/0x520 [ 809.378084][T13737] do_syscall_64+0x103/0x610 [ 809.382668][T13737] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 809.388549][T13737] RIP: 0033:0x457e29 [ 809.392432][T13737] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 809.412035][T13737] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 809.420440][T13737] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 809.428407][T13737] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 809.436360][T13737] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 809.444320][T13737] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 809.452287][T13737] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 809.464458][T13737] memory: usage 307192kB, limit 307200kB, failcnt 12476 [ 809.471441][T13737] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 809.478945][T13737] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 809.486893][T13737] Memory cgroup stats for /syz3: cache:0KB rss:292800KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:226496KB active_anon:44096KB inactive_file:0KB active_file:0KB unevictable:22224KB [ 809.509302][T13737] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13727,uid=0 [ 809.526032][T13737] Memory cgroup out of memory: Killed process 13727 (syz-executor.3) total-vm:72580kB, anon-rss:11956kB, file-rss:53544kB, shmem-rss:0kB [ 809.540422][ T1042] oom_reaper: reaped process 13727 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:32 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) read(r0, &(0x7f0000000000)=""/54, 0x36) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:32 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0xff03, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:32 executing program 5: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r1, &(0x7f0000000000)=@in6={0x21, 0x4, 0x2, 0x1c}, 0x24) listen(r1, 0x9) pipe2(0x0, 0x84000) ioctl$VIDIOC_S_FBUF(0xffffffffffffffff, 0x4030560b, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, &(0x7f0000000100)) setsockopt$inet_sctp_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, 0x0, 0x0) fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f00000000c0)) r2 = openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD(0xffffffffffffffff, 0x40045402, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000240)={0xffffffffffffffff}, 0x113, 0xb}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f00000002c0)={0x16, 0x98, 0xfa00, {&(0x7f0000000200), 0x2, r3, 0x0, 0x1, @ib={0x1b, 0x0, 0x1, {"77639b7c9e6849f7b6cc0b8b805be880"}, 0x0, 0x0, 0x9}}}, 0xa0) getsockopt$IP_VS_SO_GET_TIMEOUT(r2, 0x0, 0x486, &(0x7f0000000180), &(0x7f00000001c0)=0xc) listen(r1, 0x0) ioctl$sock_SIOCGSKNS(r2, 0x894c, &(0x7f0000000140)=0x7) 03:39:32 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x27f, 0x2, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = dup(0xffffffffffffffff) sendto$inet(r1, &(0x7f00000000c0)="00084dd502d6c45fb3e94011f5726c5490eda9cb19c41e50241f1231cd8c61c505c7f9948a490aef45a50045c7eb1f300ec6fa98c7d8f68ad341a2e2a225e82842fddf7b90f4f60fa1fbf9212120103acdcfa4d7d930f271ab805b3737d5b973a8d9d92a14e1df4d704fbe4bfa937c83a91d726de892cfcbc6f43f454364e2942aeb3c2877dc58515d71b93bb1daddb099cb3c5350920a8de03f18d7208cfde3f31571db16fdb248f2491b9a6ca5d2d9b025807e71b166e725ef1848d9205fb66b00271e63b5180672931fc618d80ff9912aeb08b5f1c1935bc96761fc7d612243b2bd2ddc640ab9cc2979c002d11911ea2b9a43821aee684e4ad8d7aa7734", 0xff, 0x4080, &(0x7f00000001c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet6_MCAST_LEAVE_GROUP(r1, 0x29, 0x2d, &(0x7f0000000000)={0x7fff, {{0xa, 0x4e24, 0x6, @dev={0xfe, 0x80, [], 0xb}, 0x8}}}, 0x88) msgctl$IPC_RMID(r0, 0x0) ioctl$VIDIOC_G_DV_TIMINGS(r1, 0xc0845658, &(0x7f0000000200)={0x0, @reserved}) 03:39:32 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0xffffff95}}, &(0x7f0000000480)='GPL\x04\x9c5\x14\xbfw-\xa0z\xe8.vY\n6\xf6I>\xc1\xab\x91\xb3\x97\xe4*\xbf\x1e\xa6\xcd\x8c\xd7t\'\xfc\x9a\x9e+qe\xf5+A\a\xbf\bP\xd8\x99\xe2R\xd0\x13\x17]\xdb\x1b/F <*\x05\xb7\"\xe3>Uo\xb2\xe3\xf3\xa8\x81\xf5\xc6\xc6Sd\x037\xec\x95aF\xbd\xbf\xcb\x11Pp\x19V1\xde]!\xa5\xea\x9ec\x8c+\xdbx\xa5\x01\xcaKn\xa3\x13\xd8%h\xf98,,?o\xab\xa6\xb4\xeeTy;N\xd2m\xae>R\"P)\xbb*\xc0\x00\x7fwuL?#\xce\xda\x98\t\xb9\xa9hJ\x94\n\xbc\xaa\x8c\xfc\xc7\x13>\xc4\"\xe9\xc88\x881\x8dA\xe9\xa4\x93\xf0\x19_\xe2Y\x96Q\xf3=\xa0\xfah\xd7g\xceQ6\xb9\xd0\xd1\x96lI\x9c\xb6\xbf4\xc2\x98\x86f\x97\x00\x00\x00\x00\xdd*N,kwk\xed\xef\x00\x00\x00\x00\x00\x00\x00\xe45 >\xd3\x9f\xc2\xc7\xe4x\b\xbd\xa4P\xde\xc1\x12\xd8.\xf9\xd8\xdai\x18\xab\xb8\xca\x97\xbbD\xeaR\x05O\x13O\x11\xc8\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00>f\x86V\xcd:\xfct\f\x1c0\a\x8d\xc2\x102 \x91x9\xdb\xcf\x82\xda\xe0C9R\xc4\x8f\xf4\xb1E\xe8_^\xf5c\xd4\x00\x13~)t\xfc\xec@\xb1x\x9b\xe70\x1aR\x95\xecl\x02\xce\x8a\xf5\xf6\xad\x8e\xacY\xd9\xb4\xaf\xa9\xebzW\x99\x04D\xba\xeb[\xa9[\xe4\"\xc6\"\xd7J\xc3\x9d\x19Fuf\'U\xea\xea\xa8-\x05~P\x0f\xf2\x93\xd5\n\xddc\xb9?\xe7\b\xe7\xcc\xd5\x9f+WZ\xf7%\xa6\xb1\xd6GF\xb6\x9d\x19\'\xd2\xb9\xfcyL\nO\r\x90\xc7\xf4y\x03\xf9a\",\xa0$w\xdeS\xb7,\xe7\xbc\xcbU\xd4\x87A\x8e\xe5gJ\xb3U&\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x3, 0xc3, &(0x7f0000000300)=""/195, 0x0, 0x0, [], 0x0, 0xf}, 0x18) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x101000, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000200)={{{@in6=@local, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@multicast1}}, &(0x7f0000000040)=0xe8) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000400)={@mcast2, @mcast2, @empty, 0x7fffffff, 0x1, 0x8, 0x500, 0x8, 0x800000, r1}) 03:39:32 executing program 4: sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x40000000000009) r0 = syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x4, 0x40) ioctl$KVM_GET_XSAVE(r0, 0x9000aea4, &(0x7f0000000440)) r1 = open(&(0x7f0000000400)='./file0\x00', 0x101000, 0x0) write$UHID_GET_REPORT_REPLY(r1, &(0x7f0000000100)={0xa, 0x4, 0x4, 0x7fffffff}, 0xffffff4b) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_buf(r1, 0x0, 0x3f, &(0x7f00000003c0)="f16740926a63cf2b20801fd3c4bffa0dfe46c2ab1f05", 0x16) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xa, &(0x7f0000000280)=ANY=[@ANYBLOB="bf1600000000000085100000050000001d00040000000000bf610000000000008510000002000000bf01000000000000001501000000000000b70000000000000095090000000000000086d74b70f92bf0c002be545e686e6d8721eeb9a8b30124ed8cdb3da282ac4cc30d9d20bbb045282bac578b5bf5825cab1afad2d26e7bb98a1bad7ee3ddab1570e3972ecddfb0d745ba0500ff5943339730a4d0a5f791d3b3a0f6e82ba961e3f94354dccc74c72a622248086fff1352204b0f3b0d27160f917f4a5412f53dfcf714857f90f9eb1feb09883bac219f0495b837582d0861f5ba355d9a9a31ca87653b265fd05c9bc3d456dd8e1bb6f48d68631a52682300000000000000000000000000"], &(0x7f0000000140)='q\be\x18&kw\xf5\xd9\xd0_\xe9G\xe22\xa2\xd7\x8e\x0eF\xdc{2\xf6\x7f=\xd5;u\\\xc6\x99\xb9\xb8\\\x01_\xa7Z\xd0\b\xc4\xc9\xaf\x88\xef!\xdb\x88:\\\xcb\x82\xe8\x1d\v/8l\xb3\x1et+\x92\xb4\xc7E\xe8\x93\xd1G\xd8K\xc550\x1a\xea\xeard\xaeqr\xa1E^\xf0\xdc\xc6\xca#\x0egT\xf4\x10\xe9\xf6dl\xf7\xf90_j\x85/\x80\r\xc5A\xd83\xf8i\x88X\nx\xaf`\a$\xe1Mt\tK\x8d\xc3\xd1\x17\x1eL\xd6\xc7\xb5\xed%\xf5/\x8d\xc7TO\x88\xcc\xa4\x8eI\xca\xf8N2\xcd\x97\x0e\xb1\xf5\x92S\fG)\x1a\xcew\xdaT\x8d\xd7k\xdf\x12 q\xc6\xff\x03L\x1f\x96\xbf\xbb!H\xbcf\x97\xab6\x94\x7f\xa4\x9c)\xea]\x8aCJ\xc1\xb0\xfbl\b\x82\r&,Y\xda7\a\x84\xb1\x19}\xeb\xe3\x9f\xa55'}, 0x48) 03:39:32 executing program 0: syz_emit_ethernet(0x230, &(0x7f0000007000)=ANY=[@ANYBLOB="aaaaaaaaaaaacf2bb43c40b80800000000000000000000000000000000000000000000000000", @ANYRES32=0x42424242, @ANYRES32=0x42424242, @ANYBLOB="5000000090780000"], 0x0) r0 = socket$inet(0x2, 0xa, 0xfffffffffffffffa) ioctl$void(r0, 0xc0045878) r1 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x2, 0x0) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00') r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x400200, 0x0) sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x802001}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x70, r2, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x1}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x4}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x6}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x3}, @NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0x1f}, @NBD_ATTR_SOCKETS={0xc, 0x7, [{0x8, 0x1, r3}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) [ 809.763104][T13788] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 809.782896][T13788] CPU: 1 PID: 13788 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 809.792041][T13788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 809.802095][T13788] Call Trace: [ 809.802117][T13788] dump_stack+0x172/0x1f0 [ 809.802140][T13788] dump_header+0x10f/0xba6 [ 809.802165][T13788] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 809.814188][T13788] ? ___ratelimit+0x60/0x595 [ 809.824566][T13788] ? do_raw_spin_unlock+0x57/0x270 [ 809.829689][T13788] oom_kill_process.cold+0x10/0x15 [ 809.834805][T13788] out_of_memory+0x79a/0x1280 [ 809.839490][T13788] ? lock_downgrade+0x880/0x880 [ 809.844343][T13788] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.850590][T13788] ? oom_killer_disable+0x280/0x280 [ 809.855791][T13788] ? find_held_lock+0x35/0x130 [ 809.860578][T13788] mem_cgroup_out_of_memory+0x1ca/0x230 [ 809.866134][T13788] ? memcg_event_wake+0x230/0x230 [ 809.871173][T13788] ? do_raw_spin_unlock+0x57/0x270 [ 809.876311][T13788] ? _raw_spin_unlock+0x2d/0x50 [ 809.881166][T13788] try_charge+0x118d/0x1790 [ 809.885682][T13788] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 809.891234][T13788] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.897482][T13788] ? kasan_check_read+0x11/0x20 [ 809.902339][T13788] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 809.907898][T13788] mem_cgroup_try_charge+0x24d/0x5e0 [ 809.913197][T13788] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 809.918851][T13788] __handle_mm_fault+0x1e1f/0x3ec0 [ 809.923976][T13788] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 809.929613][T13788] ? find_held_lock+0x35/0x130 [ 809.934378][T13788] ? handle_mm_fault+0x322/0xb30 [ 809.939330][T13788] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.945587][T13788] ? kasan_check_read+0x11/0x20 [ 809.950461][T13788] handle_mm_fault+0x43f/0xb30 [ 809.955231][T13788] __get_user_pages+0x7b6/0x1a40 [ 809.960187][T13788] ? follow_page_mask+0x19a0/0x19a0 [ 809.965397][T13788] ? perf_trace_lock+0xeb/0x510 [ 809.970248][T13788] ? __vma_adjust+0x1840/0x1840 [ 809.975090][T13788] ? lock_acquire+0x16f/0x3f0 [ 809.979757][T13788] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 809.985997][T13788] populate_vma_page_range+0x20d/0x2a0 [ 809.991469][T13788] __mm_populate+0x204/0x380 [ 809.996068][T13788] ? populate_vma_page_range+0x2a0/0x2a0 [ 810.001977][T13788] __x64_sys_mlockall+0x35c/0x520 [ 810.007427][T13788] do_syscall_64+0x103/0x610 [ 810.012030][T13788] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 810.017930][T13788] RIP: 0033:0x457e29 [ 810.021832][T13788] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 810.041430][T13788] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 810.041448][T13788] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 03:39:32 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x8, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1, 0x50}]}, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) 03:39:32 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x34000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:32 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x40000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:32 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x8000000004) getsockopt$sock_int(r1, 0x1, 0xaf9ffddf93278069, &(0x7f0000000040), &(0x7f00000000c0)=0x4) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f0000000080)=0x6, 0x4) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000140)="580000001400192340834b80043f679a10ff00804824ca945f640094000500289d5aaa000000000000008449bb06d383d537b300f0fffeff2c707f8f00ff200000000010000100090a000000000000000000000000000000", 0x58}], 0x1) 03:39:32 executing program 2: r0 = msgget(0xffffffffffffffff, 0x92) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 810.041457][T13788] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 810.041467][T13788] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 810.041477][T13788] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 810.041485][T13788] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 810.091812][T13803] syz-executor.0 uses obsolete (PF_INET,SOCK_PACKET) [ 810.101913][T13788] memory: usage 307200kB, limit 307200kB, failcnt 12490 [ 810.136442][T13788] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 810.190881][T13788] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 810.221806][T13788] Memory cgroup stats for /syz3: cache:0KB rss:292816KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235472KB active_anon:44132KB inactive_file:4KB active_file:0KB unevictable:13300KB [ 810.269616][T13788] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13105,uid=0 [ 810.293004][T13788] Memory cgroup out of memory: Killed process 13105 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 810.452301][T13788] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 810.462380][T13788] CPU: 1 PID: 13788 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 810.471473][T13788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 810.481517][T13788] Call Trace: [ 810.484806][T13788] dump_stack+0x172/0x1f0 [ 810.489125][T13788] dump_header+0x10f/0xba6 [ 810.493541][T13788] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 810.499393][T13788] ? ___ratelimit+0x60/0x595 [ 810.503979][T13788] ? do_raw_spin_unlock+0x57/0x270 [ 810.509121][T13788] oom_kill_process.cold+0x10/0x15 [ 810.514214][T13788] out_of_memory+0x79a/0x1280 [ 810.518878][T13788] ? lock_downgrade+0x880/0x880 [ 810.523721][T13788] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.529951][T13788] ? oom_killer_disable+0x280/0x280 [ 810.535126][T13788] ? find_held_lock+0x35/0x130 [ 810.539878][T13788] mem_cgroup_out_of_memory+0x1ca/0x230 [ 810.545404][T13788] ? memcg_event_wake+0x230/0x230 [ 810.550417][T13788] ? do_raw_spin_unlock+0x57/0x270 [ 810.555513][T13788] ? _raw_spin_unlock+0x2d/0x50 [ 810.560358][T13788] try_charge+0x118d/0x1790 [ 810.564863][T13788] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 810.570400][T13788] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.576640][T13788] ? kasan_check_read+0x11/0x20 [ 810.581473][T13788] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 810.587001][T13788] mem_cgroup_try_charge+0x24d/0x5e0 [ 810.592287][T13788] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 810.597912][T13788] do_huge_pmd_wp_page+0x99d/0x3660 [ 810.603088][T13788] ? munlock_vma_page+0x45d/0x700 [ 810.608100][T13788] ? __split_huge_pmd+0x2c00/0x2c00 [ 810.613289][T13788] ? __lock_acquire+0x55d/0x4710 [ 810.618215][T13788] ? putback_lru_page+0xd6/0x140 [ 810.623135][T13788] ? pmd_val+0x85/0x100 [ 810.627269][T13788] ? add_mm_counter_fast.part.0+0x40/0x40 [ 810.632966][T13788] ? perf_trace_lock+0xeb/0x510 [ 810.637801][T13788] __handle_mm_fault+0x1651/0x3ec0 [ 810.642892][T13788] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 810.648432][T13788] ? find_held_lock+0x35/0x130 [ 810.653174][T13788] ? handle_mm_fault+0x322/0xb30 [ 810.658099][T13788] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 810.664320][T13788] ? kasan_check_read+0x11/0x20 [ 810.669150][T13788] handle_mm_fault+0x43f/0xb30 [ 810.673911][T13788] __do_page_fault+0x5ef/0xda0 [ 810.678678][T13788] do_page_fault+0x71/0x581 [ 810.683178][T13788] page_fault+0x1e/0x30 [ 810.687313][T13788] RIP: 0010:__put_user_4+0x1c/0x30 [ 810.692403][T13788] Code: 1f 00 c3 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 1c 25 00 ee 01 00 48 8b 9b 18 14 00 00 48 83 eb 03 48 39 d9 73 3c 0f 1f 00 <89> 01 31 c0 0f 1f 00 c3 66 90 66 2e 0f 1f 84 00 00 00 00 00 65 48 [ 810.711982][T13788] RSP: 0018:ffff8880694a7e18 EFLAGS: 00010293 [ 810.718042][T13788] RAX: 0000000000000003 RBX: 00007fffffffeffd RCX: 0000000020000140 [ 810.726011][T13788] RDX: 00000000000003d1 RSI: ffffffff8198e363 RDI: 0000000000000286 [ 810.733967][T13788] RBP: ffff8880694a7ee0 R08: ffff8880697fe380 R09: 0000000000000001 [ 810.741916][T13788] R10: ffff8880697fec00 R11: ffffffff8a0699d8 R12: 0000000000000005 [ 810.749877][T13788] R13: 0000000000000003 R14: 0000000000000004 R15: 0000000000000000 [ 810.757857][T13788] ? __might_fault+0x1a3/0x1e0 [ 810.762609][T13788] ? __sys_socketpair+0x11f/0x5e0 [ 810.767615][T13788] ? __ia32_sys_socket+0xb0/0xb0 [ 810.772544][T13788] ? kasan_check_write+0x14/0x20 [ 810.777637][T13788] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 810.783088][T13788] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 810.788525][T13788] ? do_syscall_64+0x26/0x610 [ 810.793183][T13788] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 810.799232][T13788] ? do_syscall_64+0x26/0x610 [ 810.803904][T13788] __x64_sys_socketpair+0x97/0xf0 [ 810.808937][T13788] do_syscall_64+0x103/0x610 [ 810.813543][T13788] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 810.819412][T13788] RIP: 0033:0x457e29 [ 810.823289][T13788] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 810.842875][T13788] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 810.851782][T13788] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457e29 [ 810.859739][T13788] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 810.867691][T13788] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 810.875646][T13788] R10: 0000000020000140 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 810.883673][T13788] R13: 00000000004c6411 R14: 00000000004db758 R15: 00000000ffffffff [ 810.892100][ C0] net_ratelimit: 8 callbacks suppressed [ 810.892107][T13788] memory: usage 307200kB, limit 307200kB, failcnt 12526 [ 810.892112][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 810.892181][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 810.897658][T13788] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 810.897669][T13788] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 810.897677][T13788] Memory cgroup stats for /syz3: cache:0KB rss:291728KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:217380KB active_anon:44096KB inactive_file:0KB active_file:0KB unevictable:30376KB [ 810.954111][T13788] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13787,uid=0 [ 810.969537][T13788] Memory cgroup out of memory: Killed process 13787 (syz-executor.3) total-vm:72580kB, anon-rss:17872kB, file-rss:53540kB, shmem-rss:0kB [ 810.984137][ T1042] oom_reaper: reaped process 13787 (syz-executor.3), now anon-rss:17884kB, file-rss:54308kB, shmem-rss:0kB 03:39:33 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x80000) ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000000)={0x5, 0x1, 0x8}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syslog(0xd, &(0x7f0000000200)=""/84, 0x54) mmap(&(0x7f0000aba000/0x3000)=nil, 0x3000, 0x5, 0x6011, 0xffffffffffffffff, 0xd) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000040)={{{@in6=@empty, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4={[], [], @multicast2}}, 0x0, @in6=@mcast2}}, &(0x7f0000000180)=0xe8) setsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f00000001c0)={r2, @loopback, @dev={0xac, 0x14, 0x14, 0x15}}, 0xc) 03:39:33 executing program 0: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000d0fff5)='/dev/audio\x00', 0x42801, 0x0) r1 = memfd_create(&(0x7f0000000300)='\vemI\xc1\x8dO\xc0\xa3\\\xe2\xcb\xa2\xba\xcb\xf4\x97\xac#*\xff\xc0\xd0\xe7\x99y\x05\f\xb9\x15R8\xce1\xb3\xd6\xcf\xbf\xaa\x88\xcb\xf0\x1cw61\x9f\xc2\x85+\x87 \\\xde\xde\x0f0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f000002eff0)={0x32b, &(0x7f0000000000)=[{}]}, 0x10) ioctl$FIBMAP(r2, 0x1, &(0x7f0000000080)=0xc8d) r4 = dup2(r0, r0) ioctl$EVIOCSABS2F(r0, 0x401845ef, &(0x7f00000000c0)={0x6911, 0x6f09, 0x10001, 0x8, 0x800, 0x3}) close(r4) 03:39:33 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup2(r0, r0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000240)=0x0) write$FUSE_LK(r1, &(0x7f0000000280)={0x28, 0x0, 0x6, {{0x8000, 0x7, 0x2, r2}}}, 0x28) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r3 = creat(&(0x7f0000000100)='./file0\x00', 0x80) ioctl$PPPIOCSFLAGS1(r3, 0x40047459, &(0x7f0000000200)=0x20) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='overlay\x00', 0x0, &(0x7f0000000080)={[{@nfs_export_off='nfs_export=off'}, {@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 03:39:33 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") ioctl$UFFDIO_UNREGISTER(0xffffffffffffffff, 0x8010aa01, &(0x7f00000000c0)={&(0x7f0000002000/0x400000)=nil, 0x400000}) ioctl(r0, 0xffffffffffffffbd, &(0x7f00000000c0)) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x400, 0x0) ioctl$VIDIOC_ENUMOUTPUT(r2, 0xc0485630, &(0x7f0000000040)={0x2, "ae246bedb192d90dcfe029d654ae813f25792282e0aa4cf4812b3917474116c2", 0x2, 0x8, 0xe580000, 0x8000, 0xa}) 03:39:33 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x400300, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:33 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgctl$IPC_RMID(r0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:33 executing program 2: r0 = msgget(0x2, 0x2) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:33 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x1000000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:33 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000980)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000480)='/dev/full\x00', 0x80000, 0x0) r3 = getpgrp(0x0) sendmsg$nl_generic(r2, &(0x7f0000000540)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000500)={&(0x7f00000009c0)={0x103c, 0x36, 0x10, 0x70bd28, 0x25dfdbfb, {0x2}, [@nested={0x14, 0x73, [@typed={0x8, 0x83, @fd=r1}, @typed={0x8, 0x6f, @pid=r3}]}, @nested={0x1014, 0x79, [@generic="fef1c17ea46c1bead33f30544be3aa", @generic="1eed463e1f8ddc554e12fb382a70d38d4aaa6e9c4e815d7cc12cbd50cbc116a0eef84119c2a82832cecd2a6f685cf5eebab46a898b777a3419033794bad887aa025bc926dc6bf75c2974ef2024ad23c64e6bbabe531417c967937afddabfcf9e4b38e8fb950c281972de51de4157c9518b9ea80636536645a8577f058b96234ef46a5d22dc87fa4bf1e4542fac65db442028de4b7a4155c1420c684ffdec46455f17e06a4cea27437ebce386051e0663b313b98ba6d86afa2d9c51f468f97447a5a4b044b75de8d33fad0334e4ce17796d5df2fc40e42c2614e888767b7810a10746b77b501a43c0f05416b14d13fb5730eaba8cd8c256826811ef51df7c037f1dfa95ebad31ac74363829ea62bde8ac52fbfa5a052b2c3cfc7192e6129fafb0fa110a895faf69f7bfff6895a33964849120398828c794556b7f074398d70cfae6be20b5bf5302aca1f566ffcaf5b90510f32af2d64be2fe039c830cbd8a01e88a200ab244e707e5c7e9f2404c5ab6b353218880b1db7d2e3b702ff342d9be54f4fae04cad9a60c0701ad10bd2f7d4f25229630aec16c2a79a029cb543981e42296242f31c8985ff664527d78412adf6f2b823a783fdaed582a08c61d5250fdb802d5fa12e2a47d02e62e54104c476ff84337f33e221aaa89e6ad9e4c734b6257555c52ff8a19e6e2af81c9e2548748c05d42b58abddccf518f6fd4c372723671e2f90f6076f0798eca1bdc65b391e738ea1b97ce0e1919acf3c140f6b07701e93f76f2942712f7c791373bc50238734a513968015717c5220bfbaa3832c892568ca497a9f85b683c2ddb4375396c9cd798a2a3b9f92933300edd810b2f7e4d7f256314a80b3a03111fed5ad7c90184c92f9bd5834a264c8118539bd0163faa4ac953b4b29da0d4bfb66df974f37c878085f846cc327ce7ac4a8ae8ce459a1d74d1c4f4075e472eb1c8a23c063665e6caee32095083353ec93e042029654b0f82edab3b8b4ac1621b4d47eceb89f779a79293495f59570ef27ad6770d728136b69e2565cbadc6d9c8df29a864aa379d74d54a03f704d63e07a92481a8a6b8dd4a4e53e7743d3204bb1fc7c036a3e8ad77ad7bb37cf716935343d9526c0cf80c4173ee571d9c8b5d148d371f8dd8280de7c85f4af0e6f9843640189ee3460c58f7b5c8fe79b58316ca7377107b67e84b90f2356213cf6071f94b22f93b35616e6c80f76d76d4c07c96c2ad73bcd9aa336d2edb13775adef9da2a3e5e84d2b40125d9d831d089e9923c87a1bddf765e78cc4e51d6412be2f79cb02aa786f5c32ae36281443bfc6d3706f2aa779829d5fb1ca780f268b58e376889f96e04b644fe98db896657d0f191bd585208f5c4d08041ab75b659431da5291e3c7c1a776f36c955a75e1305555e10af9b83a67ab1b6694cdec43727d84079f29a8dd1e68e5a2399047bdc8f64dc926a269cd2c38627f8cc88dc274f1a9a3eb3e5d52287a1a0b05d979e96116419797197f9aeb37ce05f89771c8928371543b22b8392d94a8f63342b4ec51acddc23c81a0af37a9edca63a7b53bc5674e4a63a583a92edae5a2e8a0195d91448ff3c052798accd2caa487818b57b9ffe7d605803943423eb9362e4116f3a9a42968b01560350cd460e526f41d988e84f0b9e3831d9e09808b50560e60bdeac941f2568039fd0f382aac396064b4d653f9d45d473a5a7066745108fcc28fd92c89f4745d4d137064b0e2e24a11cb07e1d82aa00f4322f257f1b4995602853fa17dd6b8717b17f970effbcb19c63908fecf1a89b8859d9309826882e40d6227e569a091c2ea0c447cd593865a264ff01be2e1a968a40021dd31915a3f81416f8b135d776a0c15f19f159334396f6e7ed2056945ff8a57c2fea237e84ef42ca4ff1ffe47d6a802dca66bf54ad381253ab48d5854859b2a1ac57d91afa21ef90fe5b20046dfa8eee8b9b15f7aa3d7e9cffa79c43156783a5a4d96e2e36df2641f6ed130aa777916c6c31c35bc22f1256341e88d6a3a049495d163dc42b6dcb8f1c0f197f0548bd41d8d3a9a73ad309cb4f1e9d6a58513ec54261ef2bbb038d200dd1c66fe358208f4149d473eb933383cc9c92b9859469a3fb0770e7f66671969a005a1a5bbec3a88dae3b69ab7ba15446f1a49d863eaea732b1e2624df5d86ffdb6e3e443131083af2ba4ce1910a98ba0a5bf14028a236719366634c1dc0a35f0a37b866caf8004d29e24b48b6a515734adea4403e2cb48ce40baaeda91b9fc3d4b40f63fd39f202dd643705d59167aa2907be28efb3c76bc249a58592904a1b877db3fabe52c8637c4509593c6593ebb8889e3ea432d06802c4b739f38d39ff119210deb1f0637128528e7a543584e891c20d5263b1a6ab6eb94f78700f42d14004240e0ae93c3d829bc783f8f2a1203f0a543c74febaae0330223a8d0ac1e143e5a9281f10e0be1ecaa6734707f1d1e8b422e63778c546ad4bcb8955addddd65317a41f88f526fa0969e039dfef69e595ae924c35af6ba132a39c5fa74a4df866271c91261fa229dd85886899333d9f9b0cc867e8ba26eaf44c249a321e4c543ffd04f8d3b139b217648ad5de8c7853735d7c7aaedea573fde7ca14a3ce5b6f1209716bb5625257be0d6c4b4e3249e92ee3dc8e89acdfb8546e71b1237b94d13c9998113fcf8444156cf00abe28165fe69271c9ebf74a5940d9f49da7ed41ffe15ff094bba24707d95f8f0a9620c0b057bd7106908b36214603adc6e81da84089009e3fb658d4c16630423f99649f75f9958a9aa350401ba144b6aa2f10186d33f5134e562e6736063abc61276dabc5a071700a1596a2d5500ad1365ac275fa3185f99604e3f8863e307ee7a7a101fc5f39cb4468c2423d37cd854df55f0b68ff14a3eaf977784f5ae9ee6f5972896c85c08f7ddffb520418f9408be5b9411f65fae01098780b60bf6827c7cdc5dad8e6f972a96287bc31230f5ae157651678ad8da93b4e475c53bf678335c608054d13af9fa01a5c95043a204b6213be3ff0dd1326ffaf1d5c0b6d2277926abf1c3a9050ac123496d8caaa4a2ecc04f418c9cb6cff1149f0c9e87e05656efeff11efda3563e350046087c2883a20c4825e1bf15ded5495c0b90c64c650f6ed52c038bc7b9f997c3d15095bce997b443b1d174129417fc72988046c46d88cf35dcb90f717ef567b6cbe938179c9e544b76ec4f6be5c8f004cb937fe37a0249ea95b822b06bc24a06f9ad42b35b78fdbd4c5123ea02a69e82caa7bf9a00d04680762fc0e42ebf3c69467bb417e92cf1b7786c7c72852707bdbdd3eae703db0fb02d7cc61846e67acece2d01d780d8295ab9c3df08b08fb9e8971b59b03392ad0b15abc174fc9dedaa9f89ef75bb73a7003f07b742040b5bfbc867299b288e4a5515dcb0d957b1fa9c5f8404781bcb9a0a7034c3795597fd36e48f02f35200d587d479c1747e7adefff74c7c0382a193d4a6e23f95b912945a25c2e953ed388630e6b8cffdddc770175790d7ad67784627223fcd2548ccf58f0713a665bc957936a9af3a9c2e33d670172d8ee60e4806a455dacf0f7acaaf8b26497e3108450160577b67267b4fd1a367e0f4bac0e984246e9d492c946728d853101147d7550e47b4abeb7c94acdca28385bc0b05a3c24807496f1219142223dda7de5fdefba3cc73d3739472268172ea12d498fb6888370fd09525b2a634b957311108c6fb5239797fb67bbdf71cde0c6a98320512e89dc1a49d0cb2ac35652e94378e5cb10bd0960763bf39e10a111b09f6bda4e7e9de670b3c5edb60387a536b7b87f598a7f7b8ffa45aa3ebc078faf7bff7a2677626ef5f519b07335e54c43243f536de011429771d3890bbb85eab6964ee090e736930f489026cd8b846d70e63fe268e2338ebcc45d8e66c15631cb2b749527ce4bbc246660a8e43d2e30e9f0ee53dfd38f8c3537d264db0cbf693a37102d4148e2641169045fcc5abdc342d2c5ac92ebfb028fa6502262b2af928e9ccfade8c98c01929be7f93901f7523ca4a2993d4d99e0216bbee0780caed0c15be7bfe324719b8c23e595c622b4c066af64f9b45531df0328100e7fdad2e669ae46d80c4b89f8a9d69b9225c79e786cc0598034c935ecd8289cbccee157ce0e3ac21bb4d68843c137ae8e7419ec8e506f1f999b497175b2d238344552e06a85442fc5f1ef361ba970854ea5cd4579354a8f38a4f738bd1b1d34e39f5defeddb4a7ff68dedf411be0ba2144ecb680c5d4058d7c53648845e0cde1b4677517cbdc877ec9c199946cae459a70e4a3faf21ea50a492704b93483bae5846d42c92f8ba29086d0d1deda02e83738e20af0b97df65e3a5a4575df11146e0c6ddc026c0bdb93d21055e2f0f520adce1cbb310ccf4f889057c2417053c5ecb36a0136a3b2b058729a792e79d12535b9b70bf1368a46c7c0ff939e941fe9b9a82d06922cfb24b6381f69c2ba395e15670fd5013e77e1bbc28f0b6d4a7619fd66fefffd6d42d70a3bc5949aa73d94a2e0ee11f323bf438b1d5e1adc57b0a7ec0f68b489dbb99fec6221eba7e8f052d52a790f8638b95d08f7b1586ce07112c54c073be0c12c86ad0672ed35306fbd86fa6e5b0c92154203b074ae75497ea0f3034efdd289bc92a9756632cc93823fa841ece2c88246637c1771b851931109e986305c9ef1b2164771c04ef319861fc218e3c106fc7280d96f87e4fa56f73b78f2f040b65a1e6b006daec3756969148146c4b3b311cf0a0222f64840ae36cd061ae47fd7e3c418a10575138588d65d5430854d10d6b197ed55aa923c81f6f773e685ae9e94a88d1adc4f26d5b52564e57e53093ac05955eee4f7d091bc203c84419108feea0b72c0475a4f249709f5ad8e857422c8b76c6bde156396b1622c9c22aadc1d08e13a41be6477d29e9509044f3ab5baf3d1093a31b53edbd969f039d2d8a776201c27ddccb050e2094a2b3522c6efc1adc7c48afa99d1bbb8b93b8a7410eb3bf03f37fd5119f8eb89c3678735a217e2d97ab62b5d0d7d8df9b70683fe70f38a1cc542c29a0ad373e89b65f3455a87f0f299a5a097e54c20a4edd458b8f6e19fbaa372e9b84ec900db10197f64a970068a5face754d2360956374ac8e8bbdc7e8f984ed4c3bb8bb5eff3d03eebbdde71f689ce61c9092e470943bce2c1724f7d9b79421dbe27896d3f6a2e2f56f175681c8a07c87421c405e7c99371525a5676469ced28ff3ad9c087dccd0aa1fcc315cd399402180a9cbf785df6a8178fbc17d57810de065843dc68d798e6532d9b13a84fa9fa4151020cf1884eb23155cde2b51888425a9a77f915387f5749a8d9e6ed02d8e96dd81d9b592348913421c45c0384d1004f8f3478f94c5b1b7886040efb33ca545b6bf64f9b30af76f0e92bf29c7867184d48b4657d4c8c30fd0df62b4479ce3a74f277b3e5fb61b2fb813a491c7947ab13851a7c8f6273cfc7130374b5fda7225d67c4127f7c041cce627cfac21d09224d869eca8c95e08bb4cb845fc5f31466467c0d1ec6f8dc576e485bd0240cd0402118fd48ce2805d5c582784cf01c52b1a5a322df647ae3212097a7d086878a747638972e6ffb4bda36050e6746519e0f1f487a87f655e3e7ee20d4a7dae5db99772b8f2496d6b1262e65a092c86c6666889894c5d3604a7f6b02cc2fbb3669854a6727b731566dcc053b908d3b0b066c3a2a2c341951bdc0e952a7c3f160c22043bcfcb4a44ed0d616a8448c136ff0b015b325e5db26e97dc554a40cf0357488b8"]}]}, 0x103c}, 0x1, 0x0, 0x0, 0x4004000}, 0x40) recvfrom$unix(r1, &(0x7f0000000140)=""/83, 0x53, 0x40012040, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x5, 0x1, 0x30}]}, &(0x7f0000000100)='GPL\x00'}, 0x48) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x100, 0x0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e21, @local}}}, &(0x7f00000003c0)=0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, &(0x7f0000000400)={r6, 0x0, 0x6}, &(0x7f0000000440)=0x8) r7 = openat$cgroup_ro(r4, &(0x7f0000000000)='memory.current\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000240)={[0x2, 0x7fff, 0x2, 0x9, 0xfac, 0x6d, 0x5, 0x5, 0x4ca, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x400, 0x0, 0xe1, 0x20, 0x7], 0xf000, 0x1}) accept4$packet(r7, &(0x7f00000005c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000600)=0x14, 0x0) connect$packet(r2, &(0x7f0000000640)={0x11, 0x1f, r8, 0x1, 0x9, 0x6, @random="b1f5394e6ac9"}, 0x14) 03:39:33 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg(r0, &(0x7f0000013000)={&(0x7f0000013fe4)=@in6={0xa, 0x4e23, 0x0, @loopback}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="2800000000000000290000000000e10021020240cb933d15fe800000000000009f00000000000000"], 0x28}, 0x0) [ 811.264601][T13841] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 811.301227][T13841] CPU: 1 PID: 13841 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 811.310379][T13841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 811.320450][T13841] Call Trace: [ 811.323757][T13841] dump_stack+0x172/0x1f0 [ 811.328088][T13841] dump_header+0x10f/0xba6 [ 811.332511][T13841] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 811.338308][T13841] ? ___ratelimit+0x60/0x595 [ 811.342890][T13841] ? do_raw_spin_unlock+0x57/0x270 [ 811.347992][T13841] oom_kill_process.cold+0x10/0x15 [ 811.353088][T13841] out_of_memory+0x79a/0x1280 [ 811.357751][T13841] ? lock_downgrade+0x880/0x880 [ 811.362587][T13841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.368820][T13841] ? oom_killer_disable+0x280/0x280 [ 811.374000][T13841] ? find_held_lock+0x35/0x130 [ 811.378757][T13841] mem_cgroup_out_of_memory+0x1ca/0x230 [ 811.384286][T13841] ? memcg_event_wake+0x230/0x230 [ 811.389302][T13841] ? do_raw_spin_unlock+0x57/0x270 [ 811.394397][T13841] ? _raw_spin_unlock+0x2d/0x50 [ 811.399233][T13841] try_charge+0x118d/0x1790 [ 811.403728][T13841] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 811.409262][T13841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.415487][T13841] ? kasan_check_read+0x11/0x20 [ 811.420326][T13841] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 811.425859][T13841] mem_cgroup_try_charge+0x24d/0x5e0 [ 811.431132][T13841] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 811.436764][T13841] __handle_mm_fault+0x1e1f/0x3ec0 [ 811.441864][T13841] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 811.447398][T13841] ? find_held_lock+0x35/0x130 [ 811.452144][T13841] ? handle_mm_fault+0x322/0xb30 [ 811.457077][T13841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.463302][T13841] ? kasan_check_read+0x11/0x20 [ 811.468137][T13841] handle_mm_fault+0x43f/0xb30 [ 811.472888][T13841] __get_user_pages+0x7b6/0x1a40 [ 811.477814][T13841] ? follow_page_mask+0x19a0/0x19a0 [ 811.482994][T13841] ? perf_trace_lock+0xeb/0x510 [ 811.487828][T13841] ? __vma_adjust+0x1840/0x1840 [ 811.492681][T13841] ? lock_acquire+0x16f/0x3f0 [ 811.497341][T13841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 811.503573][T13841] populate_vma_page_range+0x20d/0x2a0 [ 811.509028][T13841] __mm_populate+0x204/0x380 [ 811.513613][T13841] ? populate_vma_page_range+0x2a0/0x2a0 [ 811.519259][T13841] __x64_sys_mlockall+0x35c/0x520 [ 811.524273][T13841] do_syscall_64+0x103/0x610 [ 811.528853][T13841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 811.534725][T13841] RIP: 0033:0x457e29 [ 811.538610][T13841] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 811.558195][T13841] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 811.566586][T13841] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 811.574547][T13841] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 811.582512][T13841] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 811.590469][T13841] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 811.598422][T13841] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 811.606926][ C1] protocol 88fb is buggy, dev hsr_slave_0 03:39:34 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x2, 0x2000) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0xc0000, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f0000000100)={0x8, 0xbf, 0x8201, 0x10000, 0x200, 0x200, 0x3, 0x7e5, 0x0}, &(0x7f0000000140)=0x20) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000002c0)=ANY=[@ANYRES32=r2, @ANYBLOB="c10000000b05f51735281fc8fc20a11c16716228595fcabbb638d256e0a35d5ad60f94fc366bf334f8d2e7a9ac27ba89652283a605e638c2c4b697d74b6bfc03ec20a32af42eecf61ba9fe71ed44ebb530d25cc561a3f5c4a16bf9cfbb9f2b39c6583104fd831ad7e865980bdc5a14f494663419e853fcae547b7b3fa235a061d833d5df4548ce63519a1a82d394458e94a957caca4c45dc7e319bcf4e77cd5c6e334c671a594806b0efe39a4f328bf538a15d7f4a9ccabcadc0b2844f5e8fb807fba130f488c7c99afd5c43d47fce74f7c020d1f522f34b1b0c827e47ba1ba126ca5f4328c172b4946d4e1f79e1c959e653eb"], &(0x7f0000000280)=0xc9) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x101002, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000040)={0x2, 0x0, [{0x80000019, 0x1, 0x1, 0x689, 0x3c1d, 0x728d9201, 0x7}, {0x0, 0xc60b, 0x2, 0x0, 0xfd, 0x950afd, 0xce}]}) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) [ 811.612133][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 811.612743][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 811.618457][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 811.629945][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 811.635753][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 811.641995][T13841] memory: usage 307200kB, limit 307200kB, failcnt 13135 [ 811.649153][T13841] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 811.656976][T13841] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 811.676335][T13841] Memory cgroup stats for /syz3: cache:0KB rss:292844KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:233416KB active_anon:44140KB inactive_file:0KB active_file:0KB unevictable:15352KB 03:39:34 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x2000000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 811.740157][T13841] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13199,uid=0 [ 811.766251][T13841] Memory cgroup out of memory: Killed process 13199 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 811.835963][ T1042] oom_reaper: reaped process 13199 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 812.075589][T13841] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 812.085596][T13841] CPU: 1 PID: 13841 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 812.094690][T13841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.104736][T13841] Call Trace: [ 812.108011][T13841] dump_stack+0x172/0x1f0 [ 812.112331][T13841] dump_header+0x10f/0xba6 [ 812.117004][T13841] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 812.122890][T13841] ? ___ratelimit+0x60/0x595 [ 812.127461][T13841] ? do_raw_spin_unlock+0x57/0x270 [ 812.132585][T13841] oom_kill_process.cold+0x10/0x15 [ 812.137681][T13841] out_of_memory+0x79a/0x1280 [ 812.142338][T13841] ? lock_downgrade+0x880/0x880 [ 812.147167][T13841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.153404][T13841] ? oom_killer_disable+0x280/0x280 [ 812.158607][T13841] ? find_held_lock+0x35/0x130 [ 812.163358][T13841] mem_cgroup_out_of_memory+0x1ca/0x230 [ 812.168883][T13841] ? memcg_event_wake+0x230/0x230 [ 812.173893][T13841] ? do_raw_spin_unlock+0x57/0x270 [ 812.178988][T13841] ? _raw_spin_unlock+0x2d/0x50 [ 812.183824][T13841] try_charge+0x118d/0x1790 [ 812.188316][T13841] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 812.193850][T13841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.200074][T13841] ? kasan_check_read+0x11/0x20 [ 812.204933][T13841] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 812.210463][T13841] mem_cgroup_try_charge+0x24d/0x5e0 [ 812.215738][T13841] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 812.221353][T13841] wp_page_copy+0x408/0x1740 [ 812.225933][T13841] ? find_held_lock+0x35/0x130 [ 812.230709][T13841] ? pmd_pfn+0x1d0/0x1d0 [ 812.234940][T13841] ? lock_downgrade+0x880/0x880 [ 812.239782][T13841] ? swp_swapcount+0x540/0x540 [ 812.244548][T13841] ? kasan_check_read+0x11/0x20 [ 812.249378][T13841] ? do_raw_spin_unlock+0x57/0x270 [ 812.254469][T13841] do_wp_page+0x5d8/0x16c0 [ 812.258871][T13841] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 812.264229][T13841] __handle_mm_fault+0x22e8/0x3ec0 [ 812.269324][T13841] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 812.274847][T13841] ? find_held_lock+0x35/0x130 [ 812.279599][T13841] ? handle_mm_fault+0x322/0xb30 [ 812.284534][T13841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.290765][T13841] ? kasan_check_read+0x11/0x20 [ 812.295610][T13841] handle_mm_fault+0x43f/0xb30 [ 812.300354][T13841] __get_user_pages+0x7b6/0x1a40 [ 812.305278][T13841] ? follow_page_mask+0x19a0/0x19a0 [ 812.310453][T13841] ? perf_trace_lock+0xeb/0x510 [ 812.315286][T13841] ? __vma_adjust+0x1840/0x1840 [ 812.320288][T13841] ? lock_acquire+0x16f/0x3f0 [ 812.324956][T13841] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.331188][T13841] populate_vma_page_range+0x20d/0x2a0 [ 812.336629][T13841] __mm_populate+0x204/0x380 [ 812.341203][T13841] ? populate_vma_page_range+0x2a0/0x2a0 [ 812.346822][T13841] __x64_sys_mlockall+0x35c/0x520 [ 812.351917][T13841] do_syscall_64+0x103/0x610 [ 812.356492][T13841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 812.362364][T13841] RIP: 0033:0x457e29 [ 812.366241][T13841] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 812.385832][T13841] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 812.394231][T13841] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 812.402182][T13841] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 812.410141][T13841] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 812.418099][T13841] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 812.426051][T13841] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 812.434390][T13841] memory: usage 307200kB, limit 307200kB, failcnt 13177 [ 812.441819][T13841] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 812.450821][T13841] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 812.457746][T13841] Memory cgroup stats for /syz3: cache:0KB rss:292668KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218288KB active_anon:44112KB inactive_file:0KB active_file:0KB unevictable:30400KB [ 812.480272][T13841] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13840,uid=0 [ 812.496104][T13841] Memory cgroup out of memory: Killed process 13840 (syz-executor.3) total-vm:72580kB, anon-rss:18104kB, file-rss:53544kB, shmem-rss:0kB [ 812.510952][ T1042] oom_reaper: reaped process 13840 (syz-executor.3), now anon-rss:18124kB, file-rss:54312kB, shmem-rss:0kB 03:39:35 executing program 3: mlockall(0x1) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x10000, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000080)=0x8, &(0x7f00000000c0)=0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000040)={0xa, 0x1, 0x3, 0x401, 'syz0\x00', 0x5}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) readahead(r0, 0x0, 0x84) 03:39:35 executing program 4: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0xd, 0x401) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000040)={0xa3, 0x0, 0x0, 0x400}) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000080)={0x1, {{0xa, 0x4e23, 0x101, @empty, 0x470bf96a}}, {{0xa, 0x4e21, 0x7f, @local, 0x200}}}, 0x108) ioctl$ASHMEM_GET_PROT_MASK(r0, 0x7706, &(0x7f00000001c0)) 03:39:35 executing program 5: ioctl$KVM_ASSIGN_SET_MSIX_NR(0xffffffffffffffff, 0x4008ae73, 0x0) perf_event_open(&(0x7f0000aaa000)={0x2000000000000002, 0x70, 0x28, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x8080, 0x0) read$alg(r0, &(0x7f0000000080)=""/126, 0x7e) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000300)=[@in6={0xa, 0x0, 0x0, @rand_addr="680c826ff67407054ca139c8b891c93c", 0x3d}, @in={0x2, 0x4e22, @multicast2}], 0x2c) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0xae44, 0x6) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='/group.sta\x9f\xd4t\x00+\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0Wm\x1d\x0e\xbf\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1f', 0x2761, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xfffffffffffffd9f, &(0x7f0000000100), 0x0, &(0x7f0000001580), 0x32e5e6b7fa964ed4}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000000)) fsetxattr$security_ima(r1, &(0x7f0000000100)='security.ima\x00', 0x0, 0x0, 0x0) ioctl$PIO_FONTRESET(0xffffffffffffffff, 0x4b6d, 0x0) 03:39:35 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000040)=ANY=[@ANYBLOB="03008100000009050100"], 0xa) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:35 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0xe0000000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:35 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0xd, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="180000080000000000000000000000eb2848d00000000000950000000000000025f694a5945fe4e7be75fad8ad087b9156a06740f67769169414c18af9f6498fdeeea3e2d9416b3328848c33190ea8af7c1901000000000000001dbff8dcd017206fbb706760210c4580f0882fd1bec0f92d457c937f22f10e8d896eac70ff6fb26281abf5c6ece9c797adaaea89127aec4eeb4a532e202eff639fc848e10c"], &(0x7f0000000240)='GPL\x00', 0x2, 0x2e6, &(0x7f00001a7f05)=""/251}, 0x48) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2f) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x8, 0x0, 0x15, r0}) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000200)='/dev/cachefiles\x00', 0x20000, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000580)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x28, r2, 0x400, 0x70bd2b, 0x25dfdbff, {{}, 0x0, 0xb, 0x0, {0xc, 0x14, 'syz1\x00'}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x8081}, 0x4) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000500)='/dev/sequencer\x00', 0x9ffc, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000680)={{{@in=@remote, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@empty}}, &(0x7f0000000780)=0xfffffffffffffe79) ioctl$TUNSETOWNER(r3, 0x400454cc, r4) r5 = syz_open_dev$vivid(&(0x7f0000000040)='/dev/video#\x00', 0x2, 0x2) fcntl$setflags(r5, 0x2, 0x1) r6 = socket$nl_crypto(0x10, 0x3, 0x15) setsockopt$netlink_NETLINK_RX_RING(r6, 0x10e, 0x6, &(0x7f0000000000)={0x100000000, 0x2, 0x2}, 0x10) getsockopt$IP6T_SO_GET_ENTRIES(r3, 0x29, 0x41, &(0x7f00000003c0)={'raw\x00', 0xb2, "e881ab4974f501c7dbbbc4d9b9e95e26e1a5367b6fc3e054ead2afb7748ade57024d782240d71b324ae723294ab2ac8d26df2a0d60bfb256e14d1097543a31c5699174eaeafe8ab96b33367676e088a7dadf6c1d4bf13358aa7ce799747ea60423cad8028f0567926b78fd79db14ddc87f0229e066f4659eb84369fb302308f3a3c36462e1f2c96ece5188f8d0c7ea0e6108b181fdebfc516e3e27478865d97b09cc06902958fe5c91d221377886a49f2292"}, &(0x7f00000004c0)=0xd6) ptrace$cont(0x1f, r0, 0x0, 0x0) syz_open_dev$vivid(&(0x7f0000000080)='/dev/video#\x00', 0x0, 0x2) [ 812.646565][T13883] vhci_hcd: invalid port number 0 [ 812.665267][T13883] vhci_hcd: invalid port number 0 03:39:35 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f3188b070") openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x2800, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) getsockopt$sock_int(r1, 0x1, 0x13, &(0x7f000059dffc), &(0x7f0000d8cffc)=0x4) 03:39:35 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0xeffdffff, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:35 executing program 0: socketpair(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x5, 0x7, 0x4, 0x101}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r2, 0x0, 0x0}, 0x18) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8946, &(0x7f0000000180)='lo\x00\x96o\xd6Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f00000000c0)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x67, 0x2, 0x1, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]}) 03:39:35 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) r2 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3, 0x11, r3, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r3) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x20400200) [ 812.734931][T13888] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 812.801899][T13888] CPU: 1 PID: 13888 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 812.811056][T13888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 812.821119][T13888] Call Trace: [ 812.824426][T13888] dump_stack+0x172/0x1f0 [ 812.828768][T13888] dump_header+0x10f/0xba6 [ 812.833195][T13888] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 812.839009][T13888] ? ___ratelimit+0x60/0x595 [ 812.843600][T13888] ? do_raw_spin_unlock+0x57/0x270 [ 812.848716][T13888] oom_kill_process.cold+0x10/0x15 [ 812.854344][T13888] out_of_memory+0x79a/0x1280 [ 812.859019][T13888] ? lock_downgrade+0x880/0x880 [ 812.863881][T13888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.870131][T13888] ? oom_killer_disable+0x280/0x280 [ 812.875329][T13888] ? find_held_lock+0x35/0x130 [ 812.880122][T13888] mem_cgroup_out_of_memory+0x1ca/0x230 [ 812.885674][T13888] ? memcg_event_wake+0x230/0x230 [ 812.890716][T13888] ? do_raw_spin_unlock+0x57/0x270 [ 812.895835][T13888] ? _raw_spin_unlock+0x2d/0x50 [ 812.900697][T13888] try_charge+0x118d/0x1790 [ 812.905209][T13888] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 812.910756][T13888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.917005][T13888] ? kasan_check_read+0x11/0x20 [ 812.921879][T13888] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 812.927425][T13888] mem_cgroup_try_charge+0x24d/0x5e0 [ 812.932723][T13888] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 812.938370][T13888] __handle_mm_fault+0x1e1f/0x3ec0 [ 812.943501][T13888] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 812.949058][T13888] ? find_held_lock+0x35/0x130 [ 812.953829][T13888] ? handle_mm_fault+0x322/0xb30 [ 812.958779][T13888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 812.965022][T13888] ? kasan_check_read+0x11/0x20 [ 812.969885][T13888] handle_mm_fault+0x43f/0xb30 [ 812.974659][T13888] __get_user_pages+0x7b6/0x1a40 [ 812.979622][T13888] ? follow_page_mask+0x19a0/0x19a0 [ 812.984837][T13888] ? perf_trace_lock+0xeb/0x510 [ 812.989686][T13888] ? __vma_adjust+0x1840/0x1840 [ 812.994549][T13888] ? lock_acquire+0x16f/0x3f0 [ 812.999236][T13888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.005495][T13888] populate_vma_page_range+0x20d/0x2a0 [ 813.010954][T13888] __mm_populate+0x204/0x380 [ 813.015531][T13888] ? populate_vma_page_range+0x2a0/0x2a0 [ 813.021153][T13888] __x64_sys_mlockall+0x35c/0x520 [ 813.026160][T13888] do_syscall_64+0x103/0x610 [ 813.030751][T13888] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 813.036640][T13888] RIP: 0033:0x457e29 [ 813.040518][T13888] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 813.060098][T13888] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 813.068492][T13888] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 813.076441][T13888] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 813.084392][T13888] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 813.092340][T13888] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 03:39:35 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0xff030000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:35 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0xfffffdef, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 813.100289][T13888] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 813.112042][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 813.117852][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 813.156011][T13888] memory: usage 307200kB, limit 307200kB, failcnt 13213 [ 813.163651][T13888] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 813.176444][T13888] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 813.183740][T13888] Memory cgroup stats for /syz3: cache:0KB rss:292756KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235460KB active_anon:44144KB inactive_file:0KB active_file:0KB unevictable:13296KB [ 813.206484][T13888] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13251,uid=0 [ 813.222571][T13888] Memory cgroup out of memory: Killed process 13251 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 813.382101][T13888] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 813.392125][T13888] CPU: 0 PID: 13888 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 813.401236][T13888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 813.411316][T13888] Call Trace: [ 813.414608][T13888] dump_stack+0x172/0x1f0 [ 813.418952][T13888] dump_header+0x10f/0xba6 [ 813.423376][T13888] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 813.429166][T13888] ? ___ratelimit+0x60/0x595 [ 813.433752][T13888] ? do_raw_spin_unlock+0x57/0x270 [ 813.438864][T13888] oom_kill_process.cold+0x10/0x15 [ 813.443961][T13888] out_of_memory+0x79a/0x1280 [ 813.448623][T13888] ? lock_downgrade+0x880/0x880 [ 813.453471][T13888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.459708][T13888] ? oom_killer_disable+0x280/0x280 [ 813.464886][T13888] ? find_held_lock+0x35/0x130 [ 813.469640][T13888] mem_cgroup_out_of_memory+0x1ca/0x230 [ 813.475178][T13888] ? memcg_event_wake+0x230/0x230 [ 813.480204][T13888] ? do_raw_spin_unlock+0x57/0x270 [ 813.485306][T13888] ? _raw_spin_unlock+0x2d/0x50 [ 813.490141][T13888] try_charge+0x118d/0x1790 [ 813.494645][T13888] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 813.500186][T13888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.506409][T13888] ? kasan_check_read+0x11/0x20 [ 813.511247][T13888] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 813.516790][T13888] mem_cgroup_try_charge+0x24d/0x5e0 [ 813.522071][T13888] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 813.527685][T13888] wp_page_copy+0x408/0x1740 [ 813.532265][T13888] ? find_held_lock+0x35/0x130 [ 813.537040][T13888] ? pmd_pfn+0x1d0/0x1d0 [ 813.541271][T13888] ? lock_downgrade+0x880/0x880 [ 813.546099][T13888] ? swp_swapcount+0x540/0x540 [ 813.550846][T13888] ? kasan_check_read+0x11/0x20 [ 813.555689][T13888] ? do_raw_spin_unlock+0x57/0x270 [ 813.560800][T13888] do_wp_page+0x5d8/0x16c0 [ 813.565213][T13888] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 813.570572][T13888] __handle_mm_fault+0x22e8/0x3ec0 [ 813.575680][T13888] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 813.581213][T13888] ? find_held_lock+0x35/0x130 [ 813.585983][T13888] ? handle_mm_fault+0x322/0xb30 [ 813.590914][T13888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.597149][T13888] ? kasan_check_read+0x11/0x20 [ 813.601998][T13888] handle_mm_fault+0x43f/0xb30 [ 813.606747][T13888] __get_user_pages+0x7b6/0x1a40 [ 813.611670][T13888] ? follow_page_mask+0x19a0/0x19a0 [ 813.616856][T13888] ? perf_trace_lock+0xeb/0x510 [ 813.621721][T13888] ? __vma_adjust+0x1840/0x1840 [ 813.626567][T13888] ? lock_acquire+0x16f/0x3f0 [ 813.631228][T13888] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 813.637471][T13888] populate_vma_page_range+0x20d/0x2a0 [ 813.642946][T13888] __mm_populate+0x204/0x380 [ 813.647534][T13888] ? populate_vma_page_range+0x2a0/0x2a0 [ 813.653182][T13888] __x64_sys_mlockall+0x35c/0x520 [ 813.658215][T13888] do_syscall_64+0x103/0x610 [ 813.662805][T13888] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 813.668688][T13888] RIP: 0033:0x457e29 [ 813.672584][T13888] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 813.692190][T13888] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 813.700598][T13888] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 813.708552][T13888] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 813.716510][T13888] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 813.724504][T13888] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 813.732463][T13888] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 813.742511][T13888] memory: usage 307200kB, limit 307200kB, failcnt 13232 [ 813.749458][T13888] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 813.756993][T13888] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 813.763880][T13888] Memory cgroup stats for /syz3: cache:0KB rss:292720KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:228540KB active_anon:44100KB inactive_file:0KB active_file:0KB unevictable:20176KB [ 813.786032][T13888] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13886,uid=0 [ 813.801454][T13888] Memory cgroup out of memory: Killed process 13886 (syz-executor.3) total-vm:72580kB, anon-rss:11956kB, file-rss:53544kB, shmem-rss:0kB [ 813.815876][ T1042] oom_reaper: reaped process 13886 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:36 executing program 2: msgrcv(0x0, 0x0, 0xffffffffffffff0b, 0x0, 0x2000) r0 = msgget$private(0x0, 0x4) msgrcv(r0, 0x0, 0x0, 0xfffffffffffffffc, 0x1000) msgctl$IPC_RMID(0x0, 0x0) 03:39:36 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x4000000000000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:36 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$VIDIOC_DBG_G_REGISTER(r0, 0xc0385650, &(0x7f0000000040)={{0x4, @addr=0x3}, 0x8, 0x10000, 0x9}) ioctl$NBD_CLEAR_QUE(r0, 0xab05) readlink(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=""/253, 0xfd) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000001c0)={0x0, 0xffffffff}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000240)={r1, @in6={{0xa, 0x4e22, 0x3f, @remote, 0x5}}}, 0x84) ioctl$NBD_DISCONNECT(r0, 0xab08) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) write$binfmt_elf64(r0, &(0x7f0000000300)={{0x7f, 0x45, 0x4c, 0x46, 0xce06, 0xffffffff, 0x7, 0xfe8, 0x10000, 0x3, 0x3, 0x4, 0x211, 0x40, 0x356, 0x3, 0x7fc0, 0x38, 0x2, 0x3, 0x5, 0x6}, [{0x4, 0xfffffffffffffffd, 0x80, 0x40, 0x7, 0x5, 0x5, 0x8}, {0x0, 0x3, 0x7, 0x6, 0x3, 0xff, 0x400, 0x3}], "6ce22006c902aa80b897c37d618c84439ebc6d03910429af26f6727a7882f9e5f955bdd770af72c93a024d139d4955eaeae55fa6509b76e15e98cd39c0d7aba9e9e8cda6af44941f7d01da473779930750255bb89e77bebe14116524eb472b1b4f112c80d7cbdc9d6236023280942bf5d14f775c2106b8a5d00e8b9ffdb522b341f633a743951c1634e85b3fdad2cf47724cebb127529191511688659738dff87d816e06d1eff817dc80f070f651111efedf58dbccdffdf9415a1c0353b2bb511859f9355d9e04b863430d7a2e388fb31d634985832a210d2c31fd50867e26c546c38edd1394cc82fda04be5e86c0373c6eb7d56a350ef38f96a06dc67f1471a0da1aeb889e38ba12fa84562181c4ec2d662afcc78df9a65bb8576aceed81009aac5adc5886b9a95ce6de1cce60a31a5a3720511b32fb9ed81d85bd2a2d8c6d95e90ce9c41b934bf7739fccade8584db730e64bfb8dbc2fa1c90d1f2e18f19c5bae984286bd7bd2b89b4a97c01854e4d807c04f5582b8637e752097385dc78a9c20c26155a275073aa8acd396a3faaa4e22f620e4031ef15fdd85b707100302b345d99da77159fb7e915f91d0fb49cf4d38e1a129be6eb559e05357d0cc1cb6239ca2e3d5cf92967e5bdc459bcbb1fe4ea0a18b8adaaee70db430fa25e4431f71029aa966fae4185d1a66bcc4ee867a10fda7190062db54556d23ad6086e4b88af0d74d9805fbfc9a156d137bd0b623685ece0fcb3be304bfbd22b3e4b84119f76fa06752233e8a100a93bd642a9c38a8fd9c858e1e6fe195f1395725dcf0ba332b6d5871446634d47907802d053541a7905809efe046c7fb49b393ff090abf0bd93152ec1625c7a91df0d327f65d2b88227ec152d9586e422fb2e21fffb6a47a23d5375a5caf4c0393565a6bddac6638f21b377b0d009af0c77c48d1016e9948dafd51152d5506c16d72093ea040781518f15375136d4b3c94e39e5643ad0ec05000ff1dd77844d8ba037b51137b69cb2b1275043149ffa76705cc20ede6f61db1eb15b4dc9c122583783e9752e8ca444fcdad1e90040939b5a0c03042de0e4237ee0427fff4591c546433028198d4a6708e841b97d580024bd5925e9785d7a8f7f223d9ab777948e094d5a76da382e03bf7f8aa0444015d2fdf9c255686f0a4e1eb6dbedae69fbb9aaf97edf6142d28eaf0d79d8047e5cb74e6de0f4176e62bc27bd098189a69c28fafe525b3f5381536d608e0d5cc71800088cfc0b8f6f7d7e2fec7580c72a555103c8152c30a10eb9a74e06a45eb775999508087f83b324f35dbef430e59081e80842a21394f25ca3f16f8dec14cf6dfde7c9012204c9c26ad5b8810e0e625d6773ca3b6ab38850680af5671d64ae6b9f9414bc928ae179a9d9c681789487498543a9c701b98351913d2cf28c3cdebefbb4a7f4e9a559c001ddd652e788b829a895781bb8a121b4733e907b296a54e397fbc44ff1f37cc6159645443ae3e53dbee91716e0095d4885a837cfe7882852d79dacab9ea7d24857ad56ef38e2ca12bc3ec947abbc0a7ee4c0afbc09a3f3bfcef38102ec2beaf2df03898dd897ce20b389852aeb564df34f9c2371c8b2d4a16e533849d76ddec97c59e283c1f6fdc8c13cdecea6cf1aff564787ce5c7fe08968e77626e437d3d3c48f2f634c07acff061297d85cd49e2d2a73fcbcf99c64451c22483333bf85b0f0b82031f0488e614d0a1a4867f5bc4bea57ebe51795f384599695ca36d4fb2a8ebb7f9b321224e7a0043bd19758ed709a5d507752814494c149d1baddeb4d1001664e7fc7dda9f4951c4791f8f127ab5017142788bc3b8178e27add56888d27b4822f6ef2adb7e084cfb1d587a8902f783ce78958d9dd5bad1aab25f44f6b386737038599a9aa81895b8621d92a4b1644327f3fef7975656cc841ce758ba12dfdc5032ebc4e35b9061223a91b797652fac845420b3098f2de0cae6fa249d1dd7371d9be29404662abbcadaf240f9be189fbe382c8020cd0c5bafe333615d9681d0c22757dc57a9a3461655687270a6282d2080867cb63634d73f28befca365a55e77d7e459f398c401a74a4728640d81d50472e8db8608f69d90725d8d6733b7bd7cd6cad42ea448821abc1fad8e2b5d2dcc223f9ea88be7da80cbb554b7de1ce5851815ce2022c9d03ece44ecf47f10270f43b93964ba6dc5f1d6a95c2b3918008982336ea19a3f5431de590ded8f631a9ea4dd2a0185775988c4360682139083ebd5f1de023629f57e2addf78a1fc76932a90c27867a635314f70c733eb4df31b8467c7a8a21efbe4e4f96f963f146b8d402c991031ccb5ca61159c98408be83f0d7f25f06e56dbf5238e7900925685aa41c14651931e0057684c56f758f38edfeb1c649215c80f8f02a9f04194be28cdc92c187185488db56351817219e9660b60e09f35eb17edd39ddee13dbe85f7795846301a41a7e079644c11504fbd31ffd308258a8022cb47a8adf5f2d5c98203a529eb8ecc532bfe478ff8ceaba74402400e2ba6e98ed01480688ff478a754cb154b1ec1281f4fe5361fa3d47f38aa23a1e58422f798b1f6a88560520e9de96ceeb0b8296f72398a0d54ba8b0966b2b1441c5ff788b95cb06a239b4ed9bc9659b50fe06274e5ac7011bf982c88a263c412f16e6b6dfdc27dc34861eede3b6407420c23032a1b0076c23b82fdbdf4979bfc33da51f0b59b669fe9be2cc7b8c7cfc96559034c1c71861b17dee439f98e892fda6af1d31d7987794276a20d9d260e1edb95daf88291505e7735916e91832bfc857a4e2b8b5bb15e7fcaf7c414b2ab4e6b113827ca239b424027b31a31f7d1378287777dec648e28895bad32d8b915829b0b315b46ddc97bdfc3cf5bf3d5a57823ef652800b59154cfb702302d794d0aa7da8f093702c29f7033c64fce8fd24a5aea574d683ac48aa9a6e4ac9d88f1512e9de5b16171b91c815bd38e8974b6d89cf2a36ef794e44b072c9d40dc4374d53e07e7b50662696cbf6e192fa815e8da12f2e38e11e99854608fe01d8b135700a688b912495de0e7590a14805f43fc2a79f73da61f5e1e5c521a5af4ef9d82e8ced3f3a8654e27a90051e066d0f7842fe7467d66eb735333fa907fe1af8db81af152d297084ec9f7407661ef00b8aa75e68338f8f367764acd0e75a5da1fc4589596ab1ae055bcc7fb180b83ad53bf2b745c7f8f03bf4629bb41b90aa0dc38927dd31a957d44ccdb7e80b3a0c1b8a432e72e20fa6ad5df736b20578d84c09fd1919474aeb6b619e2d641d1ec9639da2daaddc6a6f60a9fa081adf24c4647e8197a752cff2ee19f109bfaf5a1de9c5cf976b91d077ca81a671274319c108c1adfc32abef69af6dc7444d6d84485de838300e4f075851ae2d1fbb3e7c084742a33f8d31a03def720b7f8350f18c7aeb43c84c88052c440056547ac19b269cb32ade3a367b0dfa96b7316de23c1a6a0e29e48c65cac0416b84b454e2b9dfd29ad940f49bb63125c8513cb2619214474a0a9885dbfcf5a851211592f549c5408fbb798e9ae54f86a29b1cdcbcc693d751bf732e78661b646f5a68528e0c34a7d1d258577a89b0189da5e07a07bb298290b12fd6ea7370e04be0f51218e50c6cfd67fc8c126a28cbb3357a9fd8ee811b0bd244bdfbf0009671598adce06e59f4287453fe20590ca924de0c835c82343177e6aa0f2f21963bd09296b492cce5bf31ff804a81563e44624f92ae1cf2472b5053dcf2952beab2b4bac2c470606bed2e92b5d8fee287747ba5305c202b55057be851e4f21823da281c95edce1aca1b800e3d9697ae1c37d5d87c11a3aa22720a4ce9f86115e44c4f573a0b31f00051a7521a62f7b620e6e8277ba5e7ed4b2e503bf86f3d8cd4caab0e6a2ac44a4349b744632426f092c3a6d6b1c6db0b4e0503374afd590cdb217c67bcb28bfbb07bf5eeacb2590ecb0deeff6f8668eb0bacfac046c02dd930f55bdd4ee87812a3f5043fd65cf06af86d7fcfe85b3118f087144bd0300b91909020601651ea36907d50953baf7fa9f56c62f10b1b851b3395e6dfca2be72084f11bc0922813f68ff7baafc3ebb87705d309888aa1fe9ee86ff26062624a37f39c4ba901a816f54e5128796d243d80875c40e21eefd349d3f990093082335e53217e83c01f70e49fc387039fa4a4e5064ddb21dc3547ec049fdb2779df770f78adee46ffbf2b74a2f410067f95d7cac552139394a78f8a4df889d760697a5017df13f7e2ba11f0248dd18fb93a0f6b6c46d62a91bb1c40c53e9d8f90fb394334932a0b4173520198013fd1617168570771e8add59efe9665cea5ea6b028d295036829344423038bd96863bc4d2765efef946889fb07a8c59fe0facc5a259f603598e9552eda5065970428dda7b155b18432b4d3cd3188e0de23cd3b3a4158b1e64c6cb539917c9c305684f2734a5a73922a6fc4a99d34d7920b8ea86be5f296751b3feaaa386fb0bd5d7feec74cc72f3b6d1c648da86a8004a336d2769244e2708a5dbbf0f4e2d3dfc7df40760db4ff777ff8b071c91b51607ba2112bed63b20d6e061e66f022d9b468f5b71fb25b553eaed70e51ca172a00357fcf914b1c27d8a0cd6580507eb777c8b4fb05f4bf1d49374445402d576f590662364ab42334584636c086fd5e66c553ccb262899458b1a7b961cf51d8473a24e29d9c2975ca356d922a9079efef81d10b04d52c8be00385e0e493c2f7b571dc27e9af25f4b29aa07b0b3540acdd6114262d0eca2ecc9ba20305c3de8e31b6cb78d8b3377e07c84bad7ffb8ded90a03c0e9861ca2e088fd542641bc742376bdc5af0f451de69c94fff5e4b2bc87428d508f4787195796d711ac49ebcc77822021a82ef8066d032416e8283301271560df6f1c971319aa89f9b0e7342a71b324cc381ffe915031034881b32b0321bcd0b78e0ccb25dc1e2a6f6b03d50dea9d9da6e1cdcc2319519f83ef190c01ffd3c87cc5213695491ece6c2bb62b5eebd50785cbc1e3adaf1353174463d4f7654a7ca3f5d81990487110b64fa1404bda76377ca6aa9d3801f369516b454879b08893a8cdbfa19d5caeb6ea6dca2891ecf781e47119b7b2e08d243040b85b2c5409289d8ba8aa6dcb91ffc4a96bdfa4cffc6390d35e0a3fe78fe3b571b3be3f80f45b4e190ee39a8f6265328076ee5f3497afee3bfc033603171b90a87881e531b9fcf98a8175a41cefd32d8fa66f4f0685422a2631918d1ca1156c7499fee215f7c4be0c1344432ea02e6143bb40b10f09524493033222217e71554d4a0f0ded871b63f37cb595da72e80f832b86687c4265cb3e3c6bf48d2dd2290a1e8ad019c0759c83568a3f26c02365dcb9afa4124a0735942e4574bc41b49a1b3af4488ce852fb9d3cad33a52712ee2e50f59a1d7cf4adc6b4be44b12f5172acbea37de720f592fea1c0528bfcd0ea4687f6bb19c3d080a1e271640ae6bb8d4272d214095982c1a4d065a98774016884439dc221f47f5c0236faddb350056bdd0941b60125393eb70bf75fbaf1fb89d276c132b323427517eb96303dd63b97db8805ed4741b8503b8eb4b1463b7519d9e4a80d4c4f8c7b848ce0c0ddb6f793d0e3a13d1517c7b50b12e47e46d6d155c8a272e20d82af52393f9b34cfb35b06510c9a19bb02da3bcabfb612bb2ed297a6f9ce2274ab4cca63488a9c226f72ddf435d80dbb09a2f502c545b39b644f7e72f5db026239e21dbb7b6cf7324ae71b8e0fcac6c9831966523b315f2f464b65815f55760ba1b", [[], [], [], [], []]}, 0x15b0) openat$misdntimer(0xffffffffffffff9c, &(0x7f00000018c0)='/dev/mISDNtimer\x00', 0x0, 0x0) mknodat(r0, &(0x7f0000001900)='./file0\x00', 0x1014, 0x5) write$binfmt_elf32(r2, &(0x7f0000001940)={{0x7f, 0x45, 0x4c, 0x46, 0xdb, 0x8, 0x66cc, 0x9, 0x4, 0x2, 0x0, 0x7ff, 0x35e, 0x38, 0x4d, 0x666, 0xfffffffffffffffa, 0x20, 0x2, 0x1, 0x3f, 0x1}, [{0x60000000, 0x0, 0x4, 0xffff, 0xc7db, 0x0, 0x1f}, {0x7, 0x2, 0x1ff, 0x460, 0x6ad, 0x7ff, 0x8001, 0x3}], "2fd33c93694426254a0d0b40861d7e10a36f7ee30ffce9ba760ac3ad6ceb0c9d01bc7bc79845d62dd90ab88bf805d32fd2715a807c111a8705cb7e2b017b1d069bcb972bf169667b8350498db1151d65e81115b4deae9fbb9d7815d89a2e69c209617c4c3f75d440c37636e0237b65ea64c1c7c8b30cc232bdfb8b9a6c1f35880015c6f29e2708862b046a2f3b09b3c4d31db909199a6cff6240e89eec5d5fa459bd77df2b62d83d99a82031c3418335c679adb09df9cc9194fd2fff9700732f085c0ff4f1f0c9dfc6839589a3166999662b76fb70a650dbde9c46eb9cab9a52728dde8a3f75d07f", [[], [], [], []]}, 0x560) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000001f00)={0x0, {0x2, 0x4e21, @local}, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x29}}, {0x2, 0x4e22, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x7ff, &(0x7f0000001ec0)='irlan0\x00', 0x3, 0x3, 0xffff}) ioctl$KVM_ARM_SET_DEVICE_ADDR(r0, 0x4010aeab, &(0x7f0000001f80)={0x100000001, 0x7001}) write$cgroup_subtree(r0, &(0x7f0000001fc0)={[{0x2b, 'cpu'}, {0x0, 'io'}, {0x2d, 'memory'}]}, 0x11) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000002000)=0x3f, 0x4) write$binfmt_elf32(r0, &(0x7f0000002040)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0x7, 0x9, 0x100, 0x8, 0x0, 0x3f, 0x2, 0xd1, 0x38, 0x2f, 0x5, 0x101, 0x20, 0x2, 0x9, 0x7, 0x81}, [{0x5, 0x172f, 0x6, 0x3, 0x0, 0x60234ef3, 0x2, 0x1}, {0x6474e557, 0x1, 0x56e, 0x810f, 0x33, 0x3, 0x7fffffff, 0x7}], "6ca12af05b5442ee700c3d5790010588f1a4e4471ea4df7e6cba334ede44c932f89d6cdb06f6051f8d0ef413b488b717daf3373213d51dd29e94994e5af0fad66b86a1dc5e8508a772ec2bcbbbbd966972deb083edfcc9546797ce2cbc9de0e1e59bbd70675fe6d68242d35d05c752aaabae915f2dee919f1be8d938e3461a4eb42f6f037432d876c3508688a57ee7686ad27c260671725522d228cc47db4b304ed0af44ae570a3be7ce7b08a840d374c985d60b8415f3fbb00495c5e4c615c9d03153de804f78b9ec51bb8b5b0f7012b9ad4bdd8e42a5abaf9dc309b3f696f949200c3712bc8dfb0c3d", [[], [], [], []]}, 0x562) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000002600)={&(0x7f00000025c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9}) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000002640)='/dev/dlm-control\x00', 0x4800, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r3, 0x84, 0x65, &(0x7f0000002680)=[@in={0x2, 0x4e20, @broadcast}, @in={0x2, 0x4e23, @broadcast}, @in6={0xa, 0x4e21, 0x3, @rand_addr="789463fe391fa454c0f7ded7fdfeaab0", 0x12}, @in={0x2, 0x4e24, @multicast2}, @in={0x2, 0x1, @broadcast}, @in6={0xa, 0x4e23, 0x7fff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0xffff}, @in6={0xa, 0x4e21, 0xfffffffffffffe01, @rand_addr="991b84fa6cc8701c54fa8ac6f57f7a94", 0x100000001}], 0x94) getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000002740)={{{@in=@empty, @in=@initdev}}, {{@in6=@initdev}, 0x0, @in6=@mcast1}}, &(0x7f0000002840)=0xe8) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000002880)={0x8, 0x81, 0x6, 0x7fff}) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f00000028c0)=0xa000, 0x4) r4 = accept4$x25(r0, &(0x7f0000002900), &(0x7f0000002940)=0x12, 0x80000) fremovexattr(r2, &(0x7f0000002980)=@known='system.sockprotoname\x00') prctl$PR_CAP_AMBIENT(0x2f, 0x4, 0x7) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000002a00)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000029c0)={0xffffffffffffffff}, 0x0, 0xb}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000002a40)={0x7, 0x8, 0xfa00, {r5, 0xb0}}, 0x10) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000002a80)=[0x20, 0x3]) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f0000002ac0)=[@in6={0xa, 0x4e20, 0x101, @mcast1, 0x4}], 0x1c) 03:39:36 executing program 3: mlockall(0x1) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x800) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000100)={0x40000000, 0x105, "37441c7372d32b98775e4b883566a29e43848ac9c49182df76d8ada1da1c8528", 0x93, 0xffffffffffffff00, 0xffe0000000000000, 0x0, 0x7, 0x3, 0x3, 0x1, [0x8000, 0x81, 0x400, 0x564]}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x8, 0x10000) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r1, 0x84, 0x7, &(0x7f0000000040)={0x4}, 0x4) socketpair$unix(0x1, 0x100000000000005, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x10000000000, 0x6031, 0xffffffffffffffff, 0x6) 03:39:36 executing program 5: r0 = memfd_create(&(0x7f0000000200)='/dev/snd/seq\x00', 0x104000000000) r1 = syz_open_dev$sndseq(&(0x7f0000000280)='/dev/snd/seq\x00', 0x0, 0x20005) r2 = dup2(r1, r0) setsockopt$IPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x41, &(0x7f0000000080)={'raw\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000037000)={0x0, 0x0, 0x0, '\x9e\xdez\x8cZ\xe9^H\x00\x00\x00\x00\x00\x00\x00\x7fO\x13\xee\xabe\xc02)\x01\xdck\xd3l\xde,Q\xf0\x1b\x7f\v\x01O\x9f\x91\xee\xb7\xc3|r@\xf4v\xc8\xd7S\xd0\x00\xaa\x05\x00\x00\x00t\xdb\xcf\xa6\xdcM'}) write$sndseq(r1, &(0x7f000000a000)=[{0x0, 0x100000001, 0x0, 0x0, @time={0x77359400}, {}, {}, @addr}], 0x30) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000000)={0x800000000016, @tick=0xfdfdffff}) 03:39:36 executing program 4: setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000b86000)={0x0, &(0x7f0000000240)}, 0x10) mlock2(&(0x7f0000b40000/0x3000)=nil, 0x3000, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x0, 0x0) ioctl$sock_inet6_udp_SIOCOUTQ(r0, 0x5411, &(0x7f00000000c0)) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "6cb782e4ad88b89d1fd309169f44812107130ee55db70510420aaa96759ecbc36eb9bb12b6124793608dd0e7316d1d4f4dbac39806e4ac714b7ecefa8a934a", 0x3}, 0x60) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000b42000/0x1000)=nil, &(0x7f0000b3e000/0x4000)=nil, 0x1000, 0x1}) dup3(0xffffffffffffffff, r1, 0x0) madvise(&(0x7f0000b40000/0x1000)=nil, 0x1000, 0x10200000008) 03:39:36 executing program 5: r0 = socket$inet(0x10, 0x4000000003, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)="24000000220007031d01fd946f610500020000000000fd21fe1c4095421ba3a20400ff7e", 0x24}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000002780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000080)={0x4, 0x0, 0x2, 0x1f}) ioctl$DRM_IOCTL_AGP_UNBIND(r0, 0x40106437, &(0x7f00000000c0)={r1, 0xffffffffffffffdb}) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x802, 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(r2, 0xc0405665, &(0x7f0000000140)={0x7f, 0x7, 0x5, 0x80a, 0x7fffffff, 0x400, 0x4}) getsockname(r0, &(0x7f00000001c0)=@vsock={0x28, 0x0, 0x0, @host}, &(0x7f0000000180)=0x80) 03:39:36 executing program 4: r0 = socket$kcm(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x40000, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000040)=[@in={0x2, 0x4e23, @multicast2}], 0x10) getsockname$unix(r1, &(0x7f0000000100), &(0x7f0000000180)=0x6e) getsockname(r0, 0x0, &(0x7f0000000080)) 03:39:36 executing program 0: r0 = creat(&(0x7f0000000100)='\x00', 0x20000000000485) writev(r0, &(0x7f00000004c0)=[{&(0x7f0000000740)='s', 0x1}], 0x1) write$FUSE_DIRENT(r0, &(0x7f0000000040)={0xc0, 0x0, 0x5, [{0x2, 0x7, 0x0, 0xe2b4}, {0x4, 0x81, 0x16, 0x4, 'mime_typesecurity-bdev'}, {0x0, 0xfff, 0x0, 0x8001}, {0x5, 0x39, 0x18, 0x5, 'wlan1eth0cpuset#%{@!user'}, {0x6, 0x2, 0x3, 0xb5, '-S^'}]}, 0xc0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000000)={0x5177, 0x3433765f, 0x2, @stepwise={0xfffffffffffffff9, 0x101, 0x7ff, 0x1, 0x7, 0x81}}) 03:39:36 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x40030000000000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 814.057248][T13934] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 814.131177][T13934] CPU: 1 PID: 13934 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 814.140333][T13934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 814.150408][T13934] Call Trace: [ 814.153708][T13934] dump_stack+0x172/0x1f0 [ 814.158055][T13934] dump_header+0x10f/0xba6 [ 814.162486][T13934] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 814.168306][T13934] ? ___ratelimit+0x60/0x595 [ 814.172921][T13934] ? do_raw_spin_unlock+0x57/0x270 03:39:36 executing program 0: lsetxattr$security_smack_transmute(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000180)='TRUE', 0x4, 0x2) eventfd2(0x0, 0x0) r0 = openat$ipvs(0xffffffffffffff9c, 0x0, 0xffe0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = mq_open(&(0x7f000084dff0)='!selinuxselinux\x00', 0x0, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000001c0)=0x0) ioprio_get$pid(0x2, r3) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FICLONE(r4, 0x40049409, r2) write(r5, &(0x7f0000000340), 0x10000014c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$EVIOCGPROP(r4, 0x80404509, &(0x7f0000000240)=""/95) connect$unix(r0, &(0x7f00000002c0)=@file={0x1, './file0\x00'}, 0x6e) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 814.178052][T13934] oom_kill_process.cold+0x10/0x15 [ 814.183175][T13934] out_of_memory+0x79a/0x1280 [ 814.187855][T13934] ? lock_downgrade+0x880/0x880 [ 814.192704][T13934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.198933][T13934] ? oom_killer_disable+0x280/0x280 [ 814.204122][T13934] ? find_held_lock+0x35/0x130 [ 814.208888][T13934] mem_cgroup_out_of_memory+0x1ca/0x230 [ 814.214433][T13934] ? memcg_event_wake+0x230/0x230 [ 814.219453][T13934] ? do_raw_spin_unlock+0x57/0x270 [ 814.224558][T13934] ? _raw_spin_unlock+0x2d/0x50 [ 814.229411][T13934] try_charge+0x118d/0x1790 [ 814.233901][T13934] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 814.239429][T13934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.245656][T13934] ? kasan_check_read+0x11/0x20 [ 814.250488][T13934] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 814.256048][T13934] mem_cgroup_try_charge+0x24d/0x5e0 [ 814.261318][T13934] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 814.266940][T13934] __handle_mm_fault+0x1e1f/0x3ec0 [ 814.272035][T13934] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 814.277564][T13934] ? find_held_lock+0x35/0x130 [ 814.282439][T13934] ? handle_mm_fault+0x322/0xb30 [ 814.287364][T13934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.293597][T13934] ? kasan_check_read+0x11/0x20 [ 814.298443][T13934] handle_mm_fault+0x43f/0xb30 [ 814.303201][T13934] __get_user_pages+0x7b6/0x1a40 [ 814.308153][T13934] ? follow_page_mask+0x19a0/0x19a0 [ 814.313331][T13934] ? perf_trace_lock+0xeb/0x510 [ 814.318162][T13934] ? __vma_adjust+0x1840/0x1840 [ 814.322998][T13934] ? lock_acquire+0x16f/0x3f0 [ 814.327694][T13934] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.333930][T13934] populate_vma_page_range+0x20d/0x2a0 [ 814.339385][T13934] __mm_populate+0x204/0x380 [ 814.344001][T13934] ? populate_vma_page_range+0x2a0/0x2a0 [ 814.349728][T13934] __x64_sys_mlockall+0x35c/0x520 [ 814.354747][T13934] do_syscall_64+0x103/0x610 [ 814.359322][T13934] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 814.365221][T13934] RIP: 0033:0x457e29 [ 814.369100][T13934] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 814.388687][T13934] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 814.397106][T13934] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 814.405065][T13934] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 814.413022][T13934] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 814.420975][T13934] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 03:39:37 executing program 5: r0 = socket$inet(0x2b, 0x1, 0x0) connect$inet(r0, 0x0, 0x0) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000000)='ip_vti0\x00') [ 814.428958][T13934] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 814.477883][T13934] memory: usage 307176kB, limit 307200kB, failcnt 13260 [ 814.492953][T13934] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 814.500453][T13934] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 814.507464][T13934] Memory cgroup stats for /syz3: cache:0KB rss:292748KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237516KB active_anon:44136KB inactive_file:0KB active_file:0KB unevictable:11248KB [ 814.529691][T13934] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13295,uid=0 [ 814.546828][T13934] Memory cgroup out of memory: Killed process 13295 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 814.608151][ T1042] oom_reaper: reaped process 13295 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:39:37 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ubi_ctrl\x00', 0x109000, 0x0) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, &(0x7f00000000c0)=0x1, 0x4) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x20041, 0x0) getpeername$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) ioctl$VHOST_SET_VRING_CALL(r1, 0x4008af21, &(0x7f0000000080)={0x1, r2}) 03:39:37 executing program 4: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0xab, 0x0}}], 0x1, 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/raw6\x00') syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') preadv(r0, &(0x7f00000017c0), 0x10000000000001a0, 0x0) 03:39:37 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x100000000000000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 814.906627][T13933] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 814.930662][T13933] CPU: 0 PID: 13933 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 814.939796][T13933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 814.949860][T13933] Call Trace: [ 814.949880][T13933] dump_stack+0x172/0x1f0 [ 814.949901][T13933] dump_header+0x10f/0xba6 [ 814.949918][T13933] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 814.949934][T13933] ? ___ratelimit+0x60/0x595 [ 814.949950][T13933] ? do_raw_spin_unlock+0x57/0x270 [ 814.949966][T13933] oom_kill_process.cold+0x10/0x15 [ 814.949981][T13933] out_of_memory+0x79a/0x1280 [ 814.949995][T13933] ? lock_downgrade+0x880/0x880 [ 814.950015][T13933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 814.998352][T13933] ? oom_killer_disable+0x280/0x280 [ 815.003569][T13933] ? find_held_lock+0x35/0x130 [ 815.008359][T13933] mem_cgroup_out_of_memory+0x1ca/0x230 [ 815.013923][T13933] ? memcg_event_wake+0x230/0x230 [ 815.019253][T13933] ? do_raw_spin_unlock+0x57/0x270 [ 815.024382][T13933] ? _raw_spin_unlock+0x2d/0x50 [ 815.029252][T13933] try_charge+0x118d/0x1790 [ 815.033773][T13933] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 815.039339][T13933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.045593][T13933] ? kasan_check_read+0x11/0x20 [ 815.050449][T13933] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 815.056008][T13933] mem_cgroup_try_charge+0x24d/0x5e0 [ 815.061326][T13933] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 815.066973][T13933] do_huge_pmd_wp_page+0x99d/0x3660 [ 815.072181][T13933] ? pmd_pfn+0x1d0/0x1d0 [ 815.076449][T13933] ? __split_huge_pmd+0x2c00/0x2c00 [ 815.081667][T13933] ? __lock_acquire+0x55d/0x4710 [ 815.086618][T13933] ? pmd_val+0x85/0x100 [ 815.090784][T13933] ? add_mm_counter_fast.part.0+0x40/0x40 [ 815.096520][T13933] ? perf_trace_lock+0xeb/0x510 [ 815.101406][T13933] __handle_mm_fault+0x1651/0x3ec0 [ 815.106538][T13933] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 815.112090][T13933] ? find_held_lock+0x35/0x130 [ 815.116862][T13933] ? handle_mm_fault+0x322/0xb30 [ 815.121824][T13933] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.128081][T13933] ? kasan_check_read+0x11/0x20 [ 815.132948][T13933] handle_mm_fault+0x43f/0xb30 [ 815.137736][T13933] __do_page_fault+0x5ef/0xda0 [ 815.142524][T13933] do_page_fault+0x71/0x581 [ 815.147038][T13933] ? page_fault+0x8/0x30 [ 815.151289][T13933] page_fault+0x1e/0x30 [ 815.155453][T13933] RIP: 0033:0x43f131 [ 815.159357][T13933] Code: 2e 0f 1f 84 00 00 00 00 00 48 83 fa 20 48 89 f8 73 77 f6 c2 01 74 0b 0f b6 0e 88 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e <66> 89 0f 48 83 c6 02 48 83 c7 02 0f 1f 40 00 f6 c2 04 74 0c 8b 0e [ 815.178977][T13933] RSP: 002b:00007ffce8248458 EFLAGS: 00010202 [ 815.185044][T13933] RAX: 0000000020000000 RBX: 000000000073c900 RCX: 000000000000642f [ 815.193001][T13933] RDX: 000000000000000a RSI: 0000000000740930 RDI: 0000000020000000 [ 815.201134][T13933] RBP: 000000000073c900 R08: 0000000091fe3b33 R09: 0000000091fe3b37 [ 815.209096][T13933] R10: 00007ffce8248520 R11: 0000000000000246 R12: fffffffffffffffe [ 815.217049][T13933] R13: 00000000000c6f05 R14: 00000000000003e8 R15: 000000000073bf0c [ 815.226842][T13933] memory: usage 307200kB, limit 307200kB, failcnt 13307 [ 815.233866][T13933] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 815.241331][T13933] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 815.248335][T13933] Memory cgroup stats for /syz3: cache:0KB rss:291792KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:219464KB active_anon:44096KB inactive_file:0KB active_file:0KB unevictable:28356KB [ 815.270622][T13933] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13933,uid=0 [ 815.287374][T13933] Memory cgroup out of memory: Killed process 13933 (syz-executor.3) total-vm:72580kB, anon-rss:17940kB, file-rss:53540kB, shmem-rss:0kB [ 815.302162][ T1042] oom_reaper: reaped process 13933 (syz-executor.3), now anon-rss:18096kB, file-rss:53540kB, shmem-rss:0kB 03:39:38 executing program 3: mlockall(0x1) r0 = perf_event_open$cgroup(&(0x7f0000000180)={0x5, 0x70, 0x8, 0x93, 0x8, 0x0, 0x0, 0x6, 0x4001, 0x4, 0x2, 0x3ec, 0x6, 0x0, 0x401, 0x1, 0xffffffff80000000, 0xfff, 0x8, 0x4, 0x7, 0x4, 0x59d, 0x0, 0x3768, 0x3, 0xfef5, 0xddea, 0x6, 0x5, 0x2, 0x25d, 0x3, 0x1, 0x6, 0x6, 0x10001, 0x5, 0x0, 0x9, 0x1, @perf_bp={&(0x7f00000000c0), 0x4}, 0x4220, 0x9068, 0x4, 0xf, 0x101, 0x6, 0x80}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x6) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000100)=0x5) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000080)=[@in={0x2, 0x4e24, @rand_addr=0xdf9f}], 0x10) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.events\x00', 0x0, 0x0) ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000040)=0x4000000) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:38 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000280)="0adc1f023c123f3188a070") r1 = syz_open_dev$vcsa(&(0x7f0000000300)='/dev/vcsa#\x00', 0xf5, 0x0) pread64(r1, &(0x7f0000000400)=""/21, 0x20000415, 0x0) r2 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0x0) r3 = add_key(&(0x7f0000000080)='id_legacy\x00', &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000100)="6d287ef511cad3585ebc30c8b0f16a4e1223b03817b1f16f443774163d3cdc09cc9ffec635c3f928c838534e219be209f5cf4a7e9254425ad91fda06bb05124bc3c1264d066488856c89d68f9c1e63ee07f3783f77902383c51e7a1d017210868bff5ca2e50cc4653eb92237607aa08a8310af21afa57bd2dd41998170bd067d741db80ee9c85ab55d92f806f65f39600810abba12f1b07f9b06fa2aa1c78993b1840f9ac80a9c8781755f22d47200ff6a6dcbba700a1c06728d2cef7769cbe623", 0xc1, 0xfffffffffffffffa) keyctl$unlink(0x9, r2, r3) 03:39:38 executing program 4: unshare(0x44000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x400000000001, 0x0) prctl$PR_SET_KEEPCAPS(0x8, 0x1) lgetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@random={'security.', 'highspeed\x00'}, &(0x7f0000000240)=""/4096, 0x1000) setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000200)='highspeed\x00', 0xa) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x8100, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 03:39:38 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x200000000000000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x1ff, 0x80) bind$tipc(r2, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x4, 0x1}}, 0x10) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f0000000080)="f36c640f01ca26ae0f09c4e21d0094b7090000000f03b700280000c4e16573dd51b8020000000f23d00f21f835200000010f23f80f20c035000000800f22c066baf80cb8c8bde087ef66bafc0c66ed", 0x4f}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_genetlink_get_family_id$tipc2(0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfbffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000540)={0xd0003}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r5 = getuid() ioctl$TUNSETOWNER(r2, 0x400454cc, r5) ioctl$KVM_ASSIGN_PCI_DEVICE(r4, 0x8040ae69, &(0x7f0000000140)={0x3, 0x2, 0x0, 0x5, 0x34a}) 03:39:38 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rtc0\x00', 0x0, 0x0) ioctl$IMCLEAR_L2(r1, 0x80044946, &(0x7f0000000040)) msgctl$IPC_RMID(r0, 0x0) [ 815.528205][T13982] IPVS: ftp: loaded support on port[0] = 21 03:39:38 executing program 5: pipe2$9p(0x0, 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.effective_cpus\x00', 0x0, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000200)={0x1, 0x0, 0x2, 0x7}) clone(0x1000001000107, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$IMHOLD_L1(0xffffffffffffffff, 0x80044948, &(0x7f0000000080)) mkdir(&(0x7f0000000040)='./file0\x00', 0x4a) r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0xffffffffffffff00, 0x4100) ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x1) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180)='9p\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="2c667367616368652c76657273696f6e3d3978323030302e0045ba365e69bc237f22582ba295cc0035114ad4c38e4e2a03fd4c8b17aa9dc475"]) 03:39:38 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0xe000000000000000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 815.600159][T13992] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 815.644369][T13992] CPU: 1 PID: 13992 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 815.653515][T13992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 815.663576][T13992] Call Trace: [ 815.666878][T13992] dump_stack+0x172/0x1f0 [ 815.671217][T13992] dump_header+0x10f/0xba6 [ 815.675642][T13992] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 815.681457][T13992] ? ___ratelimit+0x60/0x595 [ 815.686056][T13992] ? do_raw_spin_unlock+0x57/0x270 [ 815.691182][T13992] oom_kill_process.cold+0x10/0x15 [ 815.696319][T13992] out_of_memory+0x79a/0x1280 [ 815.701007][T13992] ? lock_downgrade+0x880/0x880 [ 815.705861][T13992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.712112][T13992] ? oom_killer_disable+0x280/0x280 [ 815.717321][T13992] ? find_held_lock+0x35/0x130 [ 815.722105][T13992] mem_cgroup_out_of_memory+0x1ca/0x230 [ 815.727657][T13992] ? memcg_event_wake+0x230/0x230 [ 815.732695][T13992] ? do_raw_spin_unlock+0x57/0x270 [ 815.737820][T13992] ? _raw_spin_unlock+0x2d/0x50 [ 815.742679][T13992] try_charge+0x118d/0x1790 [ 815.747197][T13992] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 815.752753][T13992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.759094][T13992] ? kasan_check_read+0x11/0x20 [ 815.763960][T13992] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 815.769519][T13992] mem_cgroup_try_charge+0x24d/0x5e0 [ 815.778227][T13992] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 815.783876][T13992] __handle_mm_fault+0x1e1f/0x3ec0 [ 815.788996][T13992] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 815.794546][T13992] ? find_held_lock+0x35/0x130 [ 815.799316][T13992] ? handle_mm_fault+0x322/0xb30 [ 815.804281][T13992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.810535][T13992] ? kasan_check_read+0x11/0x20 [ 815.815395][T13992] handle_mm_fault+0x43f/0xb30 [ 815.820165][T13992] __get_user_pages+0x7b6/0x1a40 [ 815.825117][T13992] ? follow_page_mask+0x19a0/0x19a0 [ 815.830323][T13992] ? perf_trace_lock+0xeb/0x510 [ 815.835178][T13992] ? __vma_adjust+0x1840/0x1840 [ 815.840047][T13992] ? lock_acquire+0x16f/0x3f0 [ 815.844735][T13992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 815.850984][T13992] populate_vma_page_range+0x20d/0x2a0 [ 815.856452][T13992] __mm_populate+0x204/0x380 [ 815.861049][T13992] ? populate_vma_page_range+0x2a0/0x2a0 [ 815.866696][T13992] __x64_sys_mlockall+0x35c/0x520 [ 815.871727][T13992] do_syscall_64+0x103/0x610 [ 815.876327][T13992] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 815.882216][T13992] RIP: 0033:0x457e29 [ 815.886122][T13992] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 815.905731][T13992] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 815.914145][T13992] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 815.922121][T13992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 815.930098][T13992] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 03:39:38 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000000), 0x0) 03:39:38 executing program 0: r0 = socket(0x10, 0x803, 0x0) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40800}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xd4, r1, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x1}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'lc\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}]}, @IPVS_CMD_ATTR_SERVICE={0xc, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xe4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xd32}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x6}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}]}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x6}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e22}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x508}]}, 0xd4}, 0x1, 0x0, 0x0, 0x10}, 0x84) 03:39:38 executing program 0: r0 = socket(0x2, 0x6, 0x0) bind$bt_sco(r0, &(0x7f0000000000)={0x1f, {0x0, 0xfffffffffffff000, 0x1, 0x8, 0x1ff, 0x21}}, 0x8) connect$nfc_llcp(r0, &(0x7f0000000040)={0x27, 0x1, 0x0, 0x0, 0x0, 0x0, "f2dc84ab4ea584a2a93a6569e48baab6707230abe3f8b72960b25aac12017ec4d302c78a6380391a930e929f07f06ebd5e7cf3c8a12376a687cf97b7c5ce87"}, 0x60) 03:39:38 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000140)='/dev/snd/controlC#\x00', 0x4e3, 0x10042) r1 = gettid() fcntl$setownex(r0, 0xf, &(0x7f0000000180)={0x1, r1}) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0af51f023c123f3188a070") r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x8080, 0x0) ioctl$VIDIOC_G_JPEGCOMP(r3, 0x808c563d, &(0x7f00000001c0)) r4 = syz_open_dev$sndtimer(&(0x7f0000000040)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000000)={{0x1, 0x0, 0x0, 0x0, 0xa891a9d}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffa0010000]}) r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x80, 0x0) ioctl$TUNSETSTEERINGEBPF(r5, 0x800454e0, &(0x7f00000000c0)=r0) [ 815.938068][T13992] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 815.946033][T13992] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 815.954298][ C1] net_ratelimit: 8 callbacks suppressed [ 815.954306][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 815.959908][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 815.966264][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 815.966341][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 815.966448][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 815.966502][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 816.077335][T13992] memory: usage 307200kB, limit 307200kB, failcnt 13889 [ 816.088550][T13992] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 816.103486][T13992] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 816.110342][T13992] Memory cgroup stats for /syz3: cache:0KB rss:292712KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235472KB active_anon:44132KB inactive_file:0KB active_file:0KB unevictable:13300KB [ 816.214739][T13993] device bridge0 left promiscuous mode [ 816.219927][T13992] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13399,uid=0 [ 816.243110][T13992] Memory cgroup out of memory: Killed process 13399 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 816.257932][T13993] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 816.281146][ T1042] oom_reaper: reaped process 13399 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 816.304253][T14014] IPVS: ftp: loaded support on port[0] = 21 [ 816.310878][T13993] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 816.347053][T13993] device team0 left promiscuous mode [ 816.352791][T13993] device team_slave_0 left promiscuous mode [ 816.361320][T13993] device team_slave_1 left promiscuous mode [ 816.402550][T13993] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 816.511541][T13992] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 816.523404][T13992] CPU: 0 PID: 13992 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 816.532525][T13992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 816.542672][T13992] Call Trace: [ 816.545969][T13992] dump_stack+0x172/0x1f0 [ 816.550308][T13992] dump_header+0x10f/0xba6 [ 816.554735][T13992] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 816.560545][T13992] ? ___ratelimit+0x60/0x595 [ 816.565139][T13992] ? do_raw_spin_unlock+0x57/0x270 [ 816.570259][T13992] oom_kill_process.cold+0x10/0x15 [ 816.575375][T13992] out_of_memory+0x79a/0x1280 [ 816.580056][T13992] ? lock_downgrade+0x880/0x880 [ 816.584907][T13992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.591150][T13992] ? oom_killer_disable+0x280/0x280 [ 816.596352][T13992] ? find_held_lock+0x35/0x130 [ 816.601132][T13992] mem_cgroup_out_of_memory+0x1ca/0x230 [ 816.606677][T13992] ? memcg_event_wake+0x230/0x230 [ 816.611710][T13992] ? do_raw_spin_unlock+0x57/0x270 [ 816.616826][T13992] ? _raw_spin_unlock+0x2d/0x50 [ 816.621685][T13992] try_charge+0x118d/0x1790 [ 816.626202][T13992] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 816.631753][T13992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.638001][T13992] ? kasan_check_read+0x11/0x20 [ 816.642862][T13992] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 816.648413][T13992] mem_cgroup_try_charge+0x24d/0x5e0 [ 816.653707][T13992] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 816.659351][T13992] wp_page_copy+0x408/0x1740 [ 816.663944][T13992] ? find_held_lock+0x35/0x130 [ 816.668717][T13992] ? pmd_pfn+0x1d0/0x1d0 [ 816.672963][T13992] ? lock_downgrade+0x880/0x880 [ 816.677811][T13992] ? swp_swapcount+0x540/0x540 [ 816.682579][T13992] ? kasan_check_read+0x11/0x20 [ 816.687431][T13992] ? do_raw_spin_unlock+0x57/0x270 [ 816.692557][T13992] do_wp_page+0x5d8/0x16c0 [ 816.696988][T13992] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 816.702370][T13992] __handle_mm_fault+0x22e8/0x3ec0 [ 816.707489][T13992] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 816.713039][T13992] ? find_held_lock+0x35/0x130 [ 816.717809][T13992] ? handle_mm_fault+0x322/0xb30 [ 816.722762][T13992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.729010][T13992] ? kasan_check_read+0x11/0x20 [ 816.733871][T13992] handle_mm_fault+0x43f/0xb30 [ 816.738644][T13992] __get_user_pages+0x7b6/0x1a40 [ 816.740163][T13993] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 816.743590][T13992] ? follow_page_mask+0x19a0/0x19a0 [ 816.743607][T13992] ? perf_trace_lock+0xeb/0x510 [ 816.743623][T13992] ? __vma_adjust+0x1840/0x1840 [ 816.743647][T13992] ? lock_acquire+0x16f/0x3f0 [ 816.743665][T13992] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 816.743684][T13992] populate_vma_page_range+0x20d/0x2a0 [ 816.743703][T13992] __mm_populate+0x204/0x380 [ 816.743721][T13992] ? populate_vma_page_range+0x2a0/0x2a0 [ 816.743748][T13992] __x64_sys_mlockall+0x35c/0x520 [ 816.743769][T13992] do_syscall_64+0x103/0x610 [ 816.743791][T13992] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 816.743802][T13992] RIP: 0033:0x457e29 [ 816.743817][T13992] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 816.743824][T13992] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 816.743838][T13992] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 816.743847][T13992] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 816.743855][T13992] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 816.743864][T13992] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 816.743872][T13992] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 816.754002][T13992] memory: usage 307200kB, limit 307200kB, failcnt 13900 [ 816.784311][T13992] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 816.803531][T13992] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:39:39 executing program 3: mlockall(0x40000000003) r0 = syz_open_dev$audion(&(0x7f0000000380)='/dev/audio#\x00', 0x8, 0x204c03) r1 = syz_open_dev$audion(&(0x7f0000000400)='/dev/audio#\x00', 0x100000000, 0x400) ioctl$KVM_IOEVENTFD(r0, 0x4040ae79, &(0x7f0000000440)={0x4000, &(0x7f00000003c0), 0xc, r1, 0x4}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) accept4(r2, &(0x7f0000000000)=@x25={0x9, @remote}, &(0x7f0000000080)=0x80, 0x800) nanosleep(&(0x7f00000000c0), &(0x7f0000000100)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dsp\x00', 0x20400, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x2, &(0x7f00000001c0)={0xffffffffffffffff}, 0x106, 0x100f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000240)={0x15, 0x110, 0xfa00, {r5, 0x652000000000, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @rand_addr=0x22b6}, @ib={0x1b, 0x2, 0x1, {"1f1a850f4256f995273c2a7bd19f391d"}, 0x2, 0x80, 0x80000000}}}, 0x118) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:39 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x40000000000002, 0x10) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000001c008183ad5de087185082cf0124b0eba06ec400002339a00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0) recvmmsg(r1, &(0x7f0000012dc0)=[{{0x0, 0x0, 0x0}}], 0x3fffffffffffd99, 0x0, 0x0) mount$9p_xen(&(0x7f00000000c0)='\\\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='9p\x00', 0xc0, &(0x7f00000001c0)={'trans=xen,', {[{@cachetag={'cachetag', 0x3d, '[('}}, {@cachetag={'cachetag', 0x3d, 'oposix_acl_access,user/mime_type!loselinux'}}, {@cache_loose='cache=loose'}], [{@dont_appraise='dont_appraise'}, {@seclabel='seclabel'}, {@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@dont_hash='dont_hash'}]}}) [ 816.803541][T13992] Memory cgroup stats for /syz3: cache:0KB rss:292660KB rss_huge:151552KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:226508KB active_anon:44096KB inactive_file:4KB active_file:0KB unevictable:22212KB [ 816.803618][T13992] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13991,uid=0 [ 816.803736][T13992] Memory cgroup out of memory: Killed process 13991 (syz-executor.3) total-vm:72580kB, anon-rss:11956kB, file-rss:53544kB, shmem-rss:0kB [ 816.804748][ T1042] oom_reaper: reaped process 13991 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB [ 816.965004][T14031] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 816.981992][T13993] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 816.988458][T14031] CPU: 0 PID: 14031 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 817.007020][T14031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 817.017078][T14031] Call Trace: [ 817.020846][T14031] dump_stack+0x172/0x1f0 [ 817.025199][T14031] dump_header+0x10f/0xba6 [ 817.029631][T14031] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 817.035440][T14031] ? ___ratelimit+0x60/0x595 [ 817.040033][T14031] ? do_raw_spin_unlock+0x57/0x270 [ 817.045163][T14031] oom_kill_process.cold+0x10/0x15 [ 817.050284][T14031] out_of_memory+0x79a/0x1280 [ 817.054978][T14031] ? lock_downgrade+0x880/0x880 [ 817.059848][T14031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.066093][T14031] ? oom_killer_disable+0x280/0x280 [ 817.071288][T14031] ? find_held_lock+0x35/0x130 [ 817.076041][T14031] mem_cgroup_out_of_memory+0x1ca/0x230 [ 817.081563][T14031] ? memcg_event_wake+0x230/0x230 [ 817.086570][T14031] ? do_raw_spin_unlock+0x57/0x270 [ 817.091685][T14031] ? _raw_spin_unlock+0x2d/0x50 [ 817.096524][T14031] try_charge+0x118d/0x1790 [ 817.101054][T14031] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 817.106597][T14031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.112821][T14031] ? kasan_check_read+0x11/0x20 [ 817.117662][T14031] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 817.123197][T14031] mem_cgroup_try_charge+0x24d/0x5e0 [ 817.128474][T14031] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 817.134091][T14031] __handle_mm_fault+0x1e1f/0x3ec0 [ 817.139185][T14031] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 817.144720][T14031] ? find_held_lock+0x35/0x130 [ 817.149466][T14031] ? handle_mm_fault+0x322/0xb30 [ 817.154410][T14031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.160634][T14031] ? kasan_check_read+0x11/0x20 [ 817.165469][T14031] handle_mm_fault+0x43f/0xb30 [ 817.170226][T14031] __get_user_pages+0x7b6/0x1a40 [ 817.175162][T14031] ? follow_page_mask+0x19a0/0x19a0 [ 817.180339][T14031] ? perf_trace_lock+0xeb/0x510 [ 817.185171][T14031] ? __vma_adjust+0x1840/0x1840 [ 817.190010][T14031] ? lock_acquire+0x16f/0x3f0 [ 817.194668][T14031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 817.200902][T14031] populate_vma_page_range+0x20d/0x2a0 [ 817.206370][T14031] __mm_populate+0x204/0x380 [ 817.210950][T14031] ? populate_vma_page_range+0x2a0/0x2a0 [ 817.216607][T14031] __x64_sys_mlockall+0x35c/0x520 [ 817.221622][T14031] do_syscall_64+0x103/0x610 [ 817.226202][T14031] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 817.232071][T14031] RIP: 0033:0x457e29 [ 817.235961][T14031] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 817.255547][T14031] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 817.263942][T14031] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 817.271892][T14031] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000040000000003 [ 817.279842][T14031] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 817.287795][T14031] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 817.295754][T14031] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 817.304484][ C0] protocol 88fb is buggy, dev hsr_slave_0 03:39:39 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_DISABLE(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80001000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x2e, r2, 0x308, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0x6c, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x245b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x880}, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:39 executing program 4: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)={[{0x0, 'memory'}]}, 0x200600) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0x1000000, 0x5000000) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00me\x00\b\x00\x00 '], 0x200600) 03:39:39 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0xeffdffff00000000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:39 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffeffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$TIOCGPGRP(0xffffffffffffff9c, 0x540f, &(0x7f00000002c0)=0x0) prctl$PR_SET_PTRACER(0x59616d61, r3) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000280)) r4 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xfffffffffffffff9, 0xa000) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r4, 0x84, 0x20, &(0x7f0000000040), &(0x7f0000000140)=0x4) listen(r0, 0xfffffffffffffffc) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x20000004, &(0x7f0000000080)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f0000000080)='tls\x00', 0x152) r6 = getpgid(0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0xffffffffffffffff, r4, 0x0, 0x12, &(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0xffffffffffffffff}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r6, r1, 0x0, 0x12, &(0x7f0000000180)='/dev/snd/pcmC#D#p\x00', r7}, 0x30) setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000100), 0x28) sendto$inet6(r5, &(0x7f0000000000), 0xfffffffffffffe75, 0x4040, 0x0, 0xfffffffffffffef1) [ 817.310290][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:39:40 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0xff03000000000000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 817.373055][T14031] memory: usage 307200kB, limit 307200kB, failcnt 13935 [ 817.384954][T14031] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 817.418975][T14031] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 817.429455][T14031] Memory cgroup stats for /syz3: cache:0KB rss:292760KB rss_huge:151552KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235472KB active_anon:44132KB inactive_file:0KB active_file:0KB unevictable:13300KB 03:39:40 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0xffffffff00000000, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 817.468405][T14031] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13451,uid=0 [ 817.503328][T14031] Memory cgroup out of memory: Killed process 13451 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB 03:39:40 executing program 2: r0 = msgget(0xffffffffffffffff, 0x0) r1 = getgid() msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) r2 = semget$private(0x0, 0x5, 0x0) getresuid(&(0x7f0000000000), &(0x7f0000000040)=0x0, &(0x7f0000000080)) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f00000000c0)={{{@in=@multicast1, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in6=@dev}}, &(0x7f00000001c0)=0xe8) semctl$IPC_SET(r2, 0x0, 0x1, &(0x7f0000000200)={{0xfffffffffffff801, r3, r1, r4, r1, 0x100, 0x1}, 0x4, 0x800, 0x7f}) [ 817.508060][ T26] audit: type=1804 audit(2000000380.130:613): pid=14053 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir453015048/syzkaller.nktKPB/953/memory.events" dev="sda1" ino=16835 res=1 03:39:40 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0xf, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:40 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x24, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 817.721623][ T26] audit: type=1804 audit(2000000380.340:614): pid=14045 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir453015048/syzkaller.nktKPB/953/memory.events" dev="sda1" ino=16835 res=1 [ 817.782660][ T26] audit: type=1804 audit(2000000380.340:615): pid=14045 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir453015048/syzkaller.nktKPB/953/memory.events" dev="sda1" ino=16835 res=1 03:39:40 executing program 4: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x88000, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") ioctl$KDSETMODE(r0, 0x40046104, 0x712000) ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f0000000180)="6d19b544ca43ffe528a7ae34d966f95a8088f6f20f4604e2a539b72febe4ba6ed0b0094bb50862450231323d65f2424f8a798e3048b77648c23480d373fa35eee94c866e4c6eb0a8923772488d1b7cc195d605d23d45dc93a71d5fec1c2b63a50af6dc9e27c4eeb38c6e160bc91b1483160693694b62aed42036a949cb2444da6b5b967cd861ec6f6fe06dcb891f29bf4c52d9d5a45cd444b38eb154fc79b72d428a247ab17f4c46b65711ab830a459b0420fa502cc6c5ac505be144ae9156baaaf6d3cce023c4aa3516920531181c87224c9eaba5e4a57e887c5b3bb45ea080f6b30d8e010f63d8ab7783a1091c11ad1863abcabd20c8a0c7cb843fef81968b2da15914f32635e0f7469b4452ad8fb010b99291df6795022f79dc46eccc5319cace7f5b89af38c333679b2128bbe3bb6173efac65b430e4ffa307d300b91f51308051ee7668d03c2583d54b2f277f23facd33d0fdb5f8a1cdba7c74ff875351105ba2f7fa53764e2074e6fc9d1cfc005c355fd5c55f9f09d73854bdf806b050154e39c560032cf736089f1b430decf05d45eecdd553ecc2edfc382bacb082353eb953f85267a756e1cb54ff2987cdb97c794fce16fde8279cb501ea6d8521ce341bbd6c9bf0c22ea6e3da76b2c851db0ec6f2c828172cdb5b2df02394788fdf4df3c27c656cee29c3a9c6de3906b61a83c90ffc66c080c18693606773fe6481ffaf2cf642e6d1c9b4f06ca9a590159bf8b9ee1275ce302cf2dda4f0a1dec2dd08f8b2573188a207c02a1039085116cd952f9fd36c3b49fd55f4a4b7153d3a61a032c144c0634c863499f4b3b87ec3e15f6bb95be6ed2cbaa8f9d548c92ad1ec3caf12fd14fc9a21487cef56daf8e1d3d9064eb13efe351c88d7a3d1e1588bcdb1658114de28a4a13b0a75b9af3a563bcaa37f817dd64bee2cb7db131579fbd63de4b43a3b85fb7efa5f44c6472871170b438b913d2ffa4f7440b7702b8d2dd7af5818769304b07595b2c0cb06820837d4c78408cf4ac5e264502ca59af6a2bd36a442ca2a15879bbbc8f97a42be38dc3127c966d939b0a2b774fec357f133f9a4a843c17cb2073618983fe372b89968a2fa0059bc0892222495351a3bfb4abf92cc86ce353979664385e3d608bd65e52aa6a4583bd7062a841c65c598a9d20c80a2bda0e3cf14f475d996add427eb53c54cfd7f6588031452b8d8e4354e0af082b980ac821cce2301443d27f658dbe1a5ce41f165a9fec99a24c2db222e12aba25962d76077c2698324f8cc8dc413ed40a112e6c90e0da44543dd7572cf8b87bb1b92f5e94e13717201020b3a949cf6a370b4b1f03427c93977d3434d9a7a8273ae3b86e4b47e1bc45a3c558d278d890d0e2eded6330e88adea6fb8d1b6d21d860e8ce40cfb41fbeb046b6fb386e700022572181e16d77498f4f4a52ac5f47695851f1bcd8190916d0b74284b25aaaf72f4775abe65daa3eb1a82ad699487cd835f669b4a7f363905ff0ce7e28cd758858494afe66114d49433a8774f989db3d8ec2209c42900c9d44bfb9fcb4ec356d6909f246163919a88d54109ab38a8ea02f2423f653751b804be617e744bea03aa71cbf57bb348c001a634df06b835e3da5825737908b1bff3ab5ecb2d39fba7db412dce12aa74175d27db0e0ac726b41f01e5d3491695413d39f695f435b1ebf2747779e31608bc6b474acb350b81d9a5b56ec9ad8a556f4628ceae3c2f6e5488c15f798419d006f2682b1ead18f43fef8e230c077bd54a9222a31ff228f19cc1058f09bb58ea6db2c71780e9af5d25e4b660ad9d1995d2d4dcba3cce9bdd00ba21175c4bc8d005d2247c9fb578fc59088a6b0a5f6fda7055abe6882f72cb5b94086836e50f629b8932a5a6de85490efdc84fbec46efdcf9d8dadeb368874cfdaa153fc4274ccb83ed30e5290fe4768fe1a511bd6689aaa32c8b8b4c145a14be5034bff48f859764d3ad89c7abe0a7dcf3040012ef5198b45e47c3d9d6c9d608a7eb0604a803335dc5870f674ff457c4999e2109e279fe9f1f3d5b036f51aeb011d804b5b4d2ae7f9161d2ce4ff2634a47321f995b13a0901a96f402311ec26a8e7a7d473ac54f0940904f0dc4fdb11aeea99c0f14683532aeb34b8e3c00535e00274ed1a141f1a8d709815ef7eafacb753fb7957cfc95d6eb4d2521586a50095996750e2c4e3ce49a82008d7481d50aef6a7fc10cae3955f0f7a09c7430109683768413d6df7885ac564b83f0290516a21ec7431270a4da0f5a2582dc6854b336fe06dd59ce395c49132d7b02aff0a54f9bd217dd30639c4b2fc5a773aaeb95c76740f81b10c86c5b5762148481225aa4c9e967e7f325f765922bb295117900264df266342caaebfee5cccd53a1f764dad87758a4b490880d7f73b4437551b0ce9bd43742fc128be32fd81e9dee01ddd435de682ad052fa55b959177cf02d0a570689daddd723baf358875f859f5c77fce5a21dc246c479bf3d43129d8f6b652dbb9ac6a655ee07b06fa3e8009752536c5d5be03af565d5384058c4ba069a1212ecdde8f608b34a4b97f085d965f4bb6046215db37342af717565d37459da6120e702c15e1d0d6fd8b2d2722bc82f1988c436fbc12b789abfde557e0309e5157fa2ba8cc1c94bd14b8768b078aeb6901941d7e876a6eb7727ece01738d2bba2b6c5609ea4ed8d95e4051b2d27494b743c780d37e5c216231ab3ea69313a4a72d138284a6e11bbc921b000040736014595123a4956012673b6cda92544a09fa18a0a9caea560387db8f2a88398c9f54365d0594ac0edaf4f077e6bec68a2ac5202943a5dedc2453697ef8104f824cd100e6729692c769b8202c7325e296b97f45302ea4a1105949a00cea48316f54404f35ec57d3094f4fd450b730349af57642b710310c2d96507471b0e98b71d50e1543286290ca6a8cdd14f9a3194abd07325ed8d5c22f27c933fb0833ac13574b91acce61729934fbc2324410e827f162f30d795e84db2c44f94313d4d58fdd56a55273827796790371e60a8b11ad8b810269e5ff426b39b8609387a54a91ded9b0d26867d3cee338e8d84a18f6d37efceeac08be4176e47b2896637da823650ec81a88b4acb12ebbb134732dc7c5bf938339bff84078f6d6f96e448abd54545ef4d6c2269ef090c739d8e9a2c2e745fccaaa6d8645b8949faa67982e07d9afd412bfbfc224113c9aad8b39216166124e35e00dd5d95d7528a67cf94860010d062ccda5b9efeb18da2198472e80878b60290d78608795310d82d2d2a00e14b8d2baa09d93de115c3cab090327b88e417b7f7de0d54002051ac2668af2fc0f113dd58c80b5f92f77c3bc072d320ca3c9aa274a5839c6d17ab002bc71c51a5d4d2828c9cb7c0dda3980c8ffd05e753f31fe85723003e303ca1ebcf1ee682271f84285647ec036779530cfb7f1bfebe738f1e720fe7e48a4a4e1c416006cd479c51688311bc5d0f9008f790ded43ae4775bc09f3c254d0406e437427c07bb8b22fc128a1b84662af306955c86fb818e90e80ca4adfad7576c9ef088b8abb16579e89c34b7eece3661bc64be80d2c42ac80dde8954465a340cdceb5ad8c7994c17b6b9f5885a236ebc5b194800f4e9269fc25a7d6988f10f372f46a4b2081bb20dbc1be2ea1246f618922846890992b39dad9fcfd457c6f0265c6baa41953aa055f4261f113739da9bb2546358c6c88b68e576d043122c6537818cfa6505fa260e319df13a22c4215214f01b9eca5600fd490df39fad8aaa42aadf179e95ccf4a4e4642add5c1cd4e8fa832b69508b2df792aa15e3a40f05e40c82cd8ea9dd24233c99db68171177da067130926e894c6dbb823028f9fa1fd3ef9d38ce2c2d38b9d1a0e7c763aeb4a44e02a7fb3d1294334312a0da0fbb19b6790fcdc6db949f7c3be5232b2b37b58afb2c853a4808f95548d35cc09bf62c7e2435cae65b550a7bb48f77049f016d1fb7e0229db533f5455ffa55f51c51b2cc2bf1fd90bcda2e7c8f0fb6afd3680a1bbaccc53ede368001ca66c2bb5e6dd030133891d979872db0eec99bbbf6a8dab9d1251f4c57bbabc5395236ec7edd012d161a2407eec6e95bdbb2513be210dde2e99b017d5d0e62dc10d26577429c17423a321d35afbba18e28e307dccd9e906e1d6b7f4a1a2ea11c5cdc3228316c4d368520ebda89217c41d4eb72114346f6822fdd0590af7419bec5a14f6ef4843912da22384ce4146e1ee0481ef7e9d7ada7e06f9a3eb5802048a228d3f80593db56801d219e7d5432185ba96a8ced77247cc3648ee9b58a181e8abde51b0fa57203974c8c8c079f955abdcbe5192dab962575b514af213fcc564c43cbac51a31851570a6c3a593066e157da05ea5b3744b9617878e9124b6b067923adb1772ad4a91c338570f043a078ae0f1eb17984df9ca4c1c964ad944f3b8f681dd2163aa5a7a52c0dd6d5a3d3528f3eda810fdd895c366e2b28e10566abb6492bda3cf1480d398e5d19891f0c2ef7f3cc77ce48a4b96a80cb16c853494f1de8c75fa3bdc4fcd9c7ad1484ba7495327bfd79521bf7ff9af879a293148a61c8b53e843da88e880f1a420b9ac5724b5cb6eb622325e64e02e5c0f292e511a72ce3d7cc72942a4887080e200baa3504accd063014ea8cd5e9bb867219ab5bc4b2618d0e9be35b30ff80e328c6d9ad44b866160c3c878f8874d7defb1543fd50ecfdf4ef133d7f75c2ae8340cc59f99e07341b2f4b06476653fef5994ced73aa03f8b4159574fdbdc93f4f448db1b796fbac5ec8e92cb5dfc5917dcd89f998e95c0acfaab79602f3d27fb814c9b81ff3cb066cbce3835a6d97d7c9c30adae9334ce523e6e2c2a9b55e340ee7f30f81e5bb7cf8ff42470cf2d9fecd3b401910d685caaf1ae59e88b7f20c6a44adf6042818b9a4ce087e779621e90404d0208fbdf779586c4663391e19cef058798c60562419e120a51b9b68131087af19fda1932db22e2dfe4a681080102b60ae44633a9a24c0955b130237b3f652185eacb691d0eef5479c522101f6d5860f9395fd20b03482d04592758b0e052192acd09872e5f7c51a80659a59aaad14b30f7362eda8fbe5dec6b0e56fe55ced38c0ec929bc6eb3c10c3266cc783758d62fd8ef5cf436e85918cb9f1b122481904de95d04244d0b76e7e6b204d1c522d755d2f5456b53113ed564dcb78b8e71ee954861e5c3786a2be500bd4a167f40222f371cc411d52cf8f2e377c0b3dc72d21336e15fb19592e602a26f019365f7fcd7ee081ced5a47c289fb53b2d89bb7117e8fd219380368bbaf8ae261cc23fcfe9a8b3731eecc1fa6849dfcf7f8c44e7d16dd03826af4ff42e11ed28c4f6702a00be262c9986ea39fc76a2f3d2a15b36f3b3f783811351846453100fdc0f611ad6d2d341f90dde5847539441bbfa707829141e07b5d5eec8c078d41a74955010bc682f2be529d159e83066b3ad4f6bafb798112a9fd180c85872f1096c67e38ce8d305f14f68dd1b410b4ffc468309e7971e4943b830d07d1184e7eaf1421570dfee8bda88a86adcf3e5fde3a524eb4d32c95a803144aa20372ad5b38e273c37eb334e24158042b5fdb4a76228905d9d5f00671bc039c16855042be5454a7d1baad2eb0501976822179cdff6b5bab42cf9c717d9ddc9a55f23ce92b90d9d31d03acff8e0ec99ece37f3e431bcde49bf2dab491e6cff410b8ed2ae3951db39b2cead0ffb5e393984f36752eeff2c3c3ab6a29defca26435f51f9aff5ae5df0b9fd4e9b81fac3ac") [ 817.900031][ T26] audit: type=1804 audit(2000000380.400:616): pid=14053 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir453015048/syzkaller.nktKPB/953/memory.events" dev="sda1" ino=16835 res=1 [ 817.984882][T14077] QAT: Invalid ioctl [ 818.002437][T14080] QAT: Invalid ioctl [ 818.030701][T14031] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 818.042271][T14031] CPU: 1 PID: 14031 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 818.051394][T14031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 818.061459][T14031] Call Trace: [ 818.064762][T14031] dump_stack+0x172/0x1f0 [ 818.069104][T14031] dump_header+0x10f/0xba6 [ 818.073514][T14031] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 818.079303][T14031] ? ___ratelimit+0x60/0x595 [ 818.083926][T14031] ? do_raw_spin_unlock+0x57/0x270 [ 818.089032][T14031] oom_kill_process.cold+0x10/0x15 [ 818.094127][T14031] out_of_memory+0x79a/0x1280 [ 818.098798][T14031] ? lock_downgrade+0x880/0x880 [ 818.103635][T14031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.109872][T14031] ? oom_killer_disable+0x280/0x280 [ 818.115050][T14031] ? find_held_lock+0x35/0x130 [ 818.119828][T14031] mem_cgroup_out_of_memory+0x1ca/0x230 [ 818.125372][T14031] ? memcg_event_wake+0x230/0x230 [ 818.130389][T14031] ? do_raw_spin_unlock+0x57/0x270 [ 818.135485][T14031] ? _raw_spin_unlock+0x2d/0x50 [ 818.140338][T14031] try_charge+0x118d/0x1790 [ 818.144830][T14031] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 818.150381][T14031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.156642][T14031] ? kasan_check_read+0x11/0x20 [ 818.161506][T14031] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 818.167073][T14031] mem_cgroup_try_charge+0x24d/0x5e0 [ 818.172380][T14031] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 818.178013][T14031] wp_page_copy+0x408/0x1740 [ 818.182586][T14031] ? find_held_lock+0x35/0x130 [ 818.187335][T14031] ? pmd_pfn+0x1d0/0x1d0 [ 818.191558][T14031] ? lock_downgrade+0x880/0x880 [ 818.196386][T14031] ? swp_swapcount+0x540/0x540 [ 818.201144][T14031] ? kasan_check_read+0x11/0x20 [ 818.205999][T14031] ? do_raw_spin_unlock+0x57/0x270 [ 818.211103][T14031] do_wp_page+0x5d8/0x16c0 [ 818.215523][T14031] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 818.220884][T14031] __handle_mm_fault+0x22e8/0x3ec0 [ 818.225979][T14031] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 818.231504][T14031] ? find_held_lock+0x35/0x130 [ 818.236346][T14031] ? handle_mm_fault+0x322/0xb30 [ 818.241273][T14031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.247497][T14031] ? kasan_check_read+0x11/0x20 [ 818.252362][T14031] handle_mm_fault+0x43f/0xb30 [ 818.257115][T14031] __get_user_pages+0x7b6/0x1a40 [ 818.262127][T14031] ? follow_page_mask+0x19a0/0x19a0 [ 818.267308][T14031] ? perf_trace_lock+0xeb/0x510 [ 818.272144][T14031] ? lock_acquire+0x16f/0x3f0 [ 818.276805][T14031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 818.283028][T14031] populate_vma_page_range+0x20d/0x2a0 [ 818.288487][T14031] __mm_populate+0x204/0x380 [ 818.293102][T14031] ? populate_vma_page_range+0x2a0/0x2a0 [ 818.298722][T14031] __x64_sys_mlockall+0x35c/0x520 [ 818.303731][T14031] do_syscall_64+0x103/0x610 [ 818.308308][T14031] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 818.314181][T14031] RIP: 0033:0x457e29 [ 818.318061][T14031] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 818.337648][T14031] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 818.346043][T14031] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 818.354044][T14031] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000040000000003 [ 818.362003][T14031] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 818.369963][T14031] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 818.377919][T14031] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 818.390770][T14031] memory: usage 307060kB, limit 307200kB, failcnt 13956 [ 818.398291][T14031] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 818.407881][T14031] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 818.414776][T14031] Memory cgroup stats for /syz3: cache:0KB rss:292700KB rss_huge:151552KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:228344KB active_anon:44084KB inactive_file:0KB active_file:0KB unevictable:20304KB [ 818.437051][T14031] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14030,uid=0 [ 818.453097][T14031] Memory cgroup out of memory: Killed process 14031 (syz-executor.3) total-vm:72580kB, anon-rss:12104kB, file-rss:54316kB, shmem-rss:0kB 03:39:41 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x200000, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000040)={0x1, 0x4, 0xc52, 'queue1\x00', 0x3}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clock_gettime(0xfffffffffffffffe, &(0x7f00000002c0)={0x0, 0x0}) unlinkat(r0, &(0x7f0000000240)='./file0\x00', 0x200) ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000280)=""/58) futex(&(0x7f0000000100)=0x2, 0x8c, 0x1, &(0x7f00000001c0)={r2, r3+10000000}, &(0x7f0000000200)=0x1, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:41 executing program 0: r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000640)) ioctl$PPPOEIOCSFWD(0xffffffffffffffff, 0x4008b100, 0x0) mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(&(0x7f0000000140)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, @perf_config_ext, 0x22002, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpeername(r0, 0x0, &(0x7f0000000240)) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000040)) mkdir(&(0x7f00000005c0)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x1, &(0x7f0000000600)=[{&(0x7f0000000c40)="df8481a7b289330904e020bd3c90409e74ec10fbb525418617cf20f092d1687d9d4dd907d008acd357b230a7f586fee041dee0ae0e2c5d7b7f9fc90209d98578d809809c36dd5482d6bdcc8de06ea00cf043078b", 0x54, 0x1}], 0x0, 0x0) syz_open_dev$vbi(&(0x7f0000000680)='/dev/vbi#\x00', 0x3, 0x2) mount(&(0x7f00000006c0)=ANY=[@ANYBLOB="01009b890521ffbdacd89dd462bd445f95c0ec627ff1349b3e633a50ae8952f7fbc4c646ffccb5aa516a60b194ec4e5281f38069dd93fc6fd1076aba7127660e932ed1e79c6db8c2bc471adeebf3be787e6471a50af6eae2acfb308f63a5582905010ea01611d9feff90ccc46edbdf738447e2f760223eba04707ae9150179ff1e761d42b33231a83054e379ee"], 0x0, &(0x7f00000002c0)='gfs2meta\x00', 0x0, 0x0) getresuid(&(0x7f0000000380), &(0x7f0000000480), &(0x7f0000000500)=0x0) mount$bpf(0x0, &(0x7f0000000300)='./file2\x00', &(0x7f0000000340)='bpf\x00', 0x400, &(0x7f0000000540)={[{@mode={'mode', 0x3d, 0x6}}, {@mode={'mode', 0x3d, 0x7a4}}], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@audit='audit'}, {@uid_lt={'uid<', r2}}]}) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x48000000, &(0x7f00000003c0)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d9abea03ef71344b294bf3e6dcf0823e2398182392e0dcc7d97e09edef61c00855c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af46c66e464617c08f2142109cc4965a2d8baa9f31a92c149e6cb208d567224e8c76d78eb40ade4691005ecf02404282d8"]) r3 = creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) chdir(&(0x7f0000000280)='./file0\x00') ioctl$EVIOCGVERSION(r3, 0x80044501, &(0x7f0000000800)=""/77) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000900)={{{@in=@initdev, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in=@empty}}, &(0x7f0000000a00)=0xe8) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000a40)={{{@in6=@ipv4={[], [], @multicast2}, @in=@empty}}, {{@in=@loopback}, 0x0, @in6=@loopback}}, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xa00, 0x0) 03:39:41 executing program 2: r0 = msgget(0xffffffffffffffff, 0xd9) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200000, 0x0) ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000040)={0x0, 0x98d4, 0x40, 0x4, 0x19, 0x80000001, 0x1, 0x80, 0x1, 0x3}) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) 03:39:41 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x30, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:41 executing program 5: r0 = syz_open_dev$usbmon(0x0, 0x0, 0x48000) recvfrom$inet(r0, 0x0, 0x202, 0x0, 0x0, 0x10000007c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, &(0x7f0000000280)) stat(&(0x7f0000000100)='./file0/file0\x00', &(0x7f00000004c0)) lstat(0x0, &(0x7f00000007c0)) getpgid(0x0) connect$bt_l2cap(r0, &(0x7f0000000340)={0x1f, 0x1, {0x0, 0x7, 0x80000001, 0x8, 0x7}}, 0xe) r1 = syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x4, 0x0) ioctl$TIOCSCTTY(r0, 0x540e, 0x200) syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x7, 0x40) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7a00000000000000, 0x0, 0x0, 0x200000000000000], 0x2, 0x400, 0x2}) keyctl$instantiate_iov(0x14, 0x0, 0x0, 0x0, 0x0) io_setup(0x8, 0x0) memfd_create(0x0, 0x5) r2 = socket$inet(0x2, 0x0, 0x0) syz_open_pts(r0, 0x7fffd) getsockopt$IP_VS_SO_GET_INFO(r2, 0x0, 0x481, &(0x7f0000000200), 0x0) 03:39:41 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) r1 = dup(r0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r0, 0x80000000006) r3 = dup3(r2, r0, 0x0) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000000)={0x7fffffff, 0x5}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000040)={0x0, 0x80000, r3}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f00000000c0)='/dev/ptmx\x00') ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000080)={r4}) write$UHID_INPUT(r3, &(0x7f0000001640)={0x8, "e52aac313baccb9b551156a2d7c12b7711c32a17d3c4c9ceef08c2046fe288a7036e513019e5e114cc4ae935d23a9990952824f5d0c1f52e2eb94e5301ba9dc9a02818038eaef46fc2c3ebbe46e4a6024c93823f66462ba3d68913fdeadd1087b06846aa3ddf6ed3dc2b61b4960f48c2edf5cdf23c7e8d3f2e6daa71e66b29bc19e377d7df4637d735194a52da503a0ac44383ba5b3da867e09ceae02a9bfc21e7f28814c2fab7da41344e207ca706dc37592abdb685e4b80eb6dc2b1dc550a1d16166d163a4a220a54d7844facbbb2648ee90aa05c3c03ee447d79e517df8ffe70c215bd0bf69e86a5f48d571b9337590d05e9947727c0d77d18a117f110252735ca6700a55fd26838935808cce7b7c222a75339e44230bdeb99bc39c0c1cc20de74fcb9744f4c4a988f3874a846d31abcf5504d78a3e14f35f6cbd123fcff22890cc17c730c3ea9f74616dfe60064552ec25568a6211bdc39483a28bed0df0afc7d7c6d13d301e080c8846ea512a8ccae7a99da8dd3009feaf204d22e32c5ecc333e616159d55328d375e59194c5c9a0b3843afb283d1d26f59e03105e91aa552386468432a09be73220e942394f34c559797b74bfe7c5c2c639a40e4d2e81e1004b127540a0bdd6be2f95698e75e4f1203a47d61f506ac9364be9d98ae46536f74afe08c450ecb902e00f188c9f32aed0677455e10bbe82c763a464f10f64c403c35376b7a675546835209f0e2809e9c2bd191f784dda4b727bfac512497a07474e6d3e13233601df81abcdb6fbfb152483ec61baaee45a5d733c62107f63c55a046401a5ddef70cef8d52cb4784e3efc34de554c8ff48f7ae3d6dc1ed4eb70fe1e610355fd66ce1af8ff63b6641fb3dadfab8a9b0b1f26ca11f7287258ad4766e08340f8f2fd53e7e5f287bb73c186f0290f225687040c762776a02e5e65f1b9b713e8ef98ffe111b3e4e7b761dd3ed763ed8dafd67625fb300ac752c0ff9c0c04b75be292c3f0247bd0b3560f1c76aff38791037fcf2b812f1601934a8fc769f7198e0df685841489263a1495a8a8bab1a63cb12b3089a3e30aab15ae872437e52a6f0dbc4df2d0e8df4c6bcd47beefc179d85b70b42b319453e6efaff96a509420bec299f227c4b676c58038916897f15430ff52087dd97dd329c6b6e207378053accaa31843a333e4f69586103424f44bd67eb355c1fbe078e62f07ebaae46c3e335372127dc5fa70a4579af715e531bda52761dc206aded4678079720603a577ef7e5fb5a81a525b7c96a4047d9d6bb80d7e0ce55cc0a4f73256ae9c515307f13fe54126786de425d7a674b05116104176faac5b9365b33fd2f5a710a5159d342abecede83ad421bbb712cd5b006671a958cec907311719eb3e0b5dc4fb51054e06656a7a2a066c0aac65ceb434ca3f242cb2b1d7a22179a85cbbeeacc2f0135d8dd4d1363a98d2543fa4973e19eb359e956d27f142c75f62c7aecaf47090236b9791847725bc6fde15cd4a119a4976a3f0f2d622973ad9000aae56f88b396fa1881ec0b0a5de9955fc8f864b36eacd635b88826e0a64897d605fa4a14f7786b037cf308bef61c7f860e38f1ae67fe8cb7802dbe85f9c0c082eed1a13e645370d0c95d63bba215ac8a637b8f968aef06329d62ba131b56b46bfcfa6a5e82016d5eeb6e7db45595d1acaaa5ec9886315d3dced9d0a15c44c043ac91e4ae7077139774607b76cbc017f636145beb84c1829a6030f4a895a56b8d141f743c9189a71387893f785804f85927a23ccd79c432ab686b621ec91706ef082b4ea4fa608ce2daca0d2e2e07ff51e6a8fdc22f1c8ee5ae53720f93b4547704fae580e5560e3c7b1ac2a38ffc294d3c96635e3b919339394843c8a171c7d12ceb9c0a11be25783694b177b399e7a495538e293a59d3ab44b176afed6894aa0e501d9b98981be3f2057bf6c9869403a34cb83ad57150c674301f39524a026f3608a3414287bc4e507355823c6f8640bb803a392fb8847023d1db3c39753e72414682c617de9bd0d5b6a55d46004d49f20d2f8f53cdd8eb11402f7895cd7c01b4964fd005c564b0b0e156969ccde818dda3a7cae02d1d3af95081e6549f28976fa81b5e90fbb0a62fea850ffaf0220132189c11a74996261f6de6001c50364f08c4f48fd46a0417ec8ee4d003efeead64b87d64b43cd6868f365e72e26dd9f5f9f74d135f64464cb38dd62051ae70c5a4daabebe700eb9b290b8ed4142db0090219e6186f8f71fa8fe1ebe42f621b8eed182ee8ad0401f0a3530fd48e4d1eb2637f1fbd2a7032b0f85715203c12ab8ff48131bc4ff28272b57119a76bc0b30fef5294c23c0b2bcadfbba37a00502b5e43d72148d9acc7cb7cb39dc830cd6f30262a09eecf29d1055c2edc3926cfd5076aa5f9f172ed145359fc974ca5ded652433d212607bed155df1aff269414548a39a644b6ce927de5de6e6750575c4fd7ea7fe10b1e51fde6975c0c23fc012a8b12fe3fa64e972e4e09eafea165ae5c1ffc9d761e1314a781959c223b96eefde0f4f45c7ac032a8d3f1bd304114c3329a3e4966eddcc8d44ae70bad2932f963100955e2d2d487347c2aa8356bc6bc3c84e418163c758f1372246884e6d80d87d7ab3fe660dda13ada65f200b4fb365223b93bbc29493ae6dbbbb1823edb8e9f045b60414edab955e1046b67a8d4908ab08ad90216125d2ffd8c7814a9a4940df0a653b1cf53cf456412228445ebc8e1584adfe13207ff24fe602e2a506218710483b5544347a3d515b7d2ddcaa1bb7ae3578841918a8ed00659d5f260d23ae17a9ffc77f79758844586fe53517097838a92dde8873e8be1cd5934f1a4bfdd9d0b5725b811c4a2c121b7729946993a736bd195c55684ea680304af4844a1b2f74e2c2b2ccaeceb00b9c2c515b70912efb27643c5624025e358b44853cc0efddc103ee514471af902cd9b68f102c95a91d2b825b473ce842e6367b0b7305ce8be6f9c812abe860bb632e00b69a0370e5c8f9ba0cebbcbe1b9276949c303a4e9e3b6db37a0716520c07512192364abb58399fca973a1b32106096eda8bb85745562e8a35c5e917fdf858091a4c29d6549e10098d6b205fc5cad546fe07b3a70756cf7079c88f3708f0c8527002b99e80cbd584a3737fb37953cd6dccf21add4d4b6e65894490840c008578737d5e208649d1cd34beb403c2226300297853a29cf6c661b426c13306575d81f6fd21712e0ec4366013883b95a71d5094acbf156e42de11cb873744983ec1ff9cfbee2278053b8b4e523388bd41dfd3c2ecaacc5d9d2958bbfa94f4bd0ac1c61c98ab295dd5c69020f1329818df9a2aa88ced03f4e6a4d1f8cb020afcd2384e65511ddeb908ba0c13a03dd32e8d4ccf0246008f35ef5184f81b8fed73b4aae4998bd8c7d784210042247d39396ba881bf43555d0ec58deede7b4729e79d31b2a346527594ca3a47a1723a792a701dc18d0124365e2c4a4fefed48c29a9f2fc747b302eaf92a100b2da211c91de4ab79d4aede483d852635c6f14d38095a5739d475c7aa67fdd54767a056eeb3098dfd8d1c21f32e76f0247f04118448273586856e641b83f540a643e72dc15804b78bac475f39e23291798aa45a2c10aa5fef2d5e4d7b8f529a66535d11c6149e9797f2fcce2804f2a5370345e98b0c02c7dd27135d414fe72f0740423920d68b64f6b8c05788c6693ee1b9abb5d4593a970dc3ee2528765fb739964f4fed7200d7e796a9f3d0d60834e638dd8c29d4e85011e4ba4f127fe765954a5b5bb5d1cc69f2376599d5a3e8c30714893f763c06061072c10cb0eee17eb2a2514acc584b04e169d4a33a330367bb725ff9462f5d50282a2e393293eec8ea1eaab8217cc108798a4a57eccdb00647ab9f07318993f7c59c395a93cbd681d0a967a56e3f13c832c48dcc0d0096870b0d51b754e70b12a849b6f376923f7f7d909f64d64e1d6e338d39166b725265b96ed21e36b12057148d66e5df04b7b734ed0957d47fde172be2473b9ac6fdb823abe3e11ec69a170a14511d5572d6c0d9f6b749acad7003f0567bb6f9381649e42d02764077330d5af3d93185968a9f8dfed16c4a7c768a2bb98304946a557182c0ce93e82b340074e384cc6bd6129483386c654a6ab3bb12fe8e86adafa93f218fdf5019c09292858acd8ef7aa6a78e3f846215856d630ae9c5fc4009693b2767ea55c469f9099693287b35d43ee0f7a5baf3328d37b2c536f2abd6e21e472c105ae982cdd26a5a20562122e71efb1486c28d9409c3114b608f297695958c5604cf0918c0c70c56c79170260d73bde297e47cae1c404cca0a96eed51a2dc8f6f6ad862fe767ee5b5e68f231096825d935b809b3c1b5d9a2cd76cae22652bed7d263b42612ed717eba0aaf2a3989c4520c402d29428010000000000000062fb3fdd073b91d4e2f6895fba9639ee78bd8ccb5bc3ce442fbeb9a1521314b82804293159fd7df4db66b78a06fe93e705bbc4e0d294a787c3cbf271b2acd15e7b4998c822f7724d3191e2265bd0d694dfb08063c9ff26a424884b46e26b5560d756c114ad1a7b92eee3f49dc2883b604ecc49c5ce92ce467778301326588a6577d44758e8d90710248d110dbf3d3d568779bd1c616369f84619dd089e38b51634f7c5d2ac9f1547a342877815a3864ad70b68b196bde9d810512f411d5235633ef65088788dfa3f152df7cee3a0803f6ac7ae192301dec07ff870ff3d7cf1c09cc9093263b225d01222376531007af9e6fb96e5ccaa8274f70adc786db7f33a20a752717b56b9a03bfce15a1aacd78c4adf8bdf41de8aaf421684c27526088c54322b5eea9175ef9c574c1f873218cc6f5df233892d7d5b0b0649ffc5a1c4909f2967a8c1f15b419ecde0448f071fa71e553f4f12cfa5e35022e75ddc5509edddc3de82d9097759b27f7c24776702e0ff64559281f796f11c1a9c77a156f390d2d18d1759b6be0347eb5bb4df912e9cfafa0db3be3243bacb378ca0946cece695a8099d6d7a24fc8bcca4c09695e3208f17f00bf404f6eb7852dfe73c163a19fd4e890e0edd5c7a727984b6f47a952373b95200bba061756c699c218b52c265b22bcd5cb24fdf056621fdd2126cede171e435320ca34e56e4c82a2afc9a59d3bf4647877658b6f23a6484f37acd8e2e184926993b5d1bbe6cdba64f486b4fb41bb94a644140540894f8fc14e585bc8beae88eabf926add289c82eb8cea99743baed842d76eb5c5573f7a7f3f2693960d6bfed697b5619afd942f41689dbd281a35e32478ba3a388dada82a2f4164481aa6a8f3946a84ea6186b20ce388c202be42996ae90feec7258d4a4a276353df84c96b160ac003d81cf395c0e61b0f0a9e692c32fab307f754cae5de7716a00cb96160cd39c931f4885d612862cecf6ba76502c9d266f97e4cf6cf0a16f787788e5471458a0dc24d3f2a28caa0f7ee00cf8bb113bd9c2b086037d765b5ec9a849df6f482fc01b48261e44299b0bc88321d837b6e2d221ebf2996b4140cd82e531de27f8de445f31c64469a5a145b031cd2569d19e27369c31ec63a989f0c9aaba7cc9d36d652001d40004f83a90d6465854f31bf15d1ef6bff4c02d60b948a37e3f50d250d7f85f545f507014aae5a35908283168c034f654acbb9d0fc261671d612e3d74261653e69e5e9cf7c8fda298b4d6c879cbbb97eafe648ba70150599089d65c1fdc0d5af879a2d46a443ac6dd21b33f72510742db4faf7eeb1580580ffe26e2d5ff", 0x1000}, 0x1006) 03:39:41 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x200c3020, 0x84, 0x2, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 818.813380][T14092] overlayfs: failed to resolve './file1': -2 03:39:41 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x324) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/autofs\x00', 0x100, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000140)={0x0, 0x81}, &(0x7f0000000180)=0x8) r3 = add_key$keyring(&(0x7f0000000280)='keyring\x00', &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) sendto$ax25(r1, &(0x7f0000000480)="06e94d4c61ce4a1402378d20b4bafd2c673183b08e7785174ed1e9e6a716e0b6cce848e7a1c3e9062cc46c1ddab137bc3f5215af4d932bdbf3dad50d6a34923e14465fb267b289ef46e80458f9c7f1638f679237b41281e7d80debee792959086a5783be4d84c6394222d9934c", 0x6d, 0x800, &(0x7f0000000500)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6}, [@default, @null, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) r4 = request_key(&(0x7f0000000340)='big_key\x00', &(0x7f0000000380)={'syz', 0x0}, &(0x7f00000003c0)='\x00', 0x0) keyctl$instantiate(0xc, r3, &(0x7f0000000300)=@encrypted_load={'load ', 'default', 0x20, 'user:', '/dev/autofs\x00', 0x20, 0x91, 0x20, [0x0]}, 0x36, r4) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000200)={r2, 0x6}, 0xc) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x32, 0x4) connect$inet(r0, &(0x7f0000000440)={0x2, 0x0, @broadcast}, 0x1f) writev(r0, &(0x7f0000001680)=[{&(0x7f0000000240)="c8", 0x1}], 0x1) setsockopt$sock_linger(r0, 0x1, 0x35, &(0x7f0000000000)={0x1}, 0x8) r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x230880, 0x0) ioctl$PPPIOCSMRU(r5, 0x40047452, &(0x7f00000000c0)=0x8001) 03:39:41 executing program 2: msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) msgrcv(0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x800, 0x0) ioctl$KVM_TRANSLATE(r0, 0xc018ae85, &(0x7f0000000040)={0x2000, 0xd001, 0x100000001, 0x6a, 0x62}) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, &(0x7f0000000080)={{0x5, 0x5, 0xfffffffffffffff9, 0x100000001, 0x6, 0x3ab8}, 0x3, 0xfffffffffffffffa, 0x3, 0x7fffffff, 0x7fff, "784fc37196beb593a6228cb1a158ad35b9f05dd546783abd256318cd10832387ef8b5269424874bda01728dcb82b6ee7cd705c1a6a0a4ae9a03a278e9d407ca32c97a82ba8fbb0e49357c03d035543cd8b5933b72484829d9bd15d83a4423542750130fbe94ae272ecbd605f4480bf93021cdaeb95b9ecde032273ced1ffefec"}) msgctl$IPC_RMID(0x0, 0x0) 03:39:41 executing program 3: mlockall(0x40000008001) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) prctl$PR_CAPBSET_DROP(0x18, 0x17) openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000000)=0x4b) write$vnet(r2, &(0x7f0000000080)={0x1, {&(0x7f0000000180)=""/202, 0xca, &(0x7f0000000280)=""/228, 0x2, 0x5}}, 0x68) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0) 03:39:41 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f023c123f3188a070") r1 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000140)="655552a4c19ed0341ebc37a616b9f646574ec0c046cf568afdc43fef7552bbc2dc81208f28d884110536cd36981a7a9a88659925ade7da44fe50829465d88ab909dcc710ee6fc99fdc76b6c73585d4093d6371ba15da8e812a6b6f039bce50405ac7daffbf60892ee17b0a9bcf8e1ef6", 0x70, 0xfffffffffffffff8) keyctl$assume_authority(0x10, r1) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}]}) r2 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0xff, 0x28800) ioctl$VIDIOC_DBG_S_REGISTER(r2, 0x4038564f, &(0x7f0000000240)={{0x0, @addr=0x4800000000000}, 0x8, 0xfffffffffffffff8}) [ 818.933536][T14092] overlayfs: failed to resolve './file1': -2 03:39:41 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x5, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 819.031308][T14126] overlayfs: empty lowerdir 03:39:41 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001040)='net/route\x00') read$FUSE(r0, &(0x7f0000000000), 0xe42) getsockname$unix(r0, &(0x7f0000001080)=@abs, &(0x7f00000012c0)=0xfffffffffffffea1) getsockopt$inet_tcp_buf(r0, 0x6, 0x3b, &(0x7f0000001100)=""/135, &(0x7f00000011c0)=0x87) ioctl$KVM_GET_EMULATED_CPUID(r0, 0xc008ae09, &(0x7f0000001240)=""/112) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$DMA_BUF_IOCTL_SYNC(r0, 0x40086200, &(0x7f0000001200)=0x1) 03:39:41 executing program 4: openat$capi20(0xffffffffffffff9c, &(0x7f0000000480)='/dev/capi20\x00', 0x0, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") r2 = socket$inet(0x10, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000000)={0x0, 0x30}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000180)=@assoc_value={r3, 0x400}, 0x8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) 03:39:41 executing program 2: r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="8a007cdf3ae318fc2e79c0f69a", 0xd, 0x0) keyctl$KEYCTL_PKEY_DECRYPT(0x1a, &(0x7f00000000c0)={r0, 0x7, 0x1}, &(0x7f0000000100)={'enc=', 'pkcs1', ' hash=', {'sha3-256-ce\x00'}}, &(0x7f0000000180)="dc9cc43724b8fcfb18df7179a73df63c172bbc2bff3b7a925483ecb0b50cc6d2086348e56608be983a96e70b4b858493691aa235b059c5e8dcb45d92c632fd8dbb95915a91c8f6389cfdf90534b6f6f48352687c34ab4cdb3df60f1507ddff4ece56a858bce9c6a75ca5dd825f557a4545182b194c07c19dc6ed8e6780a665c32185a0ffef686178105d7ff3382dca94439f87bf8b1994324e15e8b62c9ecb8e39019ccc829d0690c2e038db7e13d37c541ced096641b1f1c6b7e69eaebf78e5d1455224975805b25f10534147f30e23b9461ca23a8944523e440c2c0df1914d21172a71643703d57e2ebb62d9c1ac4d4b", &(0x7f0000000280)=""/254) r1 = msgget(0xffffffffffffffff, 0x0) msgrcv(r1, 0x0, 0x0, 0x0, 0x800) r2 = semget$private(0x0, 0x5, 0x1) semctl$SETALL(r2, 0x0, 0x11, &(0x7f0000000400)=[0x100000000, 0x8000, 0x1, 0x93, 0xffffffff]) msgrcv(r1, 0x0, 0x0, 0x0, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vsock\x00', 0x200000, 0x0) ioctl$sock_inet6_udp_SIOCINQ(r3, 0x541b, &(0x7f0000000440)) msgrcv(r1, &(0x7f0000000480)={0x0, ""/208}, 0xd8, 0x3, 0x800) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000003c0)) msgctl$IPC_RMID(r1, 0x0) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000580)='/dev/video1\x00', 0x2, 0x0) nanosleep(&(0x7f00000005c0)={0x77359400}, &(0x7f0000000600)) [ 819.114802][T14126] overlayfs: empty lowerdir 03:39:41 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x6, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:41 executing program 5: write$RDMA_USER_CM_CMD_GET_EVENT(0xffffffffffffffff, &(0x7f0000000040)={0xc, 0x8, 0xfa00, {&(0x7f0000000280)}}, 0x10) r0 = memfd_create(&(0x7f0000000180)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\b\xedcJ\x8e\x84\xd4N\x12\x9b\x1f\x10\xbd\x11+\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\xc1\x0f\xf3\xc8\xbf\xdd~w\xa6\xbdZ\xe5\xa7\xda\xeb\x03\x98\xfe\xd9,\xa6\'\xb6q\x82\v\xcde7\x19K\xdc\"b\xf5\x8aY\\P\xf2\xcf\xdb\xdc~\xf1}K\x9d%\x1e\xe7\xe1\x12\xc3x\xa2\x19\xf3}\xfe\x8fW\xf9\x13\x1f$\xea\f3b\x1c\xcf\xcf\xb9\x9a\x8d\xa0CS\n\xfc\t\x8b\xe3EP\xc8\xa9o\xde\xf7\x17\xa95\xb125\xdb\x8f\xc2\x03a\x01\xfd\x8b\xad\xea\xb2+\xb3Z0x0, 0xffffffff00000000}, &(0x7f0000000200)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000240)={r1, 0x7fffffff}, 0x8) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_mount_image$minix(&(0x7f0000000280)='minix\x00', &(0x7f00000002c0)='./file0/file0\x00', 0xfffffffffffffff9, 0x1, &(0x7f0000000380)=[{&(0x7f0000000300)="89280aad1dd5e8d3884f79e7bc5532f9a4e0c76bf7a16b90170c0551b2ee5fca451c51f17cf1a4a45e27f397bb896fcb708824035084c126e69fd9e6a4268c779eab510244c249d93383d95836015442692638395d4146dd0b9fdd1c29e70f145a027fb23b31b67bf260308371bf9eb947", 0x71, 0xe5}], 0x28800, 0x0) statfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/203) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000b3c000/0x1000)=nil, 0x1000, 0xfffffffffffffffc, 0x6031, 0xffffffffffffffff, 0x0) 03:39:41 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x7, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:41 executing program 4: r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) sendto$ax25(r0, &(0x7f0000000200)="e6100aecf47885392d1968b4390fcc3909b1af373fb0900f1fa4e15bb3af05e94d22ff2ed92d52be3e764ebac533a1cbc2cf604b47b9cb1c13f1cd279edc2360ccda0cdf33703256f344cfff491ee925e7159c2c9a2a1da13c593c77fdc287037a9f01189acc1dacc328897dae0fe1f5c62666732db03f96663a0c3a8551a4b75b742ffb86641964bc1c6eb5b2237f9b", 0x90, 0x0, &(0x7f00000002c0)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48) preadv(r0, &(0x7f0000000780)=[{&(0x7f0000000340)=""/162, 0xa2}, {&(0x7f0000000400)=""/126, 0x7e}, {&(0x7f0000000480)=""/89, 0x59}, {&(0x7f0000000500)=""/171, 0xab}, {&(0x7f00000005c0)=""/123, 0x7b}, {&(0x7f0000000640)=""/56, 0x38}, {&(0x7f0000000680)=""/233, 0xe9}], 0x7, 0x0) r1 = fanotify_init(0x0, 0x80000000000000) write$FUSE_NOTIFY_INVAL_INODE(r1, &(0x7f0000000000)={0x1d, 0x2, 0x0, {0x0, 0xfffffffffffffffe}}, 0x28) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x400, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=@deltaction={0xb0, 0x31, 0x210, 0x70bd25, 0x25dfdbfc, {}, [@TCA_ACT_TAB={0x68, 0x1, [{0x14, 0x1d, @TCA_ACT_KIND={0xc, 0x1, 'skbmod\x00'}}, {0x10, 0x3, @TCA_ACT_INDEX={0x8, 0x3, 0x1000}}, {0x10, 0x1, @TCA_ACT_INDEX={0x8, 0x3, 0x8}}, {0x10, 0x20, @TCA_ACT_INDEX={0x8, 0x3, 0x36}}, {0x10, 0xb, @TCA_ACT_KIND={0x8, 0x1, 'xt\x00'}}, {0x10, 0x1b, @TCA_ACT_INDEX={0x8, 0x3, 0x3f}}]}, @TCA_ACT_TAB={0x34, 0x1, [{0x10, 0xe, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x10, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xffffffff}}, {0x10, 0xf, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x20000080}, 0x40000) write$FUSE_STATFS(r2, &(0x7f0000000800)={0x60, 0x0, 0x2, {{0x8, 0xc6, 0x100000001, 0x126b, 0x0, 0x7, 0x8001, 0x1000000}}}, 0x60) 03:39:42 executing program 5: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000540)=@broute={'broute\x00', 0x20, 0x4, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000080], 0x0, 0x0, &(0x7f0000000080)=[{}, {0x0, '\x00', 0x1}, {0x0, '\x00', 0x3}]}, 0x108) [ 819.446486][T14159] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 819.493297][T14159] CPU: 1 PID: 14159 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 819.502448][T14159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 819.512517][T14159] Call Trace: [ 819.515817][T14159] dump_stack+0x172/0x1f0 [ 819.520159][T14159] dump_header+0x10f/0xba6 [ 819.524579][T14159] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 819.530389][T14159] ? ___ratelimit+0x60/0x595 [ 819.534989][T14159] ? do_raw_spin_unlock+0x57/0x270 [ 819.540104][T14159] oom_kill_process.cold+0x10/0x15 [ 819.545220][T14159] out_of_memory+0x79a/0x1280 [ 819.549906][T14159] ? lock_downgrade+0x880/0x880 [ 819.554762][T14159] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.561005][T14159] ? oom_killer_disable+0x280/0x280 [ 819.566202][T14159] ? find_held_lock+0x35/0x130 [ 819.570984][T14159] mem_cgroup_out_of_memory+0x1ca/0x230 [ 819.576533][T14159] ? memcg_event_wake+0x230/0x230 [ 819.581569][T14159] ? do_raw_spin_unlock+0x57/0x270 [ 819.586686][T14159] ? _raw_spin_unlock+0x2d/0x50 [ 819.591546][T14159] try_charge+0x118d/0x1790 [ 819.596062][T14159] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 819.601618][T14159] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.607861][T14159] ? kasan_check_read+0x11/0x20 [ 819.612722][T14159] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 819.618272][T14159] mem_cgroup_try_charge+0x24d/0x5e0 [ 819.623565][T14159] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 819.629201][T14159] wp_page_copy+0x408/0x1740 [ 819.633793][T14159] ? find_held_lock+0x35/0x130 [ 819.638574][T14159] ? pmd_pfn+0x1d0/0x1d0 [ 819.642822][T14159] ? lock_downgrade+0x880/0x880 [ 819.647673][T14159] ? swp_swapcount+0x540/0x540 [ 819.652442][T14159] ? kasan_check_read+0x11/0x20 [ 819.657297][T14159] ? do_raw_spin_unlock+0x57/0x270 [ 819.662417][T14159] do_wp_page+0x5d8/0x16c0 [ 819.666868][T14159] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 819.672258][T14159] __handle_mm_fault+0x22e8/0x3ec0 [ 819.677379][T14159] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 819.682924][T14159] ? find_held_lock+0x35/0x130 [ 819.687696][T14159] ? handle_mm_fault+0x322/0xb30 [ 819.692648][T14159] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.698889][T14159] ? kasan_check_read+0x11/0x20 [ 819.703745][T14159] handle_mm_fault+0x43f/0xb30 [ 819.708523][T14159] __get_user_pages+0x7b6/0x1a40 [ 819.713477][T14159] ? follow_page_mask+0x19a0/0x19a0 [ 819.718674][T14159] ? perf_trace_lock+0xeb/0x510 [ 819.723526][T14159] ? __vma_adjust+0x1840/0x1840 [ 819.728389][T14159] ? lock_acquire+0x16f/0x3f0 [ 819.733067][T14159] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 819.739314][T14159] populate_vma_page_range+0x20d/0x2a0 [ 819.744786][T14159] __mm_populate+0x204/0x380 [ 819.749386][T14159] ? populate_vma_page_range+0x2a0/0x2a0 [ 819.755042][T14159] __x64_sys_mlockall+0x35c/0x520 [ 819.760258][T14159] do_syscall_64+0x103/0x610 [ 819.764859][T14159] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 819.772511][T14159] RIP: 0033:0x457e29 [ 819.777729][T14159] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 819.797339][T14159] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 819.805758][T14159] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 819.813735][T14159] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 819.821710][T14159] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 819.829689][T14159] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 03:39:42 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x8, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:42 executing program 4: r0 = socket(0x18, 0x1, 0x0) recvmsg(r0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x801) 03:39:42 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0xa, {0x0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 819.837671][T14159] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 819.861815][T14163] kernel msg: ebtables bug: please report to author: bad policy 03:39:42 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() setsockopt$inet6_buf(r1, 0x29, 0x40, &(0x7f0000000000), 0x0) tkill(r3, 0x13) ptrace$setopts(0x4206, r3, 0x0, 0x0) fcntl$setstatus(r2, 0x4, 0x42803) capget(0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) 03:39:42 executing program 5: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) fchdir(0xffffffffffffffff) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000280)='./file0\x00', 0x0) [ 820.011386][T14159] memory: usage 307200kB, limit 307200kB, failcnt 14003 [ 820.063431][T14159] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 820.096115][T14159] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:39:42 executing program 2: r0 = msgget(0x0, 0x2) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2) ioctl$KVM_SET_SIGNAL_MASK(r1, 0x4004ae8b, &(0x7f0000000100)=ANY=[@ANYBLOB="7400000068cdf779c4f3f1faa1c815404ee74350a88f97f70343a74073a98925af66ce0e7a66ebe6cc9fb6ae3f0163509bff4b7acfe5338bc7e6ddc5cde284f536d19bcd6a1147d41aac705e2989bc8672190018e57e03e28fc14820f9584a5f54317753c3c928300dc22e95badab4980a95a7254a5f75d9881d7f68a5ff454b503e572ad1"]) gettid() msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) msgctl$IPC_RMID(r0, 0x0) openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x2900, 0x0) 03:39:42 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x2, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:42 executing program 4: syz_emit_ethernet(0xe, &(0x7f0000000000)={@empty=[0x0, 0x0, 0x500], @local, [], {@generic={0x8864}}}, 0x0) [ 820.123021][T14159] Memory cgroup stats for /syz3: cache:0KB rss:292408KB rss_huge:151552KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237656KB active_anon:44432KB inactive_file:0KB active_file:0KB unevictable:10332KB [ 820.259554][T14159] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14079,uid=0 [ 820.321920][T14159] Memory cgroup out of memory: Killed process 14079 (syz-executor.3) total-vm:72580kB, anon-rss:18248kB, file-rss:34816kB, shmem-rss:0kB [ 820.350351][ T1042] oom_reaper: reaped process 14079 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 820.667974][T14157] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 820.681622][T14157] CPU: 0 PID: 14157 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 820.690738][T14157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 820.700797][T14157] Call Trace: [ 820.704101][T14157] dump_stack+0x172/0x1f0 [ 820.708432][T14157] dump_header+0x10f/0xba6 [ 820.712849][T14157] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 820.718661][T14157] ? ___ratelimit+0x60/0x595 [ 820.723248][T14157] ? do_raw_spin_unlock+0x57/0x270 [ 820.728371][T14157] oom_kill_process.cold+0x10/0x15 [ 820.733486][T14157] out_of_memory+0x79a/0x1280 [ 820.738174][T14157] ? lock_downgrade+0x880/0x880 [ 820.743020][T14157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.749261][T14157] ? oom_killer_disable+0x280/0x280 [ 820.754458][T14157] ? find_held_lock+0x35/0x130 [ 820.759232][T14157] mem_cgroup_out_of_memory+0x1ca/0x230 [ 820.764774][T14157] ? memcg_event_wake+0x230/0x230 [ 820.769804][T14157] ? do_raw_spin_unlock+0x57/0x270 [ 820.774942][T14157] ? _raw_spin_unlock+0x2d/0x50 [ 820.779795][T14157] try_charge+0x118d/0x1790 [ 820.784312][T14157] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 820.789869][T14157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.796117][T14157] ? kasan_check_read+0x11/0x20 [ 820.800977][T14157] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 820.806531][T14157] mem_cgroup_try_charge+0x24d/0x5e0 [ 820.811822][T14157] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 820.817475][T14157] do_huge_pmd_wp_page+0x99d/0x3660 [ 820.822677][T14157] ? perf_trace_lock+0xeb/0x510 [ 820.827538][T14157] ? __split_huge_pmd+0x2c00/0x2c00 [ 820.832739][T14157] ? __lock_acquire+0x55d/0x4710 [ 820.837675][T14157] ? pmd_val+0x85/0x100 [ 820.841832][T14157] ? add_mm_counter_fast.part.0+0x40/0x40 [ 820.847561][T14157] ? perf_trace_lock+0xeb/0x510 [ 820.852945][T14157] __handle_mm_fault+0x1651/0x3ec0 [ 820.858065][T14157] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 820.863611][T14157] ? find_held_lock+0x35/0x130 [ 820.868374][T14157] ? handle_mm_fault+0x322/0xb30 [ 820.873319][T14157] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 820.879563][T14157] ? kasan_check_read+0x11/0x20 [ 820.884420][T14157] handle_mm_fault+0x43f/0xb30 [ 820.889191][T14157] __do_page_fault+0x5ef/0xda0 [ 820.893965][T14157] do_page_fault+0x71/0x581 [ 820.898471][T14157] ? page_fault+0x8/0x30 [ 820.902715][T14157] page_fault+0x1e/0x30 [ 820.906872][T14157] RIP: 0033:0x43f177 [ 820.910767][T14157] Code: 48 83 c7 04 f6 c2 08 74 0e 48 8b 0e 48 89 0f 48 83 c6 08 48 83 c7 08 81 e2 f0 00 00 00 74 1f 0f 1f 40 00 48 8b 0e 4c 8b 46 08 <48> 89 0f 4c 89 47 08 83 ea 10 48 8d 76 10 48 8d 7f 10 75 e5 f3 c3 [ 820.930454][T14157] RSP: 002b:00007ffce8248458 EFLAGS: 00010202 [ 820.936516][T14157] RAX: 0000000020000180 RBX: 000000000073c900 RCX: 7165732f7665642f [ 820.944488][T14157] RDX: 0000000000000010 RSI: 00000000007400e0 RDI: 0000000020000180 [ 820.952640][T14157] RBP: 000000000073c900 R08: 00327265636e6575 R09: 00000000d2773e06 [ 820.960608][T14157] R10: 00007ffce8248520 R11: 0000000000000246 R12: fffffffffffffffe [ 820.968575][T14157] R13: 00000000000c85a0 R14: 00000000000003e8 R15: 000000000073bfac [ 820.988401][T14157] memory: usage 307200kB, limit 307200kB, failcnt 14047 [ 820.995496][T14157] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 821.004007][T14157] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 821.010949][T14157] Memory cgroup stats for /syz3: cache:0KB rss:292180KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:219464KB active_anon:44404KB inactive_file:0KB active_file:0KB unevictable:28356KB [ 821.034152][T14157] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14157,uid=0 [ 821.050053][T14157] Memory cgroup out of memory: Killed process 14157 (syz-executor.3) total-vm:72580kB, anon-rss:18000kB, file-rss:53540kB, shmem-rss:0kB [ 821.065582][ T1042] oom_reaper: reaped process 14157 (syz-executor.3), now anon-rss:18096kB, file-rss:53540kB, shmem-rss:0kB 03:39:43 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$audion(&(0x7f0000000140)='/dev/audio#\x00', 0x8, 0x6400) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sloppy_sctp\x00', 0x2, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r2, 0x400442c8, &(0x7f0000000040)=ANY=[@ANYRES32=r0, @ANYBLOB="090000000400316be10cdc475ae64b2106c16699508b3864b02c7969a9389956a512ea7fc332ac9bb098000186048db66f31d13ef897eeaec6f19f19a1e16e7ab50013548e4b5650c2040c3150407e2dadc8e32ca2fc1a804097deeebb2a90f67c7c30456c98421dcf313aa5b8a8111f48fc1e1df6f2dfc20c5340eef47f03dbac8e5dc6ca343618ca289453debb82bcccf0b9b483d1e90e08f58f657ed454f47d3364a5c051eb14fe59f1348b584d623d23b293ed82617a5e5c1979df65ce557e0000000000000000000000000000000000000000"]) 03:39:43 executing program 4: r0 = socket(0x1e, 0x805, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req3={0x80000000}, 0xfeda) 03:39:43 executing program 5: r0 = socket$kcm(0x2, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000000)=@in={0x2, 0x4e21, @local}, 0x80, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB="20000000000000000000000007000000830b040000000000000000000000003661000000000000002038f5cfbce0beda0a2ce2415c2759d7a002c696bb5c70710c2ee1f004402a2d6db1abfeed1345b988e207b93e89c42c2d1b7b2fb1e77cf99ba3498c9f900960405db0127d24577deb84596a6c77686fa69977587a47b9d2a7"], 0x81}, 0x0) 03:39:43 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x4, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:43 executing program 2: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt(r0, 0x0, 0x0, 0x0, 0x0) 03:39:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f023c123f3188a070") r1 = syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x252, 0x82) r2 = memfd_create(&(0x7f0000000140)='\'fem1wlan0@/ppp0(ppp1md5sum(vmnet1\x00', 0x0) pwritev(r2, &(0x7f0000000340)=[{&(0x7f0000000100)="ed", 0x1}], 0x1, 0x81807) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r2, &(0x7f0000000000)=0x39044, 0x2000005) 03:39:44 executing program 5: accept$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) write$P9_RLINK(0xffffffffffffffff, 0x0, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) pwritev(0xffffffffffffffff, 0x0, 0xfffffffffffffc98, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) getgid() listen(r1, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) r2 = accept4$inet(r1, 0x0, 0x0, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) fcntl$notify(0xffffffffffffffff, 0x402, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, 0x0, 0x0) syncfs(r2) [ 821.369180][T14223] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 821.395968][T14223] CPU: 1 PID: 14223 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 821.405103][T14223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 821.405110][T14223] Call Trace: [ 821.405132][T14223] dump_stack+0x172/0x1f0 [ 821.405155][T14223] dump_header+0x10f/0xba6 [ 821.405174][T14223] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 821.405217][T14223] ? ___ratelimit+0x60/0x595 [ 821.405243][T14223] ? do_raw_spin_unlock+0x57/0x270 [ 821.405263][T14223] oom_kill_process.cold+0x10/0x15 [ 821.405281][T14223] out_of_memory+0x79a/0x1280 [ 821.418614][T14223] ? lock_downgrade+0x880/0x880 [ 821.418630][T14223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.418650][T14223] ? oom_killer_disable+0x280/0x280 [ 821.433157][T14223] ? find_held_lock+0x35/0x130 [ 821.433188][T14223] mem_cgroup_out_of_memory+0x1ca/0x230 [ 821.433203][T14223] ? memcg_event_wake+0x230/0x230 [ 821.433226][T14223] ? do_raw_spin_unlock+0x57/0x270 [ 821.457495][T14223] ? _raw_spin_unlock+0x2d/0x50 [ 821.468899][T14223] try_charge+0x118d/0x1790 [ 821.468924][T14223] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 821.484207][T14223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.484231][T14223] ? kasan_check_read+0x11/0x20 [ 821.484254][T14223] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 821.484276][T14223] mem_cgroup_try_charge+0x24d/0x5e0 [ 821.484297][T14223] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 821.494249][T14223] __handle_mm_fault+0x1e1f/0x3ec0 [ 821.494273][T14223] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 821.494289][T14223] ? find_held_lock+0x35/0x130 [ 821.494304][T14223] ? handle_mm_fault+0x322/0xb30 [ 821.494336][T14223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.504372][T14223] ? kasan_check_read+0x11/0x20 [ 821.504395][T14223] handle_mm_fault+0x43f/0xb30 [ 821.504417][T14223] __get_user_pages+0x7b6/0x1a40 [ 821.504447][T14223] ? follow_page_mask+0x19a0/0x19a0 [ 821.578038][T14223] ? perf_trace_lock+0xeb/0x510 [ 821.582879][T14223] ? __vma_adjust+0x1840/0x1840 [ 821.587735][T14223] ? lock_acquire+0x16f/0x3f0 [ 821.592399][T14223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 821.598629][T14223] populate_vma_page_range+0x20d/0x2a0 [ 821.604075][T14223] __mm_populate+0x204/0x380 [ 821.608664][T14223] ? populate_vma_page_range+0x2a0/0x2a0 [ 821.614287][T14223] __x64_sys_mlockall+0x35c/0x520 [ 821.619322][T14223] do_syscall_64+0x103/0x610 [ 821.623944][T14223] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 821.629838][T14223] RIP: 0033:0x457e29 [ 821.633724][T14223] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 821.653314][T14223] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 821.661729][T14223] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 821.669705][T14223] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 821.677669][T14223] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 821.685624][T14223] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 821.693598][T14223] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 821.701903][ C0] net_ratelimit: 13 callbacks suppressed [ 821.701911][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 821.704989][T14223] memory: usage 307200kB, limit 307200kB, failcnt 15044 [ 821.707701][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 821.713463][T14223] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 821.733871][T14223] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 821.740833][T25568] Memory cgroup stats for /syz3: cache:0KB rss:292176KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:235472KB active_anon:44436KB inactive_file:0KB active_file:0KB [ 821.740910][T14223] unevictable:12512KB [ 821.788098][T14223] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13504,uid=0 [ 821.819253][T14223] Memory cgroup out of memory: Killed process 13504 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 821.839156][ T1042] oom_reaper: reaped process 13504 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 822.048047][T14223] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 822.058113][T14223] CPU: 0 PID: 14223 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 822.067226][T14223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 822.077270][T14223] Call Trace: [ 822.080556][T14223] dump_stack+0x172/0x1f0 [ 822.084884][T14223] dump_header+0x10f/0xba6 [ 822.089299][T14223] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 822.095092][T14223] ? ___ratelimit+0x60/0x595 [ 822.099673][T14223] ? do_raw_spin_unlock+0x57/0x270 [ 822.104781][T14223] oom_kill_process.cold+0x10/0x15 [ 822.109886][T14223] out_of_memory+0x79a/0x1280 [ 822.114562][T14223] ? lock_downgrade+0x880/0x880 [ 822.119395][T14223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.125620][T14223] ? oom_killer_disable+0x280/0x280 [ 822.130802][T14223] ? find_held_lock+0x35/0x130 [ 822.131901][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 822.135567][T14223] mem_cgroup_out_of_memory+0x1ca/0x230 [ 822.135581][T14223] ? memcg_event_wake+0x230/0x230 [ 822.135604][T14223] ? do_raw_spin_unlock+0x57/0x270 [ 822.141356][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 822.146834][T14223] ? _raw_spin_unlock+0x2d/0x50 [ 822.146855][T14223] try_charge+0x118d/0x1790 [ 822.146876][T14223] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 822.146898][T14223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.183702][T14223] ? kasan_check_read+0x11/0x20 [ 822.188558][T14223] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 822.194091][T14223] mem_cgroup_try_charge+0x24d/0x5e0 [ 822.199361][T14223] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 822.204977][T14223] wp_page_copy+0x408/0x1740 [ 822.209549][T14223] ? find_held_lock+0x35/0x130 [ 822.214299][T14223] ? pmd_pfn+0x1d0/0x1d0 [ 822.218538][T14223] ? lock_downgrade+0x880/0x880 [ 822.223369][T14223] ? swp_swapcount+0x540/0x540 [ 822.228117][T14223] ? kasan_check_read+0x11/0x20 [ 822.232977][T14223] ? do_raw_spin_unlock+0x57/0x270 [ 822.238070][T14223] do_wp_page+0x5d8/0x16c0 [ 822.242487][T14223] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 822.247876][T14223] __handle_mm_fault+0x22e8/0x3ec0 [ 822.252990][T14223] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 822.258517][T14223] ? find_held_lock+0x35/0x130 [ 822.263261][T14223] ? handle_mm_fault+0x322/0xb30 [ 822.268187][T14223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.274416][T14223] ? kasan_check_read+0x11/0x20 [ 822.279256][T14223] handle_mm_fault+0x43f/0xb30 [ 822.284011][T14223] __get_user_pages+0x7b6/0x1a40 [ 822.288945][T14223] ? follow_page_mask+0x19a0/0x19a0 [ 822.294133][T14223] ? perf_trace_lock+0xeb/0x510 [ 822.298978][T14223] ? __vma_adjust+0x1840/0x1840 [ 822.303821][T14223] ? lock_acquire+0x16f/0x3f0 [ 822.308480][T14223] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 822.314705][T14223] populate_vma_page_range+0x20d/0x2a0 [ 822.320157][T14223] __mm_populate+0x204/0x380 [ 822.324745][T14223] ? populate_vma_page_range+0x2a0/0x2a0 [ 822.330389][T14223] __x64_sys_mlockall+0x35c/0x520 [ 822.335400][T14223] do_syscall_64+0x103/0x610 [ 822.340074][T14223] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 822.345946][T14223] RIP: 0033:0x457e29 [ 822.349822][T14223] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 822.369413][T14223] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 822.377816][T14223] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 822.385787][T14223] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 822.393752][T14223] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 822.401744][T14223] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 822.409711][T14223] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 822.418124][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 822.423958][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 822.429810][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 822.435620][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 822.443689][T14223] memory: usage 307200kB, limit 307200kB, failcnt 15094 [ 822.452508][T14223] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 822.459987][T14223] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 822.471279][T14223] Memory cgroup stats for /syz3: cache:0KB rss:292184KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:225712KB active_anon:44408KB inactive_file:0KB active_file:0KB unevictable:22212KB [ 822.497846][T14223] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14218,uid=0 [ 822.517606][T14223] Memory cgroup out of memory: Killed process 14218 (syz-executor.3) total-vm:72580kB, anon-rss:11960kB, file-rss:53544kB, shmem-rss:0kB [ 822.539079][ T1042] oom_reaper: reaped process 14218 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:39:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="96c2"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000006080)=[{{0x0, 0x0, &(0x7f0000002040)=[{&(0x7f0000000f80)=""/90, 0x5a}], 0x1}}], 0x1, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:39:45 executing program 4: io_setup(0x0, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x0, 0x0, 0x0, 0xd44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x5]}) r0 = gettid() madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x2000000000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) stat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)) setresuid(0x0, 0x0, 0x0) sigaltstack(&(0x7f00002dc000/0x1000)=nil, 0x0) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) 03:39:45 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0xe0, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:45 executing program 5: shmget(0x2, 0x2000, 0x0, &(0x7f0000ffb000/0x2000)=nil) 03:39:45 executing program 2: openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) fchdir(0xffffffffffffffff) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) umount2(&(0x7f0000000280)='./file0\x00', 0x0) 03:39:45 executing program 3: mlockall(0x1) clone(0x8a0000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x9, 0x40400) prctl$PR_SVE_SET_VL(0x32, 0x16bae) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x43, 0x1, 0x2}, 0xffffffffffffffe2) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000180)={0x0, 0x0, 0x4, 0x0, [], [{0x6, 0x4, 0x9, 0x1ff, 0x9, 0x80000002}, {0x6, 0x800, 0x70522b5a, 0xa95, 0xfffffffffffffffb, 0xb3}], [[], [], [], []]}) 03:39:45 executing program 2: rt_sigprocmask(0x0, &(0x7f0000000240)={0xfffffffffffffffe}, 0x0, 0x8) r0 = gettid() timer_create(0x0, &(0x7f0000000100)={0x0, 0x7, 0x4, @tid=r0}, &(0x7f0000000140)) timer_settime(0x0, 0x5, &(0x7f0000000180)={{0x0, 0x1}, {0x0, 0x1c9c380}}, 0x0) rt_sigreturn() 03:39:45 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = shmget(0xffffffffffffffff, 0x1000, 0x78000000, &(0x7f0000ffe000/0x1000)=nil) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f00000002c0)={{{@in6, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@remote}}, &(0x7f00000000c0)=0xe8) getresgid(&(0x7f0000000140), &(0x7f0000000200), 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffff9c, 0x29, 0x22, &(0x7f00000003c0)={{{@in6=@ipv4={[], [], @initdev}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@dev}}, &(0x7f0000000500)=0xe8) getresgid(0x0, &(0x7f0000000580)=0x0, &(0x7f00000005c0)) r4 = getpid() shmctl$IPC_SET(r0, 0x1, &(0x7f0000000840)={{0x4, r1, 0x0, r2, r3, 0x8, 0x7}, 0x5, 0x0, 0x3, 0x0, r4, 0x0, 0xffffffffbc47051d}) syz_init_net_socket$netrom(0x6, 0x5, 0x0) openat$mixer(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) fchdir(r5) umount2(&(0x7f0000000280)='./file0\x00', 0x0) 03:39:45 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0xe000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 823.200850][T14250] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 823.291880][T14250] CPU: 0 PID: 14250 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 823.301033][T14250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 823.311098][T14250] Call Trace: [ 823.314397][T14250] dump_stack+0x172/0x1f0 [ 823.318744][T14250] dump_header+0x10f/0xba6 [ 823.323168][T14250] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 823.328978][T14250] ? ___ratelimit+0x60/0x595 [ 823.333580][T14250] ? do_raw_spin_unlock+0x57/0x270 [ 823.338711][T14250] oom_kill_process.cold+0x10/0x15 [ 823.343834][T14250] out_of_memory+0x79a/0x1280 [ 823.348523][T14250] ? lock_downgrade+0x880/0x880 [ 823.353372][T14250] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.359619][T14250] ? oom_killer_disable+0x280/0x280 [ 823.364837][T14250] ? find_held_lock+0x35/0x130 [ 823.369620][T14250] mem_cgroup_out_of_memory+0x1ca/0x230 [ 823.375188][T14250] ? memcg_event_wake+0x230/0x230 [ 823.380228][T14250] ? do_raw_spin_unlock+0x57/0x270 [ 823.385344][T14250] ? _raw_spin_unlock+0x2d/0x50 [ 823.390215][T14250] try_charge+0x118d/0x1790 [ 823.394735][T14250] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 823.400290][T14250] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.406537][T14250] ? kasan_check_read+0x11/0x20 [ 823.411395][T14250] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 823.416958][T14250] mem_cgroup_try_charge+0x24d/0x5e0 [ 823.422255][T14250] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 823.427895][T14250] __handle_mm_fault+0x1e1f/0x3ec0 [ 823.433017][T14250] ? vmf_insert_mixed_mkwrite+0x40/0x40 03:39:46 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0xff03, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:46 executing program 0: perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, &(0x7f0000000400)="b9800000c00f3235010000000f301c000f01cbb9800000c00f3235010000000f300f01c86736f36f0f01df0f2083ea0058000065000fc79b01000000", 0x3c}], 0x1, 0x0, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, 0x1, {0x7, 0x1c, 0x8, 0x20000, 0x80, 0x2, 0x5, 0x2}}, 0x50) ioctl$KDSKBLED(0xffffffffffffffff, 0x4b65, 0x0) socket$l2tp(0x18, 0x1, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 823.438565][T14250] ? find_held_lock+0x35/0x130 [ 823.443336][T14250] ? handle_mm_fault+0x322/0xb30 [ 823.448289][T14250] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.454628][T14250] ? kasan_check_read+0x11/0x20 [ 823.459500][T14250] handle_mm_fault+0x43f/0xb30 [ 823.464281][T14250] __get_user_pages+0x7b6/0x1a40 [ 823.469234][T14250] ? follow_page_mask+0x19a0/0x19a0 [ 823.474432][T14250] ? perf_trace_lock+0xeb/0x510 [ 823.474451][T14250] ? __vma_adjust+0x1840/0x1840 [ 823.474476][T14250] ? lock_acquire+0x16f/0x3f0 [ 823.474497][T14250] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 823.484164][T14250] populate_vma_page_range+0x20d/0x2a0 [ 823.484184][T14250] __mm_populate+0x204/0x380 [ 823.484203][T14250] ? populate_vma_page_range+0x2a0/0x2a0 [ 823.484231][T14250] __x64_sys_mlockall+0x35c/0x520 [ 823.515767][T14250] do_syscall_64+0x103/0x610 [ 823.520468][T14250] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 823.526376][T14250] RIP: 0033:0x457e29 03:39:46 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x34000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 823.530283][T14250] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 823.549895][T14250] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 823.558318][T14250] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 823.566300][T14250] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 823.574284][T14250] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 823.582262][T14250] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 823.590244][T14250] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff 03:39:46 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet_mreqsrc(r1, 0x0, 0x20, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(0x0, 0x3c) fcntl$setstatus(r1, 0x4, 0x42803) [ 823.731858][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 823.737755][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 823.933879][T14250] memory: usage 307200kB, limit 307200kB, failcnt 15126 [ 823.940961][T14250] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 823.978504][T14250] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 824.001907][T14250] Memory cgroup stats for /syz3: cache:0KB rss:292316KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237516KB active_anon:44440KB inactive_file:0KB active_file:0KB unevictable:10472KB 03:39:46 executing program 4: 03:39:46 executing program 5: recvmsg$kcm(0xffffffffffffffff, &(0x7f00000025c0)={0x0, 0x0, &(0x7f0000000bc0)=[{0x0}], 0x1}, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000480)='comm\x00') preadv(r0, &(0x7f00000017c0), 0xef, 0x0) 03:39:46 executing program 0: 03:39:46 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x40000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 824.049132][T14250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13559,uid=0 [ 824.113495][T14250] Memory cgroup out of memory: Killed process 13559 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB 03:39:47 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x3, 0x6033, 0xffffffffffffffff, 0x0) 03:39:47 executing program 0: 03:39:47 executing program 5: 03:39:47 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x400300, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:47 executing program 4: 03:39:47 executing program 2: 03:39:47 executing program 5: socketpair$unix(0x1, 0x8001000000005, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r1, 0x3) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) r3 = accept4(r1, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000340), 0x10000014c) sendto(r3, &(0x7f00000000c0)="5bda613838079cd915772a6818823c075c414a5c6fe7a4b2df80f73bcf5f45e09a8f48bb0198b3bd3fa8726a2dad17a1da1d90e13058e1c998a21c0baf269df32a8739eed82603f58a3428394756fd06a00657492cdfbc", 0x57, 0x44, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, &(0x7f0000000900)=0x87d, 0x4) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) recvmmsg(r3, &(0x7f0000004e00)=[{{&(0x7f0000001100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, 0x0, 0x0, &(0x7f0000001380)=""/245, 0xf5}}], 0x1, 0x2, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) write$cgroup_type(r5, &(0x7f00000002c0)='threaded\x00', 0x9) sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, 0x0, 0x8804) vmsplice(r4, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000440)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendmmsg(r3, &(0x7f0000000c00), 0x4000000000001e6, 0x0) write(r2, &(0x7f0000000040)="6a1a316416c5d20e77e9c8d096435ed0ecf8cec86fb54f847bfe31b520dbb99023c1b6a10f79a4daf7c0e5cc0be79e4d9573aebba239f3c79c123710", 0x3c) munmap(&(0x7f000005b000/0x3000)=nil, 0x3000) 03:39:47 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='memory.max\x00', 0x2, 0x0) write$UHID_INPUT2(0xffffffffffffffff, &(0x7f0000000500)=ANY=[], 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000081, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$unix(0x1, 0x0, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) add_key(&(0x7f0000000140)='logon\x00', &(0x7f00000001c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$link(0x8, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) fchdir(r3) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000005c0)={{{@in6=@mcast1, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in6=@local}}, 0x0) keyctl$get_persistent(0x16, r4, 0x0) lsetxattr$trusted_overlay_opaque(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x3) umount2(0x0, 0x0) write$FUSE_LSEEK(r2, 0x0, 0x0) io_setup(0xfffffffffffdfff3, &(0x7f0000000580)) accept4$packet(0xffffffffffffffff, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x0, 0x0) write$cgroup_int(r1, 0x0, 0x0) 03:39:47 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) io_setup(0x0, 0x0) r0 = openat(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', 0x0, 0x0) io_cancel(0x0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0, 0x2, r0}, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000a00)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000440)={[0x100000000, 0x7f, 0xc894, 0x5, 0xd44, 0x6, 0xa533, 0x9, 0x2, 0x3, 0xb57b, 0x9, 0x4, 0x0, 0x5, 0x2], 0xd000}) ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, &(0x7f0000000240)) mkdirat(r1, &(0x7f0000000040)='./file0\x00', 0x0) r2 = gettid() madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x2000000000000e) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'ip6gretap0\x00', 0x1}) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f0000000500)={{{@in=@empty, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}}}, &(0x7f0000000100)=0xe8) stat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r3, 0x0, r4) process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) 03:39:47 executing program 0: r0 = syz_open_dev$video(&(0x7f00000004c0)='/dev/video#\x00', 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, 0x0, 0x1, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, &(0x7f00000000c0)) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000040)={0x0, 0x7, 0x3ff, 0x0, 0x1, 0x0, 0x8000}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, 0x0) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000200)='/dev/video1\x00', 0x2, 0x0) mkdir(&(0x7f00000000c0)='./file0/file0\x00', 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bpf(0x20000000, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x2001002, 0x0) mount$bpf(0x0, &(0x7f0000000480)='./file0/file0\x00', 0x0, 0x80000, 0x0) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vsock\x00', 0x40802, 0x0) timerfd_gettime(r1, &(0x7f0000000240)) mount$bpf(0x20000000, &(0x7f0000000300)='./file0/file0\x00', 0x0, 0x5004, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0xffff, 0x244000) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000180)={0x3, 0x0, 0x1, 0xc9}) mount$bpf(0x20000000, &(0x7f00000004c0)='./file0/file0\x00', 0x0, 0x588e, 0x0) mount$bpf(0x0, &(0x7f0000000340)='./file0/file0\x00', &(0x7f0000000280)='bpf\x00', 0x0, 0x0) umount2(0x0, 0x0) 03:39:47 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x1000000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 825.181260][T14331] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 825.270480][T14331] CPU: 0 PID: 14331 Comm: syz-executor.4 Not tainted 5.0.0-rc6-next-20190215 #36 [ 825.279677][T14331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 825.289760][T14331] Call Trace: [ 825.293069][T14331] dump_stack+0x172/0x1f0 [ 825.297425][T14331] dump_header+0x10f/0xba6 [ 825.301862][T14331] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 825.307677][T14331] ? ___ratelimit+0x60/0x595 [ 825.312277][T14331] ? do_raw_spin_unlock+0x57/0x270 [ 825.317402][T14331] oom_kill_process.cold+0x10/0x15 [ 825.322530][T14331] out_of_memory+0x79a/0x1280 [ 825.327230][T14331] ? __sched_text_start+0x8/0x8 [ 825.332093][T14331] ? oom_killer_disable+0x280/0x280 [ 825.337297][T14331] ? cgroup_file_notify+0x140/0x1b0 [ 825.342528][T14331] mem_cgroup_out_of_memory+0x1ca/0x230 [ 825.348092][T14331] ? memcg_event_wake+0x230/0x230 [ 825.353133][T14331] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 825.358939][T14331] ? cgroup_file_notify+0x140/0x1b0 [ 825.364199][T14331] memory_max_write+0x22f/0x390 [ 825.369062][T14331] ? mem_cgroup_write+0x360/0x360 [ 825.374094][T14331] ? lock_acquire+0x16f/0x3f0 [ 825.378778][T14331] ? kernfs_fop_write+0x227/0x480 [ 825.383820][T14331] cgroup_file_write+0x245/0x7a0 [ 825.388767][T14331] ? mem_cgroup_write+0x360/0x360 [ 825.393798][T14331] ? kill_css+0x380/0x380 [ 825.398141][T14331] ? kill_css+0x380/0x380 [ 825.402489][T14331] kernfs_fop_write+0x2ba/0x480 [ 825.407350][T14331] __vfs_write+0x8d/0x110 [ 825.411687][T14331] ? kernfs_fop_open+0xd90/0xd90 [ 825.416634][T14331] vfs_write+0x20c/0x580 03:39:48 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x2000000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 825.420893][T14331] ksys_write+0xea/0x1f0 [ 825.425145][T14331] ? __ia32_sys_read+0xb0/0xb0 [ 825.429921][T14331] ? do_syscall_64+0x26/0x610 [ 825.434618][T14331] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 825.440699][T14331] ? do_syscall_64+0x26/0x610 [ 825.445392][T14331] __x64_sys_write+0x73/0xb0 [ 825.449990][T14331] do_syscall_64+0x103/0x610 [ 825.454610][T14331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 825.460511][T14331] RIP: 0033:0x457e29 [ 825.464414][T14331] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 825.484023][T14331] RSP: 002b:00007f9bfeb94c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 825.492441][T14331] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 825.500427][T14331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 825.508400][T14331] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 825.516358][T14331] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9bfeb956d4 [ 825.524312][T14331] R13: 00000000004c723b R14: 00000000004dcd30 R15: 00000000ffffffff [ 825.672056][T14331] memory: usage 70788kB, limit 0kB, failcnt 8 [ 825.678401][T14331] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 825.714489][T14331] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 825.744800][T14331] Memory cgroup stats for /syz4: cache:52KB rss:56896KB rss_huge:53248KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:57016KB inactive_file:0KB active_file:8KB unevictable:16KB [ 825.771625][T14331] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=4149,uid=0 [ 825.792248][T14331] Memory cgroup out of memory: Killed process 4149 (syz-executor.4) total-vm:73108kB, anon-rss:16580kB, file-rss:35796kB, shmem-rss:0kB [ 825.845870][T14331] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 825.862366][T14331] CPU: 1 PID: 14331 Comm: syz-executor.4 Not tainted 5.0.0-rc6-next-20190215 #36 [ 825.871527][T14331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 825.881593][T14331] Call Trace: [ 825.884896][T14331] dump_stack+0x172/0x1f0 [ 825.889242][T14331] dump_header+0x10f/0xba6 [ 825.893681][T14331] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 825.899500][T14331] ? ___ratelimit+0x60/0x595 [ 825.904095][T14331] ? do_raw_spin_unlock+0x57/0x270 [ 825.904118][T14331] oom_kill_process.cold+0x10/0x15 [ 825.904135][T14331] out_of_memory+0x79a/0x1280 [ 825.904159][T14331] ? __sched_text_start+0x8/0x8 [ 825.904175][T14331] ? oom_killer_disable+0x280/0x280 [ 825.904195][T14331] ? cgroup_file_notify+0x140/0x1b0 [ 825.914391][T14331] mem_cgroup_out_of_memory+0x1ca/0x230 [ 825.914408][T14331] ? memcg_event_wake+0x230/0x230 [ 825.944984][T14331] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 825.950799][T14331] ? cgroup_file_notify+0x140/0x1b0 [ 825.956000][T14331] memory_max_write+0x22f/0x390 [ 825.960861][T14331] ? mem_cgroup_write+0x360/0x360 [ 825.965898][T14331] ? lock_acquire+0x16f/0x3f0 [ 825.970585][T14331] ? kernfs_fop_write+0x227/0x480 [ 825.975623][T14331] cgroup_file_write+0x245/0x7a0 [ 825.980571][T14331] ? mem_cgroup_write+0x360/0x360 [ 825.985614][T14331] ? kill_css+0x380/0x380 [ 825.989947][T14331] ? kill_css+0x380/0x380 [ 825.994279][T14331] kernfs_fop_write+0x2ba/0x480 [ 825.999147][T14331] __vfs_write+0x8d/0x110 [ 826.003484][T14331] ? kernfs_fop_open+0xd90/0xd90 [ 826.008430][T14331] vfs_write+0x20c/0x580 [ 826.012698][T14331] ksys_write+0xea/0x1f0 [ 826.016952][T14331] ? __ia32_sys_read+0xb0/0xb0 [ 826.021721][T14331] ? do_syscall_64+0x26/0x610 [ 826.026411][T14331] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 826.032498][T14331] ? do_syscall_64+0x26/0x610 [ 826.037281][T14331] __x64_sys_write+0x73/0xb0 [ 826.041886][T14331] do_syscall_64+0x103/0x610 [ 826.046476][T14331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 826.052362][T14331] RIP: 0033:0x457e29 [ 826.056246][T14331] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 826.075837][T14331] RSP: 002b:00007f9bfeb94c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 826.084235][T14331] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 826.092211][T14331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 826.100171][T14331] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 826.108129][T14331] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9bfeb956d4 [ 826.116077][T14331] R13: 00000000004c723b R14: 00000000004dcd30 R15: 00000000ffffffff [ 826.126951][T14331] memory: usage 54044kB, limit 0kB, failcnt 8 [ 826.135042][T14331] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 826.142623][T14331] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 826.149480][T14331] Memory cgroup stats for /syz4: cache:52KB rss:40512KB rss_huge:36864KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:40468KB inactive_file:0KB active_file:0KB unevictable:16KB [ 826.170971][T14331] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=3711,uid=0 [ 826.187104][T14331] Memory cgroup out of memory: Killed process 3711 (syz-executor.4) total-vm:72712kB, anon-rss:4268kB, file-rss:35808kB, shmem-rss:0kB [ 826.203465][ T1042] oom_reaper: reaped process 3711 (syz-executor.4), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 826.215576][T14313] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 826.225546][T14313] CPU: 0 PID: 14313 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 826.234642][T14313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 826.244772][T14313] Call Trace: [ 826.248062][T14313] dump_stack+0x172/0x1f0 [ 826.252384][T14313] dump_header+0x10f/0xba6 [ 826.256794][T14313] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 826.262676][T14313] ? ___ratelimit+0x60/0x595 [ 826.267250][T14313] ? do_raw_spin_unlock+0x57/0x270 [ 826.272348][T14313] oom_kill_process.cold+0x10/0x15 [ 826.277448][T14313] out_of_memory+0x79a/0x1280 [ 826.282162][T14313] ? oom_killer_disable+0x280/0x280 [ 826.287344][T14313] ? find_held_lock+0x35/0x130 [ 826.292101][T14313] mem_cgroup_out_of_memory+0x1ca/0x230 [ 826.297644][T14313] ? memcg_event_wake+0x230/0x230 [ 826.302673][T14313] ? do_raw_spin_unlock+0x57/0x270 [ 826.307772][T14313] ? _raw_spin_unlock+0x2d/0x50 [ 826.312619][T14313] try_charge+0x118d/0x1790 [ 826.317111][T14313] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 826.322646][T14313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 826.328871][T14313] ? kasan_check_read+0x11/0x20 [ 826.333723][T14313] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 826.339251][T14313] mem_cgroup_try_charge+0x24d/0x5e0 [ 826.344527][T14313] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 826.350144][T14313] wp_page_copy+0x408/0x1740 [ 826.354728][T14313] ? find_held_lock+0x35/0x130 [ 826.359478][T14313] ? pmd_pfn+0x1d0/0x1d0 [ 826.363704][T14313] ? lock_downgrade+0x880/0x880 [ 826.368534][T14313] ? swp_swapcount+0x540/0x540 [ 826.373282][T14313] ? kasan_check_read+0x11/0x20 [ 826.378119][T14313] ? do_raw_spin_unlock+0x57/0x270 [ 826.383211][T14313] do_wp_page+0x5d8/0x16c0 [ 826.387613][T14313] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 826.392980][T14313] __handle_mm_fault+0x22e8/0x3ec0 [ 826.398087][T14313] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 826.403633][T14313] ? find_held_lock+0x35/0x130 [ 826.408379][T14313] ? handle_mm_fault+0x322/0xb30 [ 826.413311][T14313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 826.419554][T14313] ? kasan_check_read+0x11/0x20 [ 826.424394][T14313] handle_mm_fault+0x43f/0xb30 [ 826.429257][T14313] __get_user_pages+0x7b6/0x1a40 [ 826.434182][T14313] ? follow_page_mask+0x19a0/0x19a0 [ 826.439370][T14313] ? perf_trace_lock+0xeb/0x510 [ 826.444226][T14313] ? __vma_adjust+0x1840/0x1840 [ 826.449063][T14313] ? lock_acquire+0x16f/0x3f0 [ 826.453721][T14313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 826.459946][T14313] populate_vma_page_range+0x20d/0x2a0 [ 826.465485][T14313] __mm_populate+0x204/0x380 [ 826.470066][T14313] ? populate_vma_page_range+0x2a0/0x2a0 [ 826.475686][T14313] __x64_sys_mlockall+0x35c/0x520 [ 826.480783][T14313] do_syscall_64+0x103/0x610 [ 826.485361][T14313] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 826.491230][T14313] RIP: 0033:0x457e29 [ 826.495112][T14313] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 826.514786][T14313] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 826.523178][T14313] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 826.531129][T14313] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 826.539079][T14313] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 826.547030][T14313] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 826.554984][T14313] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 826.567245][T14313] memory: usage 307084kB, limit 307200kB, failcnt 15174 [ 826.579223][T14313] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 826.586770][T14313] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 826.593642][T14313] Memory cgroup stats for /syz3: cache:0KB rss:292172KB rss_huge:151552KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:221532KB active_anon:44400KB inactive_file:0KB active_file:0KB unevictable:26312KB [ 826.615861][T14313] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14310,uid=0 [ 826.631276][T14313] Memory cgroup out of memory: Killed process 14310 (syz-executor.3) total-vm:72580kB, anon-rss:18076kB, file-rss:53540kB, shmem-rss:0kB [ 826.645734][ T1042] oom_reaper: reaped process 14310 (syz-executor.3), now anon-rss:18096kB, file-rss:54308kB, shmem-rss:0kB [ 826.647668][T14320] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 826.667563][T14320] CPU: 0 PID: 14320 Comm: syz-executor.4 Not tainted 5.0.0-rc6-next-20190215 #36 [ 826.676670][T14320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 826.686718][T14320] Call Trace: [ 826.690097][T14320] dump_stack+0x172/0x1f0 [ 826.694440][T14320] dump_header+0x10f/0xba6 [ 826.698863][T14320] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 826.704677][T14320] ? ___ratelimit+0x60/0x595 [ 826.709270][T14320] ? do_raw_spin_unlock+0x57/0x270 [ 826.714393][T14320] oom_kill_process.cold+0x10/0x15 [ 826.719515][T14320] out_of_memory+0x79a/0x1280 [ 826.724201][T14320] ? oom_killer_disable+0x280/0x280 [ 826.729405][T14320] ? find_held_lock+0x35/0x130 [ 826.734191][T14320] mem_cgroup_out_of_memory+0x1ca/0x230 [ 826.739739][T14320] ? memcg_event_wake+0x230/0x230 [ 826.744775][T14320] ? do_raw_spin_unlock+0x57/0x270 [ 826.749890][T14320] ? _raw_spin_unlock+0x2d/0x50 [ 826.754747][T14320] try_charge+0x118d/0x1790 [ 826.759263][T14320] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 826.764820][T14320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 826.771077][T14320] ? kasan_check_read+0x11/0x20 [ 826.775938][T14320] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 826.781518][T14320] mem_cgroup_try_charge+0x24d/0x5e0 [ 826.786816][T14320] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 826.792458][T14320] __handle_mm_fault+0x1e1f/0x3ec0 03:39:49 executing program 3: mlockall(0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) r0 = openat$vfio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vfio/vfio\x00', 0x20000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x87881) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, r0, 0x10) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x440000, 0x0) ioctl$SCSI_IOCTL_DOORUNLOCK(r1, 0x5381) 03:39:49 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0xe0000000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 03:39:49 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xa, 0x82, 0xb, 0x200000080}, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xa}, 0x1f3) perf_event_open(&(0x7f0000000c00)={0x0, 0x70, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x6, 0x81, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x7d5, 0x0, 0x0, 0x9, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x101, 0x0, 0x1, 0x9, 0x100000000, 0x400}, 0x0, 0x3, 0xffffffffffffffff, 0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000d00)='cpuacct.stat\x00', 0x0, 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f0000000d40)) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x4, 0x0, 0x8, 0x0, 0x0, 0xc9, 0x10, 0x0, 0x56, 0x7, 0x0, 0xffffffffffffffff, 0xb89, 0x4, 0x0, 0x1ff, 0x0, 0x2, 0x0, 0x1, 0x8, 0x8, 0x8, 0x2, 0x6, 0x7, 0x0, 0x0, 0x3, 0x1, 0x2, 0x3f, 0x6, 0x1, 0xbe, 0x5, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x4}, 0xa0, 0x0, 0x7, 0x6, 0x3f, 0x8, 0x6}, 0x0, 0x0, r1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r0, &(0x7f0000000300), 0x0}, 0x20) bind$rds(r1, &(0x7f0000000100)={0x2, 0x4e21, @empty}, 0x10) r2 = gettid() bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r0, &(0x7f0000000400)="a4d77e2770e6dab6fdf289266b3f4cda0548c28455d82ec8a43e883b6618acd3b25f0fbf56e2a8769c49345b7ec8a066385f34ab748f19dce8292eb97ce4486073a1e195f56ba700ff15bf6f4bd4bf123052d750a025dadce0d9cc73028e50caa79268511c0be3d5747bf63ff0777031548c0ce65b6860e295655f1bb6ae77342a0b", 0x0}, 0x18) perf_event_open(&(0x7f0000000b40)={0x0, 0x70, 0x8, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffff80, 0xf0, 0x8001, 0x9, 0x83, 0xf0f6, 0x0, 0x6, 0x0, 0x1ff, 0x100, 0x0, 0xa3af, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x9, 0x1, 0x0, 0x0, 0x1, 0xe8, 0x0, 0x0, 0x200, 0x0, @perf_bp={0x0, 0x8}, 0x200, 0x4, 0x0, 0x6}, r2, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000000), 0x0}, 0x18) 03:39:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup2(r0, r0) setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000240)={@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1d}}, {&(0x7f0000000140)=""/176, 0xb0}, &(0x7f0000000200), 0x10}, 0xa0) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0af51f023c123f3188a070") r2 = syz_open_procfs(0x0, &(0x7f0000000380)='net/snmp\x00') perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet(r1, &(0x7f0000000580)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10) lseek(r2, 0x0, 0x1) r3 = socket(0x40000000014, 0xffffffffffffffff, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_GET(r2, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020000003788e50676295d5303af178e10707e0a2a2e7929bacc57f3a0750bad79fa", @ANYRES16=r4, @ANYBLOB="200b28bd7000fddbdf25040000002c0009000800010001000000080002000000000008000200020000000800020000800000080002000010000034000900080002000300000008000200ff0f0000080002000000000008000200c50200000800010001000100080001000700000034000900080001000100010008000100de0d00000800020000000000080001000700000008000200ff0300000800010001000000c800040014000700080004000600000008000300040000001400010062726f6164636173742d6c696e6b0000240007000800030003000000080002000100000008000200150d00000800010011000000540007000800020008000000080001001f0000000800020008000000080003000600000008000200bb000000080003000300000008000200010001000800010001000000080004000100000008000100020000000c00070008000200ff0000000c00010073797a31000000000c00010073797a3100000000100006000400020004000200040002002000060004000200040002000800010002000000080001000300000004000200"], 0x1a0}, 0x1, 0x0, 0x0, 0x20040000}, 0x20000000) bind$inet(r3, &(0x7f00000a9000)={0x2, 0x0, @loopback}, 0x10) getsockopt(r3, 0x114, 0x8, &(0x7f0000af0fe7)=""/13, &(0x7f0000000000)=0xd) ioctl$KVM_ASSIGN_PCI_DEVICE(r2, 0x8040ae69, &(0x7f0000000340)={0x7fffffff, 0x9, 0x4, 0x1, 0x20}) ioctl$EVIOCGPHYS(r2, 0x80404507, &(0x7f00000003c0)=""/56) [ 826.797582][T14320] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 826.803128][T14320] ? find_held_lock+0x35/0x130 [ 826.807904][T14320] ? handle_mm_fault+0x322/0xb30 [ 826.812864][T14320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 826.819117][T14320] ? kasan_check_read+0x11/0x20 [ 826.823981][T14320] handle_mm_fault+0x43f/0xb30 [ 826.828762][T14320] __do_page_fault+0x5ef/0xda0 [ 826.833548][T14320] do_page_fault+0x71/0x581 [ 826.838061][T14320] ? page_fault+0x8/0x30 [ 826.842318][T14320] page_fault+0x1e/0x30 03:39:49 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0xeffdffff, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 826.846478][T14320] RIP: 0033:0x40f98f [ 826.850885][T14320] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 826.870499][T14320] RSP: 002b:00007ffc9cc8af90 EFLAGS: 00010206 [ 826.876580][T14320] RAX: 00007f9bfeb54000 RBX: 0000000000020000 RCX: 0000000000457e7a [ 826.884580][T14320] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 826.892551][T14320] RBP: 00007ffc9cc8b070 R08: ffffffffffffffff R09: 0000000000000000 03:39:49 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$netlink(0x10, 0x3, 0x4) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080), 0x4) write(r1, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 826.892562][T14320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc9cc8b150 [ 826.892570][T14320] R13: 00007f9bfeb74700 R14: 0000000000000003 R15: 000000000073c04c [ 826.920672][T14320] memory: usage 49556kB, limit 0kB, failcnt 17 [ 826.935384][T14320] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 826.968764][T14320] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 826.980733][T14320] Memory cgroup stats for /syz4: cache:52KB rss:36336KB rss_huge:32768KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:36240KB inactive_file:0KB active_file:0KB unevictable:16KB [ 827.023636][T14320] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8054,uid=0 [ 827.072572][T14320] Memory cgroup out of memory: Killed process 8054 (syz-executor.4) total-vm:72712kB, anon-rss:5104kB, file-rss:34816kB, shmem-rss:0kB [ 827.106788][ T1042] oom_reaper: reaped process 8054 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 827.160473][T14331] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 827.171007][T14331] CPU: 1 PID: 14331 Comm: syz-executor.4 Not tainted 5.0.0-rc6-next-20190215 #36 [ 827.180116][T14331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 827.190154][T14331] Call Trace: [ 827.193443][T14331] dump_stack+0x172/0x1f0 [ 827.197771][T14331] dump_header+0x10f/0xba6 [ 827.202173][T14331] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 827.207962][T14331] ? ___ratelimit+0x60/0x595 [ 827.212539][T14331] ? do_raw_spin_unlock+0x57/0x270 [ 827.217647][T14331] oom_kill_process.cold+0x10/0x15 [ 827.222740][T14331] out_of_memory+0x79a/0x1280 [ 827.227437][T14331] ? oom_killer_disable+0x280/0x280 [ 827.232637][T14331] ? cgroup_file_notify+0x140/0x1b0 [ 827.237840][T14331] mem_cgroup_out_of_memory+0x1ca/0x230 [ 827.243367][T14331] ? memcg_event_wake+0x230/0x230 [ 827.248380][T14331] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 827.254186][T14331] ? cgroup_file_notify+0x140/0x1b0 [ 827.259373][T14331] memory_max_write+0x22f/0x390 [ 827.264213][T14331] ? mem_cgroup_write+0x360/0x360 [ 827.269218][T14331] ? lock_acquire+0x16f/0x3f0 [ 827.273896][T14331] ? kernfs_fop_write+0x227/0x480 [ 827.278936][T14331] cgroup_file_write+0x245/0x7a0 [ 827.284010][T14331] ? mem_cgroup_write+0x360/0x360 [ 827.289023][T14331] ? kill_css+0x380/0x380 [ 827.293361][T14331] ? kill_css+0x380/0x380 [ 827.297687][T14331] kernfs_fop_write+0x2ba/0x480 [ 827.302563][T14331] __vfs_write+0x8d/0x110 [ 827.306874][T14331] ? kernfs_fop_open+0xd90/0xd90 [ 827.311809][T14331] vfs_write+0x20c/0x580 [ 827.316047][T14331] ksys_write+0xea/0x1f0 [ 827.320273][T14331] ? __ia32_sys_read+0xb0/0xb0 [ 827.325027][T14331] ? do_syscall_64+0x26/0x610 [ 827.329687][T14331] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 827.335825][T14331] ? do_syscall_64+0x26/0x610 [ 827.340492][T14331] __x64_sys_write+0x73/0xb0 [ 827.345068][T14331] do_syscall_64+0x103/0x610 [ 827.349648][T14331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 827.355523][T14331] RIP: 0033:0x457e29 [ 827.359529][T14331] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 827.379120][T14331] RSP: 002b:00007f9bfeb94c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 827.387530][T14331] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 827.395490][T14331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 827.403448][T14331] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 827.411436][T14331] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9bfeb956d4 [ 827.419396][T14331] R13: 00000000004c723b R14: 00000000004dcd30 R15: 00000000ffffffff [ 827.429545][T14331] memory: usage 45184kB, limit 0kB, failcnt 101 [ 827.437998][T14331] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 827.445595][T14331] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 827.452823][T14331] Memory cgroup stats for /syz4: cache:52KB rss:32104KB rss_huge:28672KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:32036KB inactive_file:0KB active_file:0KB unevictable:16KB [ 827.474355][T14331] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9123,uid=0 [ 827.490092][T14331] Memory cgroup out of memory: Killed process 9123 (syz-executor.4) total-vm:72844kB, anon-rss:2220kB, file-rss:35832kB, shmem-rss:0kB [ 827.506032][ T1042] oom_reaper: reaped process 9123 (syz-executor.4), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 827.512245][T14331] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 827.528512][T14331] CPU: 1 PID: 14331 Comm: syz-executor.4 Not tainted 5.0.0-rc6-next-20190215 #36 [ 827.537624][T14331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 827.547678][T14331] Call Trace: [ 827.550965][T14331] dump_stack+0x172/0x1f0 [ 827.555283][T14331] dump_header+0x10f/0xba6 [ 827.559688][T14331] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 827.565485][T14331] ? ___ratelimit+0x60/0x595 [ 827.570066][T14331] ? do_raw_spin_unlock+0x57/0x270 [ 827.575256][T14331] oom_kill_process.cold+0x10/0x15 [ 827.580354][T14331] out_of_memory+0x79a/0x1280 [ 827.585031][T14331] ? __sched_text_start+0x8/0x8 [ 827.589875][T14331] ? oom_killer_disable+0x280/0x280 [ 827.595079][T14331] ? cgroup_file_notify+0x140/0x1b0 [ 827.600264][T14331] mem_cgroup_out_of_memory+0x1ca/0x230 [ 827.605798][T14331] ? memcg_event_wake+0x230/0x230 [ 827.610821][T14331] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 827.616610][T14331] ? cgroup_file_notify+0x140/0x1b0 [ 827.621804][T14331] memory_max_write+0x22f/0x390 [ 827.626649][T14331] ? mem_cgroup_write+0x360/0x360 [ 827.631652][T14331] ? lock_acquire+0x16f/0x3f0 [ 827.636316][T14331] ? kernfs_fop_write+0x227/0x480 [ 827.641330][T14331] cgroup_file_write+0x245/0x7a0 [ 827.646264][T14331] ? mem_cgroup_write+0x360/0x360 [ 827.651296][T14331] ? kill_css+0x380/0x380 [ 827.655617][T14331] ? kill_css+0x380/0x380 [ 827.659926][T14331] kernfs_fop_write+0x2ba/0x480 [ 827.664775][T14331] __vfs_write+0x8d/0x110 [ 827.669096][T14331] ? kernfs_fop_open+0xd90/0xd90 [ 827.674138][T14331] vfs_write+0x20c/0x580 [ 827.678363][T14331] ksys_write+0xea/0x1f0 [ 827.682604][T14331] ? __ia32_sys_read+0xb0/0xb0 [ 827.687363][T14331] ? do_syscall_64+0x26/0x610 [ 827.692032][T14331] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 827.698089][T14331] ? do_syscall_64+0x26/0x610 [ 827.702856][T14331] __x64_sys_write+0x73/0xb0 [ 827.707441][T14331] do_syscall_64+0x103/0x610 [ 827.712029][T14331] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 827.717909][T14331] RIP: 0033:0x457e29 [ 827.721794][T14331] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 827.741489][T14331] RSP: 002b:00007f9bfeb94c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 827.749879][T14331] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 827.757832][T14331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 827.765884][T14331] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 827.773860][T14331] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9bfeb956d4 [ 827.781820][T14331] R13: 00000000004c723b R14: 00000000004dcd30 R15: 00000000ffffffff [ 827.790303][T14331] memory: usage 42808kB, limit 0kB, failcnt 101 [ 827.797554][T14331] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 827.805364][T14331] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 827.812453][T14331] Memory cgroup stats for /syz4: cache:52KB rss:29920KB rss_huge:26624KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:29840KB inactive_file:0KB active_file:0KB unevictable:4KB [ 827.834048][T14331] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=2994,uid=0 [ 827.849450][T14331] Memory cgroup out of memory: Killed process 2994 (syz-executor.4) total-vm:72448kB, anon-rss:2204kB, file-rss:35832kB, shmem-rss:0kB [ 827.868127][ T1042] oom_reaper: reaped process 2994 (syz-executor.4), now anon-rss:0kB, file-rss:34872kB, shmem-rss:0kB [ 827.879828][T14360] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 827.891887][ C0] net_ratelimit: 16 callbacks suppressed [ 827.891895][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 827.892484][T14360] CPU: 1 PID: 14360 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 827.897950][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 827.903546][T14360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 827.903553][T14360] Call Trace: [ 827.903577][T14360] dump_stack+0x172/0x1f0 [ 827.903602][T14360] dump_header+0x10f/0xba6 [ 827.940414][T14360] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 827.946224][T14360] ? ___ratelimit+0x60/0x595 [ 827.950806][T14360] ? do_raw_spin_unlock+0x57/0x270 [ 827.955929][T14360] oom_kill_process.cold+0x10/0x15 [ 827.961037][T14360] out_of_memory+0x79a/0x1280 [ 827.965701][T14360] ? oom_killer_disable+0x280/0x280 [ 827.970887][T14360] ? find_held_lock+0x35/0x130 [ 827.975672][T14360] mem_cgroup_out_of_memory+0x1ca/0x230 [ 827.981214][T14360] ? memcg_event_wake+0x230/0x230 [ 827.986230][T14360] ? do_raw_spin_unlock+0x57/0x270 [ 827.991348][T14360] ? _raw_spin_unlock+0x2d/0x50 [ 827.996204][T14360] try_charge+0x118d/0x1790 [ 828.000708][T14360] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 828.006234][T14360] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 828.012344][T14360] ? find_held_lock+0x35/0x130 [ 828.017112][T14360] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 828.022678][T14360] __memcg_kmem_charge_memcg+0x7c/0x130 [ 828.028219][T14360] ? memcg_kmem_put_cache+0xb0/0xb0 [ 828.033418][T14360] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 828.038960][T14360] __memcg_kmem_charge+0x136/0x300 [ 828.044061][T14360] __alloc_pages_nodemask+0x437/0x7e0 [ 828.049444][T14360] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 828.055160][T14360] ? save_stack+0x45/0xd0 [ 828.059491][T14360] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 828.065297][T14360] ? __lock_acquire+0x55d/0x4710 [ 828.070219][T14360] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 828.076471][T14360] alloc_pages_current+0x107/0x210 [ 828.081582][T14360] pte_alloc_one+0x1b/0x1a0 [ 828.086078][T14360] __pte_alloc+0x20/0x310 [ 828.090408][T14360] copy_page_range+0x1529/0x1f90 [ 828.095354][T14360] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 828.101068][T14360] ? pmd_alloc+0x180/0x180 [ 828.105485][T14360] ? validate_mm_rb+0xa3/0xc0 [ 828.110170][T14360] ? __vma_link_rb+0x279/0x370 [ 828.114949][T14360] copy_process.part.0+0x5acb/0x79e0 [ 828.120285][T14360] ? __cleanup_sighand+0x60/0x60 [ 828.125252][T14360] _do_fork+0x257/0xfd0 [ 828.129414][T14360] ? fork_idle+0x1d0/0x1d0 [ 828.133847][T14360] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 828.139316][T14360] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 828.144780][T14360] ? do_syscall_64+0x26/0x610 [ 828.149470][T14360] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 828.155576][T14360] ? do_syscall_64+0x26/0x610 03:39:50 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = memfd_create(&(0x7f00000000c0)='\x00', 0x0) write(r0, &(0x7f0000000100)=';', 0x1) socketpair$unix(0x1, 0x7, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000007, 0x11, r0, 0x0) mount(0x0, &(0x7f0000000a80)='./file0\x00', &(0x7f0000000a40)='ramfs\x00', 0x0, &(0x7f0000000b80)) 03:39:50 executing program 5: perf_event_open(&(0x7f0000000040)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9af, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x20000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @ipv4={[], [], @rand_addr=0xf8}, 0x8}, 0x1c) r1 = socket$inet(0x2, 0x80f, 0x404) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e23, @empty}, 0x10) sendmmsg(r0, &(0x7f0000007e00), 0x400000000000058, 0x0) 03:39:50 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0xff030000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:50 executing program 2: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, 0x0}, 0x20) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000300)='gre0\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x89f3, &(0x7f0000000300)='gre0\x00') fcntl$getownex(r1, 0x10, &(0x7f00000000c0)={0x0, 0x0}) perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0xfff, 0x48080000, 0x6, 0x8, 0x0, 0x2, 0x1, 0x0, 0x3b93, 0x0, 0x7, 0x7, 0x7fff, 0x7, 0x7, 0x5, 0x1, 0x4, 0x1d49, 0x7fff, 0x6, 0x2, 0x7ff, 0x5, 0x3f, 0x2, 0x0, 0x9, 0x2, 0xff, 0xfff, 0x81, 0x6, 0xcaf, 0x100000001, 0x100000000, 0x0, 0x8, 0x4, @perf_bp={&(0x7f0000000000), 0x4}, 0x500, 0x1, 0x8, 0x7, 0x9, 0x80, 0xffffffff}, r3, 0x5, r0, 0x8) 03:39:50 executing program 0: r0 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x2, 0x2) connect$netlink(r0, &(0x7f0000000140)=@unspec, 0xc) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0) rmdir(&(0x7f0000000000)='./file0/bus\x00') [ 828.160287][T14360] __x64_sys_clone+0xbf/0x150 [ 828.165081][T14360] do_syscall_64+0x103/0x610 [ 828.169687][T14360] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 828.175607][T14360] RIP: 0033:0x457e29 [ 828.179509][T14360] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 828.199114][T14360] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 828.207530][T14360] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457e29 [ 828.215510][T14360] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 828.223492][T14360] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 828.231560][T14360] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 828.239552][T14360] R13: 00000000004be1da R14: 00000000004ce840 R15: 00000000ffffffff [ 828.260385][T14360] memory: usage 307064kB, limit 307200kB, failcnt 15195 [ 828.267602][T14360] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 828.275725][T14360] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 828.283004][T14360] Memory cgroup stats for /syz3: cache:0KB rss:292172KB rss_huge:151552KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:237524KB active_anon:44484KB inactive_file:0KB active_file:0KB unevictable:10240KB [ 828.332048][T14360] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13666,uid=0 [ 828.354780][T14360] Memory cgroup out of memory: Killed process 13666 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34944kB, shmem-rss:0kB [ 828.405628][ T7613] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 828.429270][ T7613] CPU: 1 PID: 7613 Comm: syz-executor.4 Not tainted 5.0.0-rc6-next-20190215 #36 [ 828.438336][ T7613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 828.448402][ T7613] Call Trace: [ 828.451713][ T7613] dump_stack+0x172/0x1f0 [ 828.456053][ T7613] dump_header+0x10f/0xba6 [ 828.460480][ T7613] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 828.460642][ T1042] oom_reaper: reaped process 13666 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 828.466280][ T7613] ? ___ratelimit+0x60/0x595 [ 828.466297][ T7613] ? do_raw_spin_unlock+0x57/0x270 [ 828.466317][ T7613] oom_kill_process.cold+0x10/0x15 [ 828.466332][ T7613] out_of_memory+0x79a/0x1280 [ 828.466348][ T7613] ? lock_downgrade+0x880/0x880 [ 828.466363][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 828.466378][ T7613] ? oom_killer_disable+0x280/0x280 [ 828.466389][ T7613] ? find_held_lock+0x35/0x130 [ 828.466414][ T7613] mem_cgroup_out_of_memory+0x1ca/0x230 [ 828.466431][ T7613] ? memcg_event_wake+0x230/0x230 [ 828.528408][ T7613] ? do_raw_spin_unlock+0x57/0x270 [ 828.533528][ T7613] ? _raw_spin_unlock+0x2d/0x50 [ 828.538385][ T7613] try_charge+0x118d/0x1790 [ 828.542901][ T7613] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 828.548448][ T7613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 828.553998][ T7613] ? find_held_lock+0x35/0x130 [ 828.558770][ T7613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 828.564327][ T7613] __memcg_kmem_charge_memcg+0x7c/0x130 [ 828.569856][ T7613] ? memcg_kmem_put_cache+0xb0/0xb0 [ 828.575078][ T7613] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 828.580629][ T7613] __memcg_kmem_charge+0x136/0x300 [ 828.585745][ T7613] __alloc_pages_nodemask+0x437/0x7e0 [ 828.591125][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 828.597379][ T7613] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 828.603109][ T7613] ? copy_process.part.0+0x1d35/0x79e0 [ 828.608578][ T7613] ? lockdep_hardirqs_on+0x418/0x5d0 [ 828.611863][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 828.613867][ T7613] ? trace_hardirqs_on+0x67/0x230 [ 828.619616][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 828.624568][ T7613] ? kasan_check_read+0x11/0x20 [ 828.624591][ T7613] copy_process.part.0+0x3e0/0x79e0 [ 828.624606][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 828.624621][ T7613] ? debug_smp_processor_id+0x3c/0x280 [ 828.624640][ T7613] ? perf_trace_lock+0xeb/0x510 [ 828.630440][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 828.635267][ T7613] ? mark_held_locks+0xf0/0xf0 [ 828.635280][ T7613] ? debug_smp_processor_id+0x3c/0x280 [ 828.635295][ T7613] ? zap_class+0x460/0x460 [ 828.635316][ T7613] ? __might_fault+0x12b/0x1e0 [ 828.640517][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 828.646709][ T7613] ? __cleanup_sighand+0x60/0x60 [ 828.646730][ T7613] ? lock_downgrade+0x880/0x880 [ 828.697640][ T7613] _do_fork+0x257/0xfd0 [ 828.701818][ T7613] ? fork_idle+0x1d0/0x1d0 [ 828.706262][ T7613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 828.711728][ T7613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 828.717205][ T7613] ? do_syscall_64+0x26/0x610 [ 828.721894][ T7613] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 828.727982][ T7613] ? do_syscall_64+0x26/0x610 [ 828.732676][ T7613] __x64_sys_clone+0xbf/0x150 [ 828.737363][ T7613] do_syscall_64+0x103/0x610 [ 828.741962][ T7613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 828.747858][ T7613] RIP: 0033:0x4563fa [ 828.751757][ T7613] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 828.771373][ T7613] RSP: 002b:00007ffc9cc8b1d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 828.783240][ T7613] RAX: ffffffffffffffda RBX: 00007ffc9cc8b1d0 RCX: 00000000004563fa [ 828.791224][ T7613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 828.799184][ T7613] RBP: 00007ffc9cc8b210 R08: 0000000000000001 R09: 0000000001da6940 03:39:51 executing program 3: mlockall(0x1) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp6\x00') getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffff9c, 0x84, 0x11, &(0x7f0000000040)={0x0, 0x80}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={r1, 0x8}, &(0x7f0000000100)=0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) prctl$PR_GET_NO_NEW_PRIVS(0x27) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) setsockopt$nfc_llcp_NFC_LLCP_RW(r0, 0x118, 0x0, &(0x7f0000000180)=0x5, 0x4) 03:39:51 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @mcast1}}}, 0x48) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000080)={0x3, 0x40, 0xfa00, {{0xa, 0x4e22, 0x2, @mcast2, 0x1000}, {0xa, 0x4e20, 0x6, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x5}, 0xffffffffffffffff, 0x4}}, 0x48) 03:39:51 executing program 0: syz_emit_ethernet(0x32, &(0x7f0000000200)={@link_local, @dev, [], {@ipv4={0x800, {{0x7, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, @initdev, @multicast1, {[@ra={0x94, 0x6, 0xffffffff882ca33b}]}}, @igmp={0x0, 0x0, 0x0, @remote}}}}}, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x80000) socket$can_raw(0x1d, 0x3, 0x1) ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f0000000040)="d7d8212f3329ea5a6f778bbf196c0951e31935a811c1f3e414f1d9b2fa0fc3743704f582edf12173fa1bf64431a5b68751367b7ee0c7800a69eb24f172dfa3641e836ea8237392d48642154e0af510680e32f657d1085f8a8d33f676ebcd1acb0a3378e8eeb985653e567ee0850c32309ffe887c498574315c9b087c92d7db09412b") 03:39:51 executing program 2: r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x800005, 0x0, 0x0, 0x0, 0x0, 0x1, 0xc8014, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000080)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) io_setup(0x6, &(0x7f0000000100)=0x0) io_destroy(r2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000c40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000280)={0x0}, &(0x7f00000002c0)=0xc) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000300)={{{@in6=@initdev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@remote}}, &(0x7f0000000400)=0xe8) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000440)={0x0, 0x0, 0x0}, &(0x7f0000000480)=0xc) r8 = getpgid(0xffffffffffffffff) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000980)={{{@in6=@mcast2, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@local}}, &(0x7f0000000a80)=0xe8) lstat(&(0x7f0000000ac0)='./file0\x00', &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r11 = getpgid(0xffffffffffffffff) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000002080)={{{@in=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in=@local}}, &(0x7f0000002180)=0xe8) stat(&(0x7f0000002200)='./file0\x00', &(0x7f0000002240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000022c0)=0x0) r15 = openat$mixer(0xffffffffffffff9c, &(0x7f0000001ec0)='/dev/mixer\x00', 0x400, 0x0) ioctl$KVM_ASSIGN_SET_MSIX_NR(r15, 0x4008ae73, &(0x7f00000021c0)={0x9, 0x9a}) getresuid(&(0x7f0000002300), &(0x7f0000002340)=0x0, &(0x7f0000002380)) getgroups(0x5, &(0x7f00000023c0)=[0xffffffffffffffff, 0xee01, 0xffffffffffffffff, 0xee01, 0xffffffffffffffff]) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000002440)={0xffffffffffffffff, r0, 0x0, 0x13, &(0x7f0000002400)='^cpuset\xaa\'security!\x00', 0xffffffffffffffff}, 0x30) stat(&(0x7f0000002480)='./file0\x00', &(0x7f00000024c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000002540)=0x0, &(0x7f0000002580), &(0x7f00000025c0)) sendmmsg$unix(r4, &(0x7f0000005640)=[{&(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000240)=[{&(0x7f00000001c0)="aa50d6cc0300806d979a571ba066897ef1498c9523789dc47ce8da4a374ca2d46ee46e957a1cf61f59aaada211cb30e1c114fe27a3d0692cdcd8859034199ad68ab6acdbc84393f19462ae6475c7b11bbb11706865aafb9c0dc3b0fe", 0x5c}], 0x1, &(0x7f00000004c0)=[@rights={0x30, 0x1, 0x1, [r0, r1, r3, r0, r3, r0, r0]}, @rights={0x30, 0x1, 0x1, [r4, r3, r4, r1, r0, r4, r4, r4]}, @cred={0x20, 0x1, 0x2, r5, r6, r7}], 0x80, 0x40}, {&(0x7f0000000540)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000900)=[{&(0x7f00000005c0)="b7d444d09c8513f226be2b7388d8b6b633adf4626b3a3bd94566ef8e79285304bbe6ef10e8208fd6ae61d1f586952d48824ef3b2d6f9c3ffb388a2763697c0eba9635f64ad70cdea48a1df5693a2ea94ac61c73a6e10d05e5d4037ece16ef15c10ac70bcbc1a16ae58cfd9286e5b298dc20e6e3d915387cbecb1d383e45ab1297ed2c07495832b835695cf4da1", 0x8d}, {&(0x7f0000000680)="c02ef8990572a03be3374435fe29b50a8ee737d225c741c4be44087880414ec30e9abb5fc7e868a940f8fb2f1b7794598755a4615e5325f259978cf24a529173b7b63f9956e91697b491b0b84164d7ea50234d4d80915979ef064a34b7df509f46de750256a807a1a459221b647e9d11f0caf4256cdfd5de65fa9e3c975d037b2f8b19b90cdb87c40d01248a3c318f5a0e30c4e61219d81a77c0a45c88d6d9f9", 0xa0}, {&(0x7f0000000740)="04ae37bf2e38e5b8b62b90819fcdb658a91282a15fe4dbe49ed6686b4d2a3c3ec60c3daf893c99f37c2805954fdb58ca8f292e8d766f6740ca05eba5ce103849b17fe19e3926ad47c3cd099e19cb3a1ccae7e2", 0x53}, {&(0x7f00000007c0)="ed32411a7fb1cdc9e55b3f66df10c0a6cf3293ca8a9a2cd70cd0cc07e9e135b6ff2d648ea8d7571c591818943ac569688eae345459c6dff8273591ea7e954471838cecc47e25f9ce4e07c01d70c38e58039329000e02900f5d737df241ba0f0e9adbfa433f8653837d327415d1a1828ee3def10804c39bb53cc7fb552bdde1140c09640f3c2f3b3c5f2d1830e0d1c176d91937d3b4173df0197f58869279dea5a02f4db22d0a53c095c295b37760818dbc5f2b29f80493b5f2fdbc69ae0e357970b959d1be824799706bcb047374", 0xce}, {&(0x7f00000008c0)="5a6bf79ff622226f", 0x8}], 0x5, &(0x7f0000000c80)=[@rights={0x38, 0x1, 0x1, [r0, r1, r1, r3, r1, r1, r3, r4, r0, r1]}, @rights={0x28, 0x1, 0x1, [r4, r1, r0, r0, r4]}, @rights={0x38, 0x1, 0x1, [r4, r4, r0, r0, r1, r3, r3, r3, 0xffffffffffffffff]}, @rights={0x38, 0x1, 0x1, [r3, r0, r0, r4, r1, r0, r1, r0, r0]}, @rights={0x18, 0x1, 0x1, [r1, r3]}, @rights={0x28, 0x1, 0x1, [r4, r4, r4, r0, r0, r1]}, @cred={0x20, 0x1, 0x2, r8, r9, r10}, @rights={0x18, 0x1, 0x1, [r1, r4]}], 0x148, 0x4000000}, {&(0x7f0000000b80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002000)=[{&(0x7f0000000e00)="292e70565870b18a185a760de342270df14f88d8f0170b79974a712af553657150b38e9c8b1ed76ed072128d95d7aada51d990ea44f1c8fa1b25ae3b2819b5d3e43dd76bf249ade439caf9c1b6cd4fa37f7f9281bc7d90cc534f590904f768913cf03153aecf5fdb9b1fd7bf69ff75650ac7b9c1103ad1442895986eef55465ebc06f255024ecbcc04f99f582f706c6a4eb7a6b6b8f1fa784f15204c3d96b7d0e30fcc800485262e97b2c30a304daa10c6186f288621f0f842718826ce297b54089ae956bc1bbf830e86d08ed5fe62d2c7339d74b75d82fb50666e53d3e49201c0fdee75cab0b8f936c0f96c02860d790247a166fcffa3019d640697a1defc2ee52b2eed2ccc738cf4372d67ada518fdac38c84b509caf38dd9cd7a882f813c88f7f3367c9f91bcf154d8738264a7f435265c097009b5b07aa0cd240a5c6b87b9cc8b3aa2118a6e0380b3f2e94afac2fb289de07b8a577b737f960bb576a45b0250d3bf2ade575945f084257c56ea677c6b660ebac7f8ee2233490438a6e72e9fa56d0132c08d9c7674a04a5493b767634046effd1582d869602ca5a8ef9d6743d2b169b70ab4be9d90416687e0fa46e1d7e076f4f5d81784ffe72affdf4f88ceea28ad3905ffc5b54729ad22f7e5c45ac6a200e1cf3d0deca9d2517cdb2d7aa103e21898389de87e353f28528058e7a20f93fa6925a2e9e8224275e34e8f757fbf88ca8d744754ba569f4ca33e626f04809537f2215ae214fb33f24e09d37959af28b97257495fa4d18572700be50a92856158fc5fc50e3a14cbe23c80a0955612d75fbbddc40f1bf3aee93cd101d8ba6f5ca7f0eab7cceaf2b3af204d74cd65d22df36786a2f8f12ad0743fd7e773600ade52c09b95e0ddfd03337ab2bdff62a5552ec0a84ee5e5535c1261a3448c4c38b411505f503f4ed15862dbeff0f5ab30c7061487f3c66518fc38128de9c56f3d0add21801789e39320d1b60e6a0e15f4fd1b53eae391c9727bedbaf72590354a7649a0d62a425f0ede18a2875dc194b9fbf235de7c0d5d86af55587391d2661b7f4d97b7e012d9d03a0301bdfd67289ed7a432cb889c651452e57acdef8be6f6b2013c9c73db7bd2e90c3f4ae3a2f8a3160109be299bda81f411523426fffc8386742f5a870e660bb6b2a0c93c011a716cbe03f7ef686a49ab8c0a9d6840b9c039372fb61dede56c5d29072ca3e02b6d4e3f64b81377105dc93e7971cd4f80e256d30d328a20d2be9568a3c114707b63314af262588745a67095a822a6f325cebed5388658c986b277667ecd2b0e48c7635632dabd53b002c431bdc6b2ec1e491132806c0367360b14b1aeb6d8ec1632fc25ab88e96d8a77b8ad389065d6797c03b7e35cc905c50286a494a225c545a24bb90a2e6290b70f4922bc59eeb111dba9e917b8a6e56d7a2c5844e5eae5a5178526585c768db31b36c1e3fc04ef3f0905cc9a1ad31d9c5c3f52b4ca46be761f93eb172c622912a5800bf4151f3e799ab407c036bc0635ace360ec7faed803de9c1eaccd42f543a524194309a0de10ae6bd5e3b6e1c78abcbf9eda9a12d800329ab6ab670ac83474a90057699ba870c0a54050cfaa3862445017485cfb26eeb99bd93a56922ef25821157488cba6f5eccc3daab760829c0188ad2658b80d05fd1e6aa2fc8564bd359bb4377095e56da57f6440ea97985673b1e48f229418be3c3c88b93354f482168f5499962a48e6f495ccb13179b75a9dbb335fe69fd88bde9ac4502232be592124e847d93e720e09b39c085a5db1721f622512bd4f89f1d8d1be710b7f1c0e59a23ed62ebb4a12afe4b6b67fe65a10d3ececc05e0a1ad43c2469b78dacac900839fa49ea6a7c08ec5944b1316eb137e0ce228341e6a3f8659ce9d64c34098ce5023be48e5204f3732c33d68cd01cd57da835d74060d97ce8529e917c4346dbed923a5cca25f9cec243c7532f3286ab1d70d84b4b0c845b86c1aefe7a5b74ba6665a24b7f5cf7aa752dbb33b154f82ab91ad1dea089d618629ac0258a1fdadc479d933a8e9961cd4f344e20b0ea6ac11a5e92d0eb60c142bbd4e41c6461b7f61fa23b665c6214fb151f49cb336427b3278f2315ae0695ac284f882f09c8bf6ddb33535606d9b5973aa3c34aa8ebb960d08793a572e77739715ff666c5ae0db436512febc5996dc3130b622a7472b527131b50e5af1ad17d1ed5904f9fdd60d1d971258d36348386e7e407b6809371bf16acce9c7fbfb01e44a5536323d225b071137a8c7202f87fa24ea4a28d31a183a93d4711cf73f72c889984904d0a93280c4f9c21dc2fafe272b4fcb97489efa31b3056f4a3889c0962ad5ae3b558552c2b1974ed5a89762f0f8e91e5ba7091219dd75221fa4750d64683da7876b6989d4ed26ddb8f8e9a8474388e771751aa878be6682d5d56a9a457f5efa53b891eef7a1ab60c7c93e181f7fc35a3c69cd40c5626ea88617350de86ee49905d52568fe44d03abe154fc726855ea3f8f9c64b0f67859ac1e03efb2b5a556cfd01d98eefc84cf144b68552cb8d5a0e10e6df481662ad0427fde579a0fabc4957f7904dba677a4f71fe7f1c602db86c1b957380e8d1cd11c1d0ec05221ac3439e93efc92e3fef4a7cae1bdb9d1e0adadc0e5443522963637cc0c04d15160cfb021a93ffb25d80375dd0996a7114f5ff476972b6714f91ffa3bf703dc06ec7c7a662119e7dd058a316f1f817862a76e9c52668045ea5dacc6c3fe81ebbbf964ee29c40d7623d9bbe0740f3ad3f27a6a6758838c164574a9ae4c58fb72e712c9faca6e3d8829b643325347256bf81f590ee7b2242c504255f108f0ef6853a6fab00f4b573a72087259d5591dc60c42120ae5557d1f9ab61ba435b76d6f1d388b745f6a68bc5e89b2d8457fc12ee6f3d617aa3aeeb33d9f65aa851cab0101acf20542c664142391812ca494d97cb94966f809a73c3c5ad98d42fdb5942a059b0a909a68c50331d062d7e5d2a60b05e4f6ed15a2afcd1a87a4779f422b2f09c847735bdea98a9642820bd139cf27dcb38b4432d6c0531686cda280ae86a57ca18eefd1e76904e84a76462ebf7debc01e92fd1dd7d03084aba1f9e11f3dc62db61a927e8827015964da1ec9cc7e243a609be21fcb47b6b37afb7b547b2bc36d870aa771ebbb8865e1a675ddec3b7e37d3cc4e74aa0148c870bae6baef50881953030e573cee5f45c53fb08a8f1ffef6e59ca520906cf501c43a6ca1362f6459d6ba88b18df2cbe208919b32c04be197abaf92c5f9e1f492b6b7103eff242924d6a90190c91a68cdf39bd23e66aea30d3750b89216c2ca4b1e29e2900573506b02d9c45a503710795e857e97fa37fc7fffda9a3cff29bb8b8b8c70dbd5955bb05ca4d70abe91ac51e99bffdfe47ed3f4aab955d150500fa5668501da28d3dec3a1590abd37b276cabb8ddd9a826499810363384709e5f611c9569354ef119f9804488c3c0a6ab43f89537cdbaec91fb6cb63db77c2cd49a79faca61ade9ddf84fa10bd8b5fc67d8eb6e0c884eb223d02cd7b814e9d52d08175dbe26cd1c8425aa45e326f9e91ee5e52b21a063c67c32f77ef6574e782d8acf29bf3bf0c7adbe85bc3b6693e1690cecda4be6bec0a21deb44e131c3d9448408ba6ddf43e4322f461967a0103821baad5e90a67545b1c388dd590c3c4e57aab23e4a4d32ddef249f7e75ff3e95134c2cd780f4bbdcb7f927d0dcf29c77fd1d68502bb3605594524fb6429f495ab78454e63d1f0ad048c5f86645f01f961df3bb784211c8af57080f6bffc1c356483a1369339a6a3a58d283a9952b1e9640d40580e7b832eac7a248b940da10c1d17d684913c65fafa17849ee15e2eebc7854be3f0e2bf06ddd2d80e3ebfba114d539c299b7ddfe9f67a83103e43945ba2dd045c6971670b809ede81ad4d68b7a24b1b07cbfaa1eacd9860fd916c0a3fcf2699f05ca329340285793a1a6dedabe8ec4d870155c03d30a53c844de381a0e4ca1bba38f92997af77a8e96bb00ec7c5fa29f70174ca3fac7af6c0a00b24024c5a9c65bca3e9b7dc646f4b8c3cdda2243b4fdae47f33e31cc5d7d6ad17f060de62f90d2a19356b1225565d05cf4d1c9351da7820458b71f6f0e0d49e3a23e68a4e3efc5e92c124c63953088805182c523fc2d789c297bb2df2b7d1af4212deffbf91cb29333f1a04009001fee3b2e909ed6bd5c6a675bb2b2c69ff15c10ccac7989353057d11fb56aa743965fc1cb088196ed7d3d0d73ddac28d915410000a20f2ca213b75a6a3c8ba2bec1afb8b46c27d98822a0403db9511a241b9f4574eadb404619b20e9b38a659ca979dd6674f40eaffd6d3851f243b950dd159220baf5807bea2d2c346e0cc5af5d31d933581e7380fc82bde44bc4a235247aaa5d5198577ff5d97e569282071f45030fa9c5f09aad5e7fb2d0517b0bec5ea10124507ad12ddbde938baecf05219b9d06561701ad20adbb96053f9cf0e99460220ce154d3ed71462473cea4fb52875eaf3db60235142806b5e71c410eb738995bda0da70d63b77c6cf066ad77faaf31a33b6413c27d19da64f10a99a68dadc128bb22bae0727e810cabdf005027ce291a66b8330cd70724f62a2677b620e89877f57e9fc3d0f308f05bccbe6bb93d8d6055749dd2296d5ae2294c30e0e4b54ecce4ff5412c596fdbd22a045b99d365f5b0064667448a5ae011bd3db1f048e07a8b93dfa3fe2a0e02c3f2fc52bb78f9ccfb37e0e81ba17580d062ae89fd5eda0d624d63512cfea7de9c974eaa333e261d351ff9cb35f3bf07b69242ae304b0b10d4f78ec8a9b09f1a8f6d2d6f44606cc9ead0d3cc8583f319ec0bc43fb896f7f2eb73ad11d5769a6d52da4b735ea45447ef9d2db8edafef6105420499bbc028282a18a009eaad0cbf07dc380b04a436566fdfe38e6d84826b0501d2c755e97c7220419d71ccfa7330fd0132ffff3936d1e354e84856892b41c7e92cff134b6085d00f0f672092599f62af05fdabeb8fda09447ae529b6ab590ab89cf663d687fa04f45242fad52909a0c3d4cc0f2e3a8f1b5feeccfe89c3d73785dccafb8b3075c25c7fd09d74e12b00c727e4f486a7a145941575917c671b75a19f252bd1baf9cd9d470c8a2f58cfea0dee5047bf0d93c2cf753cda4f9ee71c55e868ce4edd6b9220fb3a114fa5cea3ef389b79c7e9e178243779c77f83253ab4a9c27d16b98ed49a29da8a2855b660cdd81e358cb38b276d5ae6219ea278b20e256ec5a64efa1c0922a5b74a47d5ca2e62768e0cf123c48a224bded2a83ac41f8df7d1efb5499b778cf66c2a6dba25f1f125e10fbae1d4915b6f7ca7b3d384f6d04098463b579ff9a227206aec727db139e22788355460303361a9a0feb81126bff07034804c7ae4b45020a17c7b5f74901ba157f0bbb046317914977b7819495d3ca6eb40c542460ef5f3e7998d94288ade47de1dd7e0468c4d4010c444cd67428af37d0e27f92f905285c20b6dd840875bb804a7bf50167a6aa25fdd7b63ae1bfd9c9cacdce2b710a2954a2b711220b1813c33448d72d9873fc46b2fb78ce0a028e45941757557c835a3d68246173607653b76e3b4c6b482457cffa826190e56d67d0f9916d98abf87e4c87c3e0f01b858adecc4841916d458987752fd670cdc92c19a1cc61a5253cbfb7eec38a8f28ed1573db8a01a6e4312795f445ac6ea31aabcd901a65582a231e5161505aecf6a2fe5ed8d2af4cdb18fd610ccf1b4824bf5a350b1606c00391d0eb66005944931c4", 0x1000}, {&(0x7f0000001e00)="ef2b5e7222d5a30c817c323be5051dca11fc4eb7fd7387c779794c485c75dcbd241a2b8f647f1e286177c1279d2aa863ede7f0adade099af26f3d365ed758258186b7414ba09311b15267437eb3140feacb4a359753fcc697d3e387a2a2cd62cc73cd0830f2c582162f7efebac0d6da906eaf1a925b3a6962f7fb4c495af8bfb87098acd5ab20bf1f7e8", 0x8a}, {&(0x7f0000000c00)="36f570b0520dc10c74d4ce9333085f9e958aa25ce54ec699d783b09893f86a87a78a5856a41451e5a73e46f5eca0a8555aab7b", 0x33}, {&(0x7f0000001ec0)}, {&(0x7f0000001f00)="7fa327ec51b40ce710cc8c3a4349cd3ace16a5279e0866366f642813b068c3cf878fc814d33e30d533e7aa33177269da1de5962017f8da01947375eb8e4c17efb6f02525224102b34af025", 0x4b}, {&(0x7f0000001f80)="df4d425d31726d571df4bfff9ea258bd33a5275a4c704a8de1a3b1345c1ebc52b0cf6b91a613b0a44f2660fcc31d1a51574ede52c04db2c4d521f5ced3fc20c4355b85ac7b89b68fd84222fbaff3e51d6d0cbb4582", 0x55}], 0x6, &(0x7f0000002600)=[@rights={0x30, 0x1, 0x1, [r3, r1, r1, r3, r3, r0, r4]}, @cred={0x20, 0x1, 0x2, r11, r12, r13}, @cred={0x20, 0x1, 0x2, r14, r16, r17}, @cred={0x20, 0x1, 0x2, r18, r19, r20}], 0x90, 0x800}, {&(0x7f00000026c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002900)=[{&(0x7f0000002740)="28c09b5d45295fa547a0d7c168c457385f0daee4e60a7f76597cace5fa326e4399d8680728adc59b95f60d34f8fdabe391f5d435becf0ff8eafdd391b6999eaf45951f275e78b21ff8dbee17", 0x4c}, {&(0x7f00000027c0)="241f83e49edd38fcafb43a6bd51e68cb55e68337d29f3d6f5b4355368a69642142b730d5cf8d6abc7a31d16609a35697051cb40564ecb1a4f2871464f203bcd95108bce70575869a227918aa232a7bba0d397ae2c5ae71b927ece6f37c17a003c9fd9a9b762837131c0a10182c6a8b7a6c0ed03de55a973354d37675f05d1612ec1749272307ed4c520466f0b345df9459a5c63903dbeaccc0dba90cf8244ede78049d5537c4c2240a4e835a1e79048809592bda8341dc5b0b4fa6b6dc0f3f9c3a2746a6327d5d213aa7dc144dadf7106e2716fdd309094b812aa46dd24cb2874d91dc359a7a9605e29055f5abd750bbdf88b85021a5095cf19c", 0xfa}, {&(0x7f00000028c0)="af72eb4e7eb027c63a0f1c014659d7b13546cb5172fdd5a5eb90fcd1d1aa093fd13f2d00b16c2fb25c55cd489e6550e5", 0x30}], 0x3, 0x0, 0x0, 0x4004080}, {&(0x7f0000002940)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000002bc0)=[{&(0x7f00000029c0)="7db258ed3f7afbc3867fa64c9c37c5523536cb9fdac5580c29f6f3acfe1e82ce5eca9bb443e51867354feaceb7783d0f564c789d40607cd65011c5ff9f9f11da0fbf8f40208a6a273ded40faf995b7d901a186e19ff866034a738cf461cfa0bc42a66f9e3ae1d7a445e79285ec4237aa801e0997d24d3cd595a5f1794c0e084728e95eb79d17afa71b5461f3d57907dcaec536a215eb515705040596ebbdfce4c1968e7766f77d558c237959b61dae19d886bb49cc1cda5e2943e5593d8083cfc0cd785a597fbf140f190d6cef9ab564a11d1b3f758c7e", 0xd7}, {&(0x7f0000002ac0)="e2bcaf6a07564e7d8f03714083c7d81973586022f1633eab9a49e32932128423a8", 0x21}, {&(0x7f0000002b00)="21cada642f236fb69d61a41c0af933a18d78b36bca8467399f1a466b1e848499e7798da10cea08a51a3f9061c993ea6e79c523945505186527d0980b1f783873f26fe1bd551cf3d866998b5576b2b1439199ee73b192fcfadb72e324f3b68094b730f2acc4b15d5a069f7e2d393b651bf68da23623873f3daad53ee15dbbbdff5e41bb984b74234cb94ba6d28b4b118062dbbe9edabbcdaf04c6f1437869e122cc0c429f787c", 0xa6}], 0x3, &(0x7f0000005800)=ANY=[@ANYBLOB="380000000000000001000000c3cb6127a5c79ef9327691081f460eff18fc57772bb10c41a11bd63d84ed1e1ed8f347bc80b0849a1e5c548315aac5b0cb6d4e6e22a1ce3cae4d9b2351102db168909480c34bf60a7acd7737d1f773c67f43bd0ba987c5012163496e0f9e79", @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=r4, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1], 0x38, 0x10}, {&(0x7f0000002c40)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000004300)=[{&(0x7f0000002cc0)="bae65ab54c8bca11d45c40b66bc83785fba6415cf5ebc5fbec32fabb50dcb6f88e14a40eb4edee650481b8335771999e08bbcbd5444d3e8497bd660c94df965b051b11cbe2440850a3d4d28a1cffcb338a12181c100915816bb92396e0de2a35a6cbabc01326e8b8b6182b747ad4549af476430e64b5a11850830d4e936e0a0fe7637b26116520311b0e4b4761f10df8bd62f28a7090ee46e7ed67bd4c9f76b5662f9672da3759e7e955583eea666c58a4e02428af1533fa0fb58e34368cd4a0230a5c6cd22aeb235b729a4ddefa4537d741b4313d71fe98fbceadc9811875e8ae8f6aab3369b12173c07ffc6cc9949de9b569866747", 0xf6}, {&(0x7f0000002dc0)="a81ba6cb77828a2abbd87b7d13343de0b5bcd42d47a0499dd53bbba92105d1ee8321775880b488dd00aa47f2e0a8c2dfaec88833b6d4344e1b371e686a0b9c7fdd07747d238d73fd31feb02e82cec154578bdf67ee5f566f14351f38d2dfbdb445f1eeca928c495ee933fbd9c0741dd7b937b39a521faefc7ee51e187348d91bf5c3c5bd5efd", 0x86}, {&(0x7f0000002e80)="9aec428c5cc3e22be83d720324a7718c7f85204407aea9ce7915ccc92bad1304ce100ff529d5bf748e74a8544591f5f7916005c4a5d3ad0deaae4302cc93283deb43a0e8892669f073e35029643b39af5fd21e836d7cbc49e64ce0dbf421aabb66a7e7be05b5c9ed7a727bde727b882dbda3e69884a8ae16f6", 0x79}, {&(0x7f0000002f00)="063e722796c7422447e0964240661aefc43cd5d18e63c78f9497199e539790fbf7a4108e19b3248a44d1de30229af3da2bf97ffc3fb1287297269b6c7c573cf9fb44b642fd935c854633991c10aca9cb78b3a78736c5d6631a5a95cace356801e4193ccaca81aa02e3b319f5fb5cb7011887ef9f4529e69ebc604fd1758790514aadc2a08d990c07d94c5bd4281b3657fc0542784ede398111f48149387d1c095e29c3825762ca2895aa827c", 0xac}, {&(0x7f0000002fc0)="97fcb6bf2c21df1a2476948fe30b6f52d389eb5c", 0x14}, {&(0x7f0000003000)="86ee7d5cebd9816582979dc00a6c4b50f94201daaa773f06525b394b9eb4d570373fb4898b0790473eeed4b2849c46d737d604eca331abc712f294d9ab1f9f97da3f806efd0754e009ef04ab1f975046dd761e5696247676f3ef8fe746323d618eb2b2ef09b4ec3291d633cfe6c4c0562522233f9f8cfaa4b268c2d988e9a7721ada930be61a69e921d097e5f920c864daded9ccdbb4c2db232b55a26f8002b4d90aa1fb", 0xa4}, {&(0x7f00000030c0)="fc7c084b82ef788574a3afd4d1363b6c53dd6b89f68899e737098f619b0e175aa93e648599c9fabef50417a459296248a53ec4cbfa3741287c600843654c0c299f6c7c5fce3ef9a29035a9e64aef746a2328a0e05a9ff327faa08e424e4ec697a6c17281866a41bfcf18cec89851af9e3fc3801f4a3aa4588ddc5505e40692b4b1097603aad71e3af6b53eee5e58051c5c11699be7b652ad55cd61abc361", 0x9e}, {&(0x7f0000003180)="1b578389d03c7fa55b80122d7be8b598e3d5832de80bdaf02e679c88470908c7a0572ac897a6045ce4fb2f6f39f001cc0e86f7dd8a4c6ba7142bd8ed2d1afe768224e44b06458c8d0a9f824222dcbded95270f09", 0x54}, {&(0x7f0000003200)="0a8821be6f0e1c1bddcae8682b74fee4ca436da2bb9963e92ef774ad5b10082caafee780b20259d55f2d086408f2c74b10aaa1b6fc088b6f96a33aa83cdbc68d1b7a4a4b3d753a0ff270b67873816d07fee07b63d82f1a4191a051959c98097b4c93185dff3fead121244128d0fae41c0d995cef911fc44d27f70c204427f7dbcbd7f21b236d7acad597c08561c28883920fed4a862e3e0fd1bb68a0c62d2f80051e4be971dab19b31f40d1f5b13d732c87a43f63ba76ca1f827a442e02a87e10593d8ddfe07fd4d383081968e9a335bd433304146ff86105a22daa3c87d6d163c9b9985bb76ca37", 0xe8}, {&(0x7f0000003300)="397c7ad124a37d19177b1ed9e1106817fe8f6aa6dd67cd8a0d804977bdc6dc9ad32ea15cd5c581a778549385930ecc59cfae5db15f727cf65dac6f85967b042a43931fd15f51cd2227203ffdfd87c8f0e2edf19a3a66ea3ead9c17717490673a1fa15ca42b68fa531627f13815331ec659e8f38321e0098276732ace16be9aebd385141e7d1efc68ea933bac3eaf8cae37b06ae21c269dfaf7fda97a6d8b8b7da6e93ee6ecdfe37b4b4486b620099a63babda2eb05e39b5253969357dd7b4d1a37dfc0cfc0b5af0495d8e545d5c4d1d568bf4f3ad2d256bc9145013e13636aa92bad22e957f9d45c712fada63d10b84fcbd032f2c1372a381447d9b3381ad025857be7b863cc7b8af7dec0932748a957c9f0cf2827f10529dd79aec42dfc68eca0cecbe94b38e8e0b88868ff0fa19c60c7bc3a7c4d042c1d30bf5e9b4c3366f7226754620d446eac65969c7152a401fc08cde08a78747ca610543a3d737facac3be8337e2845056d80cf79d45e09b876442b3144afb389b8c325430d15e01b86f1cde6d74d654eab3d0fd614fd0e324747e48e40c97c067d1beded100c6bb8f1b72a78b5f2c7c853f7ff89181011c534b982afcc0267292eb8c07f95a891c013d63b2aaae9e65ffe2a82b0d5e97ecde3b6cfe93b1c54ce0c04d5c3b767f906faa563a46c486b2e454eb1094e650a708bed52a4fdb52eecef7fdfaa787cd5d03eb08e59b685d02574bf4286e885f38371ecb2ab67bd811765fbd2905bc41b56c9b2dcc801f0a135fb6484e550bd55a1abcccb55adefdf11c6debf86b5383f2232ee62f0955080356e642f456ff56f0d0ac0a0d46b9ea9ddf367dc60d4b10d863a78839e042ef68d94212f2d1c4edb97aa3ba58e10e5f5cf12edca47379a3ba48ca5e5880709305b020d56abd61ce23aeb344e7f4549ca5bab57ad946d8f013975da66b5ed92969f2d9d5aeaea98d45b9adea9c4b21bdc0575f00e71fda8784be4d61527db34fcbb4055aaf994c8c7581afbc9bf4c8af368d5725551c793836aa068caee675a19bcb9a03f820167f4a83daa1045c092e6662643f72b77daf18817742c3991dc98aa37340595cb8216388bfb53795f992023780a52996364d20dba50ad826b1d6c86ad3de118652096f0be8801179ad4465ec64166c2f9b328fecc58eeb5ada6c33b83f58c66c3c6f08eed022154b2cd7ab949b53de37e89c6959285a75837371a33d5d2276f871c5b64502b47abc5f633206a0dcff45b18b6c73879078fda49ced5889b55ca56d8379b6c48df61d50c364e8bc16cf2f80a82d95c5289b08c89b776c141f41fe61191fe4143baf12e620f3caf82d8985e6a448096831127ecf7214a86456ae2cf0761ef9010075ad68fbeb57e6698b80e75e34d49e8e2a10db1d89fa6e549694ed6c6cab184f70bb8e46096d7a78d4f8e6c1fe55f6822c537875a395d25cc103c899f26419924f83bf806c663f8b39a3e5c422a0ec626fd6345f81f4dfbbb2783e231b5c48a3ae89fbfec788a8300997f5f269095222c6e5f05028cad784bb4280324b3ec1ffcec6adc93b2bb62a005e298972f3f7c5cd7da83f2ef798b3b2668710c378245300f16b94f7f2fa8628333a27325162df3499c672b2f85eef320b1b0ba619403cfb57eb95a94b348210b0395fa698ace3975b25641a5b2bb07dbe868188c99fd26f44f3667abde9da2c8d0f498cc77c5e2bf1f25efa45edeb0f4e63901efbc3c11220de2c73337518ca17d0aabed9475980f6307eac0c3d5116fd4f0afce82986728ead70d84f7537ab6f84f0f3ca5183ae49e4f838e34329177e862c8bac4082dd4e1148dd02a6b96cab8b4d484fc57c0ff2d37b3461c0ef1486305b45d26d885728856aece91a34c83bb064dd21e8e78a143b87ca618ca0502007307643aa567ed00466b29d0a4a4c38f198c3c2818588dc80286cae6c0f86b87f9d1222a92f5bb71fba66af9cc259f8b3b7fc6882fc89c2d823ffdbd10c0c7a4ca9232ad18448d1de3c6f271ebb1ecd3daae86b983b87c5b41f5de8a40aee5d1f424e86cac23eb422c108a5bf09f8665aefdab1240555d2c6a6a3c7e050c29e52c58e8f7bf71a8b553465ab22ed20b0c9d013969c4cbec6bdbb74fce8c1ce379b4a6173574d76e1b9a5676822fc80a7957ca0c200b49f4b2a24ecec6eb7261c7894e517f60096846ad8b33110ccaefe12de35f3dd62f19cc025e1416944d66d11aa4659504b1978eebec32acb4c600bd4752fe45087a932361f554b3da0c9a5982d1ff57159a3185a34f534da61a946f1f5866cc5d6b9f755b7fc94e9db4e04c2f40ced54c119386cec9eac3995b36c7ca23e0e8509058016a1af465b5f4a882bdf14350c217675b19fbca81bea93f26ca5a2854da86a493206f736abca0d9f0f88e9ba6b66f2258eff4b0402a45907e68236364c884fd6f341c8a16961608f771e67ff0424f6c167ce999e5e08940cc58516f15ea080d10e083cb49a54e84bbc6ff953c38794aa5c6706b98f0971f78741e31e66fe989c55c3f08328a0bb07292e3630947ff982a194e2c6b68b343555f55c5166220298d3651ea12c100b029e31ca09c4ef83dfc93369665a335cb717d0738da2d13159f79abaf08be249af16d16d496ac31646b30e5eda72d9005ea68be771791fa388009328385df1d02f637d91c6ffa324db4032caa34e5676d9521b33c25964b3ecb3a15e5f8b5e2be3b7c2749b96ec218afaf39ac97b238afafcf8f10d2c9635b20d7c0149587c0a9b22e2f95cebcc887eaff4940180e7f2ff37d34b6b3ff443825dfb9db703995cd8a4f8a4df65a84f6f8159f15563b36a24376386eaeb9de7cee5679a7a9a5a82d0a5f8bfe885a7726f0d6d3f4b7fa92225f6a4db919f5b4d58c9ba4faab47d669139d5d8ade095a2cb6d6e79af9d110705f6f3df5a45fa42b039556cc327892986fad484c84870ad57dd3910319e5cc0d4d2b1c8565683b6419b3e304228186af8017953dadb29c2fb0f5ef2edfd0c89ef1bb7937e0dfa1e307b9ffabd81a8f588f38b93ed721f941e60c3d438f50cfff2fda9716f39f13fe501317433e824c39873a864841d72eda29b76dc29abeb59f068e7a6c523301e679a503ec86a34d913181cfe7256cfae9ff6f2b0dbaaf1b2fc90b94fcf23a5c3ee36ac898ddccefcc5f344b0a03c593cb07eec97d74cc6f5d97ad30739e86b38660130905ca4ae4b95f34b98831c6213a96ea20fb6553e5cff86487dfd90eff0a46604a3db058d4831bee05f46f88170dc4814be524f1d854d13600c2536206ca61d260fd310fd907e145ee2e38f3cbbba8ec2e3badbbb95ff1c01d5d378d941ab6009fdaa9686a88d44dc059bedeb2e02a891f7bf5baa1ff249e497bac973b628cf0fe21b8ea803a30d51f837edf78ccfd56e66b148c5ee4b8e4fecfa0f74a877838f64f059000f8e24c7a3365ebdc109186a97ce6744dbdb68f72617655edcd53d5677580be59a60c1c63111983986d175f92ab1a17a937f9f0f8e67820a57af331f2b1edd8b21267a32803f6258711410f14fc7e453a85ed137071a14f045e051cd4c132578babd9bef7e9e1619f623599bfa0b702fa9489ef448b529521411257feb58226fd98fd27fa569ca296ea0a8fa1624c3088c80050a4b9f3b4c03cec7e5cbc1fbabe62a45b84f61cd859ffdf00e8b73968b21c7e1ab49de71770ba112194d7e155e9c3be7cbfa5b8aeb385f189f457d53c8bcaf32206d94e72b43f7ccf84cbc2cb23b49c8128278407c3f138748af7f2c95ae0aa6dcbc3e3230b7b61532219e3a725cd9200318257abcdc75b093c1035d29e4e23ffd2df9ba04ff6c3758bccfe6c24cdd54ccc201313849dc342034645495d4b62865343f1ba669f27160b6bc5a9703870b22ed00772628b8630758201bcd7e2ecfeba1ba30a23d7255852537eca7ec2bf735cb248cf292d1673de6e80e8f6913a542a491ce34719083886454405932c1558d66af84d7e20b13e64b9659d55c6a49223ed90f9e07954d2287e2f3bfce7fc4b5aa87e867fc82bb6fbd1888e17550fd4cf227ccf5eb912e806b2021e21115137a3e564085107a5321cf92bc624e128465c99b4b7b9f9e63cc7a5b0aabfa6b8f8167562657f79c0c7b5a9bc9b20f5eb9c447c8a8bd125c49971bc07ccd03c25999c03b6afdeb3688f8fcfd59c07168eaf5e680fecc584c7fbe3e5789f5a739be45890be4e817a7fe3f180879f6c486b1ec779b74e75118dc264bc31c6848d21810ad123698663f50d8220f7248e281d6f82cec752fadac47d807a1302b4b92e673220077f1ab55ecfd539c7cc87355132d4d207359d7c037de85f2cda8e03ad9d6644ccb4505e789be4a15ded3c8d1c0d3e4e8b9dc87152a4f0529117b0bd6acc961a12170a218969cfa6c469c1e9fa6dbcfbf782e485e4ff772e28143af11406bdb0831c329353d189beb5fcb2ab0096c3f57a854a645ea4e79f1f285f2208229df93b4aa1c389879e13d53872bff75db20a2a23a26cf71c84d4637bfdc45170936054e38ab125ac51ab25b9e94f56d937831a2769efd5fc677025be60c6934e551617c371b70ebc52b921036a4d95a1bea603738dfe4a04aeb44cab5408ca94464c817b40ae8518ba57858ba62efbec44edf42fe5e8b7182765c71cf221294ff2d979951955e3008eb54db151d8b80147cdc15675de2aea9bd3a5eb9a5c811e53e8e68cd360bf07c32ea88a25f18a00e157fe335477758306aa4bcd25ad3f4bdd46c1ed294fa2c827f20e68f99cbc24e8392435ef2f7adbbc4d70432b815d561f05cb20b0faf8c36df8161ea574463f50da94cb353accda17cec34928c703d601bc43f8a6fba2c35d4d3c75ee03b42c0f2df21cc3f696b106ce4fd2206f0b51053190a9ebce22f3ed0d637bd10d992093102fb29d9d9a2c5f53c947cb3b87fabe9b8c6c2e0e22f2f69237499f880cf0e709ced1bc57f3d5610263e0aa2246ac17200c83ec4dc5ffae6b4f6ca040a50e10d1d853a00448f7d5c22356c8ccc797f0fb9cd2e24e7746e8fc02cf3380d087b701c53f19e150c7e50655a725edbd1192061c43d1f5c11c6b23731234057b49980b365b9d612323c4f4f52c17467294d204c085974a85f7a3feced9f6431cc119a598bbc7edcc22423af4c3222804ee44efb83feb4efe4f14841af8797db33229273b689cb478e1229ad2a5225311ac831d8ee52aadd5b07b74bb00d645d542258c590b6af8a09215ee65ed3258cf4a462245fc3e4c606558ca3711bc1bdcc74dfcb4752fd0ce9a2215219d6de51357d1172c6146f16e23ea15507bf2ccd14bef3820d7d08cb2099115ba966ba7aba9e92353709546df92e9373bd5a0a17ff8b64144afefe46a4ad411e64c31f1b1386f65b56304c6b099a2fa7c0da61fa5fe1b0a2206c2b84adeb70dbb6395c7ce269ecfc437f7289da381070abff5ba8f7bb79579a9411bfa70d0b7cec81bff9ac2961986760a2379dd7a4a809b5a1233b781c633a66d4e62ad5d6b1bc0fa1f920e9b933bb210abed5bd890ec469cdb2a4bbc06462e1d16389a23ba70b455fb9c061a0fb40ec95bbc3c0fca24f796ac54f3038250e35da031db5ac642e1ae1690b389e779835a0cc0c78423575e89ef7db8846b57352cb8281db3c90d63921972fccd191c657028943c923834c711b324643165e3619c12cc85f1ae5e7943f5a3d2073231c7d273501057ce8aa99920d4bbd7db4016662bf8e56038095c44abf3842947eb2f7e12d85757378db759ca1144489f17", 0x1000}], 0xa, 0x0, 0x0, 0x40}, {&(0x7f00000043c0)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000005600)=[{&(0x7f0000004440)="a1b7b62f6ca0818febfdffa6e4e8b5e23c67a69cc41966f7071ba8db1f246f09c00eab936f6c277b521a4e9f9ea0496822aa23b21e9916f4e5954aaa603a4f40cba74a1061d355936173d3612d38113359ecbd52d8491824df32a3bd97cda5bad0443412516b526fec7f803104f73c3e094026f7c408e82de397d5d929a03924cbd8aa5921a24170272e030179e77a878eddc2a73cab43832a083da1cdc187e1464c9b240881b919e809b6d765dd571a2360a781c04b0d0f71c347faadae35be1938c85f603d9bc0730665ffbcbbbd02696a1bdd1cd87e63c69050b0984ac67721734181ddbc1b004cacfa6d", 0xec}, {&(0x7f0000004540)="9c6d21e25c75015d446ec2dd253de734131978099dba7f47dec8ee3b562b85c302984ba1da82dd35c76e7de737e1ba885661341de8e074084b6151efbac16b5561baf97d1048d271ee2becbc491bab46680d21c52ed5245cce3fc44c5865c3cf160ff14519d598cb7d3104f4da6ced2dccc2d4a452cb828a331e4f025a8c5fe8a45493db4e98c77575e9cafacab1a0524f72c0c2ed2a6b76378f90f540f4e99b59b6d9733e94d4b3ec5e820694edbf8355b2da9ac8ee6bc859bbc52cf7128116827d4d66abd8164b15d5251881fc5d74036f16642ad2a3a8ad404d1d0e3d8e5c4c4fccc1b0d8e498a7813a8b89561b45ac7f21ef86355104378be34319befbdcdfea1d405a9d422d4394883f32a241e6aec1d153483fd69d7010f4b48b83b62b2ab6ec7f3cce8252bb2ed84609e0d41ee3d653237c1a994361c054de20413efe344ae65e64d410f21b23b9a9274779c51f72ff421c279bd20fe13bd9298b63f4748272bb6da5263941797f353bafc0af71cec620b2ba5727b67b30aad8c221cf6a336971696c3279914fc62b217efc69a8b2ff264abac043c88f3869986bfb0874fa9573e087415f5bccda3b557b442a660001ead511e967146031e434ccfff3dc426f2c7311068fa88b5f83c3c4b73ce7c6b15fb7172a86379456561d79389b7d44950e2832bad18c45162746af77b32724f926e3521a54bfd6843b0470d0a2d38a41c92b3179d52f40c88511db45dd222c854149db575c164d4b5fa410f95c0a0f695314934ce60f3358ef6139b97444627f4be0796a42c5c193d702c49ed6874ef1313f5498fc0af11004766a07b620a88b673c21f0113ec81e2623fc42163241555bb71d85e041d1be601611bf760dec8b0f76eced040230b4d560c072c248bd6fa0a38ff01f963462688c934b78319f505251dd747ddbe33f80ec8dd45d23a22f0f6f1d2baf6fb44c818544b2641696bfc34905e40f9e1f1932a0194b5a3958451ac06ddd679818540c5022facbb6b1e6c2f8f59c3aadf88eba0f23ac5c907aa2fff87f8d9f6f028f2108bdcb880e3e06833994a8f2601c3b561c304ad06a019837bbb70506b341dd1929c4f42655ad240ab797fad291f46cc09893f1c75a6f92311a60276c323b66cd5b0284fccb21739325b73cfa275c51672cf09605c311242f24c41212c3ff4c1c2e1d0a4a56a93d78679159d088ee352ac27246e7a03ee8e5057f4f34a5c70851c964e3f1d704949e9a8ebbf6f035864ae4cc3ce92dfa6cc7ddf83fa832db76beb635df55999be0ecba3cd351dfeb1282a9ca9180c218feb52762cf90a1948c67c86652f3d022e44c370bef3b90ab8d750de83826e688522d696f3f25891e5554e160c9bc29ff79f7d5189593e2c9c32dce72f264fe1f224f2e2a6f2d897423b0390c8c550e90a1edbab8c2552ea76b278c03c64082a3b2e70a7af304be3a5891d2605ab1d06bec6d49a41f1a67e42611e529b8d068c4da981bbe27a35ef0772f854fcfd98e0cce4a4944e65f0189918346949d0241612f9cc6e088c8403d839816a4a4bd2abd3808823e19d1e8483a518dffc0ddd5987269aae167881050744705084f6913267f32c15cdc6581f126ad61c2c0ee004057a832e774ca2a4925e7849e41814cad464c41473b0469c6b37983540c66a48bcd20415339dd43f0ef88ecb080b2284d7f3ad717730e58c0bbb0630a7c8534257e9b6abdeb310d4f0ba386cc5f46137297c91a567441563df4b51554231179989f1c86c5372cc744314fc01aea23034f72732da3a84a10c9f4103d0d69b0f73e9f110ae667310a7b29f16b3f67dcd64167fbecee8a9224d76df8aa1dbb94091686addb260cb733bcf07633dff46e814f87d38eb7f8d59bedaa875231ab5f53300bc6cad6e4566190aa9941121cac4047e468306ed2e9e57b94a0c861740ebfc2f4f3bf8745cc13c56164168126158bfaa22a00a5b3f87d7c100cdaf7cfa9d8a6579a92e8c90ea1e7bf82afe6bf8b0f73d47c606ee29b267bb052d71aa3049370dc6a115459fe03b5e3e1978d9f6210e10435b19a23c1cc781bb2fb339720f0113385ba274b19d56011841447fc5489c9c4192a25b3dc679399f06fc2b68c40803a75c259fea71ccdfcaaebf4aabdad5a855a5959161717d9c7da1a529aad3c01059ad6fc334adf9d30bd76900039d3dc8ad71df921f8dc97f036d9a3654e65296fd06b2c1413b0792c4e5974dae494820d5bc570baee81f6e9bfe92644f38ea39fb5fdfde58249be9de393df87baf0f51dc67f8d2c12fecdb8369c07529e4ff22fefe3237391243d0c66002312447aab303e98dea2acb139d7468dce528eda6692bee9284812e9f5ab965baad05db5a7f0a0de7947cb97326a06164de800ed3f109a5de93722d9aa14c6f67cd8cec1cb785fa82a2542473e0771e1576b74fb834bae161823331240c020ba4a9cab467043f5e2968dcd0afc0d7347d536fc95e072f6019eefdd268c7a1d8eb144023a86cd7cbdfd5d676ecf4680fff75b4e487b7ac6ad933759080662b48b9b04c2fbbc3cddb1490a8b0a9b4d94c7f215355f5178f594092a2f47e83b760339ea79c1fdf28a27e06d6a51a42f41a37d85547c349f9420fd9d8133b346aadad34a47430117cc58a648f64b3ecedbf1fd8f7ff88f0627ace7bf368e28be237504e429e0b7ee1cdd6db697699136b684bbb71b5b00580b65a496d568a2b00b26823dd3de61392076e1fde300947dfec8070a238ec16dbb77c2d0a85b41ccab1832f92948d1a840092fd31d9d6d4add276a8a9790b6be38e7eef63908a8a21df2076df76e9dae4c53ca11a0b0234c9b178af475519e0ad5ddaba42eb4ca7ebc5906614670695dd265e33a1659d6de523832b5d77317f1ded017fc611d51b1dd0e9e5a6b304cb12b61d05504d223b95de723bbf5d32e41f604fd62dfec1b2062dbc3479eff236ba21a48e592c2e1d9ab39b9c62afafb72b4e325878a384d4f1a354d3a33ae018ef8ee3614b45bfa8e60fc74818649499bedc88bf028937cfb446bf136625b83672321cedf9cce7e5e98c7db5349524f885948f281661095e0902b5e9f4c9e685c1e7c1f9218cb526199316a76cc777d17371e5b6446a19d7710dd4fc2fa19ab87ec48a3d5ce75147869b36ad1481c77c08c647cc1f75baad44b003aaf0543c1f55617899aa873e0ef30ec4496485d015c97749bddfa965bb9a845e7e7aa1c423fe94f25763c611fd0950942064e858104babc9d0613c06e9dd4ce100077a2ec769a08f659439f24c29235791355ef7bfbc74484046744924374a883ce02651624238c92ca6ddcf98f673812c0dc7e711a6c4109260b1e3dfe685c7dbc00b1c77730b2418df55a7ece4e12909b83ae28c83b8c26901dbbbdae19fb01367c4286274c37d317fac3e110c337802795b4d378fc2c4cfd278409f562d1b255144744daaf39b65dd20a40d7830db0b31c803dfd7c1b19a0c5cb11fc3b6d7bb2b9cd8f496fdd6752b0857078690e6dcfba8a20d334d407da63f63438ee6d9794b1000a949ef91a132a8992615807b8550a069bcd5afaae5e034a23eb16b22a1874a99621d279717fdd8e135a81b04f0b756c89fdb6ab1fced27e2dcae9c8026b4e1f2ec10eea8fbaa4810b4bc53e59a7912e60255d88ff2f62ec4242b59aa27082f29dc74f925525b48b912d5bfe9df820a070ec01cf31c07f385ab6e96d99583146dc447f4f7b1f80e2fc90379b12553017a3a54847aea2aa470b5cdced6cfcccd05f54290ce12a6240741b963db7f70aab837c2c4a99b30316e344ec877f1f26b91f75934412dec0085eb52e1b97dc4f10b9f8bed4c1419520595a0cd148e3621e0f36ecb330cdfbc05972f9b0ee01fc03687d12fbcd8fe62c80b5e45a44cf2a3ef143f502b3a3a9e255cc00cac1e1e6018864dc907a8024bf6a228cb7a604f37362ba49798dc62955abbd1d8028f690f1c0cd402eddb8217b062438d172492521f476455a81ee44e6f7967e54994b87c6e0ba268aab87164e55574cffee5eea5223b73ce623a7a342dc732ef930ebce834f343bea6f50bb10453a7243e6471562e0593c26466e219e08f0bf2b74e8ddb24a97001c568fe0ee7fd05f479c89f71c8d3dad3ea1f242ce099e915601c1eb47cb2799ad10496ef484e9c41a0bba5c21cfa709be15078ffda54b7cfe485b9e98d38bb79c6a1efdfe07c711acd8978e1687e9aaff61b79b13eea86d9d6dcb928be64bc212434d89b96e736efbe76b44822ab5b4e612c853c83c44ed6582da83feb7ed704200da28b3d7b89db220d5282adb379e93ed4d8b6496ee303d6ac3853170dfd5631952923b52e72b9932e2c3203b30aaa7808d3d91f46f32a5a02dd345f5284a4c35e5e5781ee60415e84b4b915a7eb4409ed511a8afad5e0455f864861f7db1eb4426f1c72ef2255812a49564a521adac6a4ddecf6ac6eac24f5cb49e5f97055bf518ed4e69f2b9c296c2070c74588190d7fa10ec39440fb9ee2db85842ebc5ad6e03de8510be3934c783b4880e1ab9efd3c5d40022dfe761132b5bcc0dd1763b7e943feab38fb8155679a17adc52db32bceb00f98e3e62240108af31bbd03159a20bfea770cb95d99a399bf1df1057a43ca68dfed505b026f2f117c8ff56004e9916de360c29cb6c84a993a3744a318320c1e3866806d4358f6fe5e223990b5fd4826de5bfa3bf7921cce294675c9306311513ecae4c981a9b2fe52c9d4e2b783767b9be47d8ca7675cb6cc489eb2bfeefdec73a441eb0c5f7ce4cd3f6360e2fc1c3957bcb3c650509486bc74069f63eb26e7c9d844b734e4ea3965531e5508b658bc8e4f3a2985d0b747ea815a5f2864939ffe4e5e746520d1d89e8c79ae32d18ed4866438543fd18d980db107fd1e8541146bbf83fb8691f950603bd4a05293f8fd51a3a9523cda9288e3b2649f8bcaa9f3248da72ba2cfd342cec11dd6f31c29dd980caee85feadf9253d6f690ed24be5da08460122969b8580671979be68edab9a11e7991fbce04f12e76f0914155529138482882813c72341662e2be79ca21ebfea4e7ab2accc1d866dccce996d176f965c8e2c412c45b357c8df2a6ed653bacf815f1d477f85dfb10fe252343e408a2ff602343d4c51f9ca23b2fa2d2cd918929ff3e2d0d09a1ff9270a94cafc7c4d272c6afc79d0c88f7adca616cc109144aace85afe4a63112c3d286dc8dd118a21dbc542548388adeba73d160f1276c2fb11ecae9fd2f9d58afe3667bdb82032996f814a18a99f67c60a059c16a160f46d974ae1d97cb0eb4faac256bf76f771e5e40e0255772295dc7edd22ba5edd597ee9b3a933451ef0540a044936e472bd38912c4daa7742c6651672835177dd52a6aebc67f36ea1a4f0e8f81d268912dc2acbdf1cefb32e73b1c20b9e64592aa9513c6133a9e7e8d699d1db90a5ea488a2174e28b09eb4b57c4f423dfd273b79151706272406db66e1a537d937ceab7ce1b8a48610433a709da7b066e2a0ce551fc13b20cda1c2f5e49c3f6ee47d4eedbc9efaa5c7175f4080021cc116f49e7fe933e7d029759a9caa23e138391cfd26a431581b1dc980d5173f6120b255c438d26164951e9cbd04f6a3435ffc5fe1063469f53c7baef4fdea2ca51a75ab9d4599a5623479a693e16144a10950001c848be35dc0216ce66ea40a2c9275f65cfb3f0351e2798262e7a705dc93c5b2ef26d57cd38381e6426f78ee083a28c186357439cd9808d7bf4eac4161e7fa1e6b8f1ce6622b7fe8557f2052", 0x1000}, {&(0x7f0000005540)="fca82003dce652149ca45a7676426ab1a3ef32ddddee39ce679cb3b955affb283b21416123e23caeaf4caddab9beac4ccf7321531d5d084abaa160e648beb197a0bb5717f39f3ea6cc238a838517ba7af8f6f768a443c448e168e5364aca6a56811f6cada6ed755873e47dc6edceeb5a830b0e1546c1141156ba4df473030ba71070b8f5269075", 0x87}], 0x3, 0x0, 0x0, 0x800}], 0x7, 0x24044014) r21 = dup3(r3, r1, 0x80000) getsockopt$inet6_mreq(r21, 0x29, 0x1c, &(0x7f0000000000)={@empty}, &(0x7f0000000040)=0x14) 03:39:51 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0xfffffdef, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 828.807155][ T7613] R10: 0000000001da6c10 R11: 0000000000000246 R12: 0000000000000001 [ 828.815117][ T7613] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 828.823443][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 828.829243][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:39:51 executing program 5: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000000)=@req3={0x2d25, 0x0, 0x0, 0x9}, 0x1c) sendmmsg(r0, &(0x7f0000006ac0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000100)=@tipc=@nameseq={0x1e, 0x2}, 0x80, 0x0}}], 0x2, 0x0) getsockopt$IP_VS_SO_GET_INFO(r0, 0x0, 0x481, &(0x7f0000000040), &(0x7f0000000080)=0xc) 03:39:51 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x4000000000000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 828.872165][ T7613] memory: usage 40132kB, limit 0kB, failcnt 110 [ 828.878468][ T7613] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 828.926175][ T7613] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 828.937687][ T7613] Memory cgroup stats for /syz4: cache:52KB rss:27608KB rss_huge:24576KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:27580KB inactive_file:0KB active_file:0KB unevictable:4KB [ 828.960797][ T7613] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=2982,uid=0 [ 828.992280][ T7613] Memory cgroup out of memory: Killed process 2982 (syz-executor.4) total-vm:72448kB, anon-rss:2204kB, file-rss:35816kB, shmem-rss:0kB [ 829.037613][T14404] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 829.060316][T14404] CPU: 1 PID: 14404 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 829.069458][T14404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 829.079494][T14404] Call Trace: [ 829.082787][T14404] dump_stack+0x172/0x1f0 [ 829.087136][T14404] dump_header+0x10f/0xba6 [ 829.091548][T14404] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 829.097366][T14404] ? ___ratelimit+0x60/0x595 [ 829.101950][T14404] ? do_raw_spin_unlock+0x57/0x270 [ 829.107054][T14404] oom_kill_process.cold+0x10/0x15 [ 829.112146][T14404] out_of_memory+0x79a/0x1280 [ 829.116806][T14404] ? oom_killer_disable+0x280/0x280 [ 829.121990][T14404] ? find_held_lock+0x35/0x130 [ 829.126754][T14404] mem_cgroup_out_of_memory+0x1ca/0x230 [ 829.132276][T14404] ? memcg_event_wake+0x230/0x230 [ 829.137283][T14404] ? do_raw_spin_unlock+0x57/0x270 [ 829.142390][T14404] ? _raw_spin_unlock+0x2d/0x50 [ 829.147231][T14404] try_charge+0x118d/0x1790 [ 829.151721][T14404] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 829.157265][T14404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.163510][T14404] ? kasan_check_read+0x11/0x20 [ 829.168377][T14404] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 829.173919][T14404] mem_cgroup_try_charge+0x24d/0x5e0 [ 829.179208][T14404] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 829.184839][T14404] __handle_mm_fault+0x1e1f/0x3ec0 [ 829.189944][T14404] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 829.195469][T14404] ? find_held_lock+0x35/0x130 [ 829.200212][T14404] ? handle_mm_fault+0x322/0xb30 [ 829.205138][T14404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.211359][T14404] ? kasan_check_read+0x11/0x20 [ 829.216201][T14404] handle_mm_fault+0x43f/0xb30 [ 829.220946][T14404] __get_user_pages+0x7b6/0x1a40 [ 829.225871][T14404] ? follow_page_mask+0x19a0/0x19a0 [ 829.231047][T14404] ? perf_trace_lock+0xeb/0x510 [ 829.235877][T14404] ? __vma_adjust+0x1840/0x1840 [ 829.240798][T14404] ? lock_acquire+0x16f/0x3f0 [ 829.245472][T14404] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.251706][T14404] populate_vma_page_range+0x20d/0x2a0 [ 829.257158][T14404] __mm_populate+0x204/0x380 [ 829.261750][T14404] ? populate_vma_page_range+0x2a0/0x2a0 [ 829.267397][T14404] __x64_sys_mlockall+0x35c/0x520 [ 829.272410][T14404] do_syscall_64+0x103/0x610 [ 829.276982][T14404] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 829.282862][T14404] RIP: 0033:0x457e29 [ 829.286747][T14404] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 829.306333][T14404] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 829.314730][T14404] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 829.322775][T14404] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 829.330809][T14404] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 829.338762][T14404] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 829.346715][T14404] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 829.357793][T14404] memory: usage 307068kB, limit 307200kB, failcnt 15232 [ 829.368467][T14404] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 829.376434][T14404] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 829.384110][T14404] Memory cgroup stats for /syz3: cache:0KB rss:292032KB rss_huge:157696KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:219416KB active_anon:46636KB inactive_file:0KB active_file:0KB unevictable:26096KB [ 829.406725][T14404] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14403,uid=0 [ 829.422733][T14404] Memory cgroup out of memory: Killed process 14403 (syz-executor.3) total-vm:72448kB, anon-rss:15856kB, file-rss:37160kB, shmem-rss:0kB [ 829.437365][ T1042] oom_reaper: reaped process 14403 (syz-executor.3), now anon-rss:15868kB, file-rss:37932kB, shmem-rss:0kB [ 829.437497][ T7613] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 829.460941][ T7613] CPU: 1 PID: 7613 Comm: syz-executor.4 Not tainted 5.0.0-rc6-next-20190215 #36 [ 829.469967][ T7613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 829.480022][ T7613] Call Trace: [ 829.483314][ T7613] dump_stack+0x172/0x1f0 [ 829.487652][ T7613] dump_header+0x10f/0xba6 [ 829.492073][ T7613] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 829.497878][ T7613] ? ___ratelimit+0x60/0x595 [ 829.502479][ T7613] ? do_raw_spin_unlock+0x57/0x270 [ 829.507596][ T7613] oom_kill_process.cold+0x10/0x15 [ 829.512717][ T7613] out_of_memory+0x79a/0x1280 [ 829.517402][ T7613] ? oom_killer_disable+0x280/0x280 [ 829.522625][ T7613] ? find_held_lock+0x35/0x130 [ 829.527405][ T7613] mem_cgroup_out_of_memory+0x1ca/0x230 [ 829.532951][ T7613] ? memcg_event_wake+0x230/0x230 [ 829.537983][ T7613] ? do_raw_spin_unlock+0x57/0x270 [ 829.543099][ T7613] ? _raw_spin_unlock+0x2d/0x50 [ 829.547953][ T7613] try_charge+0x118d/0x1790 [ 829.552467][ T7613] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 829.558089][ T7613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 829.563615][ T7613] ? find_held_lock+0x35/0x130 [ 829.568357][ T7613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 829.573911][ T7613] __memcg_kmem_charge_memcg+0x7c/0x130 [ 829.579447][ T7613] ? memcg_kmem_put_cache+0xb0/0xb0 [ 829.584625][ T7613] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 829.590163][ T7613] __memcg_kmem_charge+0x136/0x300 [ 829.595272][ T7613] __alloc_pages_nodemask+0x437/0x7e0 [ 829.600637][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.606858][ T7613] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 829.612567][ T7613] ? copy_process.part.0+0x1d35/0x79e0 [ 829.618017][ T7613] ? lockdep_hardirqs_on+0x418/0x5d0 [ 829.623284][ T7613] ? trace_hardirqs_on+0x67/0x230 [ 829.628287][ T7613] ? kasan_check_read+0x11/0x20 [ 829.633135][ T7613] copy_process.part.0+0x3e0/0x79e0 [ 829.638332][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.644551][ T7613] ? debug_smp_processor_id+0x3c/0x280 [ 829.649988][ T7613] ? perf_trace_lock+0xeb/0x510 [ 829.654824][ T7613] ? mark_held_locks+0xf0/0xf0 [ 829.659600][ T7613] ? debug_smp_processor_id+0x3c/0x280 [ 829.665058][ T7613] ? zap_class+0x460/0x460 [ 829.669462][ T7613] ? __might_fault+0x12b/0x1e0 [ 829.674240][ T7613] ? __cleanup_sighand+0x60/0x60 [ 829.679170][ T7613] ? lock_downgrade+0x880/0x880 [ 829.684012][ T7613] _do_fork+0x257/0xfd0 [ 829.688155][ T7613] ? fork_idle+0x1d0/0x1d0 [ 829.692571][ T7613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 829.698016][ T7613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 829.703466][ T7613] ? do_syscall_64+0x26/0x610 [ 829.708142][ T7613] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 829.714201][ T7613] ? do_syscall_64+0x26/0x610 [ 829.718870][ T7613] __x64_sys_clone+0xbf/0x150 [ 829.723532][ T7613] do_syscall_64+0x103/0x610 [ 829.728104][ T7613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 829.733981][ T7613] RIP: 0033:0x4563fa [ 829.737863][ T7613] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 829.757448][ T7613] RSP: 002b:00007ffc9cc8b1d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 829.765856][ T7613] RAX: ffffffffffffffda RBX: 00007ffc9cc8b1d0 RCX: 00000000004563fa [ 829.773817][ T7613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 829.781785][ T7613] RBP: 00007ffc9cc8b210 R08: 0000000000000001 R09: 0000000001da6940 [ 829.789750][ T7613] R10: 0000000001da6c10 R11: 0000000000000246 R12: 0000000000000001 [ 829.797703][ T7613] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 829.807931][ T7613] memory: usage 37816kB, limit 0kB, failcnt 116 [ 829.814425][ T7613] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 829.822383][ T7613] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 829.829220][ T7613] Memory cgroup stats for /syz4: cache:52KB rss:25456KB rss_huge:22528KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:25428KB inactive_file:0KB active_file:0KB unevictable:4KB [ 829.851279][ T7613] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8930,uid=0 [ 829.866645][ T7613] Memory cgroup out of memory: Killed process 8930 (syz-executor.4) total-vm:72580kB, anon-rss:2204kB, file-rss:35808kB, shmem-rss:0kB [ 829.882336][ T1042] oom_reaper: reaped process 8930 (syz-executor.4), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 829.896484][ T7613] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 829.908497][ T7613] CPU: 0 PID: 7613 Comm: syz-executor.4 Not tainted 5.0.0-rc6-next-20190215 #36 [ 829.917512][ T7613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 829.927562][ T7613] Call Trace: [ 829.930834][ T7613] dump_stack+0x172/0x1f0 [ 829.935151][ T7613] dump_header+0x10f/0xba6 [ 829.939560][ T7613] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 829.945351][ T7613] ? ___ratelimit+0x60/0x595 [ 829.949921][ T7613] ? do_raw_spin_unlock+0x57/0x270 [ 829.955020][ T7613] oom_kill_process.cold+0x10/0x15 [ 829.960125][ T7613] out_of_memory+0x79a/0x1280 [ 829.964779][ T7613] ? lock_downgrade+0x880/0x880 [ 829.969605][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 829.975822][ T7613] ? oom_killer_disable+0x280/0x280 [ 829.980993][ T7613] ? find_held_lock+0x35/0x130 [ 829.985787][ T7613] mem_cgroup_out_of_memory+0x1ca/0x230 [ 829.991308][ T7613] ? memcg_event_wake+0x230/0x230 [ 829.996313][ T7613] ? do_raw_spin_unlock+0x57/0x270 [ 830.001405][ T7613] ? _raw_spin_unlock+0x2d/0x50 [ 830.006235][ T7613] try_charge+0x118d/0x1790 [ 830.010720][ T7613] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 830.016241][ T7613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 830.021771][ T7613] ? find_held_lock+0x35/0x130 [ 830.026515][ T7613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 830.032094][ T7613] __memcg_kmem_charge_memcg+0x7c/0x130 [ 830.037625][ T7613] ? memcg_kmem_put_cache+0xb0/0xb0 [ 830.042803][ T7613] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 830.048328][ T7613] __memcg_kmem_charge+0x136/0x300 [ 830.053422][ T7613] __alloc_pages_nodemask+0x437/0x7e0 [ 830.058786][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.065005][ T7613] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 830.070702][ T7613] ? copy_process.part.0+0x1d35/0x79e0 [ 830.076141][ T7613] ? lockdep_hardirqs_on+0x418/0x5d0 [ 830.081405][ T7613] ? trace_hardirqs_on+0x67/0x230 [ 830.086409][ T7613] ? kasan_check_read+0x11/0x20 [ 830.091252][ T7613] copy_process.part.0+0x3e0/0x79e0 [ 830.096426][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.102644][ T7613] ? debug_smp_processor_id+0x3c/0x280 [ 830.108080][ T7613] ? perf_trace_lock+0xeb/0x510 [ 830.112912][ T7613] ? mark_held_locks+0xf0/0xf0 [ 830.117650][ T7613] ? debug_smp_processor_id+0x3c/0x280 [ 830.123086][ T7613] ? zap_class+0x460/0x460 [ 830.127486][ T7613] ? __might_fault+0x12b/0x1e0 [ 830.132252][ T7613] ? __cleanup_sighand+0x60/0x60 [ 830.137192][ T7613] ? lock_downgrade+0x880/0x880 [ 830.142030][ T7613] _do_fork+0x257/0xfd0 [ 830.146171][ T7613] ? fork_idle+0x1d0/0x1d0 [ 830.150570][ T7613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 830.156004][ T7613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 830.161437][ T7613] ? do_syscall_64+0x26/0x610 [ 830.166112][ T7613] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 830.172160][ T7613] ? do_syscall_64+0x26/0x610 [ 830.176821][ T7613] __x64_sys_clone+0xbf/0x150 [ 830.181475][ T7613] do_syscall_64+0x103/0x610 [ 830.186046][ T7613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 830.191934][ T7613] RIP: 0033:0x4563fa [ 830.195810][ T7613] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 830.215392][ T7613] RSP: 002b:00007ffc9cc8b1d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 830.223779][ T7613] RAX: ffffffffffffffda RBX: 00007ffc9cc8b1d0 RCX: 00000000004563fa [ 830.231733][ T7613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 830.239688][ T7613] RBP: 00007ffc9cc8b210 R08: 0000000000000001 R09: 0000000001da6940 [ 830.247638][ T7613] R10: 0000000001da6c10 R11: 0000000000000246 R12: 0000000000000001 [ 830.255591][ T7613] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 830.264248][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 830.270016][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 830.277330][ T7613] memory: usage 35468kB, limit 0kB, failcnt 122 [ 830.283610][ T7613] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 830.291067][ T7613] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 830.298013][ T7613] Memory cgroup stats for /syz4: cache:52KB rss:23300KB rss_huge:20480KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:23248KB inactive_file:0KB active_file:0KB unevictable:0KB [ 830.319417][ T7613] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=2962,uid=0 [ 830.334758][ T7613] Memory cgroup out of memory: Killed process 2962 (syz-executor.4) total-vm:72448kB, anon-rss:2204kB, file-rss:35800kB, shmem-rss:0kB [ 830.350421][ T1042] oom_reaper: reaped process 2962 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 830.364986][ T7613] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 830.376968][ T7613] CPU: 0 PID: 7613 Comm: syz-executor.4 Not tainted 5.0.0-rc6-next-20190215 #36 [ 830.385981][ T7613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 830.396016][ T7613] Call Trace: [ 830.399288][ T7613] dump_stack+0x172/0x1f0 [ 830.403600][ T7613] dump_header+0x10f/0xba6 [ 830.407993][ T7613] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 830.413778][ T7613] ? ___ratelimit+0x60/0x595 [ 830.418349][ T7613] ? do_raw_spin_unlock+0x57/0x270 [ 830.423439][ T7613] oom_kill_process.cold+0x10/0x15 [ 830.428535][ T7613] out_of_memory+0x79a/0x1280 [ 830.433200][ T7613] ? lock_downgrade+0x880/0x880 [ 830.438029][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.444247][ T7613] ? oom_killer_disable+0x280/0x280 [ 830.449425][ T7613] ? find_held_lock+0x35/0x130 [ 830.454178][ T7613] mem_cgroup_out_of_memory+0x1ca/0x230 [ 830.459698][ T7613] ? memcg_event_wake+0x230/0x230 [ 830.464817][ T7613] ? do_raw_spin_unlock+0x57/0x270 [ 830.469924][ T7613] ? _raw_spin_unlock+0x2d/0x50 [ 830.474754][ T7613] try_charge+0x118d/0x1790 [ 830.479241][ T7613] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 830.484777][ T7613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 830.490301][ T7613] ? find_held_lock+0x35/0x130 [ 830.495045][ T7613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 830.500576][ T7613] __memcg_kmem_charge_memcg+0x7c/0x130 [ 830.506102][ T7613] ? memcg_kmem_put_cache+0xb0/0xb0 [ 830.511282][ T7613] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 830.516809][ T7613] __memcg_kmem_charge+0x136/0x300 [ 830.521904][ T7613] __alloc_pages_nodemask+0x437/0x7e0 [ 830.527255][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.533485][ T7613] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 830.539189][ T7613] ? copy_process.part.0+0x1d35/0x79e0 [ 830.544624][ T7613] ? lockdep_hardirqs_on+0x418/0x5d0 [ 830.549888][ T7613] ? trace_hardirqs_on+0x67/0x230 [ 830.554887][ T7613] ? kasan_check_read+0x11/0x20 [ 830.559716][ T7613] copy_process.part.0+0x3e0/0x79e0 [ 830.564901][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.571145][ T7613] ? debug_smp_processor_id+0x3c/0x280 [ 830.576591][ T7613] ? perf_trace_lock+0xeb/0x510 [ 830.581419][ T7613] ? mark_held_locks+0xf0/0xf0 [ 830.586156][ T7613] ? debug_smp_processor_id+0x3c/0x280 [ 830.591589][ T7613] ? zap_class+0x460/0x460 [ 830.595982][ T7613] ? __might_fault+0x12b/0x1e0 [ 830.600728][ T7613] ? __cleanup_sighand+0x60/0x60 [ 830.605642][ T7613] ? lock_downgrade+0x880/0x880 [ 830.610480][ T7613] _do_fork+0x257/0xfd0 [ 830.614615][ T7613] ? fork_idle+0x1d0/0x1d0 [ 830.619027][ T7613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 830.624464][ T7613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 830.629899][ T7613] ? do_syscall_64+0x26/0x610 [ 830.634590][ T7613] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 830.640632][ T7613] ? do_syscall_64+0x26/0x610 [ 830.645287][ T7613] __x64_sys_clone+0xbf/0x150 [ 830.649940][ T7613] do_syscall_64+0x103/0x610 [ 830.654507][ T7613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 830.660372][ T7613] RIP: 0033:0x4563fa [ 830.664244][ T7613] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 830.683820][ T7613] RSP: 002b:00007ffc9cc8b1d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 830.692204][ T7613] RAX: ffffffffffffffda RBX: 00007ffc9cc8b1d0 RCX: 00000000004563fa [ 830.700153][ T7613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 830.708101][ T7613] RBP: 00007ffc9cc8b210 R08: 0000000000000001 R09: 0000000001da6940 [ 830.716051][ T7613] R10: 0000000001da6c10 R11: 0000000000000246 R12: 0000000000000001 [ 830.724005][ T7613] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 830.735106][ T7613] memory: usage 33040kB, limit 0kB, failcnt 158 [ 830.741353][ T7613] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 830.749368][ T7613] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 830.756292][ T7613] Memory cgroup stats for /syz4: cache:52KB rss:21100KB rss_huge:18432KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:21076KB inactive_file:0KB active_file:0KB unevictable:0KB [ 830.777742][ T7613] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10160,uid=0 [ 830.793568][ T7613] Memory cgroup out of memory: Killed process 10160 (syz-executor.4) total-vm:72580kB, anon-rss:2204kB, file-rss:35796kB, shmem-rss:0kB [ 830.819798][ T7613] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 830.831728][ T7613] CPU: 0 PID: 7613 Comm: syz-executor.4 Not tainted 5.0.0-rc6-next-20190215 #36 [ 830.840740][ T7613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 830.850860][ T7613] Call Trace: [ 830.854133][ T7613] dump_stack+0x172/0x1f0 [ 830.858760][ T7613] dump_header+0x10f/0xba6 [ 830.863165][ T7613] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 830.868963][ T7613] ? ___ratelimit+0x60/0x595 [ 830.873551][ T7613] ? do_raw_spin_unlock+0x57/0x270 [ 830.878658][ T7613] oom_kill_process.cold+0x10/0x15 [ 830.883748][ T7613] out_of_memory+0x79a/0x1280 [ 830.888407][ T7613] ? lock_downgrade+0x880/0x880 [ 830.893236][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.899472][ T7613] ? oom_killer_disable+0x280/0x280 [ 830.904646][ T7613] ? find_held_lock+0x35/0x130 [ 830.909396][ T7613] mem_cgroup_out_of_memory+0x1ca/0x230 [ 830.914940][ T7613] ? memcg_event_wake+0x230/0x230 [ 830.919949][ T7613] ? do_raw_spin_unlock+0x57/0x270 [ 830.925047][ T7613] ? _raw_spin_unlock+0x2d/0x50 [ 830.929875][ T7613] try_charge+0x118d/0x1790 [ 830.934372][ T7613] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 830.939894][ T7613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 830.945414][ T7613] ? find_held_lock+0x35/0x130 [ 830.950154][ T7613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 830.955770][ T7613] __memcg_kmem_charge_memcg+0x7c/0x130 [ 830.961290][ T7613] ? memcg_kmem_put_cache+0xb0/0xb0 [ 830.966467][ T7613] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 830.971989][ T7613] __memcg_kmem_charge+0x136/0x300 [ 830.978310][ T7613] __alloc_pages_nodemask+0x437/0x7e0 [ 830.983689][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 830.989910][ T7613] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 830.995622][ T7613] ? copy_process.part.0+0x1d35/0x79e0 [ 831.001064][ T7613] ? lockdep_hardirqs_on+0x418/0x5d0 [ 831.006347][ T7613] ? trace_hardirqs_on+0x67/0x230 [ 831.011350][ T7613] ? kasan_check_read+0x11/0x20 [ 831.016187][ T7613] copy_process.part.0+0x3e0/0x79e0 [ 831.021364][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.028107][ T7613] ? debug_smp_processor_id+0x3c/0x280 [ 831.033548][ T7613] ? perf_trace_lock+0xeb/0x510 [ 831.038373][ T7613] ? mark_held_locks+0xf0/0xf0 [ 831.043205][ T7613] ? debug_smp_processor_id+0x3c/0x280 [ 831.048651][ T7613] ? zap_class+0x460/0x460 [ 831.053052][ T7613] ? __might_fault+0x12b/0x1e0 [ 831.057813][ T7613] ? __cleanup_sighand+0x60/0x60 [ 831.062728][ T7613] ? lock_downgrade+0x880/0x880 [ 831.067562][ T7613] _do_fork+0x257/0xfd0 [ 831.071701][ T7613] ? fork_idle+0x1d0/0x1d0 [ 831.076109][ T7613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 831.081557][ T7613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 831.086996][ T7613] ? do_syscall_64+0x26/0x610 [ 831.091648][ T7613] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 831.097690][ T7613] ? do_syscall_64+0x26/0x610 [ 831.102360][ T7613] __x64_sys_clone+0xbf/0x150 [ 831.107016][ T7613] do_syscall_64+0x103/0x610 [ 831.111607][ T7613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 831.117477][ T7613] RIP: 0033:0x4563fa [ 831.121349][ T7613] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 831.140929][ T7613] RSP: 002b:00007ffc9cc8b1d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 831.149317][ T7613] RAX: ffffffffffffffda RBX: 00007ffc9cc8b1d0 RCX: 00000000004563fa [ 831.157266][ T7613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 831.165214][ T7613] RBP: 00007ffc9cc8b210 R08: 0000000000000001 R09: 0000000001da6940 [ 831.173161][ T7613] R10: 0000000001da6c10 R11: 0000000000000246 R12: 0000000000000001 [ 831.181111][ T7613] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 831.190399][ T7613] memory: usage 30676kB, limit 0kB, failcnt 164 [ 831.196754][ T7613] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 831.204331][ T7613] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 831.211164][ T7613] Memory cgroup stats for /syz4: cache:52KB rss:18944KB rss_huge:16384KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:18916KB inactive_file:0KB active_file:0KB unevictable:0KB [ 831.232457][ T7613] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8317,uid=0 [ 831.247810][ T7613] Memory cgroup out of memory: Killed process 8317 (syz-executor.4) total-vm:72580kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 831.263720][ T1042] oom_reaper: reaped process 8317 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 831.283336][ T7613] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 831.295207][ T7613] CPU: 0 PID: 7613 Comm: syz-executor.4 Not tainted 5.0.0-rc6-next-20190215 #36 [ 831.304218][ T7613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 831.314261][ T7613] Call Trace: [ 831.317537][ T7613] dump_stack+0x172/0x1f0 [ 831.321850][ T7613] dump_header+0x10f/0xba6 [ 831.326260][ T7613] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 831.332043][ T7613] ? ___ratelimit+0x60/0x595 [ 831.336616][ T7613] ? do_raw_spin_unlock+0x57/0x270 [ 831.341706][ T7613] oom_kill_process.cold+0x10/0x15 [ 831.346801][ T7613] out_of_memory+0x79a/0x1280 [ 831.351464][ T7613] ? lock_downgrade+0x880/0x880 [ 831.356319][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.362627][ T7613] ? oom_killer_disable+0x280/0x280 [ 831.367797][ T7613] ? find_held_lock+0x35/0x130 [ 831.372546][ T7613] mem_cgroup_out_of_memory+0x1ca/0x230 [ 831.378070][ T7613] ? memcg_event_wake+0x230/0x230 [ 831.383086][ T7613] ? do_raw_spin_unlock+0x57/0x270 [ 831.388176][ T7613] ? _raw_spin_unlock+0x2d/0x50 [ 831.393012][ T7613] try_charge+0x118d/0x1790 [ 831.397497][ T7613] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 831.403022][ T7613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 831.408542][ T7613] ? find_held_lock+0x35/0x130 [ 831.413283][ T7613] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 831.418813][ T7613] __memcg_kmem_charge_memcg+0x7c/0x130 [ 831.424336][ T7613] ? memcg_kmem_put_cache+0xb0/0xb0 [ 831.429512][ T7613] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 831.435039][ T7613] __memcg_kmem_charge+0x136/0x300 [ 831.440135][ T7613] __alloc_pages_nodemask+0x437/0x7e0 [ 831.445484][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.451703][ T7613] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 831.457406][ T7613] ? copy_process.part.0+0x1d35/0x79e0 [ 831.462844][ T7613] ? lockdep_hardirqs_on+0x418/0x5d0 [ 831.468108][ T7613] ? trace_hardirqs_on+0x67/0x230 [ 831.473109][ T7613] ? kasan_check_read+0x11/0x20 [ 831.477945][ T7613] copy_process.part.0+0x3e0/0x79e0 [ 831.483134][ T7613] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 831.489366][ T7613] ? debug_smp_processor_id+0x3c/0x280 [ 831.494805][ T7613] ? perf_trace_lock+0xeb/0x510 [ 831.499632][ T7613] ? mark_held_locks+0xf0/0xf0 [ 831.504372][ T7613] ? debug_smp_processor_id+0x3c/0x280 [ 831.509810][ T7613] ? zap_class+0x460/0x460 [ 831.514218][ T7613] ? __might_fault+0x12b/0x1e0 [ 831.518971][ T7613] ? __cleanup_sighand+0x60/0x60 [ 831.523907][ T7613] ? lock_downgrade+0x880/0x880 [ 831.528744][ T7613] _do_fork+0x257/0xfd0 [ 831.532879][ T7613] ? fork_idle+0x1d0/0x1d0 [ 831.537281][ T7613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 831.542716][ T7613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 831.548149][ T7613] ? do_syscall_64+0x26/0x610 [ 831.552893][ T7613] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 831.558943][ T7613] ? do_syscall_64+0x26/0x610 [ 831.563600][ T7613] __x64_sys_clone+0xbf/0x150 [ 831.568261][ T7613] do_syscall_64+0x103/0x610 [ 831.572830][ T7613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 831.578700][ T7613] RIP: 0033:0x4563fa [ 831.582571][ T7613] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 831.602148][ T7613] RSP: 002b:00007ffc9cc8b1d0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 831.610568][ T7613] RAX: ffffffffffffffda RBX: 00007ffc9cc8b1d0 RCX: 00000000004563fa [ 831.618523][ T7613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 831.626486][ T7613] RBP: 00007ffc9cc8b210 R08: 0000000000000001 R09: 0000000001da6940 [ 831.634439][ T7613] R10: 0000000001da6c10 R11: 0000000000000246 R12: 0000000000000001 [ 831.642385][ T7613] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000004 [ 831.651872][ T7613] memory: usage 28340kB, limit 0kB, failcnt 212 [ 831.658122][ T7613] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 831.665651][ T7613] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 831.672524][ T7613] Memory cgroup stats for /syz4: cache:52KB rss:16772KB rss_huge:14336KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:16744KB inactive_file:0KB active_file:0KB unevictable:0KB [ 831.693823][ T7613] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=24529,uid=0 [ 831.709231][ T7613] Memory cgroup out of memory: Killed process 24529 (syz-executor.4) total-vm:72448kB, anon-rss:2196kB, file-rss:35792kB, shmem-rss:0kB [ 831.724914][ T1042] oom_reaper: reaped process 24529 (syz-executor.4), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 831.745084][ T7613] Memory cgroup out of memory: Killed process 24907 (syz-executor.4) total-vm:72580kB, anon-rss:2204kB, file-rss:35784kB, shmem-rss:0kB [ 831.761012][ T1042] oom_reaper: reaped process 24907 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 831.783274][ T7613] Memory cgroup out of memory: Killed process 29859 (syz-executor.4) total-vm:72448kB, anon-rss:2196kB, file-rss:35784kB, shmem-rss:0kB [ 831.798872][ T1042] oom_reaper: reaped process 29859 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 831.824684][ T7613] Memory cgroup out of memory: Killed process 8021 (syz-executor.4) total-vm:72580kB, anon-rss:3048kB, file-rss:34816kB, shmem-rss:0kB [ 831.840722][ T1042] oom_reaper: reaped process 8021 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 831.844253][ T7613] Memory cgroup out of memory: Killed process 10020 (syz-executor.4) total-vm:72580kB, anon-rss:2204kB, file-rss:34816kB, shmem-rss:0kB [ 831.868739][ T7613] Memory cgroup out of memory: Killed process 29052 (syz-executor.4) total-vm:72580kB, anon-rss:2204kB, file-rss:34816kB, shmem-rss:0kB [ 831.891351][ T7613] Memory cgroup out of memory: Killed process 10012 (syz-executor.4) total-vm:72448kB, anon-rss:2196kB, file-rss:34816kB, shmem-rss:0kB [ 831.914332][ T1042] oom_reaper: reaped process 10012 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 831.932747][ T7613] Memory cgroup out of memory: Killed process 5213 (syz-executor.4) total-vm:72580kB, anon-rss:196kB, file-rss:35828kB, shmem-rss:0kB [ 831.949581][ T1042] oom_reaper: reaped process 5213 (syz-executor.4), now anon-rss:0kB, file-rss:34868kB, shmem-rss:0kB [ 831.973508][ T7613] Memory cgroup out of memory: Killed process 7613 (syz-executor.4) total-vm:72316kB, anon-rss:112kB, file-rss:35712kB, shmem-rss:0kB [ 831.988237][ T1042] oom_reaper: reaped process 7613 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB 03:39:54 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue1\x00'}) r1 = syz_open_dev$sndseq(0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000080)={0x0, 0x0, 0x104, 'queue1\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f0000000340)={0x0, 0x0, 0x1ff, 'queue1\x00\x00\x00\x00\x00\x00\x00\x00\xb0\x00'}) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) setsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f0000000140)=0x10001, 0x4) 03:39:55 executing program 0: r0 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000001c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) keyctl$unlink(0x16, r0, 0xfffffffffffffffd) mremap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x12000, 0x2, &(0x7f0000fee000/0x12000)=nil) 03:39:55 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000000)="660f1163baba2100b000ee2e3ef20f011d660f38175f1b0fc72cbaf80c66b8a0e4d88d66efbafc0c66ed0fb08dd5002e360fc76b00260f01df0fc75b79", 0x3d}], 0x0, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:39:55 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x40030000000000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:55 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001280)='/\x00~WM\x00\x030\x80\x90\"\xcf\xde&U]\xc9\xec\xfe\x19t@n\xda\xd3\x83dx-c\xb6a(T\xb9\xe4\x9d\xbd\xca\xefq\x81\x97\xe3~\x87\n0\x8b\x1e:y\x8f\xa7\x88\xa4m0%\xef\x93>Q\x82\x8a\xb6u\x06N*\xdb\xe9\x12d#\xb4\xa7=h\xfb\xe9\x9cm\xb2\xf1`\xd4\x9c\xb6\xcc\xe7l\'(\x9aO\x9d\tsT\xaa\xa5\x86\r#\x83\xdf\x87Rk\xaa\x18M\x90\xbbw)6l\x17\xbc3\xd7e\xe9\xbc/\x88*\x13\xf3\xa9\xc1\xf6\x06`\xbdO\xd2\xfa1\xd2\xc0\xa7u$\"\x89\xbc\xe0b\xd1\r$\xde\xd5@i\x18\xa6k,u\xc4?\xe1\xffE\x8a\xe5\xcd\x9f\xecc\x03\x9b\xa5\xa7\xb6j`\xed\xe5\xcc\xda\xbc~\xe7v`\xef#X\xcc\xdf\xf0\"&\x02\x13\x84\xb0\xc25\xf1\x14\xed\x9a\xde\x92vz\xec\xc2V\xac\xde\xb6\x10\xdfB\xe7\x16\x9f$\x03W\xf75\xae_\xe2\x90\x17\xe5\x1e\'%/H\xb9[\xfb\xbb:\x86U5)\x8b\xdc6\xd7\x1d\xb65\xf4\x1cWw\x1d\xb7z\xea\xff\x88?\xeb=\xc3\xcc$\xbd<\x03n9j\xd3\xaf7\x94PX\x83\x9e\x81\"p\xbc@\x90\x1f\xa6T\xe7\xcc2\x92\xa8/\xc8\f7M\xc0qB\xa1\xc2\xe9\xd3\xe2R\x8eO\xda\xc3+\xca\xef\xe9\x10\xeb\xd3\xb9H\xa3\xbf\xeb\xef_\xa8\xd8$s\xc7\xfb\xf3\xec\xbd@\x91\xc5>`r\xad\x83\x9c7\xbd\x97\xfb>5\xf3\xfa\xd0\xdb\xf2\x14\xf9\xa5\v\t\xde\x8baB\x88~)E\xfd\x00\xcb\x11\'\xac\x8fp=,\xdf\x8c\xc0\xf5\xecC$\x19k\x0e3\x89e\x96\x03\x91I4\x1d\xbd\xfcq/_\vb\xe4d\xf0\xf8', 0x0, 0x0) getdents64(r0, &(0x7f0000000280)=""/4096, 0x69c) openat$ipvs(0xffffffffffffff9c, &(0x7f0000001640)='/proc/sys/net/ipv4/vs-syn\x84_refresh_period\x007\x8d\x03T$F\xb5\x10\xa2\x85\xd1t\fPM\x8f\xe4\x89:\xba\xda\x16\xf5\x98\x93y$\xefm\x8c\xc9\x16\x13\xd3M/\x83\xf1\x11\x1dT\x959\xd4G\xe6\x19F>v$\xd3\xd4\x877\x92\x87u\x85\xd7%\x9c\xb58\x93\x97C]\xe4~\xe1`}\x92v\x14\xe8\xb6\x03\xe5\xe4z\xd3\x9df\xf4S\x88\xce/\xc2ku\xadn\xc7\xc4v\xca.\xb3\xf0^V-\xa1\xc7\x15\xb6\x83/\x80OW\xeb$n\x95\xb9\x94\xc6P\xb5\xec\xa9\xb9\x9b\x15\xa6_\xed-.\xf2\xb3\xc9\xd0&6\x8e\fom\a\xfe\xf6\x0f \xff\xc5N\x03\xf4\xfc\x99i\xb0\x8e\xcf\x90\xfc\x94\xc2\x05\xf0\xa4\xdc.\x98\f\xf0\x94\xa3q\x88\xf4a)\xdb\x11.Y\xc1\x84\xedjd\xc5\x94\xb4\xf6C;PQ\x8e\xc2J\xd1[\xea\'\xfa\n\xdd2*\xd5\xea\x0e\xef\xa2\xef?\x7fj\xfah\x86\xe5\xfe', 0x2, 0x0) r1 = request_key(&(0x7f0000000040)='blacklist\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f00000000c0)='\\\x00', 0xfffffffffffffffb) r2 = request_key(&(0x7f0000000100)='big_key\x00', &(0x7f0000000140)={'syz', 0x2}, &(0x7f0000000180)='\\\xa7\x00', 0xfffffffffffffffb) r3 = request_key(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000240)='\tppp0\x00', 0xfffffffffffffffc) keyctl$dh_compute(0x17, &(0x7f0000001440)={r1, r2, r3}, &(0x7f0000001480)=""/203, 0xcb, &(0x7f0000001600)={&(0x7f0000001580)={'sha256_mb\x00'}, &(0x7f00000015c0)}) 03:39:55 executing program 3: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x9, 0x101000) ioctl$SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT(r0, 0x40505330, &(0x7f0000000040)={{0xfffffffffffffff7, 0xffffffffffffff55}, {0x1, 0x80000000}, 0x83f, 0x2, 0x9}) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:39:55 executing program 5: r0 = socket$unix(0x1, 0x0, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000080)={'bcsf0\x00', {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}) r1 = socket$inet6(0xa, 0x1, 0x0) r2 = socket$inet6(0xa, 0x801, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={[], [], @local}}, 0x1c) bind$inet6(r2, &(0x7f0000cb8fe4)={0xa, 0x4e20, 0x0, @ipv4={[], [], @remote}}, 0x47) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x6, 0x4) r3 = syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x531e8f5d, 0x80) setsockopt$RXRPC_SECURITY_KEY(r3, 0x110, 0x1, &(0x7f00000001c0)='vboxnet0wlan0cpusetselinuxkeyring\x00', 0x22) r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x80000000003fe, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r4, 0xc0385720, &(0x7f0000000100)={0x1, {0x0, 0x989680}, 0x9, 0x1}) listen(r2, 0x0) listen(r1, 0x0) r5 = getpid() syz_open_procfs(r5, &(0x7f00000000c0)='cpuset\x00') 03:39:55 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x100000000000000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 832.484084][T14426] oom_kill_process: 8 callbacks suppressed [ 832.484318][T14426] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 832.525735][T14426] CPU: 1 PID: 14426 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 832.534869][T14426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 832.534876][T14426] Call Trace: [ 832.534899][T14426] dump_stack+0x172/0x1f0 [ 832.534931][T14426] dump_header+0x10f/0xba6 [ 832.534949][T14426] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 832.534967][T14426] ? ___ratelimit+0x60/0x595 [ 832.534984][T14426] oom_kill_process.cold+0x10/0x15 [ 832.535001][T14426] out_of_memory+0x79a/0x1280 [ 832.535023][T14426] ? lock_downgrade+0x880/0x880 [ 832.535040][T14426] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.535056][T14426] ? oom_killer_disable+0x280/0x280 [ 832.535069][T14426] ? find_held_lock+0x35/0x130 [ 832.535094][T14426] mem_cgroup_out_of_memory+0x1ca/0x230 [ 832.535108][T14426] ? memcg_event_wake+0x230/0x230 [ 832.535133][T14426] ? do_raw_spin_unlock+0x57/0x270 [ 832.535149][T14426] ? _raw_spin_unlock+0x2d/0x50 [ 832.535169][T14426] try_charge+0x118d/0x1790 [ 832.535193][T14426] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 832.535210][T14426] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.535229][T14426] ? kasan_check_read+0x11/0x20 [ 832.535249][T14426] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 832.598391][T14426] mem_cgroup_try_charge+0x24d/0x5e0 [ 832.598418][T14426] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 832.598439][T14426] __handle_mm_fault+0x1e1f/0x3ec0 [ 832.598465][T14426] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 832.667027][T14426] ? find_held_lock+0x35/0x130 [ 832.671798][T14426] ? handle_mm_fault+0x322/0xb30 03:39:55 executing program 4: mkdir(&(0x7f0000001b40)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') open(&(0x7f00000003c0)='./bus\x00', 0x141042, 0x0) link(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='./file0\x00') syz_mount_image$ntfs(0xfffffffffffffffd, &(0x7f0000000000)='./bus\x00', 0x1a, 0x1, &(0x7f0000000240)=[{&(0x7f0000000140)="a33aabdc2d4a86587e5f6de1fb053fcf779d7b69acf758dd4fda00940b5ac66846ca7e48defd49be81872a7f463a05ee851b2be589cb0165d1c1568d48ca37e7cea697dbbea7b3bc91ddfb5b89c81a765ec1af563692c613f154b296e3b69a1b4d36ba927b9174652daba438c1d281cf0abc3c7b751f0f69e03b0b9cf76abdca75f6663b95cb3fc12ecca61d019c4c77305a46c83cb13984e98c89eea98a57fc16f7b9d0626b87441a540a842ab693806ff8689edb5c6aea39df4c8a7974ca4ea942f67c87f455d7", 0xc8, 0xffff}], 0x80000, &(0x7f0000000280)={[], [{@fsuuid={'fsuuid', 0x3d, {[0x75, 0x37, 0x63, 0x73, 0x0, 0x0, 0x3c, 0x66], 0x2d, [0x37, 0x30, 0x63, 0x63], 0x2d, [0x64, 0x38, 0x33, 0x66], 0x2d, [0x63, 0x0, 0x7b, 0x7f], 0x2d, [0x33, 0x7d, 0x0, 0x75, 0x38, 0xfeb87318ac3963f, 0x38]}}}, {@fsuuid={'fsuuid', 0x3d, {[0x35, 0x3d, 0x36, 0x3d, 0x38, 0x66, 0x66, 0x75], 0x2d, [0x3f, 0x0, 0x64, 0x37], 0x2d, [0x62, 0x32, 0x3e, 0x61], 0x2d, [0x34, 0x37, 0x66], 0x2d, [0x37, 0x37, 0x61, 0x67, 0x7b, 0x64, 0x63, 0x61]}}}, {@func={'func', 0x3d, 'MMAP_CHECK'}}]}) [ 832.676754][T14426] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.683001][T14426] ? kasan_check_read+0x11/0x20 [ 832.687868][T14426] handle_mm_fault+0x43f/0xb30 [ 832.692655][T14426] __get_user_pages+0x7b6/0x1a40 [ 832.697615][T14426] ? follow_page_mask+0x19a0/0x19a0 [ 832.702816][T14426] ? perf_trace_lock+0xeb/0x510 [ 832.707673][T14426] ? __vma_adjust+0x1840/0x1840 [ 832.712537][T14426] ? lock_acquire+0x16f/0x3f0 [ 832.717217][T14426] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 832.723470][T14426] populate_vma_page_range+0x20d/0x2a0 [ 832.728944][T14426] __mm_populate+0x204/0x380 [ 832.733547][T14426] ? populate_vma_page_range+0x2a0/0x2a0 [ 832.739197][T14426] __x64_sys_mlockall+0x35c/0x520 [ 832.744236][T14426] do_syscall_64+0x103/0x610 [ 832.748845][T14426] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 832.754737][T14426] RIP: 0033:0x457e29 [ 832.758636][T14426] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 832.778253][T14426] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 832.786682][T14426] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 832.794667][T14426] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 832.802654][T14426] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 832.811557][T14426] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 832.819537][T14426] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff 03:39:55 executing program 5: r0 = socket(0x10, 0x80003, 0xc) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000000)=ANY=[@ANYBLOB="080000000000000002004e24ac1e000100000000000000000000000000000000000000000000000000000000000032e79aac0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000600000002004e240000001f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e220000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e20e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e22e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e20ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e20e0000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x390) write(r0, &(0x7f0000000700)="1f0000000202fffffd0954c007110000f30501000b000600000423ca310000", 0x13) [ 832.865099][T14436] could not allocate digest TFM handle sha256_mb 03:39:55 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x200000000000000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) [ 832.925444][T14451] could not allocate digest TFM handle sha256_mb 03:39:55 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0xa, 0x5, 0x80) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x35}, 0xb) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$rds(r0, &(0x7f0000000040)={&(0x7f0000000300)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000340)=""/112, 0xfea1}], 0x1, &(0x7f00000008c0)=[@mask_fadd={0x58, 0x84, 0x8, {{}, &(0x7f0000000540), &(0x7f0000000580)}}], 0x58}, 0x0) 03:39:55 executing program 5: perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f00003af000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000003000/0x2000)=nil, &(0x7f0000007000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f00008d1000/0x3000)=nil, &(0x7f0000ff8000/0x1000)=nil, 0x0}, 0x68) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x6, 0x40201) ioctl$RTC_PLL_GET(r0, 0x80207011, &(0x7f00000000c0)) [ 833.152628][T14426] memory: usage 307200kB, limit 307200kB, failcnt 15247 [ 833.166065][T14426] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 833.251882][ C1] net_ratelimit: 12 callbacks suppressed [ 833.251890][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 833.263377][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 833.300394][T14426] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 833.312462][T14426] Memory cgroup stats for /syz3: cache:0KB rss:292248KB rss_huge:159744KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:219416KB active_anon:46636KB inactive_file:0KB active_file:0KB unevictable:26208KB [ 833.368968][T14426] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13719,uid=0 [ 833.418721][T14426] Memory cgroup out of memory: Killed process 13719 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 833.496758][ T1042] oom_reaper: reaped process 13719 (syz-executor.3), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:39:56 executing program 0: r0 = socket$inet(0xa, 0x801, 0x84) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000000)) connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x222800, 0x0) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r1, 0xc0145401, &(0x7f0000000080)={0x1, 0x1, 0x1, 0x1, 0xfffffffffffffffe}) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f00000000c0)={0x0, 0x81}, 0x8) 03:39:56 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0xe000000000000000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:56 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9a9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x1, 0x0, 0x0, 0x4001}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000001780)=""/219, 0xdb}], 0x1000000000000068}}], 0x1, 0x0, 0x0) r1 = openat$cgroup_type(r0, &(0x7f0000000200)='cgroup.type\x00', 0x2, 0x0) readv(r1, &(0x7f0000000540), 0x10000000000002f4) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r0, 0x4008ae48, &(0x7f0000000080)=0x100004) 03:39:56 executing program 5: mknod$loop(&(0x7f0000000040)='./bus\x00', 0x6003, 0x1) unshare(0x400) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$int_out(r0, 0x2, &(0x7f0000000000)) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) lseek(r1, 0x0, 0x0) 03:39:56 executing program 2: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdilowerdir=.:file0,workdir=./file1']) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getxattr(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180)=@random={'user.', 'overlay\x00'}, &(0x7f0000000300)=""/170, 0xaa) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) rmdir(&(0x7f0000000000)='./file0/file0\x00') 03:39:56 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0xeffdffff00000000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:39:56 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x0, 0xfffffffffffffbff}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000100)=ANY=[@ANYRES32=r2, @ANYBLOB="0a000049316bb7b0922bd1771060aab96500ecbd6c15bcca03ffe52a"], &(0x7f00000000c0)=0x12) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0xa00, 0x0) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000400)={0x2, 0x0, &(0x7f0000000140)=""/158, &(0x7f0000000200)=""/192, &(0x7f00000002c0)=""/238, 0x1f007}) sendmsg$rds(r1, &(0x7f0000001f00)={&(0x7f00000003c0)={0x2, 0x0, @multicast2}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000500)=""/73, 0x49}, {&(0x7f0000000580)=""/11, 0xb}, {&(0x7f00000005c0)=""/30, 0x200005de}, {&(0x7f0000000600)=""/127, 0x7f}, {&(0x7f0000000680)=""/23, 0x17}], 0x5, &(0x7f0000001bc0)}, 0x0) [ 834.371284][T14499] overlayfs: unrecognized mount option "upperdilowerdir=.:file0" or missing value [ 834.380697][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 834.380774][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 834.566136][T14506] overlayfs: unrecognized mount option "upperdilowerdir=.:file0" or missing value [ 834.851987][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 834.857829][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 834.863703][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 834.869559][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 835.329065][ T8122] bridge0: port 3(gretap0) entered disabled state [ 835.335863][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 835.341602][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 835.350678][ T8122] device gretap0 left promiscuous mode [ 835.356321][ T8122] bridge0: port 3(gretap0) entered disabled state [ 835.567054][T14510] IPVS: ftp: loaded support on port[0] = 21 [ 835.788005][T14510] chnl_net:caif_netlink_parms(): no params data found [ 835.824229][T14510] bridge0: port 1(bridge_slave_0) entered blocking state [ 835.831469][T14510] bridge0: port 1(bridge_slave_0) entered disabled state [ 835.840401][T14510] device bridge_slave_0 entered promiscuous mode [ 835.848257][T14510] bridge0: port 2(bridge_slave_1) entered blocking state [ 835.855454][T14510] bridge0: port 2(bridge_slave_1) entered disabled state [ 835.863732][T14510] device bridge_slave_1 entered promiscuous mode [ 835.880553][ T8122] device bridge_slave_1 left promiscuous mode [ 835.888630][ T8122] bridge0: port 2(bridge_slave_1) entered disabled state [ 835.896617][ T8122] device bridge_slave_0 left promiscuous mode [ 835.902896][ T8122] bridge0: port 1(bridge_slave_0) entered disabled state [ 838.531843][ C0] net_ratelimit: 6 callbacks suppressed [ 838.531852][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 838.543288][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 839.011935][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 839.017772][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 839.491924][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 839.497837][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 840.108419][ T8122] bond1 (unregistering): Released all slaves [ 840.121192][ T8122] device hsr_slave_1 left promiscuous mode [ 840.137148][ T8122] device hsr_slave_0 left promiscuous mode [ 840.147645][ T8122] team0 (unregistering): Port device team_slave_1 removed [ 840.161036][ T8122] team0 (unregistering): Port device team_slave_0 removed [ 840.173887][ T8122] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 840.186277][ T8122] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 840.238852][ T8122] bond0 (unregistering): Released all slaves [ 840.300856][T14510] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 840.311430][T14510] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 840.329541][T14510] team0: Port device team_slave_0 added [ 840.336760][T14510] team0: Port device team_slave_1 added [ 840.354205][T14510] device hsr_slave_0 entered promiscuous mode [ 840.361457][T14510] device hsr_slave_1 entered promiscuous mode [ 840.420540][T14510] 8021q: adding VLAN 0 to HW filter on device bond0 [ 840.431620][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 840.441047][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 840.449111][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 840.461450][T14510] 8021q: adding VLAN 0 to HW filter on device team0 [ 840.479655][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 840.499260][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 840.510380][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 840.517492][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 840.535226][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 840.543359][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 840.552399][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 840.560747][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 840.567863][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 840.577153][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 840.593879][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 840.611869][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 840.617687][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 840.620704][T14510] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 840.634680][T14510] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 840.649225][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 840.673499][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 840.682454][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 840.690921][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 840.711295][T14510] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 840.719090][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 840.727849][ T7614] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 840.791872][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 840.797699][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:03 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0xfffffffffffffffd, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x440400, 0x0) setsockopt$packet_int(r1, 0x107, 0x1d, &(0x7f0000000180)=0x6, 0x4) r2 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r1, 0xc0305602, &(0x7f0000000780)={0x0, 0x20, 0x3036}) ioctl$VIDIOC_ENUM_FREQ_BANDS(r2, 0xc0405665, &(0x7f0000000080)={0x5, 0x7, 0x2, 0x22ed73cbec5acc99, 0x100000000, 0x7, 0x8}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f00000007c0)={0x6c, 0x8, 0x200, 0xffff, 0x400}, 0x14) mmap$perf(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, 0x13, r1, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r2, 0x402c5342, &(0x7f0000000200)={0x400, 0x4, 0x7, {r3, r4+30000000}, 0x800, 0x7fff}) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ADD(r1, &(0x7f0000000740)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000700)={&(0x7f0000000300)=ANY=[@ANYBLOB="e8030000", @ANYRES16=r5, @ANYBLOB="08002cbd7000fddbdf251500000028000500240002000800040006000000080003001f0000000800020000000000080001001f000000100007000c0004000008000000000000d40004004400070008000300ffffffff08000100160000000800030001000000080002000700000008000400060000000800030000000100080001001300000008000400090000002400070008000400010000000800040005000000080001001e00000008000200020000001400010062726f6164636173742d6c696e6b00001400010062726f6164636173742d6c696e6b00001400010062726f6164636173742d6c696e6b00002c0007000800040003000000080004000700000008000300060000000800030003000000080001000b000000f8000500080001007564700008000100756470000800010075647000540002000800010012000000080001000b0000000800020007000000080004003f00000008000400050000000800040062520000080004000700000008000300020000000800030001000100080004001c49cc043c00020008000300ffffffff08000200040000000800020000000000080004007d340000080002000300000008000300f9ffffff0800040081000000080001007564700034000200080001001400000008000400740000000800030000000000080003001900000008000100050000000800030005000000080001006574680008000100756470008c0004001400010062726f6164636173742d6c696e6b00002c000700080003000300000008000100020000000800040005000000080001000100000008000300010000000c00010073797a31000000000c00010073797a30000000000c00010073797a31000000000c00010073797a30000000000c00010073797a31000000000c00010073797a3100000000280001002400020008000300060000000800030000000000080002000900000008000300ac000000ac000500080001006574680034000200080002000300000008000200050000000800020008000000080001000d000000080001000a00000008000100020000001c000200080001000500000008000200ffffff7f08000100140000002c000200080001000100000008000400ffffff7f08000400040000000800040003000000080001000b0000002400020008000300731f000008000200a700000008000400dc040000080001000e00000070000100100001007564703a73797a310000000044000400200001000a004e2000000006fe8000000000000000000000000000aa05000000200002000a004e2200000007fe88000000000000000000000000010105000000657468315f746f5f626f6e64000000000000000000000000"], 0x3e8}, 0x1, 0x0, 0x0, 0x1}, 0x240000c1) init_module(&(0x7f00000000c0)='/dev/cec#\x00', 0xa, &(0x7f0000000100)='vboxnet0\\.e(em1\\u,\x00') 03:40:03 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x100000}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000080)=ANY=[@ANYBLOB="e87cef20136de51e57f1ccebd38a3286b3d6a6cb9e2e6b86caa7f2f64fd2505dff4516fcb106bff157956163f4"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:40:03 executing program 0: pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) close(r1) syz_open_dev$media(&(0x7f00000001c0)='/dev/media#\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 03:40:03 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0xff03000000000000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:03 executing program 4: perf_event_open(&(0x7f0000000140)={0x0, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x9, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x800000000000040, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x2) setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, &(0x7f0000000080)='\x00', 0x358) ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f0000000040)=0x4) socketpair(0x1, 0x5, 0x5, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000300)={0x0, 0x2}, &(0x7f0000000340)=0x8) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000380)={r1, 0x3f}, &(0x7f00000003c0)=0x8) sched_setaffinity(0x0, 0xfffffffffffffff8, &(0x7f0000000140)=0x40000000000009) shmget$private(0x0, 0x3000, 0x400, &(0x7f0000b63000/0x3000)=nil) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000400)={0x0, 0x8000, 0x1, 0x17897de9, [], [], [], 0x6, 0x1, 0x43f, 0x1, "21fdd9e2a027c456b40776442c2fe5a4"}) ioctl$SIOCAX25NOUID(r0, 0x89e3, &(0x7f0000000540)=0x1) mkdirat(r0, &(0x7f0000000580)='./file0\x00', 0x11) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000001c0)={{{@in6=@dev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6}}, &(0x7f00000000c0)=0xe8) ioctl$SIOCAX25GETUID(r0, 0x89e0, &(0x7f00000002c0)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, r2}) ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x40044900, 0x100000001) clone(0x80a102001ff8, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) mount(0x0, &(0x7f0000343ff8)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) 03:40:03 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000)) ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000240)) 03:40:03 executing program 4: syz_emit_ethernet(0x32, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c2000300000000000000080047000024000000000000907800000000ffffffff0707077f000001000000000000089078"], &(0x7f00000000c0)) 03:40:03 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0xffffffff00000000, 0x241}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:03 executing program 5: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept4(0xffffffffffffff9c, &(0x7f0000000080)=@pppoe={0x18, 0x0, {0x0, @random}}, &(0x7f0000000180)=0x80, 0x80800) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000880)={{{@in=@empty, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}}}, &(0x7f0000000980)=0xe8) sendmsg$can_raw(r0, &(0x7f0000000400)={&(0x7f0000000300)={0x1d, r1}, 0x10, &(0x7f00000003c0)={&(0x7f0000000340)=@canfd={{0x3, 0x6, 0xffffffff, 0x100000001}, 0x20, 0x1, 0x0, 0x0, "6c8f050626f2ec9d0d02c37dd42abbd6419711aa145466fb2c05a1855866f3a02972260efd18500cb3c6acfe20053526cd3feae5f78c5cec703d9396541fcbb1"}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x1) r2 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="390040ef750230967d87ec17d6fdfa4b504cc83e8fda4bf7a7ae000048b9e4c6343e30ff7bd251de941f686d80000000295e2f9d24f7f5d97c"], 0x39) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f00000000c0)) r3 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x20, 0x305000) ioctl$KVM_GET_XSAVE(r3, 0x9000aea4, &(0x7f0000000480)) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r3, 0x84, 0x65, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x6, @loopback, 0xff}, @in={0x2, 0x4e20, @multicast1}], 0x2c) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000440)={0x8, [0x80, 0x200, 0x3ffc0000000, 0x2, 0x5, 0x0, 0x1, 0x81]}, 0x14) ptrace$cont(0x1f, r2, 0x0, 0x0) 03:40:03 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = dup(r1) ioctl$sock_inet6_udp_SIOCINQ(r2, 0x541b, &(0x7f0000001500)) r3 = syz_init_net_socket$llc(0x1a, 0x0, 0x0) ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f0000001540)=0x1f) setsockopt$inet6_tcp_int(r2, 0x6, 0xa, &(0x7f00007b1000)=0x81, 0x4) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000001340)={0x0, 0x7f}, &(0x7f0000001380)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f00000013c0)={r4, 0x6}, 0x8) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000001440)={r4, @in6={{0xa, 0x4e24, 0xffff, @rand_addr="654adc27251334f84a3f3299550c3296", 0x2}}}, 0x84) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semget$private(0x0, 0x3, 0x45) r5 = syz_open_dev$usbmon(&(0x7f0000001300)='/dev/usbmon#\x00', 0x38ad, 0x2) io_cancel(0x0, &(0x7f00000012c0)={0x0, 0x0, 0x0, 0x8, 0x5, 0xffffffffffffffff, &(0x7f00000002c0)="3a3e9107ebc42e1b73e940a7c8f89fd81871a448c58ed002a3203ddbb83b592b3e4cb0d7cc88be2d884d76a5cd715a0f84886da139824d3dec34232ed9be7efb1da53d54d0280ff67f8db2fd74edfcfbc10cc252f4cfaba50330c5777384fd1637a8f8b8752be74e966764ada92fa0d049ee788a0ba9cef9349eb8c39d6ca4dd911515d742d7dc9aef7998069bc4a2d95f557fbf114d9bf16e28bec186efc5a67360a248425b72042aef8d23c3ec8ce84dd85c8dd6edc84c50a4eefdcac9b914d35928755f38564f7497c5efe536f10ac141612fb299d97346d69c0ec6ee8d7b070dd1a6643fc53d236cdfe07200a3326d8b4240af6ff302d388e2bad9861cac72fa91cc6a27625b3aacc657b0211e0104a1bd6bd4fa0072e5dd4efc8c4e03497beca05ee331d5e4fef2f4f227a9368374bfbddbf2a7125d18813b1576b73baa54fe753f542bb5ab445b0defc83e15ba5a08462e53a8df12fa23d311ed784aedf877913fee483f730947cf996c2df684b160ad2bc54a8dd561f183784e5ba20d93d8ea66f61dbb5b17f7339d63f2efc5dafba8d278734a22d5a12a7caf2cfe34840e505eccf1bf8dacc692638333ec927845d3d29edf8f09e5d9cb6bf1e8406abe5d6ac45a04402f97568c9cf1e276e50eca9132503e6d3ad24b974a90ab7e33290da407c966d10133d3188079a279b070335b6b7b3036993ce55dbc9a54e73ddd8c8a379ac9edf02f668a6f3ab7b23bfb9a03b9610ceabf83b38a975e9e7f16ae407d7cc9a9675b8c5a39cf583858e6b6b2c0f5a34ec69542ae60bb04d709a980e65a0853bc001ca9b2c394213583fc08fd5bdad58c33bce1c8e4b0089fa14ff9eb0f31f381c453fb3acb9b0a8c51625f9cbf57cdbe4be394462288d5c55834d062387ab383781623d79651e9a96a2695007a23e8445aa8903a250d5be2ee0d6a175078fb8869cab0879f9e69ac28bf414660442d7796c3be713d05e78049233b71fe48fd862e25714987749a91b8895837e8766e28fd75cd50192a0996bf08fa23a2d40a2cd95cb36a51320f3284dd88a8ccb55464584029f1949f703e48ec11137b9ec6ee346189c90821a8273d35153a19602562163e941d635439f3cc8694230f63f1b75b5f5748a370ce4fa841580f702f16a31cae31286800bde5b360f488582435688be901218ed2bba8097735c326097746bed3a48b6c9c1a3de2f6f699c9c50137e76d69a71f94d127a1a5f0b757e42cf4f4a930493757ea0dd6cc4efffba288a2a24ad6883949310b49cdf48d3d2a22c6e190985eec0d082554bf250a40ce4f9ef09e039d2aed4b719d4916b046a320db9a63ed83998c17b3992036d2864e8d6deb9f0a8e0aa932de04fb84e99cc3938b5b8f17f5c2d5cf3d9f4b61429dde932a84156c01ed7d1df85b9a04a2f51b47554faefedee7015f0d6608ebd90699a714f20407bb5517d25cd1c131e4e61a7d56f81a3a5434f909e991fc9280ff74656691ae9421b95537b0d9da50255660a25ff22eaaee93331b4c82d14efd173996e7a44f814aa9e1a2369624944ff3d4546b01c7ce5fdd2927a2e6e703bffbc1d36537ed3a2ffba653cd79dd90fa532ad2ebf76a21f33e7d33503d4fe66d33208d934f80036a198f9042f48d7e0ff59ef14e38e5f836433e213bb4cab34e9590e722e38a425bf30d428b215cbc81e4165b825bd166e84e338cedc0963425e23925e42e959eb81ea3186815f8bdf629530dd9517fe62d16df6f8a12d55dbc6350470ba17e66ae46ac7e3a64344cdc668623eed2154f920e495f0c06c5b1541bf1a3b01fff369d7d50ae87cda74f4c1d34103ed7b07544c13c981c800c332f2de4a0ab7b6963c2c8cf8bc172ea337af76d9d63dc5ffead4cc2ebf7b9d3fdf3f9618d7bbca599fc21a2669f2a0b791bb26b9dee28ce4115e91920eb22a73810edbac389cc8b90d780865165d8fb211d202024e9a3cc0a9d84349a20530d01a05d44e22e4b4eb2c5630dccdb92965f569d49c3a94181a96c6ad77543a3e815d7342b077c3839068709ffe72ab3e98eda580dd7a5f68716aef70e4b248217f68546e54d42f0c479857d1f5a2d92b14d8c0a0e2d198e5fdfd61008b0ef3464f8b898b2f6b0232708207748ebb95707629ae78517289c39dd53bb4ed1d2f9893f8daab525138cd6b27a7f5abafd551c75f7f83ccc3e140d83cf29940348a8037ad69baba1fbdee23e80eef31a9d1704f5cff3c16ffb3b935e2597980c2a0dd42dd1598a9821784960ec2a69bb4691bd76f30e41b7dc2aba8480fd80b0cda816e480b45a8090f32f89972dbb75f1ad548b1e2a6b10bba307dfc5d1896fe2616b7c20918587b69837edc4f3bce573fba3335800ffa4d45cf53d46f87f594fade193768f343168f9c3cb524e0d0e0b67373809ac899609440798e4b130a2cd12b6a9899c2c720e9330b711554bdbc402121149b019d145ac11b8b803b070987c791f80ac97a17d9991c9f966a14ba57cb374ee578a012e951c5e4c5e9884a0830b56f82bcea8fab3de95d161fedaf32fb50a24a3053880e4f2be01ad0b477b938a4258311d21fbd4b3c6a27342fd194066faa429a884f37bc51055605e7e2d7274c158203acd117aa241a5d116d2705f5ab093577d786a36c8db6f368a76c20b431292e4b1f1d7dc605801d0ab087e75f86202b5c598574069744ad3c6d8f6fde084b902ca168c2507c9a7945c4be2cd95e6738e2ee8631596e53a87deb49e47f9972cb98d7b607af6f25ee95f1e845a27fd46e22d2359363bd8b46b6ef931b29f4726c370126394d5df196b02957ac833d3c9aac01616da9ece3b46ef6b2ed204b26f8d93481c945fd61cc5cf8c022fdcd0bdca7041e3ff42fd34d1dbe4ef8d928ba81a5f0739689ca3684b45c3378a12e5ae0503749e82c98d8cdfad235c0b253b510af14828445e783b200739da2ce1164c665f37af5ab389d7aa2331317e391e92562058a81a83e5889e4c17d635d50fa9de3763694b58f5fcf3a3e9ccfa9ee75b497c900541e9425ac9f087cbde813a0aceb1ef06e45f308195d4f3b082f0cefdad56c0763a7fe9623eee64effaf2b0777a72c5521f842c6140a18759b6fa663ffe265060ac768310a44325465bbdeca56d706aa51bfe76efde992dc79a3fa8b1a062bd1689bfd20670e160a6853ebe7191d32cb56b739ab0a2dbe5f7e54554654f3276ae4dc863c1f82c6267d2055cb36f3267a412d1a5cf9b1e1f39e4c25260f1fbd83ba6ca954c41dfe74b26c69b3831b1684b4101805598ed13d5ee339c81db781107cf39dbe3d7bb72266e1d6eec6adc36f53afd167bec91a0b6534b61c3e408dcd14024adf078f6c8aee5f228761d574eedc479cf442022ec9be18bce3a7886311648e02957fbcd97188105c38a6182fd75f8ffebf066116b1b5621d96c28efacc3b9ab01a3c493ed34177c94f8a5324a3c3c4bd54ac0bc1cd663bc4bd0b1478440f46029fe771312e6b3678ebebd7791872888e5b99a1a0630896d4fd1565f4746067400469be718a3c0fc415d7739bafe7ffd0aa6cd48d75d8709f7c13ca85f51bc351b2f0deebdb38ccbb9e29437958b443202eba0accaa96069321541ea93e29b04308e2fb9a27a61e109348d14550e767f7f01bb3a1199eb6eec5ea84415fd20201aec582e67db09c2fd4642f18eeca69d7522d243e9442a218dfc7fb3f9cb541119db4b7894cf9224082b3325ecdb143e597ecc5de55640719b43d52491b78968e11a8ae45a76adc73ad33eed24b3e0d66d09041e2aa23dbd56cd7ba9aa42d3703b0bf8a0eb98fc6d6d40cb5f9e07774383acc7f5c56b6e360fea18feda65bf21d37496d89352ac7366290815b0cf98e95d1da260df0c859bc2d83b4d7cd2716be3aeaa22e6e4b2c4781e8246662ca637f5951a8f989a938efaefb438b0f57e695f49953138d2503881723302fa7ed6e9965cd0944774adf30bb708e4984201c842a72ec5f226674d0ea086ab90afe011f40f285c813db90993aa974b2adece4986f0e21be197d8a9e07e32d4f98070bbd0bdc73d264d215d274c79b89fdcb5095f6d4f35aabc4986d4fc2ee7580b9dfae1b4fa6bb27891e584fa270c6092a6a98b9a5eb3a90c1ddba9ccf43e6fd2b80abd7a089dba49a94949154c50f5f4edbcb945c4774599c0acaac1a9b29ee53fe9ec279d98563fe45e305149a730df2b2534fca390a3aa5e97ac2c4267ec9ede8f66f497827474dd7aaddfb0392bf9b0c24159eb397861114826235a39c375d25c5b4ac0163e3d068b30a00e2e0a20d8a8dbb92908c4af162787a021fe74ec4053b42005b1089c8f9b0833b9b842eedf00e80d6fe27bfbdc3cb2c82f9a6bc1cbe781ddc134f67c94b71e65ffcef29623e05890f64000413afb670ae4514aaadbd9ef5339ba7968a1d06a1c279226b6b58ceaddab85f1b319da3fbc840e44e40eb8f4001a19df0b257c9c16e7c2c9f310cd89106e9de513599b1a110e7c1ad71226aa46d46f4d947a0a3a5110093b90f3d3f615a97079c30ba6908b06da3c9b9162df8c88aebb6fba4da82a74a27df3f659c538a03267e963ed8a64773583451e84a3005988e7e41cf9da8250d31f7607c0a9f0d8f1f8223c184eecccd5ed0ccf1dcc457715dcb61e6715a2cd057b96e60e6854eaabae3aaa74ccfb00ad3581635c55a2afee7333e52512a09ffc63330e14c74bf99904b40ff6c511486a87dbd83c1e8b6e4eef00979e15ee16ac6cdd2dae952c00a819a8400cd5a1ac65fa99ce197673208edb93d034ea1b429446c8143b228484718dc9a022429e1e2211fc9f4ce8bb72f3fa9fa6259148a01d5146ac515f23c50d3f4758341c23c17871aa0405dcb26df0da9f1ded45b15d395ae92098178d61b606253e5b896d250a89ac4bc490be53cfbd9a2033f30944a6b7f2a4f1d02ec1336a05f68f4ad712ccae1aeed70dc0a352aaf9cee7e7b170d7c82aeea91f02b3029405c0c5c5cec1c0a6d880c43bb18d933aa26c852e9a3cc1c9dac9886390bdbdaf9c62c929bf546ceabb80d23505ec41eb9399dac515a3318c61a69858f8335398d1cb925155078b9b42c274085fcd6e0de22fbcd5764b7463389d199509c4e7af0049bdc26f27d9213f3989f855423ee51f3470ade4cfb685d341a9d39f7be53df1bb57d50c1ab681861cc85c28368d0d1d65a955fb566111f0fd875a579eedeed6db59eec1e20cde1c2d2e2f2157bb89d4fe769a1cf1b30e948b5c95d2f36d31159a84f72902a7e436c20feb5147da1ea7f5a878b0ff4bc03f3936a13c444483d77560ef7718888ac6aa98f1ea48a13e8f8192a53299dbbfbee778e87c5d89650495e9f9f62e8bafda5198f0f47100970f0ffb16d6d8fd509aab77dae42106564649fc113575785c5b3da814eb3e782c69ea0bf39e62d25fe114460bd537542a4f81233f3d4b2776abe64a98b2811b37b4cba514a2292701a2026c64e150c6904afa7da9a14b388032566a5f0d1fa19dce685f5f8f75a270074da1dde201f1798f93006cae910538e92f974c828eef182316cef774087dea8f9ae41356c13a421c132bba9d65de3ce92d1c12c8a58eed8575f047056d4fe90ccbc35a2fca7164c9e0d4174681ec4cddae02cfb661ce01014a85a03abe4870f872e49470c2d5a4bfca3747", 0xfb1, 0x0, 0x0, 0x0, r2}, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000240)) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)={@dev={0xac, 0x14, 0x14, 0x22}, @dev={0xac, 0x14, 0x14, 0x29}, 0x0, 0x8, [@dev={0xac, 0x14, 0x14, 0xd}, @multicast2, @dev={0xac, 0x14, 0x14, 0x24}, @rand_addr=0x1ff, @remote, @multicast2, @dev={0xac, 0x14, 0x14, 0x1c}, @empty]}, 0x30) setsockopt$inet_tcp_int(r2, 0x6, 0x13, &(0x7f0000001280)=0x7fff, 0x4) ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f0000000100)=""/158) setsockopt$inet_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f00000015c0), 0x4) times(&(0x7f0000001400)) r6 = open(&(0x7f0000000280)='./bus\x00', 0x141042, 0x0) r7 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)="dced3e6aca52cf3217e7a0a860bb564aeec483226c2a", 0x16, 0xfffffffffffffffa) ioctl$KVM_GET_MP_STATE(r5, 0x8004ae98, &(0x7f0000001580)) keyctl$set_timeout(0xf, r7, 0x8) ftruncate(r6, 0x7fff) sendfile(r2, r6, &(0x7f0000d83ff8)=0x1100, 0x800000000002) socket$inet_sctp(0x2, 0x5, 0x84) [ 841.145040][T14539] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 841.180968][T14539] CPU: 0 PID: 14539 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 841.190130][T14539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 841.200187][T14539] Call Trace: [ 841.203497][T14539] dump_stack+0x172/0x1f0 [ 841.207833][T14539] dump_header+0x10f/0xba6 [ 841.212289][T14539] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 841.218101][T14539] ? ___ratelimit+0x60/0x595 [ 841.222695][T14539] ? do_raw_spin_unlock+0x57/0x270 [ 841.227817][T14539] oom_kill_process.cold+0x10/0x15 [ 841.232943][T14539] out_of_memory+0x79a/0x1280 [ 841.237634][T14539] ? lock_downgrade+0x880/0x880 [ 841.242485][T14539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.248731][T14539] ? oom_killer_disable+0x280/0x280 [ 841.253925][T14539] ? find_held_lock+0x35/0x130 [ 841.258702][T14539] mem_cgroup_out_of_memory+0x1ca/0x230 [ 841.264251][T14539] ? memcg_event_wake+0x230/0x230 [ 841.269290][T14539] ? do_raw_spin_unlock+0x57/0x270 [ 841.274403][T14539] ? _raw_spin_unlock+0x2d/0x50 [ 841.279290][T14539] try_charge+0x118d/0x1790 [ 841.283811][T14539] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 841.289365][T14539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.295615][T14539] ? kasan_check_read+0x11/0x20 [ 841.300478][T14539] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 841.306117][T14539] mem_cgroup_try_charge+0x24d/0x5e0 [ 841.311415][T14539] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 841.317060][T14539] __handle_mm_fault+0x1e1f/0x3ec0 [ 841.322184][T14539] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 841.327744][T14539] ? find_held_lock+0x35/0x130 [ 841.332516][T14539] ? handle_mm_fault+0x322/0xb30 [ 841.337504][T14539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.343750][T14539] ? kasan_check_read+0x11/0x20 [ 841.348609][T14539] handle_mm_fault+0x43f/0xb30 [ 841.353383][T14539] __get_user_pages+0x7b6/0x1a40 [ 841.358367][T14539] ? follow_page_mask+0x19a0/0x19a0 [ 841.363592][T14539] ? perf_trace_lock+0xeb/0x510 [ 841.368459][T14539] ? __vma_adjust+0x1840/0x1840 [ 841.373324][T14539] ? lock_acquire+0x16f/0x3f0 [ 841.378001][T14539] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.384248][T14539] populate_vma_page_range+0x20d/0x2a0 [ 841.389732][T14539] __mm_populate+0x204/0x380 [ 841.394332][T14539] ? populate_vma_page_range+0x2a0/0x2a0 [ 841.399980][T14539] __x64_sys_mlockall+0x35c/0x520 [ 841.405009][T14539] do_syscall_64+0x103/0x610 [ 841.409606][T14539] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.415494][T14539] RIP: 0033:0x457e29 [ 841.419652][T14539] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:40:04 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x2}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:04 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x10000, 0x0) getpeername$packet(0xffffffffffffff9c, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) bind(r0, &(0x7f00000000c0)=@ethernet={0x307, @remote}, 0x80) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f000051c000)=[{&(0x7f0000000340)="480000001400190d09004bea3e07bd760284e00600000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000ad67dd13", 0x48}], 0x1) [ 841.439262][T14539] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 841.447676][T14539] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 841.455653][T14539] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 841.463624][T14539] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 841.471595][T14539] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 841.479568][T14539] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 841.689833][T14539] memory: usage 307200kB, limit 307200kB, failcnt 15273 [ 841.704771][T14539] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 841.716487][T14539] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 841.727111][T14539] Memory cgroup stats for /syz3: cache:0KB rss:292288KB rss_huge:165888KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:219416KB active_anon:46636KB inactive_file:4KB active_file:0KB unevictable:26328KB [ 841.757677][T14539] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14532,uid=0 [ 841.780014][T14539] Memory cgroup out of memory: Killed process 14532 (syz-executor.3) total-vm:72448kB, anon-rss:16052kB, file-rss:37160kB, shmem-rss:0kB [ 841.808884][ T1042] oom_reaper: reaped process 14532 (syz-executor.3), now anon-rss:16064kB, file-rss:37932kB, shmem-rss:0kB 03:40:04 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = accept4$inet(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10, 0x80800) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/sco\x00') lstat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = getegid() write$FUSE_CREATE_OPEN(r1, &(0x7f0000000200)={0xa0, 0xffffffffffffffda, 0x1, {{0x2, 0x2, 0x2, 0x8001, 0x7, 0x200, {0x3, 0x3, 0x0, 0xffffffffffff2f67, 0x0, 0x65, 0x9, 0x8, 0x4, 0x6, 0xffffffffffffffff, r2, r3, 0x9, 0x7ff}}, {0x0, 0x4}}}, 0xa0) ioctl$sock_inet_udp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000880)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000840)={0xffffffffffffffff}, 0x113, 0x100b}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r1, &(0x7f00000008c0)={0x8, 0x120, 0xfa00, {0x4, {0x0, 0xff, "212694d652ab34934a716bc8d778d58d112f1537c7c38cc8c2742033d2042022eb62d4664eea388e950681a10e4095c4be6b3b3cf8f29f0596a5553e2767861861e934586e1e9f3bbe05631dcad11f8ba560c9d0dbe5c3a43cbd0601fafe2c4dce5e31a20be8fcbe3826fa34f91bc43627dfe66a7c71faec8d04a7e5a2f603497f36babce4622e70d0415c415ad0f6f3afffc41d41744b33006e7b16730c17822c534be80c762558910b78129f58a3c319bd90e4af097fe73ab34f8c80a754e51c2ccb8967a1a0e6af828ddb90ad4e352638d639091ece0fd8cdc47c5f7726c9e0de4c7b82259fedd26fd818f346e5c73208c7da618c025de317414f8f38fc8c", 0xf4, 0xe1, 0x6, 0x20, 0x2, 0x6, 0x7}, r5}}, 0x128) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000700)={0xffffffffffffffff, r1, 0x0, 0x4, &(0x7f00000006c0)='*[\\\x00'}, 0x30) get_robust_list(r6, &(0x7f00000007c0)=&(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)}, &(0x7f0000000800)=0x18) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_SET_XSAVE(r1, 0x5000aea5, &(0x7f00000002c0)={"feb9e56b5c2426c311e3a552ce9a647555560b1e644c7c1df15b8c34a5a8c17c14784f52131623e6e71301db40d0d5e773445929dc2be248d5fbf68a0d4e0430c189a63633de1f8fbd1e804bc2ff635597f2b5a1f8aabc6b8ddf633feaddad55275adf17dbfb5139819d776e8d7430e536185a1be0435f7b56715326936d5aac21e66f6e9e32252e786786913f660375c81c65378c430d8c0d3339b4b4dee458a29a82fa28ed1bc84efa17ba8f3e2300b859276c5e74b89547e98d0cfa9807f58cc154a29e236c4f5e9570aded0ace693e6add50805a0c037dda3c89214d38be0f08455fd923b62bdce3da2f378e930ba6f61bdfa6cbd0f33a97d4049fb25c58c186a3f2bbc96408ec4f417b23ba683e7b270e11e17339ff7fd3eb6af537af953ba35635e77cbc06a605770edb4805af73c8dbf631a5b26152464375150f08f795c61b7acfdb1dd21a606a47f39b71cf6966535213a087b83b4ef2707b7af9df3cdb25eedecabffa026cca406001c589e592beb026082e7a60b66e539e097e53d08eefe04dbfad0c6d35b0cba1435443eeac6a0d755011652a5208b2a1e9c885000bc16065fc527377e47b25bc93aa95e131e8a30931a81752dbb874b41576dbb92a76cc01ffe721360ccb9ca1e7d03dead219f96722ee57203faa0f58774182ecd1f13936a1d22551735b263f59c8d5676cc5a8babb72b60e3a3b2eb9800b003408616fb27787c49a1905040fec294e64b46809a3887da87976c59d563dae5773fd8b540221439db055220ebaeca954ca6ad232ed59350190114ec908d9853896957683bd1ee1f5715edfed2cbc5f9d6598d2f0ba4228b2e3a2bfca1252a770884ed1af773a63989be0a0c10be0ef4e3648fa8a3b5ae7b1558fa070e9227ed90234e4d2c64aef168d6291ae2474f1f2982ab7cb0b3007830763bfbd19a57315cc94e39eeb94e0cf84aa9ecab1053e6077b5adb90b2168df52db2366026ae8d1efc048c49e5a6a29b4c94a46e8e4faacf414465710607a3e928a335e09fc94f2235941b72b8d5167bea6d1e9765bed099e51097e7d432ddf588b28100523b16a6fea67ed96d584c1b125f4cb6ddd80c4595b74bfe46a0dcead2825009c17e2b50fb857072c0fd7dc3dea24b3a825a7ecc2514d0baf0f25c178ecdf445cf3abb85c10caac55a38511e56b4186589be42b2eb1741c4e8d111b8d46627e9f89142124088b8db91f4a1502251de2847a912397975fb322b03ae26c874b95f8ba762bf18c7ee107f7618db7cc9d7cb9eed1f1a2de2b167778ac415cd1d8a6bd2c6b86b9b4a587a7280221e472abb3598a75dd7b1fe7f63e734c1b1d771b1a44abe47b3c9da48b83ca1c6b4c1d1b8467c8f4ce64ad706fcccdd4cbdf221de84f6738cb3be3f49416bd6de7734355d5a25d3f829f8d67b6073df27bb9c75972d33ee1ed"}) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:40:04 executing program 4: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x6400, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000140)={0xffffffffffffffff}, 0x111, 0x1000}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f00000000c0)={0xf, 0x8, 0xfa00, {r1, 0xf}}, 0x10) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_STREAMOFF(r2, 0x40045613, &(0x7f0000000200)=0x2) 03:40:04 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x4}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:04 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="20000000200001000000000000000000020080000000000000005e2eb4e40000"], 0x20}}, 0x0) 03:40:04 executing program 2: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x80, 0x0) sendto$rose(r0, &(0x7f00000000c0)="9a4d1089dd3c7bfc3f1d9d414ab17c49ed4bad2ce580a96dcaa170497c072e9262df1fd58f857bec3fe0c152186d2eafbb9f2ec3bb7222480289c91518f6d081d0df548e1f581d8e1b7660f8827cd6a53da06f81c277b99b78df08decd221ba02912b946fb80784141254290245f63ec75abbd1aaf43f70da914af7a2a7f122b213bcf34b01df1159ed827de12d2c9f98175ffec21f241dac49ccbbe6b231cdec133b85ce2b111c3cd5cb722c5c482944d2b8807da852472c295fd170bc4b6762f148c5a6a5d9c117aa9448893f550fb42d5f292a775dde113cbf820a00995aa9b7ea0b8544a2ede", 0xe8, 0x44004, &(0x7f00000001c0)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x1, @bcast}, 0x1c) syz_emit_ethernet(0x2a, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0xf402, 0x0, @remote={0xac, 0x1c}, @local}, @igmp={0x0, 0x0, 0x0, @broadcast}}}}}, &(0x7f0000000080)={0x0, 0x0, [0x65, 0x0, 0x0, 0xfffffffffffffffc]}) [ 841.932167][T14581] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. 03:40:04 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0xe0}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:04 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x7) recvmmsg(r0, &(0x7f0000000040), 0x0, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000000)=0x2, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 03:40:04 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x1ff, 0x2001) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$packet_buf(r0, 0x107, 0x17, &(0x7f0000651000)=""/240, &(0x7f00000004c0)=0x25c) [ 842.116812][T14591] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 842.153404][T14591] CPU: 1 PID: 14591 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 842.162562][T14591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 842.172628][T14591] Call Trace: [ 842.175939][T14591] dump_stack+0x172/0x1f0 [ 842.180289][T14591] dump_header+0x10f/0xba6 [ 842.184728][T14591] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 842.190548][T14591] ? ___ratelimit+0x60/0x595 [ 842.195162][T14591] ? do_raw_spin_unlock+0x57/0x270 [ 842.200287][T14591] oom_kill_process.cold+0x10/0x15 [ 842.205408][T14591] out_of_memory+0x79a/0x1280 [ 842.210099][T14591] ? lock_downgrade+0x880/0x880 [ 842.214965][T14591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.221228][T14591] ? oom_killer_disable+0x280/0x280 [ 842.226426][T14591] ? find_held_lock+0x35/0x130 [ 842.231203][T14591] mem_cgroup_out_of_memory+0x1ca/0x230 [ 842.236752][T14591] ? memcg_event_wake+0x230/0x230 [ 842.241790][T14591] ? do_raw_spin_unlock+0x57/0x270 [ 842.246903][T14591] ? _raw_spin_unlock+0x2d/0x50 [ 842.251760][T14591] try_charge+0x118d/0x1790 [ 842.256274][T14591] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 842.262010][T14591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.268251][T14591] ? kasan_check_read+0x11/0x20 [ 842.273111][T14591] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 842.278693][T14591] mem_cgroup_try_charge+0x24d/0x5e0 [ 842.284000][T14591] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 842.289637][T14591] __handle_mm_fault+0x1e1f/0x3ec0 [ 842.294775][T14591] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 842.300325][T14591] ? find_held_lock+0x35/0x130 [ 842.305094][T14591] ? handle_mm_fault+0x322/0xb30 [ 842.310053][T14591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.316304][T14591] ? kasan_check_read+0x11/0x20 [ 842.321167][T14591] handle_mm_fault+0x43f/0xb30 [ 842.325940][T14591] __get_user_pages+0x7b6/0x1a40 [ 842.330888][T14591] ? follow_page_mask+0x19a0/0x19a0 [ 842.336089][T14591] ? perf_trace_lock+0xeb/0x510 [ 842.340947][T14591] ? __vma_adjust+0x1840/0x1840 [ 842.345804][T14591] ? lock_acquire+0x16f/0x3f0 [ 842.350481][T14591] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 842.356732][T14591] populate_vma_page_range+0x20d/0x2a0 [ 842.365615][T14591] __mm_populate+0x204/0x380 [ 842.370215][T14591] ? populate_vma_page_range+0x2a0/0x2a0 [ 842.375888][T14591] __x64_sys_mlockall+0x35c/0x520 [ 842.380914][T14591] do_syscall_64+0x103/0x610 [ 842.385510][T14591] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 842.391396][T14591] RIP: 0033:0x457e29 [ 842.395297][T14591] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 842.414898][T14591] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 842.423307][T14591] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 842.431279][T14591] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 842.439252][T14591] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 842.447240][T14591] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 842.455216][T14591] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 842.466241][T14591] memory: usage 307200kB, limit 307200kB, failcnt 15284 [ 842.473386][T14591] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 842.481035][T14591] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 842.491499][T14591] Memory cgroup stats for /syz3: cache:0KB rss:292372KB rss_huge:165888KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:219416KB active_anon:46636KB inactive_file:0KB active_file:0KB unevictable:26324KB [ 842.518417][T14591] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14590,uid=0 [ 842.539820][T14591] Memory cgroup out of memory: Killed process 14590 (syz-executor.3) total-vm:72448kB, anon-rss:16052kB, file-rss:37160kB, shmem-rss:0kB [ 842.554697][ T1042] oom_reaper: reaped process 14590 (syz-executor.3), now anon-rss:16064kB, file-rss:37932kB, shmem-rss:0kB [ 843.651931][ C1] net_ratelimit: 16 callbacks suppressed [ 843.651938][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 843.663426][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:06 executing program 4: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x10) ioctl$PIO_SCRNMAP(r0, 0x4b41, &(0x7f0000000040)="3d26840a72aadc1bc1f799fce0989f018328dc772b2d6f645d544b043e8900700bbb1eba920adb86fbfe4a58e759131d3629bd61081112ec7594170483c9dbce4b") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000004fc8)={&(0x7f0000016000), 0xc, &(0x7f000000b000)={&(0x7f000002c000)=@mpls_newroute={0x20, 0x18, 0x21, 0x0, 0x0, {0x1c, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x1}, [@RTA_DST={0x4, 0x12}]}, 0x20}}, 0x0) 03:40:06 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') getpeername$unix(r0, &(0x7f0000000080)=@abs, &(0x7f0000000000)=0x6e) sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000200)={0x54, r2, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @multicast2=0xac14140d}}, {0x14, 0x2, @in={0x2, 0x0, @remote}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}]}]}, 0x54}}, 0x0) 03:40:06 executing program 5: ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x802, 0x0) ioctl(r0, 0x9, &(0x7f0000000100)="2abe84") socket$inet6_tcp(0xa, 0x1, 0x0) shmget(0xffffffffffffffff, 0x2000, 0x0, &(0x7f0000ffc000/0x2000)=nil) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = open(&(0x7f0000000080)='./bus\x00', 0x1fe, 0x0) write$binfmt_aout(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="00001a1c547a523c77681f5e01000000bfb57a"], 0x13) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000180)='./bus\x00', 0x9) unlink(&(0x7f0000001e00)='./bus\x00') sendfile(r2, r2, &(0x7f0000000000), 0x8080fffffffe) mkdir(&(0x7f0000000040)='./file0\x00', 0x80) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r1, 0xc058534b, 0x0) syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0xb65, 0x1000000000) openat$uhid(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/uhid\x00', 0x400000002, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000580)={0xffffffffffffffff, &(0x7f0000000400)="39aacdbe0c1e50d06f1628d697563afb7aed4b96e13a0ee0edb0fcfebd125e1e357c0fccb86da0d5880d3a1feb6647454362d127c19de170859213aa53231a7f4a355591e25c282db89631744b3a88d3b6b54137e41617eb0a765bf5bee06e1cbd4e714db8db6a1e10ebd11af1076fe05cd4", 0x0}, 0x18) 03:40:06 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0xe000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:06 executing program 2: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="390040ef7500bcfd5e68303cd3309d02031d1f4c6144828afd661f000066b2bb9a0644cc6db2c45d4ab863b7e0002d1fe550db98069219b55a"], 0x39) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f00000000c0)) ptrace$cont(0x1f, r0, 0x0, 0x0) 03:40:06 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffffa, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000080)={0x3, 0x70, 0x7fff, 0x0, 0x40, 0x8, 0x0, 0x100, 0x40000, 0x8, 0x1000, 0xf, 0x0, 0x80, 0x5, 0x1, 0x1, 0x0, 0x5, 0x6, 0x5, 0x3ff, 0x6, 0x101, 0xffffffffffffffbd, 0x1f3, 0x0, 0x0, 0x1, 0x8, 0x2b2, 0x4, 0x6, 0x900000000000000, 0xf34, 0x3f, 0x10001, 0x6, 0x0, 0x2, 0x2, @perf_bp={&(0x7f0000000040)}, 0xa, 0x8000, 0x7fffffff, 0x7, 0x5a, 0xfffffffffffffffa, 0x2}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = add_key(&(0x7f0000000180)='syzkaller\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000200)="07054ed5d1f0b1f5af66ad546bcf3a9839d53ebf861ae05d5d3618944e1e849c7df30b7bab3899e79e2afd442703ac03ca23b4ec5bf4ee203cfa5daa0dd27f00e726676d0ab07851121c283607041e4ae9b49f13871e3a5d2dd4fb0fa5de0282b894002c4045969ebe40428e5a38b86cb1629260919f10168032e0cbd028b51d947e04d8b74e11aacdbf55c6928888fe0c9a67921347a23711adb7c8b7f5e9630c25d676a97a3e104cebd5f548db3bb4915266e6f8b35641d0f1c2373b", 0xbd, 0xfffffffffffffffa) keyctl$invalidate(0x15, r3) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x8800, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000e83000/0x2000)=nil, 0x2000, 0x1000000, 0x110, r1, 0x0) [ 844.209820][T14623] Started in network mode 03:40:06 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0xff03}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:06 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000006c0)="0af51f023c123f3188a070") r1 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x801, 0x0) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[], 0xffffff94) ioctl$SG_GET_NUM_WAITING(r1, 0x2286, 0x0) [ 844.255033][T14623] Own node identity ac14140d, cluster identity 4711 [ 844.288651][T14625] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 844.297982][T14623] vcan0: MTU too low for tipc bearer [ 844.313948][T14625] CPU: 1 PID: 14625 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 844.323103][T14625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 844.333161][T14625] Call Trace: [ 844.336463][T14625] dump_stack+0x172/0x1f0 [ 844.340797][T14625] dump_header+0x10f/0xba6 [ 844.345211][T14625] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 844.351011][T14625] ? ___ratelimit+0x60/0x595 [ 844.355603][T14625] ? do_raw_spin_unlock+0x57/0x270 [ 844.364381][T14625] oom_kill_process.cold+0x10/0x15 [ 844.369502][T14625] out_of_memory+0x79a/0x1280 [ 844.370274][T14623] Enabling of bearer rejected, failed to enable media [ 844.374188][T14625] ? lock_downgrade+0x880/0x880 [ 844.374207][T14625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.374224][T14625] ? oom_killer_disable+0x280/0x280 [ 844.374236][T14625] ? find_held_lock+0x35/0x130 [ 844.374263][T14625] mem_cgroup_out_of_memory+0x1ca/0x230 [ 844.374275][T14625] ? memcg_event_wake+0x230/0x230 [ 844.374297][T14625] ? do_raw_spin_unlock+0x57/0x270 [ 844.374316][T14625] ? _raw_spin_unlock+0x2d/0x50 [ 844.374335][T14625] try_charge+0x118d/0x1790 [ 844.374356][T14625] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 844.374370][T14625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.374388][T14625] ? kasan_check_read+0x11/0x20 [ 844.374408][T14625] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 844.374427][T14625] mem_cgroup_try_charge+0x24d/0x5e0 [ 844.374449][T14625] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 844.374469][T14625] __handle_mm_fault+0x1e1f/0x3ec0 [ 844.374491][T14625] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 844.374503][T14625] ? find_held_lock+0x35/0x130 [ 844.374523][T14625] ? handle_mm_fault+0x322/0xb30 [ 844.481656][T14625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.487914][T14625] ? kasan_check_read+0x11/0x20 [ 844.492789][T14625] handle_mm_fault+0x43f/0xb30 [ 844.497563][T14625] __get_user_pages+0x7b6/0x1a40 [ 844.502527][T14625] ? follow_page_mask+0x19a0/0x19a0 [ 844.507818][T14625] ? perf_trace_lock+0xeb/0x510 [ 844.512677][T14625] ? __vma_adjust+0x1840/0x1840 [ 844.517545][T14625] ? lock_acquire+0x16f/0x3f0 [ 844.522226][T14625] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 844.528475][T14625] populate_vma_page_range+0x20d/0x2a0 [ 844.533956][T14625] __mm_populate+0x204/0x380 [ 844.538555][T14625] ? populate_vma_page_range+0x2a0/0x2a0 [ 844.544220][T14625] __x64_sys_mlockall+0x35c/0x520 [ 844.549259][T14625] do_syscall_64+0x103/0x610 [ 844.553861][T14625] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 844.559753][T14625] RIP: 0033:0x457e29 [ 844.563651][T14625] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 844.583437][T14625] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 844.591867][T14625] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 844.599846][T14625] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 03:40:07 executing program 0: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x1, 0x2) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000000c0)={0x0, 0x8000}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000140)={r1, 0x401}, 0x7) seccomp(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x15, 0x0, 0xb5d8, 0x4}]}) [ 844.607823][T14625] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 844.615799][T14625] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 844.623780][T14625] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff 03:40:07 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x34000}}], 0x20}], 0x4924924924924d0, 0x0) [ 844.677224][T14639] sg_write: data in/out 2020175115/2147479510 bytes for SCSI command 0x0-- guessing data in; [ 844.677224][T14639] program syz-executor.4 not setting count and/or reply_len properly 03:40:07 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r1, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r1, 0x20000000) r2 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r2, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) accept4$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000040)=0x1c, 0x80800) r3 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000003d40)=[{{&(0x7f0000001b00)=@l2, 0x80, 0x0, 0x0, &(0x7f0000001d40)}}, {{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f00000037c0)}}], 0x2, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") [ 844.746186][T14644] sg_write: data in/out 2020175115/2147479510 bytes for SCSI command 0x0-- guessing data in; [ 844.746186][T14644] program syz-executor.4 not setting count and/or reply_len properly [ 844.772335][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 844.779057][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:40:07 executing program 4: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) get_mempolicy(0x0, 0x0, 0xffff, &(0x7f0000ffc000/0x2000)=nil, 0x7) r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffff9c, 0x84, 0xe, &(0x7f0000000040)={0x0, 0xb1, 0x3, 0x7, 0x101, 0xffffffffffffffff, 0x9, 0x40, {0x0, @in6={{0xa, 0x4e24, 0x5, @mcast1}}, 0xfff, 0x0, 0x9, 0x8, 0x1}}, &(0x7f0000000100)=0xb0) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={r1, 0x54b}, 0x8) [ 844.833238][T14625] memory: usage 307184kB, limit 307200kB, failcnt 15294 [ 844.864379][T14625] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 844.892291][T14625] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 844.920083][T14625] Memory cgroup stats for /syz3: cache:0KB rss:292296KB rss_huge:165888KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:219416KB active_anon:46636KB inactive_file:0KB active_file:0KB unevictable:26328KB 03:40:07 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x40000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:07 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='numa_maps\x00') readv(r0, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x101000, 0x0) [ 844.992663][T14625] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14620,uid=0 03:40:07 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x400300}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:07 executing program 5: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x6044000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x68, r1, 0x108, 0x70bd26, 0x25dfdbfe, {{}, 0x0, 0x4107, 0x0, {0x4c, 0x18, {0x2, @media='eth\x00'}}}, ["", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20000010}, 0x800) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x111, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0x4}]]}}}]}, 0x40}}, 0x0) [ 845.045268][T14625] Memory cgroup out of memory: Killed process 14620 (syz-executor.3) total-vm:72448kB, anon-rss:16052kB, file-rss:37160kB, shmem-rss:0kB [ 845.096326][ T1042] oom_reaper: reaped process 14620 (syz-executor.3), now anon-rss:16064kB, file-rss:37932kB, shmem-rss:0kB [ 845.251853][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 845.257733][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 845.261822][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 845.269267][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 845.731989][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 845.737775][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:09 executing program 2: r0 = syz_open_dev$sndtimer(&(0x7f0000026000)='/dev/snd/timer\x00', 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) ioctl$sock_inet_SIOCGIFNETMASK(r1, 0x891b, &(0x7f0000000080)={'vlan0\x00', {0x2, 0x4e23, @remote}}) r2 = dup2(r0, r0) ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000000)=@get={0x1, &(0x7f00000000c0)=""/240, 0x2}) ioctl$VIDIOC_DBG_G_REGISTER(r2, 0xc0385650, &(0x7f0000000040)={{0x4, @name="f86b00d1ba577b7099a12489ef5e4c11b942a0c0e0541e42224698b8c873a99c"}, 0x8, 0x8, 0x2}) semget$private(0x0, 0x0, 0x180) 03:40:09 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080)='/dev/rfkill\x00', 0x100, 0x0) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f00000000c0)={0x1, 0x7, 0x8000}, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040), 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) close(r2) r3 = socket$inet6(0xa, 0x801, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x1c, &(0x7f00000001c0)=0x10, 0x4) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x5}, 0x1c) io_setup(0x3, &(0x7f00000003c0)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r2, 0x0, 0x12f}]) 03:40:09 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x1000000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:09 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', 0x0, 0x0) r0 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x3, 0x2) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000700)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="c1000000", @ANYRES16=r1, @ANYBLOB="02012dbd7000fedbdf250a0000003c00020008000300030000000800090004000000080002004e2200000800090002000000080007000600000008000b000a0000000800060005000000500002000800040007000000080009000100000008000300060000000800040004000000080002004e23000008000b000a000000140001007f000001000000000000000000000000080002004e2300000800050002000000"], 0xa8}, 0x1, 0x0, 0x0, 0x80}, 0x8000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000200)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000140), 0x1c) madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0xf) ioctl$int_in(r2, 0x5421, &(0x7f0000000380)=0x801) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, &(0x7f00000003c0)={0x0, @src_change}) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='pagemap\x00') sendfile(r2, r3, &(0x7f0000000000)=0x100000, 0x10000) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000, 0x0, 0x0) 03:40:09 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0xff3f) ioctl$TCSBRK(0xffffffffffffffff, 0x5409, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x2000203a, 0x0) ioctl$BLKFLSBUF(0xffffffffffffffff, 0x1261, 0x0) setsockopt$bt_hci_HCI_DATA_DIR(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x0, 0x0) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) ioctl$BLKTRACETEARDOWN(r2, 0x1276, 0x0) ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={[], 0x0, 0x66, 0x4c04}) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0) ioctl$DRM_IOCTL_AGP_UNBIND(0xffffffffffffffff, 0x40106437, &(0x7f00000002c0)={0x0, 0x5}) ioctl$void(r1, 0x22e6ae92ed1cf43e) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80000, 0x4) ioctl$SIOCGIFHWADDR(r3, 0x8927, &(0x7f0000000100)) ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f0000000240)=""/106) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = accept$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r4, 0x0, 0x81, &(0x7f0000000480)=ANY=[@ANYBLOB="e4feffffff0000dd9e422e870791a03daa9f4bf73123d43d24314c0a2c191baa4c84232138ef6e199ff2b3e21c61cf7e232cd5d9f747022b5b02561f7abd16b8ae9779c5c47ffaf070f95793e68fd9c11ae99e37529af21d943dd3b6897d570ee1b7e451e4ed847f8784ac3eeb6c15924aef483b56ff7e00385de352fb928b7e620f8c8dcbab7589cf236ef40858353a39976a559a5ea06397bc8c50858e3b14fa9da762d452a35e0754bb35452906f201000000e284af99783ce3d5dadd763317b87e7c65c6bfc5512ed8dc29c33933a39327fb05c773a2d18ac708cae688888ceb63c2b9e745dc919565674412ce51ad435d23a0ea"], 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:40:09 executing program 0: r0 = socket(0x210, 0x805, 0xfffffffffffffffd) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f3188b070") sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@deltaction={0x30, 0x31, 0x101, 0x0, 0x0, {}, [@TCA_ACT_TAB={0x1c, 0x1, [{0x18, 0x1, @TCA_ACT_KIND={0x10, 0x1, 'connmark\x00'}}]}]}, 0x30}}, 0x0) 03:40:09 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/mcfilter\x00') ioctl$KVM_TRANSLATE(r1, 0xc018ae85, &(0x7f0000000040)={0x7000, 0xf002, 0x9, 0x4, 0xae7}) syslog(0x4, &(0x7f0000000180)=""/147, 0x93) 03:40:09 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x2000000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:10 executing program 2: io_setup(0x8001, 0x0) socket$key(0xf, 0x3, 0x2) r0 = socket$inet_tcp(0x2, 0x1, 0x0) syz_open_procfs(0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x2) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000500)={{{@in, @in6=@ipv4={[], [], @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@multicast2}}, &(0x7f00000000c0)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, 0x0, 0x0) write$P9_RSTATu(r1, &(0x7f0000000700)=ANY=[@ANYBLOB="770000007d0200000055000000ffff00008003000000060000000000000000000000000000000000010001010000000000001200706f7369785f61636c5f6163636573732d2c01000000000f0063626e6929000d006c6f7b73656c696e7578252e40000000000000000000", @ANYRES32=r2, @ANYRES32=0x0, @ANYRES32=0x0], 0x77) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) write$cgroup_pid(r3, &(0x7f0000000080), 0xfffffe38) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$ALG_SET_AEAD_AUTHSIZE(0xffffffffffffffff, 0x117, 0x5, 0x0, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r3, 0x660c, 0x4000001) r4 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) prctl$PR_SET_TSC(0x1a, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x4002091, r4, 0x0) ioctl$VHOST_SET_VRING_NUM(r3, 0x4008af10, 0x0) rt_sigprocmask(0x0, &(0x7f0000000300)={0x3}, 0x0, 0x8) perf_event_open$cgroup(&(0x7f0000000100)={0x3, 0x70, 0x3600000000000000, 0x62, 0x4, 0xcca, 0x0, 0x9, 0x400, 0x1, 0xdcd, 0xffffffffffffffff, 0x100000000, 0x25eb350b, 0x9, 0x6, 0x331, 0x7, 0x7, 0xfffffffffffffffb, 0x7, 0x5, 0xfffffffffffffffa, 0x1, 0xeb, 0x0, 0x800, 0x3, 0xd1, 0x7, 0x94f, 0xffffffff, 0x81, 0x0, 0xfff, 0x1000, 0x4, 0x3f, 0x0, 0x56e, 0x1, @perf_bp={&(0x7f0000000000), 0x4}, 0x200, 0xfeac, 0xd178, 0xb, 0x2, 0x79, 0x3}, r3, 0xb, r4, 0x8) ioctl$KVM_GET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, 0x0) rt_sigprocmask(0x0, 0x0, &(0x7f0000000240), 0x0) r5 = accept4(r0, &(0x7f0000000340)=@ipx, &(0x7f0000001100)=0xffffffffffffff61, 0x80801) connect$inet6(r5, 0x0, 0x0) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DEST(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000600)={0x80, r6, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xfff}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6}, @IPVS_CMD_ATTR_DAEMON={0x4c, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x100000001}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @local}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr="dbdc7d466673e28d371f2a01c7c48e01"}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'bond_slave_0\x00'}]}]}, 0x80}}, 0x20000800) r7 = semget$private(0x0, 0x0, 0x200) semctl$SETVAL(r7, 0x3, 0x10, &(0x7f0000000040)=0x3) [ 847.334843][T14685] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 03:40:10 executing program 4: syz_mount_image$xfs(&(0x7f0000000000)='xfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='sunit=0x00000008cffffff,\x00']) r0 = syz_open_dev$dspn(&(0x7f00000049c0)='/dev/dsp#\x00', 0x3, 0x24101) setsockopt$RDS_RECVERR(r0, 0x114, 0x5, &(0x7f0000000100)=0x1, 0x4) setsockopt$TIPC_MCAST_BROADCAST(r0, 0x10f, 0x85) connect$rds(r0, &(0x7f0000004a00)={0x2, 0x4e23, @local}, 0x10) mknod(&(0x7f0000000340)='./file0\x00', 0x8010, 0x3) getpeername$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000180)=0x14) sendmsg$can_raw(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x1d, r1}, 0x10, &(0x7f0000000200)={&(0x7f0000000280)=@canfd={{0x0, 0xfffffffffffffff8, 0x81, 0xffffffffffff0001}, 0x1b, 0x1, 0x0, 0x0, "7fd0ab85f7d14dac252db5d91cb73ced0592e9244aac561279efbdb2a03e18ba820ea2abb8dc797ffaf7cb6da5ff8fd184accba4d07c04e7ccfcccae27de49cc"}, 0x48}}, 0x4000001) link(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0\x00') ioctl$RTC_PIE_ON(r0, 0x7005) ioctl$SIOCX25SDTEFACILITIES(r0, 0x89eb, &(0x7f0000000380)={0x13, 0x10001, 0x2000000, 0x6, 0x5, 0x22, 0x3, "885a7d6e8eb051d25c8c2ab4033dd30817e0de98", "83c0ffcbbb8ed2993aab6d40ffb79fe263761b46"}) [ 847.431981][T14685] CPU: 0 PID: 14685 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 847.441139][T14685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 847.451292][T14685] Call Trace: [ 847.454596][T14685] dump_stack+0x172/0x1f0 [ 847.458939][T14685] dump_header+0x10f/0xba6 [ 847.463369][T14685] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 847.469180][T14685] ? ___ratelimit+0x60/0x595 [ 847.473779][T14685] ? do_raw_spin_unlock+0x57/0x270 03:40:10 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0xe0000000}}], 0x20}], 0x4924924924924d0, 0x0) [ 847.478900][T14685] oom_kill_process.cold+0x10/0x15 [ 847.484031][T14685] out_of_memory+0x79a/0x1280 [ 847.488741][T14685] ? lock_downgrade+0x880/0x880 [ 847.493606][T14685] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 847.499853][T14685] ? oom_killer_disable+0x280/0x280 [ 847.505076][T14685] ? find_held_lock+0x35/0x130 [ 847.509869][T14685] mem_cgroup_out_of_memory+0x1ca/0x230 [ 847.515424][T14685] ? memcg_event_wake+0x230/0x230 [ 847.520475][T14685] ? do_raw_spin_unlock+0x57/0x270 [ 847.525597][T14685] ? _raw_spin_unlock+0x2d/0x50 [ 847.530455][T14685] try_charge+0x118d/0x1790 [ 847.530479][T14685] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 847.530503][T14685] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 847.577692][T14685] ? kasan_check_read+0x11/0x20 [ 847.582592][T14685] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 847.588158][T14685] mem_cgroup_try_charge+0x24d/0x5e0 [ 847.593462][T14685] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 847.599102][T14685] __handle_mm_fault+0x1e1f/0x3ec0 [ 847.599128][T14685] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 847.599150][T14685] ? find_held_lock+0x35/0x130 [ 847.614532][T14685] ? handle_mm_fault+0x322/0xb30 [ 847.619492][T14685] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 847.625774][T14685] ? kasan_check_read+0x11/0x20 [ 847.630639][T14685] handle_mm_fault+0x43f/0xb30 [ 847.635417][T14685] __get_user_pages+0x7b6/0x1a40 [ 847.640378][T14685] ? follow_page_mask+0x19a0/0x19a0 [ 847.645583][T14685] ? perf_trace_lock+0xeb/0x510 [ 847.650445][T14685] ? __vma_adjust+0x1840/0x1840 [ 847.655335][T14685] ? lock_acquire+0x16f/0x3f0 [ 847.660017][T14685] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 847.666270][T14685] populate_vma_page_range+0x20d/0x2a0 [ 847.671756][T14685] __mm_populate+0x204/0x380 03:40:10 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0xeffdffff}}], 0x20}], 0x4924924924924d0, 0x0) [ 847.676351][T14685] ? populate_vma_page_range+0x2a0/0x2a0 [ 847.682004][T14685] __x64_sys_mlockall+0x35c/0x520 [ 847.687042][T14685] do_syscall_64+0x103/0x610 [ 847.691640][T14685] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 847.697531][T14685] RIP: 0033:0x457e29 [ 847.701429][T14685] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:40:10 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e20}, 0x1c) fcntl$getown(r0, 0x9) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) vmsplice(r0, &(0x7f0000000600)=[{&(0x7f0000000340)="2b2480ad9e38bf5f66cdd66395afafcd4be1c3a04ce5a4a793bb91cad3ae287697ebc799b90424f59c059b4bc473639d89ea77ec5fca8d3294cf7efd5e1f0a40c57a1e4b73f3b7795ac2c9dc80a1d89ced4a2cfefa2763116916028d1a7ef7bc4b52c446d41ebc1ca3db6327015f382d490a2c842080298b55c55742a367c0b41ca81db2fb84fb69f27a14895a67c041d2c4b59e2689545b1b3d13ed8a6c06f6303be4dfb98c74be189e3a5633fa81c70f8d2947736873fe9dafa7dfc303a575a784e88d481dbb035a56580ee4702f76dacc855338", 0xd5}, {&(0x7f0000000440)="163895f23c72b2e9df389166c16704c6ba07af6408f777e373a9d7207315bb80121ac81daffe291e53bfdab09319960114d3b010e41e3ab70ddf3ec0a2958f630e1a66af11c34199166f684f97ac4965ad4f607ba7d1180b3d0b5bdda0a4aac0e2ac", 0x62}, {&(0x7f00000004c0)="55b69ab4890704", 0x7}, {&(0x7f0000000500)="069dbe679b5ba1b4dba1a767e4a6ded1da946f43ff9c2ffe3d425d05f0f89859526985d3882d41c989f94079da29b83551e50b95d1375be90d8afa10a88a9da4cc2e06cd4f42c300aae939a810b4a42541caefd9a457cdd370bd4605c96ad2a399ac9362ce07df6afc44c39772d1b4ba8c0402966db949aa832892f07626f26f9552b5938ae2c3f9c634ec128fa05ed8faff52c522546103f971f6d41f9a515ecd465390c03a5e26fb7e0f25174b4a4edddf8bef3b5a54bf1924438a169b079f04dea65015fe9fce64beb024e54a5b87994cffee9a6bf223aecfcd75c96d2692", 0xe0}], 0x4, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x101000, 0x0) ioctl$KDGKBLED(r1, 0x4b64, &(0x7f0000000080)) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000200)=0x7, 0xffffffffffffff85) readv(r0, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/3, 0x3}], 0x1) sendmsg$IPVS_CMD_NEW_DEST(r1, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x6c, 0x0, 0x0, 0x70bd26, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e23}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@dev={0xfe, 0x80, [], 0x22}}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@empty}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1ff}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x40000) 03:40:10 executing program 0: syslog(0x3, 0xffffffffffffffff, 0xfffffffffffffc77) [ 847.721036][T14685] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 847.729454][T14685] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 847.737426][T14685] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 847.745403][T14685] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 847.753379][T14685] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 847.761351][T14685] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 847.787043][ T26] audit: type=1804 audit(2000000410.410:617): pid=14719 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir158851730/syzkaller.sbUpIe/1021/bus" dev="sda1" ino=17489 res=1 [ 847.804542][T14685] memory: usage 307196kB, limit 307200kB, failcnt 15312 [ 847.819207][T14685] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 847.827539][T14685] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 847.834718][T14685] Memory cgroup stats for /syz3: cache:0KB rss:292236KB rss_huge:165888KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:219416KB active_anon:46636KB inactive_file:0KB active_file:0KB unevictable:26328KB 03:40:10 executing program 5: recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000140)=""/158, 0x9e}, {&(0x7f0000000380)=""/175, 0xaf}, {&(0x7f0000000440)=""/171, 0xab}, {&(0x7f0000000500)=""/249, 0xf9}], 0x4, &(0x7f0000000600)=""/76, 0x4c}, 0x10000) setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000680)=0x5, 0x4) r1 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040)='/dev/capi20\x00', 0x204040, 0x0) ioctl$CAPI_MANUFACTURER_CMD(r1, 0xc0104320, &(0x7f0000000080)={0xa, &(0x7f0000000240)="0d64dc759544eb29f776e0ff2155061d613e37a86bd2d9ae4cfd4a1e06fe52d59c40ed0dfb50a73755b86174c1d932de4eadd257805e5a449af873f702e66f7218d0399cad032c6e4d03c62408841b036b1e800493cc59462f69c0bbea4500f0cee40db0af207c4dff9ba94e090a6c918dd176f46e3a1902f737147513db208915a2d5bd2695fba9eead790a5a411a2c4055563762efdfa3c009667b1ae22335dc1bcea74e8afe7e0f053db386861318a41576e9a63e6d03065ee1f0a50dd30b9b69fd7a5420ade3e0888825c3a4f60f48ab9389e9f1102e21edd75fea6d79f7096ce4b21f8ae781d999c87a2206bb5bbeaae7b7cb82526526a5280a64ae84bf3ecd2328a56d8ced2bf9d4e2f79cacc94c520e1ae49cf0e514ba875696fe1e02ee3c6e76f7794f60f56cd09f79d6890e8f7e823e00000000000000000000"}) 03:40:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 847.972007][T14685] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14679,uid=0 [ 848.015970][T14685] Memory cgroup out of memory: Killed process 14679 (syz-executor.3) total-vm:72448kB, anon-rss:16052kB, file-rss:37160kB, shmem-rss:0kB [ 848.061628][ T1042] oom_reaper: reaped process 14679 (syz-executor.3), now anon-rss:16064kB, file-rss:37932kB, shmem-rss:0kB 03:40:10 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:40:10 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0xff030000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:10 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") r2 = fcntl$dupfd(r0, 0x406, r0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r2, 0xc10c5541, &(0x7f0000000280)={0x5f5b4026, 0x4, 0x5, 0x0, 0x0, [], [], [], 0x7, 0xda3b}) write$cgroup_int(r0, &(0x7f0000000000)=0xff, 0x12) ioctl$UI_DEV_CREATE(r0, 0x406855c9) 03:40:10 executing program 5: r0 = syz_open_dev$sndpcmp(0x0, 0x0, 0x0) socketpair(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89f3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shutdown(0xffffffffffffffff, 0x1) getuid() getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000005c0)={{{@in6, @in=@multicast1}}, {{@in6=@mcast1}, 0x0, @in6=@initdev}}, &(0x7f0000000100)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000006c0)={{{@in=@multicast2, @in6=@loopback}}, {{}, 0x0, @in6=@dev}}, &(0x7f0000000140)=0xe8) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f0000000200)) stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000480)) lstat(&(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)) getgroups(0x0, &(0x7f0000000980)) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$packet_add_memb(r1, 0x107, 0x1, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) r2 = inotify_init1(0x0) fcntl$setown(r2, 0x8, 0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f000045fff8)={0x0, 0x0}) ptrace$setopts(0x4206, r3, 0x0, 0x0) fcntl$getownex(r2, 0x10, &(0x7f00000000c0)={0x0, 0x0}) ptrace(0x4207, r4) ptrace$getregset(0x4202, r4, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000a40), &(0x7f0000000a80)=0xc) lstat(&(0x7f0000000ac0)='./file0\x00', 0x0) 03:40:10 executing program 0: mknod$loop(&(0x7f0000000040)='./file1\x00', 0x6001, 0x0) r0 = open(&(0x7f0000000080)='./file1\x00', 0x101080, 0x0) ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000100)=0x40000000801) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000000c0)=[@window={0x3, 0xf6, 0xffff}, @timestamp, @mss={0x2, 0x9}, @timestamp, @mss={0x2, 0x9}, @mss={0x2, 0x200000000000}], 0x6) 03:40:10 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x200, 0x0) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f00000000c0)={@my=0x0}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_dgram(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x0}, 0x10) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000040)='team\x00') ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000020c0)={{{@in6=@dev, @in=@local}}, {{@in=@remote}, 0x0, @in=@broadcast}}, &(0x7f00000021c0)=0xe8) mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4000, 0x2, &(0x7f0000ff9000/0x4000)=nil) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000002200)={{{@in6=@ipv4={[], [], @initdev}, @in=@initdev}}, {{@in=@empty}, 0x0, @in=@multicast2}}, &(0x7f0000002300)=0xe8) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, 0x0, 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000004c00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000004c80)={'vcan0\x00'}) tkill(r0, 0x1004000000016) 03:40:10 executing program 4: socket$inet6_udp(0xa, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4068aea3, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000240)='dns_resolver\x00', &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, 0x0, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x6, 0x111000) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000140)={{{@in=@multicast2, @in6=@mcast1}}, {{@in=@local}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) io_cancel(0x0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000300)="3819c3b57c3715d7940261bd0f99873bdaa2c49e488aa6336976fa91397f40c19fda", 0x22}, 0x0) ioctl$sock_SIOCBRDELBR(r2, 0x89a1, &(0x7f0000000280)='bond_slave_1\x00') ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 'y\x14\bK\x16^\x9e\xc5/\x15\x95\xab)\xeb\xf0\x15\xf3{T\x1aWP\xac\xb2\xac\x95\xe9\xad9b\xaf5.S#\xb7y\x82\x1f\xa5^\xe1K\xf9'}) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000040)={{0x1}}) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4000) 03:40:11 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x4, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x80, 0x0, 0x800, 0x0, 0x4000000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = epoll_create1(0x0) epoll_wait(r0, &(0x7f0000000100)=[{}], 0x1, 0xb8) 03:40:11 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)) r0 = syz_open_dev$audion(&(0x7f0000000340)='/dev/audio#\x00', 0xfff, 0x2000) r1 = syz_open_dev$cec(&(0x7f0000000380)='/dev/cec#\x00', 0x1, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000040)='./file0\x00', 0xfffffffffffffffd) r2 = socket$inet6(0xa, 0x800, 0xf000000000000000) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0xc0505350, &(0x7f0000000400)={{0x374, 0x20}, {0x5, 0xd7}, 0x6, 0x3, 0x1}) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffff9c, 0x84, 0xe, &(0x7f0000000140)={0x0, 0xc, 0x30, 0x0, 0xfff, 0x7, 0x2, 0x2, {0x0, @in={{0x2, 0x4e22, @multicast1}}, 0x200, 0xffffffffffffffa6, 0x8, 0x1e247c4a, 0x833}}, &(0x7f0000000080)=0xb0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000200)={r3, 0x1ff}, &(0x7f0000000240)=0xc) mount$bpf(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000019c0)='bpf\x00', 0x0, &(0x7f0000000700)=ANY=[]) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xb, 0x7e, 0x6, 0x1, 0x1}, 0x2c) bpf$OBJ_PIN_MAP(0x6, &(0x7f00000004c0)={&(0x7f0000000280)='./file0/file0\x00', r5}, 0x10) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='cpuset\x00') mkdir(&(0x7f0000000300)='./file0/file0\x00', 0x5) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000480)={r4}, &(0x7f0000000500)=0x8) ioctl$CAPI_CLR_FLAGS(r6, 0x80044325, &(0x7f00000003c0)=0x1) umount2(&(0x7f0000000100)='./file0\x00', 0x0) 03:40:11 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0xfffffdef}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:11 executing program 3: mlockall(0x1) syz_mount_image$reiserfs(&(0x7f0000000140)='reiserfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x0, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000040)={'icmp\x00'}, &(0x7f0000000080)=0x1e) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/qat_adf_ctl\x00', 0x2100, 0x0) 03:40:11 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r0, 0xc02c5341, &(0x7f0000000080)) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x7ff, 0x101000) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffff9c, 0xc008640a, &(0x7f0000000100)={0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r1, 0x40086409, &(0x7f0000000140)={r2}) ioctl$SG_NEXT_CMD_LEN(r0, 0x2283, &(0x7f0000000180)=0x4b) write$binfmt_elf64(r0, &(0x7f0000000240)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}]}, 0x78) [ 848.541502][T14784] sg_write: data in/out 524252/9 bytes for SCSI command 0x0-- guessing data in; [ 848.541502][T14784] program syz-executor.2 not setting count and/or reply_len properly 03:40:11 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x4000000000000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:11 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='rdma.current\x00', 0x0, 0x0) ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r0, 0x800443d3, &(0x7f00000000c0)={{0x7ff, 0xfff, 0x8000, 0x2000000000, 0x1ff, 0x57e}, 0x4, 0x100000000, 0xfffffffffffffffd}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000400)={0x6, @output={0x1000, 0x1, {0x0, 0x45ff}, 0x400, 0x1ff}}) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xfffffffffffffdac, &(0x7f0000000080)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x707, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ipip6={{0xc, 0x1, 'ip6tnl\x00'}, {0xc, 0x2, [@tunl6_policy=[@IFLA_IPTUN_FLOWINFO={0x8, 0x4}]]}}}]}, 0x3c}}, 0x0) open_by_handle_at(r0, &(0x7f00000001c0)={0x101, 0x6, "ddbcb95916f7d79bb60c2248bc86110f44e83fe7a2898e41027751ab11ab5bf4749c4bec837dca2b2df12c08357f166c9af3138a4432847379db8972ececd06570fe09cb2a3c8affb934d8115143576f22f48df9ec58bf061744af4de2c5f31c92ebbf0636527b70d01e08f789ef663ceb6d6dd32a7000ea3b5780b3d06a6dec17553e4631f06df6abff63fd27271e9c9cbcb01a984d84477afe14168d9c51b6c26be80dda5e81d61290e7ba55cc0f4a93d37309576498ced56edcff38ad6000fe8dac428c749be9249653a4465101a81f8db98c85dee7cf2bcb64a4ab98c45c8698955abb62d0ec6d380a0b92f0c4cf3bec4cd84295f9b33a"}, 0x10000) [ 848.661689][T14794] sg_write: data in/out 524252/9 bytes for SCSI command 0x0-- guessing data in; [ 848.661689][T14794] program syz-executor.2 not setting count and/or reply_len properly 03:40:11 executing program 5: r0 = socket$kcm(0x11, 0x3, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/qat_adf_ctl\x00', 0x800, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00') ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000001440)) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x30, r2, 0x2, 0x70bd27, 0x25dfdbff, {{}, 0x0, 0x4101, 0x0, {0x14, 0x17, {0x1, 0x5, @l2={'ib', 0x3a, 'nr0\x00'}}}}, ["", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) sendmsg$kcm(r0, &(0x7f0000000300)={&(0x7f0000000000)=@nfc={0x27, 0x0, 0x0, 0x7}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000080)}, {&(0x7f00000000c0)="1b763ef6ad6e0880ea57a85fe03cbd938ce968788ae0d3ea43f2257fbc4b6451413094033cef7256440328c7c2920a91370cee1dc22142b586908bb31c13afdad9382f49e22b6fa27677fc56cff9c282d1983637c1587dfcec2af503d40e6fba80d4b859ce546887feb9716ad33264bfd1bae12687a7fe62561d414a61c3e0ceb25a38092ce97647954c8ba4243b654e65bdb47693aa558ce2d4ed9977aabb006eb2ff01ea7e020c4e28d99b02094b7b93a6757110d65177d6e451008a", 0xbd}, {&(0x7f0000000440)="adbab7293dd0b11faa8c7b8c938ea4fd64e37ae745725ba3e884cadeb23bb536f45e91fff6de4fa970a00c10d648b4d30ccf7e018672ccac842b8dd371e2ea30a5d7bebba103baf752e4ca27911a7d95aaf3d62863266511eccf09c7eac7be972d55638a7f453b92942ba9f1010eb15961bbe0bba965f9d705c8c367a9ba2fb75a845efc37a6be329a9a4a130ab212cedcc7759dbfd9a4be036be4cdf549d04b916117b976200878319927f50918ebc3d9efccbca22d228bb0a326fd57ff2b390583aa29baf03043cf033c03249e5c2af000ecbc4179a78ccf2a42528858602c2d1c27b2aff59d0b8ae3c28c96195a561c1a7e27fb2479f559b078f0fd56bc86582661c42a43c3aefd370014f08a186c3208c7245285ca485c45a64a6153230249724c8c6fe0df3c022ce563a3622ca3db4c51d9105fb56214ba030746b61490d36a0333c9e8a6db405f20dc482de22bdd74d3743f8058f03b7c887928ce75fa947757264f2af41c347cf746fd10b6df75a6c52ec284a165b5fdc385a2cdbc9ee7bd347f7cba8027ea8319f76efad75d5152826ba8e74c0f73d83954627e702e451bbd230bc8598f16abcac409b3dc5c34f9daa1994a0a4c6a5718e4416e6a2df36ef308ac1484668fd96ae99062906346f3a16c4afda5b7d35bb65916d47835631f49cfe7b01c1d04cc81124b4adb32c56454e90b2cf2893680e7979a06d4da2ad4734c7c63ac77afca1b4b2262158e41394ce86c28a61acc3f8162d8d059cac66a11f30ec8cd6094e7e9cb86c7a289c0fee8e036c46cc110f0c55d0d5e629b56da4e3c58126c038bee5505119231a73749dc13091a607dc0925faa2766d790e6959d1145f09f037cb6081b08cdcbd9dd0e5e9d98abcddca1ff5ba982b347aa3e07a5bb0d122e1206c10d9ace57a0c96e65bebaf24967055377578bda592a7d34100d246e63df9ef43d00ca6edf131a211c43214971da455f2073b58cc84a09b1988459e7d5dc9e77144919f3f2c7cbe8d42a9c6ea6ec892f524014a3bf19eae8a5f0d913092f40511e6fc10c29a355fcd8bc09a98c6f1f89e899765b1b966c93dc1dca0913a424225e75f1b086c9aec9f791157a9fee5d1bd5c7724b4e9b1b12eb6206d99c6b751d0842a50134fb49cab326536db5549c8ad7397124e6f3cfa5e8b197d6d3d0f7a5d37d5c7767b47fb5d4024961d108c5b403de535cce1989cd990d0657cdc85db4c0a74f3440d20998adb9ef971038fb482301696f2bd0154b2a9ace7d78e7d0098762ff0caf5622f690e1b51bc27443cc09c95450e2e87434729987a39924a76473549fb8bc8507f108844da4c7531a1a7cb62999e3d9a7917942924c3e8d0fc2566771c642a7c0b077c746de883b919c3a9aece7af91ae881c54a757efcdd60d484aaf0e7a1d6a3d6a1099c06018a3198b72d13f7c57e970bafbc7d1031b85ca54ada32a3778cb656e7eb614135f0f7c3b42b65f1ab3bd1dbcff3d2aff057e3785bf58d4dbb2e20eb358ad037e533fd1d462597a7a695e6814830e0489d359690be985bcff18b934f9d1bcc4c85d06788d6b17624c42df5329217fac0e49b78fcf4f01b5715c5ac21a81792ffde7949d35237f208e0a9973aaa1c8b86470cde232ee873011b49013340ad192ea39f7c1cfe4705e6f4bacfd45cc39c887c60031220fdae7818a1fbe1085a3a20316e439c41d7c068f4c6b9d8f1aca3d44cad0d12397bff664bcb7b6f016db3e1a1b2e0e1e00e9240dece6c75532d4580c9a4153a9d468438878ff1447d746f0bef5204e64d4240939f8527a4a8e7ffda0ff0ce11956e0b152967805b4db4539ac497aa53e09396b74412a63eac7658bf0b2d723c55435a927e59b9247596ee3168834d1779a6217eec69a87ff8d6cb633bfa55d40956e821dd06636251d2c9a73a85d42028245a0536bac9651c3dad068ec8065ee7e1b9d2cfa0cd6e53e9b1e9b6c648d57429a50508c6e4625215a169b73059de0db24b31bd7d54d9afd0e7e0c01fba51ba4136e24e15a78c4cbe0a562e2dfcb3e2b5cd813ee0080ff8e2e0ad14c7a0310756ba9000a58b8cc17dd706a60cba5e01452bcd998e519567fb1da763f13f3d28d06eac67908e251bf935325ea24b5701e0d997a2fe376a80b4e96cd4f664b1dfe244b2bfcac71adcf7ae015665994a3048de08e41e95aff98334651ba1a899742efc48bfa28f147472883c6bb0bd10cafcf7b1335f1a12b30a5edc6824e11bdb13be53ad66db8e6eeb15db1ed967d1b27a8dd3458030598984eccced7d830d012d4ead906412032edee2fb5f873b1efa6ac7d191ed11a1508d8ee2f7769bba7a5de3551ea17c9d623689b2319a3ea4caf167602339b229fd224d96ada45d9ff39559e1d7a40e9d0a8019751666a078fa0601287de155349808fa903695a6d36568ea81af24229a17e3a3c5389dc4a53122add055bcd723a4547da58fefe01c96035e1c7720c8fba1e37164b442246e259bd189f578d3cec22517e8d1dacf49ae17c7ce4262c2843e1d3d65ccd80895af8e6a6d64bbabdf751717df6fa9f1eb21f0a1c2dfade7974c9d67711218b3d215739538142b019072385429ff5c92ad2f6d3dd68fafc47d4ff89b28708d6f8e626f5c35d3aeab48f2dde6f52d23cfb523f30e2d586d34e931795eecbdbb8f286b1c32781520cf5fc77269b78309eb1bb291221bf4382bce27a93c9a0079b2e10dd4e051aed7c5f2344077f2358ea1b84afc7043c9dba9aaf0b8858990f38856f6dbc736f83b16507fc427440afa86d8ad441b47e337567172450f89683ce48eb51f4baa327c827683d9dd6a8b816338ced627b6a74a2f394955ce24e5d9cdeddee1350b89cbfa68cc89c441746e93eeaf5c8e2f9f9cf5208cdc7b4616de8ea20f7b98f6ae5a62cb771eca522d7d091fec6a1e7b12e0386d5d4c1dbdec2a0803304dce3b5121334f826a44cb724155dca2842ffcd892401d89b76ab2dc3aa3a48df904d0c4c70a55222955601ee53f3f60a7221c00aab98840a0df4d6ac66dfffdf20bf23bfe1d2e6c75de7a8e564503475754e22aa44533d24fbec568402aa608ba52656b1e4adec87685a4bee1859e04cc389db87a5624dd4a2b86dbad606422d8cfc5d3fa25233fed8572f724008984458967ab0a4e352f62cf86db360971337525bd24f4e8a6fef12806fff3f76edca8645a4bbf09f4bd1d8c1ef4ba263e2a36464ae059741c5b96fc6bd93379b18338c31cbf986904f8e60eeaa814e78df4b074fc00f4d19d39877ca1ebbda1f41aea0d481ac0f48abf1ad402efe2123a329a4a7427ea13ecc1caf19dadcc469e068e6a356c1a1ce532f3cf090d96af7b78840e1565bc611242a1a04c8d9b8451bc45c74743975b38726f8f2238277aeebdcb0486c7bc8a3e9f58704ee76ca18ff09fb4db90138569cbc3e6e08342385a76dc9f691d3c44c77c3679ae21faed4a034680e2053f8b9ac7639f06221e6ff7fd51020c3c53c358f2c44f48ba9b52845720f6283308e356ac9eca432e864c6ba5c6cdae886a6a15b7991a4280b651cc12558119e540c300403b9b3880b2e4f543ccfa132201a13e35251fc19da662713a9a7a00169a0474d4d1109d6f619a609d5a6fbb57c5f8e8c9103a09d52eed84d20ff85823576653e24900d4eed04c670356943fb4ad4778648c756f84531ae1105a40e1be47135d329fffd7776bba157f4b99f4015682e97f07453377a1755ec7f6b3adb26adcfdfecdf7b71b1c4d83cd554c65a1b662c2574cb1bc9f41376748cc4617770029d78abd165c68ef6fe1ddcedb15fcd36307c4009f5931d92eeaee96d9680b6d59ce8ed6f945e8c5af7b43081755a90f94adb42cc3bdeb614dd09f2f7d02b6f5ec03f9c201aa1f189b50765313321640274fdc8b095899738993c2faa8e842ddae3c65765e7282bb5c6a7664bafc28302f8b76c5d04a2a0640e9b17c5aa29d78367e8860bbeb6efe0a9559fa504e0a3bcd44525a5417b16ffb1ea626b20ac5a5fb184b88a7054feea020f9f7cd1d5d0bfe55550a5000d8d63f190f77a0dffece91f495e09b7a29aa91451756a5314b22637ee42f0bc91ae12d3d4e4268498c7a5b7bdf7df1ed585f3f6a0f4ce2c49283f806756b7fd374bd00586dca9d6736a63121ed2b4f91aeb17b6a0193306e019aecfba27c5ab428af8d766037f4373019c8a60b9319acffe154a77eecbc4f147c8f9c702f2376d16d176bc10a5f6afd0448170d434efbd566400baba3b634cf31247b6c6a10e906c0a88be02b3eb345abb9f303b37b9c9ad1ddf0705263c62487951a72df14707d7ff56fa0f746b02ba3caf6ef15dc026899fe4e4ab388870660d13932c7a96676c18261c650228356ed9269d31c9d829e0ddb90d563c53a752fcbb2a155db27cba1bac2768b11a26e100c4e80e042d0b3bddb72d5f98ac2e1900cd719a5a239209c2bcbef8166cbcb5f97385004bc7b3aa541ca87be0db00f7553249c0987d71c45e40179f7a5162c08e7da4f86305ea3b11403aef20a52047e1e95be629ac3e4c9929bb45274feb524f82f8b9253c22fd2c4fcc1fa2c058db2f337ad40d6814e75301c9e229a6eb9f17a7e5a67e63e931ef0e4b10d7001115fc69f53cf0fee3d0cdd98c7e1cb3d44e918af2872c679d876a2865abb413b96b8b37e03a31cad75c9bcbc9759ca7f337e5613e16c150d461cfb4877c84cffcfc0518f23b2d3b763b66a9d6db7c63f7ce264cb0b4461b88f0211f8c4d98238d38e2d6ee4ec7536f627a19e8b8e5c0808135c21290fc86dd3280c2127317739e29dab8314612a6cd704a78cff30ac284b281e8547d58111373b2175c64fdf60f78893f982a42c7ddb25c3f7e149c8c3560a9daebd331ed7c5cc66de093714f2221a6e3ce49f971934e2ca238b4fd1f920a672b48659ecb47e760ea9f26983c0211893ec5e976b7ea35d10034f2a33b88fe93ec2a59f3e3ed08def4f5980e73cf2b1f7efe9da3b5afb93676eaf5e64a6a74281b3ca9350ae9fb876df2c085fdcc821e4bb2b7326ef2955fd02be4ee271455f5ebf111d400c9eca612ba943a8eefbb30ad64304e2f67a6d88bc52d72339f407d76ed272aea92db3b2164113fc8570a15dc1351c3d7879379e0223f39cd7e48d71312250791008d41821e0ff54709fad2ddf004d8045ddd887bd287df1a2edad849aa8e07392f6d542f24077b7a2891c51515ce14c07e2b99ce7c5e8c3365e99e267061026ca8ba6b6a96ba6843de321bd4ef4886ada79708eed591ae983123e68ef1d37605ac70065a01d1612c3992d8d9c5a38830d409a31fe2b69255f1fb850f3f11b029623f517a7c14cea433dd31ddadc3d765a74b48f5946fea70335da9c37762a28ef0c0fa71660a9a07924c5e830165567456822543b31a0f71501c041705d7f4556c1fe52bf0cea54703448870c0fe79e9e71dee70f5e33a252d06631653e294376057b4239c9c2e84499caa73b2dd250ebb5fb4c8a081c41317e894086440b9605ff2bbde8cd653f3380980b74d43f0deed9c590bf7bab7e87eef5b11f4b255ad652c9210f85657dc1633f3ca84d7ca7e7496172b0ba06b73484fde76c95cea9cb1a04b251c14821a6b48c08d7438b572ce22d454237c7ae9c414f52e65ecce64df28591b62ed044cc10cdb18d504794475f6e9d54d0b93e5deba7b2c561eb49ca38721ff83e0ada2cd7b3a1d3981d88edbbe7ecf8e18a00404dcb71cb1deb053c16eb9298906bf0c92d940780d70d336dc1d63332563292c12f977", 0x1000}], 0x3, &(0x7f00000015c0)=ANY=[@ANYBLOB="7000000000000000ff000000aa810000ca007b8ede8a3d20191e940800000000000000e267f1c511e308035609504c8561b3f79743f197cd011982cf98f971b7e61ce8e70f0a42cda789267e9196353446c097afacf6bec3e7c37bfd67482ef572c9224cbacb93af139f0000000000007cc9b5ff10a4f26319c384e396f2e5333df02c4268a42ca2410732279a5686a7dc3da8b2ca250ddcc986bb76a4d090fb6ade33c73c559d5e1013128b6ca2ab7f3bee804946291489f600003620b0a765378c58eac95c8eba389ef12f7968314b83757fa6e2776404878a79e557f4b94b735c3e922f8580c19997cfae9b4c391eb4ec1bcbdbeab3b569c300abd19eb570420b2cd7b903a4f7da5776ad07c5efa1d67a4214086254f36cefd493c7075cbd17be7dbc0d7958fd015e80ab1267903280ed9365ea0a0c43b8491a09e3fba916a35bb652581b9cad1b"], 0x70}, 0x8000) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x800003e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x4000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x0, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000180)=@nfc={0x27, 0x3}, 0x80, &(0x7f0000004e80)=[{&(0x7f0000000400)="c10100000000000001e5f700ac141428eb", 0x11}], 0x1}, 0x0) [ 848.730074][T14783] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 848.766036][T14783] CPU: 0 PID: 14783 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 848.775173][T14783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 848.785217][T14783] Call Trace: [ 848.785238][T14783] dump_stack+0x172/0x1f0 [ 848.785260][T14783] dump_header+0x10f/0xba6 [ 848.785279][T14783] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 848.785296][T14783] ? ___ratelimit+0x60/0x595 [ 848.785315][T14783] ? do_raw_spin_unlock+0x57/0x270 [ 848.785334][T14783] oom_kill_process.cold+0x10/0x15 [ 848.785354][T14783] out_of_memory+0x79a/0x1280 [ 848.813956][T14801] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 848.817914][T14783] ? lock_downgrade+0x880/0x880 [ 848.835464][T14783] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.841703][T14783] ? oom_killer_disable+0x280/0x280 [ 848.846904][T14783] ? find_held_lock+0x35/0x130 [ 848.852188][T14783] mem_cgroup_out_of_memory+0x1ca/0x230 [ 848.857738][T14783] ? memcg_event_wake+0x230/0x230 [ 848.862777][T14783] ? do_raw_spin_unlock+0x57/0x270 [ 848.867885][T14783] ? _raw_spin_unlock+0x2d/0x50 [ 848.872777][T14783] try_charge+0x118d/0x1790 [ 848.877298][T14783] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 848.882860][T14783] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.889114][T14783] ? kasan_check_read+0x11/0x20 [ 848.891090][T14804] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 848.893970][T14783] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 848.893994][T14783] mem_cgroup_try_charge+0x24d/0x5e0 [ 848.894016][T14783] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 848.894037][T14783] __handle_mm_fault+0x1e1f/0x3ec0 [ 848.894058][T14783] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 848.894074][T14783] ? find_held_lock+0x35/0x130 [ 848.894094][T14783] ? handle_mm_fault+0x322/0xb30 [ 848.907798][T14783] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.934038][T14783] ? kasan_check_read+0x11/0x20 [ 848.934063][T14783] handle_mm_fault+0x43f/0xb30 [ 848.934083][T14783] __get_user_pages+0x7b6/0x1a40 [ 848.934112][T14783] ? follow_page_mask+0x19a0/0x19a0 [ 848.934126][T14783] ? perf_trace_lock+0xeb/0x510 [ 848.934142][T14783] ? __vma_adjust+0x1840/0x1840 [ 848.934164][T14783] ? lock_acquire+0x16f/0x3f0 [ 848.934179][T14783] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 848.934198][T14783] populate_vma_page_range+0x20d/0x2a0 [ 848.934220][T14783] __mm_populate+0x204/0x380 [ 848.934238][T14783] ? populate_vma_page_range+0x2a0/0x2a0 [ 848.934262][T14783] __x64_sys_mlockall+0x35c/0x520 [ 849.006296][T14783] do_syscall_64+0x103/0x610 [ 849.010899][T14783] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 849.017316][T14783] RIP: 0033:0x457e29 [ 849.021208][T14783] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 849.040820][T14783] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 849.049242][T14783] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 849.057211][T14783] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 849.057221][T14783] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 849.057230][T14783] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 03:40:11 executing program 4: r0 = creat(&(0x7f0000000080)='./bus\x00', 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000015c0)='veth1\x00\x00\x00\x00\xff\xff\xff\xff\xff\xef\x00', 0xb) r2 = dup2(r1, r1) sendmsg$IPVS_CMD_GET_CONFIG(r2, &(0x7f00000001c0)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0x1}}, 0x0) sendmsg$FOU_CMD_DEL(r2, &(0x7f0000000880)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x4000000004}, 0xc, &(0x7f0000000840), 0x1, 0x0, 0x0, 0x4004}, 0x40002) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000200)={0x7, 0x1, 0x80, 0x2, &(0x7f0000000040)=[{}]}) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000100)=0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000380), 0xfdf5) sendto$inet(r1, &(0x7f0000000000), 0xeffdffff00000000, 0xc0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f0000000440)={0x0, @in6={{0xa, 0x4e22, 0xffff, @dev={0xfe, 0x80, [], 0x12}, 0x1}}, [0x7ff, 0x8, 0x9, 0x1, 0x18b160000, 0x8, 0x9, 0xe34, 0x20, 0x7ff, 0x3, 0x1, 0x6, 0x0, 0x2]}, &(0x7f0000000280)=0x100) rt_sigtimedwait(&(0x7f00000003c0)={0x7fffffff}, 0x0, &(0x7f0000000580), 0x8) ioctl$KDGKBTYPE(r2, 0x4b33, 0x0) execve(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) 03:40:11 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x40030000000000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:11 executing program 2: unshare(0x6c060000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000)='IPVS\x00') r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0adc1f023c123f3188a070") sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="000000002758855f9cf57e1bb5da06ef8c7588b58d67584b00d8d5e72b97879363a998a9db205a48eea3ba34ccb563e3f5ecc17a3b9e5a95a659b8501c54315aa0db1b6db66c06fe8bd14d40de14e55b515d9a501d9395f606b3642656d5144390048df90bcea90a3fc7d5bd5df7cb7568e31b4be05d1dd222635d30e353dbc59a1c506f434e87ce", @ANYRES16=r1, @ANYBLOB="01020000000000000000090000002800030014000200697036746e6c3000000000000000000008000300000000000800010001000000"], 0x3c}}, 0x0) [ 849.057238][T14783] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 849.057588][ C0] net_ratelimit: 8 callbacks suppressed [ 849.057596][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 849.100640][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 849.113401][T14783] memory: usage 307200kB, limit 307200kB, failcnt 15325 03:40:11 executing program 5: setrlimit(0x400000000000007, &(0x7f0000000000)) socket$caif_stream(0x25, 0x1, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2) getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000080)=0x4, &(0x7f00000000c0)=0x4) 03:40:11 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000000)=0x9, 0x4) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x12, 0xf0ffffffffffff}]}}}]}, 0x3c}}, 0x0) [ 849.132178][T14783] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 849.143248][T14783] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 849.153283][T14783] Memory cgroup stats for /syz3: cache:0KB rss:291928KB rss_huge:163840KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:219416KB active_anon:48820KB inactive_file:0KB active_file:0KB unevictable:23904KB [ 849.192027][T14783] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13776,uid=0 [ 849.192401][T14818] IPVS: ftp: loaded support on port[0] = 21 03:40:11 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x100000000000000}}], 0x20}], 0x4924924924924d0, 0x0) [ 849.241412][T14783] Memory cgroup out of memory: Killed process 13776 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 849.299164][ T1042] oom_reaper: reaped process 13776 (syz-executor.3), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:40:12 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000f40)="03f4a2c970de1d9c3776a9481255ced5dbc57fe63cd931916a02bae17f7850aea473b1c2395dcc0f572febcadeb7fa0f2ee9dc78ccc69169ccfc0bf46dbaba25f3f5a75b77654c0cb9989ea026da080991348232bc2541328a29ec7e06942980144d2ae1b8811ef7af232c4bcb7d89d1aafda6e27d68ed8047debe4f6acdb39851142538045af7a37276d45101a908acd7e6586aaa477a1ed765207d078f68d3f09646ebb175b64f48673bab39a740b280f8876953befe1c9eb8b1494786cdda1a87dbce11989c23041ee13071a5af0e17e267cc0bf8e310b695e5f3bf0f5e0a5ba3393a682e7d0cc9a93e2c8faa4f71f684e0ac9feb65e2a8cb931b4bc84551fe3bc41bdd5d148b8b366152e78e76a6b4bf34f883b99166fc25192d0ea28755cd248b191b5951e5e9ec835e6346d71f731b28e9ad931c763aa39e5da99743f9456069cc9b68fe6eddab20e52fa3d53cf8185941cfbb80fd2dfe9725864a087c899226425347602b7410d8c069f1e39936f9239cd4d7079f129fb5b4d760a4b2177e7ccc63f264b1c67373615d9eebcf66d939d1370d30eaee458bdd9d0648e176d21f692ac7d4b62fe532af6da0d6d6e3f8d97fb8919fff827fe62c55f0bbcf3a041d3cc2ecb0e834e4d1f88e4983d6f73fecf5cb6d48e28e71ebe59e7539f4300bf6dfd524d315a7e6f6532c51fa36ffbab4885941c0c035ac0806b58c29feb116c3d85c0154eddfd2cfc9017f81c552db6e94d9e42b29af03607f1ed1ac959a2fdc0ba3ed50b9097431af7ede1df31e2606bd345079485bc09861f3d4623b6193dc541c725fe46abc897f4338c6a0f23327274c1da976c81dfc5ebbed8ad8309be1c91fed57b774d646a97a541fe3410878621c84d9cb2d2ef15839ba9f880ce7bb5df9a1e75ecffe6a936bd16fd39bf3f64992f45b31add167e01c18c3dfc50e35b0368419ea838de6b2b7a50fd916f805dc8f6bfa5ee01b6438439720eb230ed99200d6894f22afcbb2a9dec265cce0e69aa5af6cf7c7f2333cc541e2d5eb1c77f050c311bb5963c2ed8ea62210db8875a0274f43ab7ac763fee39424eacc45a565fd0f900828715842aef63fa9f6397f16975a1ef3a5911b1750cf599c4c2daa7f2c76072f479033d125cddfc37702fce70487fe074eef68f1bedde8799658616febb15c43f199ed280b434659c041407c3f815507b0fdd8d4488989c5dbb64f058560a834ad2a70e4ec31933e9864946583b15454dd8d04554c01aaed08cd2294bc6d69c3b8b18c559e11da12a334d069f1151822026d5b132aafcbb53305c092b1906339dcceb79684f154bcf81e4f056bb68146e81bb26cfcc022986b3c3b5824f0966e6fb9dbce2a263056e447aaae6a08769beed863a2124e90d9e449ad4a8d0960336a3a5491dab01148af24edaffd81ae0001e54060f3d78898e3faf29f68fc067290ad76d19eb96a08e3a6c55df79d0e13880e9dad3369c57aad13754103474252d77689a961d4a650dc382375ed755996a13376d1475ec20fce6de1d10bd89ca5ed45439442b914e8334ae0bab1ab7292f0faa0a2b43541f76f831a9d7d946e34d980c6d953c94edca0494a28e9b08958370daa8fb598c62d6e74703752d36a5dc80e3c823369f5c9140e8a57e536b5c48350127f2a014c3ba68089ecdb51fa82de8bec9f4bf14fbee95b2c0caf5b072b57d92c72830eca8457dae86ff2c36ef51d2fc42dc11ca363a1e39e57ddfdbcc49c60111488c9af3d3ea0a5a3505166459a586ccf7481212bccda923f3fe93b0e04d11a71a99e90d756e5d52433176b328de897f805", 0x50d, 0x0, 0x0, 0x0) r1 = semget(0x1, 0x7, 0x48) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000080)=[0x3, 0x30fac3e8, 0x0]) sendmsg$IPVS_CMD_SET_SERVICE(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40024}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x90, 0x0, 0x4, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x20, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@mcast1}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e20}]}, @IPVS_CMD_ATTR_DAEMON={0x5c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x2c}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x10001}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x16}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, [], 0x2b}}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @remote}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x80c0}, 0x20000801) [ 849.390616][T14822] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551615) [ 849.411882][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 849.411923][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 849.417720][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 849.466916][T14822] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647 [ 849.548365][T14831] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551615) [ 849.578088][T14831] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647 [ 849.891866][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 849.897704][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:12 executing program 4: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000942000)={0x2, 0x4e20, @multicast1}, 0x10) mmap(&(0x7f0000077000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) connect$inet(r2, &(0x7f00000004c0)={0x2, 0x4e20, @empty}, 0x10) sendmmsg$unix(r1, &(0x7f0000005c40)=[{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001740)="8c686968bb8a3fdb416bd022d10acce5aab5d63f693f943d72e41e6e1db62ecb2c9a424b1c4ce2ffca8ffc5cb72cd2249f5b0099a2a18a60bf83a98324155350833b35bad97bdb5e0b19b3666f4cced0859cd1b155f81101c96777d75681d8f5599a14aa09801e44892cd2b4104060a38518c885b1bb0264c4d68b5149b2e652330034401fed3db2870b851a47b4a749f686638065b18ebefc86158ebf9ee98a502b3289ee932df03ae982497f88929045cc405f23944d31ad1a2d458e28a636b81924ec7cda1355f53a452d64beb593f9da797cb27a67ec4b9a8d3e8afa1445ef6ac7039113d5075e923195ad8c8f739c4bf2f892e143650051c597ab6b0c14f17c213321042d1cc9819ee024daefb6ccd1a89f83a31eb6092c4a8e0af3bbfc05837cbebe8e576d38432396b8d72fe6d699915f333151fc84e424f6dc3e32c1df4140e2801839aadbec13a10b692ea87eb672402f08fa7ce376ca693a2d046b46fff1547d3b836f29e26b8c67a76fee4435a528ad7c968cc18cbad7254e3874b507f9b291fb288375abae84058c41099d5c596602b24b1f2ee5f3657e2396f6f34e6bcc7da23b6383d7d14f46841057e4ac3978dd906a811306671080203f55818b0c691872c2ade03173918d788caf7b67425561d4e13097cf45fe6ee599783e0b2ff8a2693b52fd23e8636078f34d69c2af1a838abc2e37149f3572fbacf39102395dfe86a4915f50e21fd1dbc50c6f31cab16cfc3a71d7cd1863c3b32db2835b25e6f2b2fdacbcae4cc4dbec4c751dc27c0ec2e4ed9fcba740379dede9d985ed21cba1ea3f811a608c0d2643ba2aebdabf986526cec755951bdf5f305dbb11e81e2dcb6fe43ce8b4989c730613af201d3f5a931278f6534750884396739b888680c175907c611cbde87204f873d7d0b5a09c541b5ce7061e2ed29a58dcc544d31632e2dd115738e14c62b24cf31b93c500c0c58fa405cafbae28d01f7a69f2f85743f9fbd5f4aee5ba7750e0c4c56e4910be251ad786846b82bd4474cbbfb0b0a762429e87693c1ce98db2162e8ffea28b95aa312838d813b1a802490344799b4b9dadb07bf717ba5d1ebe058cf1c0d2615cf24cb851ac8c95714877117e25941e478b805230ab1dfb7c227946278dfdd8d861599f48464aecd7bff0323be0e4c50d2298ec4b32fd3deec32c61862477e5b4ace45040d3dff838783258aca60d0ee19c92429848f47540b94fe72a8cb987a1d1e925ed683343a38f2e0218339ddbfee8ea7fb03977de0960737c49341ae6b3f3c78c004540b4c4b036ba5219109821b48dc637d419c03a3bc9015b7bb713463bdc5af5cd034b8690b6b83a1b84197efb49fecee7358715cf400ebe9f972105bf9088968068bde0c6895579cc68fba2ba4d9e4d3132f08749867d681b0916aa148ebdb54f2f8267b0480c22de696f0938e694ab0faa63f82d12a0e7f0b314282e18328efd7fcade3ffd5b0d7ccd3c7acfb4fa9882201e23ead4278de567e97f1c6db1eafff11b6a61bbf18533bdf67a419dab9c6c2fad4c50b23e9bfd8fff4998dec72360d132b0e97020f2895ed4e43a5176af90b5ffc9143e3ec8dd71bf7addd7031a66605738f3e7026b85b2a07a54ce96e29cb5f71f8fdba420dbafab9ee2d68a4b587aae7bf74a4c013656e5889e3348a761d24eda086a61a62dd8a8fd4783551ccdeff8206b998413439ae4dfb51f1842a9669fbf8da365d8575bdfad90743f521638becbac42dc96451f5996953cf1a45469dac2d93960252e6d044fbe1734a46c60048ae0264bc23c323cf88826e5f6979b9134b4a4649fe7df2a3498dceb5ea6bed23418a77c92e048f70d24040de174b8f61bbe03c2c9578d8c6195a63b7f0405dd6298b594d73e8dc92b1da3d6ed06e87fce80904bef27bf52a0ab6ad584b01dd7af9653f6b837492dadfa13d6dedebef0f1b57561e0c5ebbac731f3a2223c2627474125bc645cfbb94afb3007af3761dd79b23a0f90695d8a02d3f317dd2c898cb70fc2178505a1bdcd36cf22bc48956872a758d071791c0a926dee731b87590ac60d601608b33bb9458f8a1b9d10422fb26f52c410cccb3cb6c8db0d8175ed092fee90bc98763359c7970f2479c9f4411e3e288c11b12bd34c5d223c37e5082e8bf9938b7a36c68eb9dd844f09bd2c9a4053e281c779507877d5e21bb2f9e32222eb6cdf7f24015d267d97abd3942ed4a27426661b2a014eb79ead9a8e4a3299bca4137d8f32532f47ae33f46db2f48c27e8151eb0e15537debadb59251d895030168cb3295997c88a864015e52f131604c1373ae76b4b725cc62ca2d45da89c30ee1083dead0166897c2c8b25425a4a111b69b3a2cb457ad5b8ac1a07a152cb3f35a3bf424d5fd8cc9f7f90830cd9d6dc694e5d141404ea55acfdf3828e7b4551e2c74b5acf4d0144e3e39e04d186231e054c29f47972b6971c93a481fe687b239972be4ac26d4691845fbda9366d0c990b92b0974821d13c9e225b7df3786f38688a2ac36797b47180a6c99e0933e336f55a39b953dfc4d63c32a01cf9b54c05dad7f5c5615e2f2e97ee25c51898a2afc5514536da03aeed9abdeac10c52f980e551bdab3a8398e3f38f51eff725f472f60539abfc36a3ed5ee3d760ceb77f6d4e34d85ae21e4ebf059fd1f1c1afbe05d47b2b9a0883cb6167729ebca402472eac3eca1b3062599760d30e178d54c35a33b1d9da6b3a63fb30b7ab902a20bde2c6af41f230957198798e9a21f020204bd08092e702a0ff8436750441a1e3896c2f6006955e42b1e46983dcd1407f6cfac743a710458a1533378606da2bf8cd6544c2b085ef32bdb1c72442dce3dbe22d5da90227a74c6f19859c3cea33c3251c5b2217b53806ef080bc0dfa3125cea169139fca3df72292160f4c250f713faf1970c62edf40d24546058d0b15f2868bc589fe8c2919e14f80aa4709bb221c8913f81eabb6a34cb46fdbe36b4b54d7038a971626ed70ed0f60630c637f826b0ed05817f6f728af08072aded958d69f8d250d0fb51aa5b9523a12051cad4e3d1a972b4fa509c66aa49f8124533eb79a4bc551359f41c7e1af744fb6158492611676eb0400c2d9a81122f25255e84b748a6f8e55f234767742b73d2b4b7aa405037d883a9ec7eca2b86c44c5b3354b7e84ba46a4771e0d09e77110c573a7adcaf5b0b4a215512ab149160c3ac4935760ae9cef7647cca6a08755de12be42eaf1a17d11deb508680180f99161f48c4099f8e6ab9372cba235b9c06fe426d1f58aeccdedc93cbf1e1b70d05fef893d71b31ff3dc100dc60aaa541e705dace19db4c022f16e9aa30d72f9957c84ea708bfbad323f01932dd3b716968583b2a2c2586d9c2d334ca058b80509cd0cecf6adc5ca6483f3ad34e37602cb212cae64bd96fd2aa45955db0d98a2d12c6e56963779396fbb7ebd5534b534406e3d35185e5f98a0e13be9478b4610d8695ea597d3d98076ca75c3d42d087e0f60786f315042596dad03f424195277aca45c37667684625b2041eb2704a2c93f86309ff359ce695896e8577d43a67fe4a1f23e48f3d37e30ce5258d9076a744490c54d76af358d19810e994123c028104f8021b044ffaeb976405edf085044e849d57c02c4d76cfef704e956f6b07c51fe3d083ec8b53751086ecd8550615ef940bd9248ca48076c1ee46f00f1e5b6c652ae1bda9fb09a9ab313d91f69ff1b43593b2816a2ddb15f53ba65239cd447d2a48fc4e86163c1712bf76143d2fade0445e20c6e265cdf4b3aa2d2fe0728bc18582c42a0eb396c771930826fbc5d194d18261988b2b08d318e573550a1e9150033d97899ff61da2fb718296a248ab683d4dcde37f2d2b9e89ec17cfc73351f98ee39c135d0dd77566d622ea9dd7b9c89a1b10985a3812b8d9ad54ba181a9325a53d96f478da593ca8e263a2f6ee32abf9ac776c0aa0a5a5934df153271188d66a6e6ad98eb29950b6f83331fc87677654b9afad5c5587d36e415083b81c0cc99be0d1ac7815981a3936e22f660de319d1761e4a5f9be75ec032dcff84699775b241550f9a978e4f6d266a115a1794b94e910e106cc413dac79781c3110faf8aca55dc768a09bc45ce2c686076956a4b7c6cb51ba735e31af4a58a68f6f43db2df3df2f8e114640bb5b3868dd985b473c65f51dd055ab5c5de5b3d38fe2b5e285c202a6a5745fe2cc4321851907b88faa83f68c3ae26cfe076303b8822229947380c1c37c0dcd473ddc3bf6507285f040c58c9e8edcce081bafb33d2c32804cc8f80857310edcf0d70c482a7056c5e9a08798f1cd97264674f6676dc5757fcb941e405f5aaa3a7124df08a3424aff17edef0627fddb4487320f63a74c7230131bb18301616a27a39d78cf4c0cee5af042ca4df06495faa2289bfaeb769cd0c2d38f55bad88967ef343e5bf6c752baee0810618bf02f268266057bb7d4d5d9999b151ac135f67afaa3ecc857249165e3428221508c301d8abb61dc2d7cc7d5a892e4cf0a2a7faaaf3a0e17ee06e0be3d1bdb8617f9d628a26f9fca496ab34f2199ea71cfbd90e0460f71cec34d8efe094bc0fa19498325bf4686a85511fd5f9b242a48eefdaea3ee19fed4478b7cf02dda659d2ff9d8dd1871e0bf3a0d892e9e587d082d89b83935215c3222f9795bcd64ff118109f19c0e8f3e4198dc697bc62d89f032f12f71560d8d2fd192402c039060ec88422d64130ff64c0526775a97f617b03bf8cb429ae4943e0d84c80ec9c4dcbb08a4f295b54e72b460dda620a5442c39858e1a29b5204ed61a4a69b7906dab061654d2e3c12413538e77dfe02194fece0a7719b431f1f9389b704b4d3ed5261ff0868e73a1eec8f503d8e56dff914f9ce8e1d5c1b12e2994c29e5af972c004c974f3e8e596b267ce0024a0681961213c7fc162bb2f84d640dfeae40ee41aaadb889c0ece9cbf779dffe448779aae998852c9d55782a21d1cbfbe68920751ff8c03524bd0532872a553b6df481e11b9951b4140299873ba598cc268c06af44d8ae8832504972ad52fb205bf6be19f6795c70569e45841a0c36aa094e9265a14162b255e2d78b91145a203bbe4af84623468860f6491ff4bfc9c77bc779b6d82a63f08b6c36e4aa7d15a301504c7c1cd33ec1771e37cb196ad24c7939fc12ced2df72cb460aebb97bc9b8fca254bbebdfa50c09f5418903cc695c966f7ce109b26bbd5bba0f64155a0850da06e68e05837815abe22111aae04f1e223d5a0c9ef40017edc77ea5d19150b5f7f1ddcf215bfa1fe6bd829d50e5e8562ef9e7039d2bd2caef7f52125008e15b5b47d99f9357c017f06f9728987ceb2914a2bba1ccffa1492d75012f47e4a8977941134ec10f9a672fcfb1a513050ac34650c63f9a7c19ee179f289383df3b440119a6a45760d3889637b1408e9987d40f3b8a7a29970df5a3b292aeefa05d55800200d40a30303d9c94c47779d68d11ef3e9bf0511822e316327e682ae760a25a64ac00875a02fe741fbe4ba7cdadad39bd279c6d35e4deda38062aaf33f798e3369cd5b1d201f16ae0a7e3bdb694eebabcdc5bcab364c7e24a2540edc41fd1d240eede5c0c72f871846859a7f53354d1c6a23459b60dc73e0637083cf1ed2a802d929dcf374de1ba891a83923236f65170f8b77f83c1474d22cfc3d289cc6654311237ef7dd24466329f71a6d9c0e60f2e352c01925f28ff2b8e83b7e8ba7a7ff49cd09a9b8dbea64988e3c8930d8e47106d149b585fd8f5893ad822f40854", 0x1000}], 0x1}], 0x1, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000077000/0x3000)=nil, 0x3000}, &(0x7f00000000c0)=0x10) write$P9_RXATTRWALK(r0, &(0x7f0000000000)={0xfffffffffffffcbd, 0x1f, 0x2}, 0x144) 03:40:12 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x200000000000000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:12 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f0000000100)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x101000) ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, &(0x7f00000000c0)) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc040563e, &(0x7f0000000000)) 03:40:12 executing program 5: setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000780)=ANY=[@ANYPTR64=&(0x7f0000000800)=ANY=[@ANYRES64, @ANYRES64]], 0x1) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000380)={0x4dc7, 0x4}) r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000240)='X', 0x1, 0xfffffffffffffffe) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000000c0)={0x0, 0x80000, 0xffffffffffffffff}) fsetxattr$security_smack_transmute(r1, &(0x7f0000000100)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000140)='TRUE', 0x4, 0x2) r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000340), 0x584, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r2, r2}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'crct10dif\x00'}, 0x0, 0x2eb}) r3 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$IP_VS_SO_GET_DAEMON(r3, 0x0, 0x487, &(0x7f0000000340), &(0x7f00000003c0)=0x30) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f00000002c0), &(0x7f0000000300)=0xc) 03:40:12 executing program 3: mlockall(0x1) r0 = syz_open_dev$sndctrl(&(0x7f0000000180)='/dev/snd/controlC#\x00', 0x2, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000080)={0x0, 0xfdfdffff, 0x0, 0x0, 0x0}) clone(0xfdfffffffffffffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat(r1, &(0x7f0000000080)='./file0\x00', 0x400, 0x8) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f00000000c0), &(0x7f0000000100)=0x4) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) finit_module(r1, &(0x7f0000000000)='trusted!:mime_typevboxnet0@}\x00', 0x2) r4 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x20000) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r4, 0x54a3) [ 850.096765][T14848] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 03:40:12 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0xe000000000000000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:12 executing program 0: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000200)) perf_event_open$cgroup(&(0x7f00000000c0)={0x8, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000040)}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 850.189888][T14859] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 850.234944][T14859] CPU: 1 PID: 14859 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 850.244097][T14859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 850.254156][T14859] Call Trace: [ 850.257455][T14859] dump_stack+0x172/0x1f0 [ 850.261801][T14859] dump_header+0x10f/0xba6 [ 850.261819][T14859] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 850.261836][T14859] ? ___ratelimit+0x60/0x595 [ 850.261857][T14859] ? do_raw_spin_unlock+0x57/0x270 [ 850.281736][T14859] oom_kill_process.cold+0x10/0x15 [ 850.286864][T14859] out_of_memory+0x79a/0x1280 [ 850.291558][T14859] ? lock_downgrade+0x880/0x880 [ 850.296415][T14859] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 850.302664][T14859] ? oom_killer_disable+0x280/0x280 [ 850.307861][T14859] ? find_held_lock+0x35/0x130 [ 850.312638][T14859] mem_cgroup_out_of_memory+0x1ca/0x230 [ 850.318180][T14859] ? memcg_event_wake+0x230/0x230 [ 850.323216][T14859] ? do_raw_spin_unlock+0x57/0x270 [ 850.328337][T14859] ? _raw_spin_unlock+0x2d/0x50 [ 850.333199][T14859] try_charge+0x118d/0x1790 [ 850.337710][T14859] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 850.343272][T14859] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 850.349531][T14859] ? kasan_check_read+0x11/0x20 [ 850.354399][T14859] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 850.363867][T14859] mem_cgroup_try_charge+0x24d/0x5e0 [ 850.369159][T14859] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 850.374788][T14859] __handle_mm_fault+0x1e1f/0x3ec0 [ 850.379881][T14859] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 850.385406][T14859] ? find_held_lock+0x35/0x130 [ 850.390146][T14859] ? handle_mm_fault+0x322/0xb30 [ 850.395084][T14859] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 850.401305][T14859] ? kasan_check_read+0x11/0x20 [ 850.406136][T14859] handle_mm_fault+0x43f/0xb30 [ 850.410880][T14859] __get_user_pages+0x7b6/0x1a40 [ 850.415811][T14859] ? follow_page_mask+0x19a0/0x19a0 [ 850.420995][T14859] ? perf_trace_lock+0xeb/0x510 [ 850.425836][T14859] ? __vma_adjust+0x1840/0x1840 [ 850.430668][T14859] ? lock_acquire+0x16f/0x3f0 [ 850.435323][T14859] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 850.441543][T14859] populate_vma_page_range+0x20d/0x2a0 [ 850.446986][T14859] __mm_populate+0x204/0x380 [ 850.451572][T14859] ? populate_vma_page_range+0x2a0/0x2a0 [ 850.457189][T14859] __x64_sys_mlockall+0x35c/0x520 [ 850.462298][T14859] do_syscall_64+0x103/0x610 [ 850.466874][T14859] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 850.472742][T14859] RIP: 0033:0x457e29 [ 850.476615][T14859] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 850.496196][T14859] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 850.504583][T14859] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 850.512533][T14859] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 850.520486][T14859] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 850.528448][T14859] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 03:40:13 executing program 2: mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e3a6669d4466c65302c776f726b6469723d2e2f66696c"]) mknod$loop(&(0x7f0000000180)='./file0/f.le.\x00', 0x6200, 0xffffffffffffffff) 03:40:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(0xffffffffffffffff, 0x111, 0x5, 0xc4, 0x4) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000140)) arch_prctl$ARCH_GET_CPUID(0x1011) getpgrp(0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000200)={@mcast2, 0x62, r1}) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f00000000c0)=r0) ioctl$DRM_IOCTL_IRQ_BUSID(r0, 0xc0106403, &(0x7f0000000040)={0x8875, 0x800, 0x7ffe, 0x9}) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup.cpu/syz1\x00', 0x1ff) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xf7fffffffffffffd, 0x2012, 0xffffffffffffffff, 0x0) unshare(0x40000000) 03:40:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0xbd1b) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, &(0x7f0000000180)) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x98) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000001440)=ANY=[]) ioctl$VT_WAITACTIVE(0xffffffffffffffff, 0x5607) write$UHID_GET_REPORT_REPLY(0xffffffffffffffff, &(0x7f0000000340), 0xa) 03:40:13 executing program 4: syz_open_dev$adsp(&(0x7f0000000500)='/dev/adsp#\x00', 0x80000002, 0x80) r0 = syz_open_dev$vbi(&(0x7f0000000540)='/dev/vbi#\x00', 0x0, 0x2) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, 0x0, 0x0) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = socket$pppoe(0x18, 0x1, 0x0) r3 = request_key(&(0x7f0000000b40)='encrypted\x00', &(0x7f0000000b80)={'syz', 0x1}, &(0x7f0000000bc0)='/dev/qat_adf_ctl\x00', 0xfffffffffffffffa) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000ac0)=[{&(0x7f00000009c0)="d4c4c9fb954ac4b567e0faad3cb436b87cdeababbf9ed79f110f84bb5b6ce9fa5528d889e597ccc6d8cf2e527236fdb17139dfde4a6bd13e68219ae9f2d3806024caeaaea551f70dd9dedc6551a8cf8423b4a628add23f64e91f73792948b2568e0e4cdea4559d540af7bca6ef72d14b654f6a7945639d9f739472a08bce21090e9328f5a2559a0a8631f4ce7e2c8cc6f2452b37be1102fe70b52df64e2d55fdd2bbb2f152fd7b3695faf6e160a7d27166da2069aea8036558cb33b027ecb163e8274c2666d0b551d8a01ece08cb549ab004e46f0edf11b5719112305358aa3728d567399dcfdd38f29261bc183ec9aabd", 0xf1}], 0x1, r3) mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) r4 = syz_open_dev$amidi(0x0, 0x0, 0x420040) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f00000000c0)='tmpfs\x00', 0x0, &(0x7f000000a000)) chdir(&(0x7f0000000100)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsetxattr$security_capability(r2, 0x0, &(0x7f0000000340)=@v2={0x2000000, [{0x8}, {0x7}]}, 0x14, 0x1) r5 = getpid() ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05) sched_setscheduler(r5, 0x5, &(0x7f0000000040)) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) syz_mount_image$btrfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000940), 0x0, 0x0) close(r1) syz_mount_image$ntfs(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r6 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x2, 0x0) connect$netlink(r6, &(0x7f0000000380)=@kern={0x10, 0x0, 0x0, 0x4080}, 0xc) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653100d5d909abea03ef71344b294bf3e6dcf0823e2398182392e0dcc7d97e09edef61c01455c0eee11e25fb3bf47699c3272b0ee1f2cc9407946fbae5609ef4371d2dea8c166a24e02d2f6ff9193bde7e992f57af46c66e464617c08f2142109cc4965a2d8baa9f31a92c149e6cb208d567224e8c76d78eb40ade4691005ecf02404282d8f6"]) creat(&(0x7f0000000080)='./file1/file0\x00', 0x0) ioctl$SG_GET_TIMEOUT(r6, 0x2202, 0x0) chdir(&(0x7f0000000280)='./file0\x00') sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x816}, 0xc, &(0x7f0000000740)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0xa00, 0x1d) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000580)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r4, &(0x7f0000000800)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="100828bd7000fddbdf2507000000100002e9040004000800f45e08000000"], 0x24}}, 0x400c0) 03:40:13 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0xeffdffff00000000}}], 0x20}], 0x4924924924924d0, 0x0) [ 850.536416][T14859] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 850.545475][T14859] memory: usage 307200kB, limit 307200kB, failcnt 15368 [ 850.552588][T14859] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 850.552598][T14859] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 850.552606][T14859] Memory cgroup stats for /syz3: cache:0KB rss:291844KB rss_huge:163840KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:223328KB active_anon:48824KB inactive_file:0KB active_file:0KB unevictable:19844KB [ 850.552685][T14859] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13826,uid=0 [ 850.553965][T14859] Memory cgroup out of memory: Killed process 13826 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB 03:40:13 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0xff03000000000000}}], 0x20}], 0x4924924924924d0, 0x0) [ 850.732335][T14881] IPVS: ftp: loaded support on port[0] = 21 [ 850.763575][T14882] overlayfs: failed to resolve './fil': -2 [ 850.771437][T14888] overlayfs: failed to resolve './file1': -2 [ 850.799486][T14858] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 850.864336][T14889] overlayfs: failed to resolve './fil': -2 [ 850.870642][T14877] QAT: Invalid ioctl 03:40:13 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/pfkey\x00', 0x202000, 0x0) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000240)={0x6, 0x0, 0x9270, 0x4, 0x100000001, 0xfffffffffffffff9}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x0) socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000080)) r1 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x267) r2 = dup(r1) setsockopt$inet6_tcp_int(r1, 0x6, 0x12, &(0x7f00000001c0)=0x1, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10020}, 0xc, &(0x7f0000000380)={&(0x7f00000002c0)={0x30, r3, 0x308, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xffffffff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}]}]}, 0x30}}, 0x80) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000007c0)=0x2c0, 0x4) ioctl$EVIOCSABS20(r2, 0x401845e0, &(0x7f0000000180)={0x6, 0x5, 0x1653, 0x9, 0x0, 0x99}) ioctl$BLKFLSBUF(r2, 0x1261, &(0x7f0000000340)=0x3) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, 0x0, 0x0) ioctl$FIGETBSZ(r2, 0x2, &(0x7f0000000300)) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$TUNSETVNETBE(r2, 0x400454de, &(0x7f0000000140)=0x1) ioctl$sock_inet6_SIOCSIFDSTADDR(r2, 0x8918, 0x0) r4 = fcntl$getown(r0, 0x9) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={r4, r0, 0x0, 0x1, &(0x7f0000000100)='\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, 0x0, 0x0) pipe(0x0) r5 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x2007fff) [ 850.934311][T14858] CPU: 1 PID: 14858 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 850.943460][T14858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 850.953517][T14858] Call Trace: [ 850.956822][T14858] dump_stack+0x172/0x1f0 [ 850.961168][T14858] dump_header+0x10f/0xba6 [ 850.965593][T14858] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 850.971407][T14858] ? ___ratelimit+0x60/0x595 [ 850.976012][T14858] ? do_raw_spin_unlock+0x57/0x270 03:40:13 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0xffffffff00000000}}], 0x20}], 0x4924924924924d0, 0x0) [ 850.981128][T14858] oom_kill_process.cold+0x10/0x15 [ 850.986250][T14858] out_of_memory+0x79a/0x1280 [ 850.990949][T14858] ? oom_killer_disable+0x280/0x280 [ 850.996156][T14858] ? find_held_lock+0x35/0x130 [ 851.000936][T14858] mem_cgroup_out_of_memory+0x1ca/0x230 [ 851.006488][T14858] ? memcg_event_wake+0x230/0x230 [ 851.011528][T14858] ? do_raw_spin_unlock+0x57/0x270 [ 851.017157][T14858] ? _raw_spin_unlock+0x2d/0x50 [ 851.022023][T14858] try_charge+0xd4d/0x1790 [ 851.026458][T14858] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 851.032002][T14858] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 851.037654][T14858] ? find_held_lock+0x35/0x130 [ 851.042431][T14858] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 851.047998][T14858] __memcg_kmem_charge_memcg+0x7c/0x130 [ 851.048016][T14858] ? memcg_kmem_put_cache+0xb0/0xb0 [ 851.048037][T14858] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 851.048057][T14858] __memcg_kmem_charge+0x136/0x300 [ 851.048078][T14858] __alloc_pages_nodemask+0x437/0x7e0 [ 851.064310][T14858] ? free_transhuge_page+0x230/0x310 [ 851.064334][T14858] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 851.064351][T14858] ? __put_compound_page+0x96/0xe0 [ 851.064370][T14858] ? put_page+0xe7/0x130 [ 851.064387][T14858] ? do_huge_pmd_anonymous_page+0x420/0x1730 [ 851.064404][T14858] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 851.064433][T14858] alloc_pages_current+0x107/0x210 [ 851.064456][T14858] pte_alloc_one+0x1b/0x1a0 [ 851.116976][T14858] __pte_alloc+0x20/0x310 [ 851.121664][T14858] __handle_mm_fault+0x3391/0x3ec0 [ 851.126796][T14858] ? vmf_insert_mixed_mkwrite+0x40/0x40 03:40:13 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0x2}}], 0x20}], 0x4924924924924d0, 0x0) [ 851.132342][T14858] ? find_held_lock+0x35/0x130 [ 851.137108][T14858] ? handle_mm_fault+0x322/0xb30 [ 851.142060][T14858] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 851.148315][T14858] ? kasan_check_read+0x11/0x20 [ 851.153169][T14858] handle_mm_fault+0x43f/0xb30 [ 851.153195][T14858] __do_page_fault+0x5ef/0xda0 [ 851.153219][T14858] do_page_fault+0x71/0x581 [ 851.162702][T14858] ? page_fault+0x8/0x30 [ 851.162718][T14858] page_fault+0x1e/0x30 [ 851.162730][T14858] RIP: 0033:0x43f121 [ 851.162743][T14858] Code: 8d 15 a3 5d 0a 00 8b 0c 8a 8b 04 82 29 c8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 fa 20 48 89 f8 73 77 f6 c2 01 74 0b 0f b6 0e <88> 0f 48 ff c6 48 ff c7 f6 c2 02 74 12 0f b7 0e 66 89 0f 48 83 c6 [ 851.162755][T14858] RSP: 002b:00007ffce8248458 EFLAGS: 00010202 [ 851.205129][T14858] RAX: 0000000020000180 RBX: 000000000073c900 RCX: 000000000000002f [ 851.213114][T14858] RDX: 0000000000000013 RSI: 0000000000740050 RDI: 0000000020000180 [ 851.221093][T14858] RBP: 000000000073c900 R08: 00000000000cf8cb R09: 00000000000cf8cb [ 851.229069][T14858] R10: 00007ffce8248520 R11: 0000000000000246 R12: fffffffffffffffe [ 851.237045][T14858] R13: 00000000000cf8cc R14: 00000000000003e8 R15: 000000000073bf0c [ 851.252518][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 851.258308][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 851.398961][T14858] memory: usage 305556kB, limit 307200kB, failcnt 15368 [ 851.492656][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 851.531075][T14858] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 851.538925][T14858] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 851.546114][T14858] Memory cgroup stats for /syz3: cache:0KB rss:290316KB rss_huge:172032KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:207268KB active_anon:48800KB inactive_file:0KB active_file:0KB unevictable:34364KB [ 851.558899][T14913] IPVS: ftp: loaded support on port[0] = 21 [ 851.568977][T14858] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14858,uid=0 [ 851.627559][T14858] Memory cgroup out of memory: Killed process 14858 (syz-executor.3) total-vm:72448kB, anon-rss:17868kB, file-rss:53476kB, shmem-rss:0kB [ 851.656622][ T1042] oom_reaper: reaped process 14858 (syz-executor.3), now anon-rss:17988kB, file-rss:53540kB, shmem-rss:0kB 03:40:14 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0x4}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:14 executing program 0: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0xffffffff00000000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:14 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/sockstat6\x00') getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@mcast2, 0x0}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2412080}, 0xc, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="300000001100100026bd7000c70e9d2600000000a66395266d6eacb7ffa0bfa4bc5947f6651f23f7e28301b96db96d499c8ac2dc4e4334da96b6ce95c6796315b3be21c560c48111afea71bd5f3651", @ANYRES32=r1, @ANYBLOB="000100000170040008001f000900000008000f0004000000"], 0x30}, 0x1, 0x0, 0x0, 0x4001}, 0x20000011) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000000)=""/148, 0x94}], 0x5e, 0x0) preadv(r0, &(0x7f0000000480), 0x196, 0x4) 03:40:14 executing program 3: mlockall(0x1) r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) r1 = openat$cgroup_subtree(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000040)={0x80000001}) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f00000000c0)={0x7fff, 0x400000000, 0x4}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r2, r3) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) [ 851.787910][T14891] overlayfs: failed to resolve './file1': -2 [ 851.810741][T14891] QAT: Invalid ioctl 03:40:14 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCRSSL2CALL(r0, 0x89e2, &(0x7f0000000040)=@default) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f0000000400)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x5000000, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000340)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @dev, @loopback, 0x50f7}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='bridge_slave_0\x00', 0x10) 03:40:14 executing program 4: r0 = memfd_create(&(0x7f0000000040)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ftruncate(r1, 0x208200) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x602200, 0x4, 0x4002011, r2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x21, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f00000002c0), &(0x7f0000000300)=0x0, &(0x7f0000000340)) mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x100000, &(0x7f0000000380)={[{@default_permissions='default_permissions'}], [{@audit='audit'}, {@obj_user={'obj_user', 0x3d, 'ramfs\x00'}}, {@uid_lt={'uid<', r3}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@dont_measure='dont_measure'}, {@euid_eq={'euid', 0x3d, r4}}, {@dont_measure='dont_measure'}]}) 03:40:14 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0xe0}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:14 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = dup2(r0, r0) ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000080)=0xd7) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'team_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@ipv4_deladdr={0x18, 0x15, 0x305, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r2}}, 0x18}}, 0x0) 03:40:14 executing program 0: pwritev(0xffffffffffffffff, &(0x7f0000001e40)=[{&(0x7f0000002000)='82', 0x2}], 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = add_key(&(0x7f00000001c0)='dns_resolver\x00', &(0x7f0000000200)={'syz', 0x3}, &(0x7f00000002c0)="34b9d67584f98f372ad00a64b40a696d32a5831a28fcf986f500421ddb7ff75ae334867b24ad467ecd550c9babdfab8f7ef15f126c47e21e55aa0016a9080f8ee74275e3b718f37f4f5291847df3674b6b1c56e7371b6a05c632dc1447", 0x5d, 0xfffffffffffffffd) request_key(&(0x7f0000000100)='asymmetric\x00', &(0x7f0000000180), &(0x7f0000000140)='\x00', r1) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x40080, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f00000000c0)=0x9, 0x4) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x440300, 0x0) ioctl$TCSBRK(r3, 0x5409, 0x0) [ 852.129454][ T26] audit: type=1804 audit(2000000414.750:618): pid=14942 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/17/file0/bus" dev="ramfs" ino=119200 res=1 [ 852.265530][ T26] audit: type=1804 audit(2000000414.750:619): pid=14942 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/17/file0/bus" dev="ramfs" ino=119200 res=1 [ 852.271483][T14950] [ 852.292974][T14950] ====================================================== [ 852.299983][T14950] WARNING: possible circular locking dependency detected [ 852.306994][T14950] 5.0.0-rc6-next-20190215 #36 Not tainted [ 852.312695][T14950] ------------------------------------------------------ [ 852.319699][T14950] syz-executor.4/14950 is trying to acquire lock: [ 852.326099][T14950] 00000000d68339c5 (&mm->mmap_sem){++++}, at: __do_page_fault+0x9e9/0xda0 [ 852.334607][T14950] [ 852.334607][T14950] but task is already holding lock: [ 852.341962][T14950] 000000003b8bbe49 (&sb->s_type->i_mutex_key#12){+.+.}, at: generic_file_write_iter+0xdf/0x610 [ 852.352387][T14950] [ 852.352387][T14950] which lock already depends on the new lock. [ 852.352387][T14950] [ 852.362780][T14950] [ 852.362780][T14950] the existing dependency chain (in reverse order) is: [ 852.371459][ T26] audit: type=1804 audit(2000000414.750:620): pid=14942 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/17/file0/bus" dev="ramfs" ino=119200 res=1 [ 852.371780][T14950] [ 852.371780][T14950] -> #2 (&sb->s_type->i_mutex_key#12){+.+.}: [ 852.371810][T14950] down_write+0x38/0x90 [ 852.371824][T14950] shmem_fallocate+0x15a/0xc60 [ 852.371836][T14950] ashmem_shrink_scan+0x1d7/0x4f0 [ 852.371846][T14950] ashmem_ioctl+0x2f0/0x11a0 [ 852.371857][T14950] do_vfs_ioctl+0xd6e/0x1390 [ 852.371866][T14950] ksys_ioctl+0xab/0xd0 [ 852.371875][T14950] __x64_sys_ioctl+0x73/0xb0 [ 852.371888][T14950] do_syscall_64+0x103/0x610 [ 852.371901][T14950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 852.371903][T14950] [ 852.371903][T14950] -> #1 (ashmem_mutex){+.+.}: [ 852.371920][T14950] __mutex_lock+0xf7/0x1310 [ 852.371930][T14950] mutex_lock_nested+0x16/0x20 [ 852.371940][T14950] ashmem_mmap+0x55/0x520 [ 852.371954][T14950] mmap_region+0xc3a/0x1770 [ 852.371965][T14950] do_mmap+0x8e2/0x1080 [ 852.371976][T14950] vm_mmap_pgoff+0x1c5/0x230 [ 852.371987][T14950] ksys_mmap_pgoff+0x4aa/0x630 [ 852.371999][T14950] __x64_sys_mmap+0xe9/0x1b0 [ 852.372010][T14950] do_syscall_64+0x103/0x610 [ 852.372021][T14950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 852.372024][T14950] 03:40:15 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0xe000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:15 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0xff03}}], 0x20}], 0x4924924924924d0, 0x0) [ 852.372024][T14950] -> #0 (&mm->mmap_sem){++++}: [ 852.372044][T14950] lock_acquire+0x16f/0x3f0 [ 852.372053][T14950] down_read+0x3b/0x90 [ 852.372068][T14950] __do_page_fault+0x9e9/0xda0 [ 852.372080][T14950] do_page_fault+0x71/0x581 [ 852.372092][T14950] page_fault+0x1e/0x30 [ 852.372106][T14950] iov_iter_fault_in_readable+0x1ba/0x450 [ 852.372120][T14950] generic_perform_write+0x195/0x530 [ 852.372133][T14950] __generic_file_write_iter+0x25e/0x630 [ 852.372144][T14950] generic_file_write_iter+0x360/0x610 03:40:15 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) r1 = socket$inet6(0xa, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x5, 0x30}, &(0x7f0000000280)=0xc) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000002c0)={r2, 0xffffffffffffff00}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x77, 0x0, 0x8) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000200)=0x4, 0x4) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x100, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') rt_sigsuspend(&(0x7f0000000300)={0xc9b}, 0x8) sendmsg$TIPC_CMD_GET_NETID(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40400000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r4, 0x400, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) [ 852.372157][T14950] new_sync_write+0x4c7/0x760 [ 852.372169][T14950] __vfs_write+0xe4/0x110 [ 852.372180][T14950] vfs_write+0x20c/0x580 [ 852.372191][T14950] ksys_write+0xea/0x1f0 [ 852.372202][T14950] __x64_sys_write+0x73/0xb0 [ 852.372212][T14950] do_syscall_64+0x103/0x610 [ 852.372224][T14950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 852.372228][T14950] [ 852.372228][T14950] other info that might help us debug this: [ 852.372228][T14950] [ 852.372230][T14950] Chain exists of: [ 852.372230][T14950] &mm->mmap_sem --> ashmem_mutex --> &sb->s_type->i_mutex_key#12 [ 852.372230][T14950] [ 852.372246][T14950] Possible unsafe locking scenario: [ 852.372246][T14950] [ 852.372249][T14950] CPU0 CPU1 [ 852.372252][T14950] ---- ---- [ 852.372254][T14950] lock(&sb->s_type->i_mutex_key#12); [ 852.533472][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 852.537614][T14950] lock(ashmem_mutex); [ 852.566017][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 852.566460][T14950] lock(&sb->s_type->i_mutex_key#12); [ 852.578133][T14929] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 852.581208][T14950] lock(&mm->mmap_sem); [ 852.581218][T14950] [ 852.581218][T14950] *** DEADLOCK *** [ 852.581218][T14950] [ 852.581226][T14950] 2 locks held by syz-executor.4/14950: [ 852.581229][T14950] #0: 000000002932b563 (sb_writers#5){.+.+}, at: vfs_write+0x429/0x580 [ 852.581269][T14950] #1: 000000003b8bbe49 (&sb->s_type->i_mutex_key#12){+.+.}, at: generic_file_write_iter+0xdf/0x610 [ 852.614584][T14929] CPU: 1 PID: 14929 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 852.626387][T14950] [ 852.626387][T14950] stack backtrace: [ 852.743457][T14929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 852.753498][T14929] Call Trace: [ 852.756781][T14929] dump_stack+0x172/0x1f0 [ 852.761107][T14929] dump_header+0x10f/0xba6 [ 852.765515][T14929] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 852.771317][T14929] ? ___ratelimit+0x60/0x595 [ 852.775903][T14929] ? do_raw_spin_unlock+0x57/0x270 [ 852.781005][T14929] oom_kill_process.cold+0x10/0x15 [ 852.786110][T14929] out_of_memory+0x79a/0x1280 [ 852.790776][T14929] ? lock_downgrade+0x880/0x880 [ 852.795617][T14929] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 852.801848][T14929] ? oom_killer_disable+0x280/0x280 [ 852.807047][T14929] mem_cgroup_out_of_memory+0x1ca/0x230 [ 852.812580][T14929] ? memcg_event_wake+0x230/0x230 [ 852.817597][T14929] ? do_raw_spin_unlock+0x57/0x270 [ 852.822702][T14929] ? _raw_spin_unlock+0x2d/0x50 [ 852.827547][T14929] try_charge+0x118d/0x1790 [ 852.832048][T14929] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 852.837593][T14929] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 852.843132][T14929] mem_cgroup_try_charge+0x24d/0x5e0 [ 852.848823][T14929] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 852.854457][T14929] wp_page_copy+0x408/0x1740 [ 852.859039][T14929] ? pmd_pfn+0x1d0/0x1d0 [ 852.863287][T14929] ? lock_downgrade+0x880/0x880 [ 852.870877][T14929] ? swp_swapcount+0x540/0x540 [ 852.876392][T14929] ? kasan_check_read+0x11/0x20 [ 852.881232][T14929] ? do_raw_spin_unlock+0x57/0x270 [ 852.886336][T14929] do_wp_page+0x5d8/0x16c0 [ 852.890744][T14929] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 852.896117][T14929] __handle_mm_fault+0x22e8/0x3ec0 [ 852.901223][T14929] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 852.906754][T14929] ? perf_trace_lock+0x510/0x510 [ 852.911679][T14929] ? kasan_check_read+0x11/0x20 [ 852.916520][T14929] ? handle_mm_fault+0x322/0xb30 [ 852.921449][T14929] ? handle_mm_fault+0xb8/0xb30 [ 852.926297][T14929] ? trace_hardirqs_on+0x67/0x230 [ 852.931313][T14929] handle_mm_fault+0x43f/0xb30 [ 852.936067][T14929] __get_user_pages+0x7b6/0x1a40 [ 852.941003][T14929] ? follow_page_mask+0x19a0/0x19a0 [ 852.946205][T14929] ? perf_trace_lock+0xeb/0x510 [ 852.951048][T14929] ? __vma_adjust+0x1840/0x1840 [ 852.955899][T14929] ? lock_acquire+0x16f/0x3f0 [ 852.960564][T14929] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 852.966874][T14929] populate_vma_page_range+0x20d/0x2a0 [ 852.972332][T14929] __mm_populate+0x204/0x380 [ 852.976914][T14929] ? populate_vma_page_range+0x2a0/0x2a0 [ 852.982542][T14929] __x64_sys_mlockall+0x35c/0x520 [ 852.987558][T14929] do_syscall_64+0x103/0x610 [ 852.992141][T14929] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 852.998017][T14929] RIP: 0033:0x457e29 [ 853.001907][T14929] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 853.022011][T14929] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 853.030417][T14929] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 853.038374][T14929] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 853.046335][T14929] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 853.054292][T14929] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 853.062252][T14929] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 853.070238][T14950] CPU: 0 PID: 14950 Comm: syz-executor.4 Not tainted 5.0.0-rc6-next-20190215 #36 [ 853.079349][T14950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 853.089399][T14950] Call Trace: [ 853.092697][T14950] dump_stack+0x172/0x1f0 [ 853.097035][T14950] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 853.103106][T14950] __lock_acquire+0x2fca/0x4710 [ 853.107954][T14950] ? mark_held_locks+0xf0/0xf0 [ 853.112718][T14950] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 853.118267][T14950] lock_acquire+0x16f/0x3f0 [ 853.122767][T14950] ? __do_page_fault+0x9e9/0xda0 [ 853.127697][T14950] down_read+0x3b/0x90 [ 853.131842][T14950] ? __do_page_fault+0x9e9/0xda0 [ 853.136775][T14950] __do_page_fault+0x9e9/0xda0 [ 853.141536][T14950] do_page_fault+0x71/0x581 [ 853.146032][T14950] page_fault+0x1e/0x30 [ 853.150186][T14950] RIP: 0010:iov_iter_fault_in_readable+0x1ba/0x450 [ 853.156681][T14950] Code: 4c 39 f3 76 17 eb 3b e8 e4 06 43 fe 48 81 c3 00 10 00 00 48 39 9d 68 ff ff ff 72 2d e8 cf 06 43 fe 0f 1f 00 0f ae e8 45 31 f6 <8a> 13 0f 1f 00 31 ff 44 89 f6 41 88 57 d0 e8 33 08 43 fe 45 85 f6 [ 853.176280][T14950] RSP: 0018:ffff888034b0f980 EFLAGS: 00010246 [ 853.182344][T14950] RAX: 0000000000040000 RBX: 0000000020010000 RCX: ffffc90008dd4000 [ 853.190318][T14950] RDX: 0000000000003c18 RSI: ffffffff832d5b31 RDI: 0000000000000005 [ 853.198280][T14950] RBP: ffff888034b0fa20 R08: ffff88805d5aa5c0 R09: fffff940002c9917 [ 853.206257][T14950] R10: fffff940002c9916 R11: ffffea000164c8b7 R12: 0000000000001000 03:40:15 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0x34000}}], 0x20}], 0x4924924924924d0, 0x0) [ 853.214220][T14950] R13: 0000000000001000 R14: 0000000000000000 R15: ffff888034b0f9f8 [ 853.222209][T14950] ? iov_iter_fault_in_readable+0x1b1/0x450 [ 853.228103][T14950] ? csum_and_copy_to_iter+0x15c0/0x15c0 [ 853.233730][T14950] ? shmem_write_end+0x217/0x6f0 [ 853.238667][T14950] generic_perform_write+0x195/0x530 [ 853.243955][T14950] ? page_endio+0x780/0x780 [ 853.248455][T14950] ? current_time+0x140/0x140 [ 853.253134][T14950] ? lock_acquire+0x16f/0x3f0 [ 853.257811][T14950] __generic_file_write_iter+0x25e/0x630 [ 853.263441][T14950] ? __sanitizer_cov_trace_cmp8+0x18/0x20 03:40:15 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0x40000}}], 0x20}], 0x4924924924924d0, 0x0) [ 853.269157][T14950] generic_file_write_iter+0x360/0x610 [ 853.274621][T14950] ? __generic_file_write_iter+0x630/0x630 [ 853.280427][T14950] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 853.286662][T14950] ? iov_iter_init+0xea/0x220 [ 853.291345][T14950] new_sync_write+0x4c7/0x760 [ 853.296023][T14950] ? default_llseek+0x2e0/0x2e0 [ 853.300879][T14950] __vfs_write+0xe4/0x110 [ 853.305209][T14950] vfs_write+0x20c/0x580 [ 853.307998][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 853.309457][T14950] ksys_write+0xea/0x1f0 [ 853.309473][T14950] ? __ia32_sys_read+0xb0/0xb0 [ 853.309490][T14950] ? do_syscall_64+0x26/0x610 [ 853.309512][T14950] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 853.325618][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 853.330222][T14950] ? do_syscall_64+0x26/0x610 [ 853.330248][T14950] __x64_sys_write+0x73/0xb0 [ 853.330262][T14950] do_syscall_64+0x103/0x610 [ 853.330283][T14950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 853.366119][T14950] RIP: 0033:0x457e29 [ 853.370018][T14950] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 853.389607][T14950] RSP: 002b:00007fc68719ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 853.398016][T14950] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457e29 [ 853.405978][T14950] RDX: 00000000ffffff76 RSI: 0000000020000000 RDI: 0000000000000003 03:40:16 executing program 5: bind$netlink(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfe, 0x800802}, 0xc) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x3f, 0x0) recvmmsg(0xffffffffffffff9c, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000340)=""/11, 0xb}, {&(0x7f0000000380)=""/104, 0x68}, {&(0x7f0000000400)=""/195, 0xc3}, {&(0x7f0000000500)=""/60, 0x3c}, {&(0x7f0000000540)}, {&(0x7f0000000580)=""/160, 0xa0}, {&(0x7f0000000640)=""/70, 0x46}, {&(0x7f00000006c0)=""/12, 0xc}, {&(0x7f0000000700)=""/40, 0x28}, {&(0x7f0000000740)=""/137, 0x89}], 0xa, &(0x7f00000008c0)=""/73, 0x49}, 0xc2}, {{&(0x7f0000000940)=@can={0x1d, 0x0}, 0x80, &(0x7f0000000b40)=[{&(0x7f00000009c0)=""/102, 0x66}, {&(0x7f0000000a40)=""/120, 0x78}, {&(0x7f0000000ac0)=""/93, 0x5d}], 0x3, &(0x7f0000000b80)=""/243, 0xf3}, 0x1}, {{&(0x7f0000000c80)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000000e00)=[{&(0x7f0000000d00)=""/101, 0x65}, {&(0x7f0000000d80)=""/17, 0x11}, {&(0x7f0000000dc0)}], 0x3}, 0xfffffffffffffffc}, {{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f0000000e40)=""/236, 0xec}, {&(0x7f0000000f40)=""/143, 0x8f}, {&(0x7f0000001000)=""/244, 0xf4}, {&(0x7f0000001100)=""/79, 0x4f}, {&(0x7f0000001180)=""/111, 0x6f}, {&(0x7f0000001200)=""/228, 0xe4}, {&(0x7f0000001300)=""/35, 0x23}], 0x7, &(0x7f00000013c0)=""/218, 0xda}, 0x1}, {{&(0x7f00000014c0)=@nl=@unspec, 0x80, &(0x7f0000001b80)=[{&(0x7f0000001540)=""/207, 0xcf}, {&(0x7f0000001640)=""/21, 0x15}, {&(0x7f0000001680)=""/217, 0xd9}, {&(0x7f0000001780)=""/150, 0x96}, {&(0x7f0000001840)=""/114, 0x72}, {&(0x7f00000018c0)=""/40, 0x28}, {&(0x7f0000001900)=""/206, 0xce}, {&(0x7f0000001a00)=""/178, 0xb2}, {&(0x7f0000001ac0)=""/17, 0x11}, {&(0x7f0000001b00)=""/119, 0x77}], 0xa, &(0x7f0000001c40)=""/4096, 0x1000}, 0x1ff}], 0x5, 0x40000100, &(0x7f0000002d80)) sendmsg$can_bcm(r0, &(0x7f0000002ec0)={&(0x7f0000002dc0)={0x1d, r1}, 0x10, &(0x7f0000002e80)={&(0x7f0000002e00)=ANY=[@ANYBLOB="07000000a80a00000100000000000000", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0100005fdf000000040000e0050200004a2683efe282285f"], 0x48}}, 0x4008800) write$P9_RXATTRCREATE(r0, &(0x7f00000000c0)={0x7, 0x21, 0x2}, 0x7) syz_read_part_table(0x2, 0xaaaaaaaaaaaaf09, &(0x7f0000000140)=[{&(0x7f0000000180), 0x1a6, 0x80}]) openat(r0, &(0x7f0000000000)='./file0\x00', 0x1, 0x10) [ 853.413944][T14950] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 853.421907][T14950] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc68719f6d4 [ 853.429869][T14950] R13: 00000000004c736d R14: 00000000004dcec8 R15: 00000000ffffffff [ 853.489781][ T3874] kobject: 'loop2' (00000000f6a9fdf5): kobject_uevent_env [ 853.509918][ T26] audit: type=1804 audit(2000000416.130:621): pid=14950 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/17/file0/bus" dev="ramfs" ino=119200 res=1 [ 853.546120][ T3874] kobject: 'loop2' (00000000f6a9fdf5): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 853.561571][T14929] memory: usage 307140kB, limit 307200kB, failcnt 15395 [ 853.572364][T14929] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 853.584539][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 853.591680][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 853.602231][T14929] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 853.616743][T14929] Memory cgroup stats for /syz3: cache:0KB rss:291824KB rss_huge:172032KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218844KB active_anon:48800KB inactive_file:0KB active_file:0KB unevictable:24264KB [ 853.641483][ T3874] kobject: 'loop4' (00000000cf95f2ed): kobject_uevent_env [ 853.648962][ T3874] kobject: 'loop4' (00000000cf95f2ed): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 853.659551][T14929] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14925,uid=0 [ 853.675244][T14929] Memory cgroup out of memory: Killed process 14925 (syz-executor.3) total-vm:72580kB, anon-rss:11960kB, file-rss:53544kB, shmem-rss:0kB 03:40:16 executing program 3: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x80, 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:40:16 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0x400300}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:16 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCRSSL2CALL(r0, 0x89e2, &(0x7f0000000040)=@default) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f0000000400)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x5000000, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000340)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @dev, @loopback, 0x50f7}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='bridge_slave_0\x00', 0x10) 03:40:16 executing program 4: r0 = memfd_create(&(0x7f0000000040)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ftruncate(r1, 0x208200) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x602200, 0x4, 0x4002011, r2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x21, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f00000002c0), &(0x7f0000000300)=0x0, &(0x7f0000000340)) mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x100000, &(0x7f0000000380)={[{@default_permissions='default_permissions'}], [{@audit='audit'}, {@obj_user={'obj_user', 0x3d, 'ramfs\x00'}}, {@uid_lt={'uid<', r3}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@dont_measure='dont_measure'}, {@euid_eq={'euid', 0x3d, r4}}, {@dont_measure='dont_measure'}]}) 03:40:16 executing program 5: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000000)={'eql\x00', 0x10000803}) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f00000001c0)={0x0, @rand_addr, @multicast1}, &(0x7f0000000200)=0xc) ioctl$TUNSETLINK(r2, 0x400454cd, 0x308) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x17) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_ifreq(r1, 0x8914, &(0x7f00000000c0)={'eql\x00\x18\x00\xa9[\b`\x00\x00\x00\x00\x00\x02', @ifru_mtu=0x1}) [ 853.840982][T14985] kobject: 'brif' (000000003efdaedd): kobject_cleanup, parent 00000000f5c8a0d6 [ 853.866837][ T26] audit: type=1804 audit(2000000416.490:622): pid=14991 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/18/file0/bus" dev="ramfs" ino=118630 res=1 [ 853.867133][T14985] kobject: 'brif' (000000003efdaedd): auto cleanup kobject_del [ 853.927538][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env 03:40:16 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) r1 = socket$inet6(0xa, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x5, 0x30}, &(0x7f0000000280)=0xc) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000002c0)={r2, 0xffffffffffffff00}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x77, 0x0, 0x8) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000200)=0x4, 0x4) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x100, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') rt_sigsuspend(&(0x7f0000000300)={0xc9b}, 0x8) sendmsg$TIPC_CMD_GET_NETID(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40400000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r4, 0x400, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 03:40:16 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0x1000000}}], 0x20}], 0x4924924924924d0, 0x0) [ 853.928976][T14985] kobject: 'brif' (000000003efdaedd): calling ktype release [ 853.953231][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 853.957979][T14985] kobject: (000000003efdaedd): dynamic_kobj_release [ 853.979525][T14997] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 853.994019][ T26] audit: type=1804 audit(2000000416.540:623): pid=14991 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/18/file0/bus" dev="ramfs" ino=118630 res=1 [ 854.019977][T14985] kobject: 'brif': free name 03:40:16 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0x2000000}}], 0x20}], 0x4924924924924d0, 0x0) [ 854.042008][T14997] CPU: 0 PID: 14997 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 854.051149][T14997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 854.061211][T14997] Call Trace: [ 854.064520][T14997] dump_stack+0x172/0x1f0 [ 854.068870][T14997] dump_header+0x10f/0xba6 [ 854.073293][T14997] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 854.079107][T14997] ? ___ratelimit+0x60/0x595 [ 854.081932][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 854.083701][T14997] ? do_raw_spin_unlock+0x57/0x270 [ 854.083721][T14997] oom_kill_process.cold+0x10/0x15 [ 854.083744][T14997] out_of_memory+0x79a/0x1280 [ 854.090849][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 854.095922][T14997] ? lock_downgrade+0x880/0x880 [ 854.095938][T14997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 854.095952][T14997] ? oom_killer_disable+0x280/0x280 [ 854.095973][T14997] mem_cgroup_out_of_memory+0x1ca/0x230 [ 854.095985][T14997] ? memcg_event_wake+0x230/0x230 03:40:16 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0xe0000000}}], 0x20}], 0x4924924924924d0, 0x0) [ 854.096005][T14997] ? do_raw_spin_unlock+0x57/0x270 [ 854.148017][T14997] ? _raw_spin_unlock+0x2d/0x50 [ 854.152876][T14997] try_charge+0x118d/0x1790 [ 854.157397][T14997] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 854.162954][T14997] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 854.168502][T14997] mem_cgroup_try_charge+0x24d/0x5e0 [ 854.173785][T14997] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 854.179424][T14997] __handle_mm_fault+0x1e1f/0x3ec0 [ 854.184544][T14997] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 854.187744][ T26] audit: type=1804 audit(2000000416.540:624): pid=14991 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/18/file0/bus" dev="ramfs" ino=118630 res=1 [ 854.190087][T14997] ? perf_trace_lock+0x510/0x510 [ 854.190104][T14997] ? kasan_check_read+0x11/0x20 [ 854.190123][T14997] ? handle_mm_fault+0x322/0xb30 [ 854.229874][T14997] ? handle_mm_fault+0xb8/0xb30 [ 854.234734][T14997] ? trace_hardirqs_on+0x67/0x230 [ 854.239762][T14997] handle_mm_fault+0x43f/0xb30 03:40:16 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0xeffdffff}}], 0x20}], 0x4924924924924d0, 0x0) [ 854.244530][T14997] __get_user_pages+0x7b6/0x1a40 [ 854.249478][T14997] ? follow_page_mask+0x19a0/0x19a0 [ 854.254672][T14997] ? perf_trace_lock+0xeb/0x510 [ 854.259523][T14997] ? __vma_adjust+0x1840/0x1840 [ 854.264373][T14997] ? lock_acquire+0x16f/0x3f0 [ 854.269055][T14997] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 854.275304][T14997] populate_vma_page_range+0x20d/0x2a0 [ 854.280766][T14997] __mm_populate+0x204/0x380 [ 854.285359][T14997] ? populate_vma_page_range+0x2a0/0x2a0 03:40:16 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0xff030000}}], 0x20}], 0x4924924924924d0, 0x0) [ 854.291004][T14997] __x64_sys_mlockall+0x35c/0x520 [ 854.296038][T14997] do_syscall_64+0x103/0x610 [ 854.300636][T14997] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 854.306526][T14997] RIP: 0033:0x457e29 [ 854.310422][T14997] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 854.330026][T14997] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 03:40:17 executing program 4: r0 = memfd_create(&(0x7f0000000040)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ftruncate(r1, 0x208200) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x602200, 0x4, 0x4002011, r2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x21, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f00000002c0), &(0x7f0000000300)=0x0, &(0x7f0000000340)) mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x100000, &(0x7f0000000380)={[{@default_permissions='default_permissions'}], [{@audit='audit'}, {@obj_user={'obj_user', 0x3d, 'ramfs\x00'}}, {@uid_lt={'uid<', r3}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@dont_measure='dont_measure'}, {@euid_eq={'euid', 0x3d, r4}}, {@dont_measure='dont_measure'}]}) [ 854.338441][T14997] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 854.346413][T14997] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 854.354385][T14997] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 854.362358][T14997] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 854.370332][T14997] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 854.391016][T14985] kobject: 'batman_adv' (000000004105a87a): kobject_uevent_env [ 854.399231][T14985] kobject: 'batman_adv' (000000004105a87a): kobject_uevent_env: filter function caused the event to drop! [ 854.403252][ T3874] kobject: 'loop4' (00000000cf95f2ed): kobject_uevent_env [ 854.411399][T14985] kobject: 'batman_adv' (000000004105a87a): kobject_cleanup, parent (null) [ 854.427791][T14985] kobject: 'batman_adv' (000000004105a87a): calling ktype release [ 854.436139][T14985] kobject: (000000004105a87a): dynamic_kobj_release [ 854.443662][T14985] kobject: 'batman_adv': free name [ 854.448522][ T3874] kobject: 'loop4' (00000000cf95f2ed): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 854.459525][T14997] memory: usage 307200kB, limit 307200kB, failcnt 15435 [ 854.468016][T14997] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 854.477199][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 854.481076][T14997] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 854.495171][ T26] audit: type=1804 audit(2000000417.120:625): pid=15022 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/19/file0/bus" dev="ramfs" ino=119247 res=1 [ 854.497185][T14997] Memory cgroup stats for /syz3: cache:0KB rss:292032KB rss_huge:172032KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:225384KB active_anon:48820KB inactive_file:0KB active_file:0KB unevictable:17848KB [ 854.525029][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 854.553259][T14985] kobject: 'rx-0' (00000000cffc7e87): kobject_cleanup, parent 00000000c2f0b740 [ 854.565746][ T26] audit: type=1804 audit(2000000417.170:626): pid=15022 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/19/file0/bus" dev="ramfs" ino=119247 res=1 [ 854.577619][T14985] kobject: 'rx-0' (00000000cffc7e87): auto cleanup 'remove' event [ 854.599753][ T26] audit: type=1804 audit(2000000417.170:627): pid=15022 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/19/file0/bus" dev="ramfs" ino=119247 res=1 [ 854.646188][T14985] kobject: 'rx-0' (00000000cffc7e87): kobject_uevent_env [ 854.673833][T14997] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13874,uid=0 [ 854.684546][T14985] kobject: 'rx-0' (00000000cffc7e87): fill_kobj_path: path = '/devices/virtual/net/þ€/queues/rx-0' [ 854.689930][T14997] Memory cgroup out of memory: Killed process 13874 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 854.717202][T14985] kobject: 'rx-0' (00000000cffc7e87): auto cleanup kobject_del [ 854.736207][T14985] kobject: 'rx-0' (00000000cffc7e87): calling ktype release [ 854.760234][T14985] kobject: 'rx-0': free name [ 854.777183][T14985] kobject: 'tx-0' (000000001fc0ba86): kobject_cleanup, parent 00000000c2f0b740 [ 854.802408][T14985] kobject: 'tx-0' (000000001fc0ba86): auto cleanup 'remove' event [ 854.810327][T14985] kobject: 'tx-0' (000000001fc0ba86): kobject_uevent_env [ 854.825284][T14985] kobject: 'tx-0' (000000001fc0ba86): fill_kobj_path: path = '/devices/virtual/net/þ€/queues/tx-0' [ 854.840649][T14985] kobject: 'tx-0' (000000001fc0ba86): auto cleanup kobject_del [ 854.849069][T14985] kobject: 'tx-0' (000000001fc0ba86): calling ktype release [ 854.856824][T14985] kobject: 'tx-0': free name [ 854.861582][T14985] kobject: 'queues' (00000000c2f0b740): kobject_cleanup, parent (null) [ 854.870904][T14985] kobject: 'queues' (00000000c2f0b740): calling ktype release [ 854.876046][ T3874] kobject: 'loop4' (00000000cf95f2ed): kobject_uevent_env [ 854.878551][T14985] kobject: 'queues' (00000000c2f0b740): kset_release [ 854.887409][ T3874] kobject: 'loop4' (00000000cf95f2ed): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 854.892382][T14985] kobject: 'queues': free name [ 854.907817][T14985] kobject: 'þ€' (00000000f5c8a0d6): kobject_uevent_env [ 854.915591][T14985] kobject: 'þ€' (00000000f5c8a0d6): fill_kobj_path: path = '/devices/virtual/net/þ€' [ 854.952244][T14985] kobject: 'þ€' (00000000f5c8a0d6): kobject_cleanup, parent (null) [ 854.958536][T15031] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 854.967544][T14985] kobject: 'þ€' (00000000f5c8a0d6): calling ktype release [ 854.975532][T15031] CPU: 1 PID: 15031 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 854.982242][T14985] kobject: 'þ€': free name [ 854.987125][T15031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 854.987131][T15031] Call Trace: [ 854.987151][T15031] dump_stack+0x172/0x1f0 [ 854.987176][T15031] dump_header+0x10f/0xba6 [ 855.009705][ T3874] kobject: 'loop2' (00000000f6a9fdf5): kobject_uevent_env [ 855.013589][T15031] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 855.013606][T15031] ? ___ratelimit+0x60/0x595 [ 855.013624][T15031] ? do_raw_spin_unlock+0x57/0x270 [ 855.013643][T15031] oom_kill_process.cold+0x10/0x15 [ 855.013663][T15031] out_of_memory+0x79a/0x1280 [ 855.013677][T15031] ? lock_downgrade+0x880/0x880 [ 855.013694][T15031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 855.013707][T15031] ? oom_killer_disable+0x280/0x280 [ 855.013729][T15031] mem_cgroup_out_of_memory+0x1ca/0x230 [ 855.021237][ T3874] kobject: 'loop2' (00000000f6a9fdf5): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 855.027010][T15031] ? memcg_event_wake+0x230/0x230 [ 855.027031][T15031] ? do_raw_spin_unlock+0x57/0x270 [ 855.027047][T15031] ? _raw_spin_unlock+0x2d/0x50 [ 855.027062][T15031] try_charge+0x118d/0x1790 [ 855.027081][T15031] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 855.103309][T15031] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 855.108837][T15031] mem_cgroup_try_charge+0x24d/0x5e0 [ 855.114112][T15031] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 855.119725][T15031] wp_page_copy+0x408/0x1740 [ 855.124295][T15031] ? pmd_pfn+0x1d0/0x1d0 [ 855.128534][T15031] ? lock_downgrade+0x880/0x880 [ 855.133362][T15031] ? swp_swapcount+0x540/0x540 [ 855.138110][T15031] ? kasan_check_read+0x11/0x20 [ 855.142942][T15031] ? do_raw_spin_unlock+0x57/0x270 [ 855.148028][T15031] do_wp_page+0x5d8/0x16c0 [ 855.152425][T15031] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 855.157775][T15031] __handle_mm_fault+0x22e8/0x3ec0 [ 855.162874][T15031] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 855.168398][T15031] ? perf_trace_lock+0x510/0x510 [ 855.173313][T15031] ? kasan_check_read+0x11/0x20 [ 855.178142][T15031] ? handle_mm_fault+0x322/0xb30 [ 855.183065][T15031] ? handle_mm_fault+0xb8/0xb30 [ 855.187903][T15031] ? trace_hardirqs_on+0x67/0x230 [ 855.192903][T15031] handle_mm_fault+0x43f/0xb30 [ 855.197656][T15031] __get_user_pages+0x7b6/0x1a40 [ 855.202575][T15031] ? follow_page_mask+0x19a0/0x19a0 [ 855.207774][T15031] ? perf_trace_lock+0xeb/0x510 [ 855.212613][T15031] ? __vma_adjust+0x1840/0x1840 [ 855.217445][T15031] ? lock_acquire+0x16f/0x3f0 [ 855.222109][T15031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 855.228326][T15031] populate_vma_page_range+0x20d/0x2a0 [ 855.233762][T15031] __mm_populate+0x204/0x380 [ 855.238328][T15031] ? populate_vma_page_range+0x2a0/0x2a0 [ 855.243953][T15031] __x64_sys_mlockall+0x35c/0x520 [ 855.248967][T15031] do_syscall_64+0x103/0x610 [ 855.253538][T15031] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 855.259422][T15031] RIP: 0033:0x457e29 [ 855.263297][T15031] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 855.282878][T15031] RSP: 002b:00007f83d0fb8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 855.291273][T15031] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 855.299245][T15031] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 855.307194][T15031] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 855.315148][T15031] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fb96d4 [ 855.323105][T15031] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 855.331556][T15031] memory: usage 307140kB, limit 307200kB, failcnt 15446 [ 855.338601][T15031] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 855.346136][T15031] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 855.353013][T15031] Memory cgroup stats for /syz3: cache:0KB rss:291760KB rss_huge:180224KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:216764KB active_anon:48800KB inactive_file:0KB active_file:0KB unevictable:26308KB [ 855.378757][T15031] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=14992,uid=0 [ 855.394198][T15031] Memory cgroup out of memory: Killed process 14992 (syz-executor.3) total-vm:72580kB, anon-rss:11796kB, file-rss:53476kB, shmem-rss:0kB [ 855.408707][ T1042] oom_reaper: reaped process 14992 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB 03:40:18 executing program 3: mlockall(0x1) clone(0x80000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:40:18 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0xfffffdef}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:18 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) r1 = socket$inet6(0xa, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x5, 0x30}, &(0x7f0000000280)=0xc) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000002c0)={r2, 0xffffffffffffff00}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x77, 0x0, 0x8) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000200)=0x4, 0x4) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x100, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') rt_sigsuspend(&(0x7f0000000300)={0xc9b}, 0x8) sendmsg$TIPC_CMD_GET_NETID(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40400000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r4, 0x400, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 03:40:18 executing program 4: r0 = memfd_create(&(0x7f0000000040)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ftruncate(r1, 0x208200) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x602200, 0x4, 0x4002011, r2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x21, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) getresuid(&(0x7f00000002c0), &(0x7f0000000300)=0x0, &(0x7f0000000340)) mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x100000, &(0x7f0000000380)={[{@default_permissions='default_permissions'}], [{@audit='audit'}, {@obj_user={'obj_user', 0x3d, 'ramfs\x00'}}, {@uid_lt={'uid<', r3}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@dont_measure='dont_measure'}, {@euid_eq={'euid', 0x3d, r4}}, {@dont_measure='dont_measure'}]}) 03:40:18 executing program 2: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCRSSL2CALL(r0, 0x89e2, &(0x7f0000000040)=@default) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f0000000400)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x5000000, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000340)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @dev, @loopback, 0x50f7}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000000)='bridge_slave_0\x00', 0x10) 03:40:18 executing program 5: mlockall(0x1) r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) r1 = openat$cgroup_subtree(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000040)={0x80000001}) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f00000000c0)={0x7fff, 0x400000000, 0x4}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r2, r3) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) [ 855.491923][ C0] net_ratelimit: 13 callbacks suppressed [ 855.491931][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 855.503421][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 855.558771][T15045] kobject: 'þ€' (000000008f79b4e1): kobject_add_internal: parent: 'net', set: 'devices' [ 855.597759][ T26] audit: type=1804 audit(2000000418.220:628): pid=15047 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/20/file0/bus" dev="ramfs" ino=118734 res=1 [ 855.640634][T15049] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 855.641781][T15045] kobject: 'þ€' (000000008f79b4e1): kobject_uevent_env 03:40:18 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0x4000000000000}}], 0x20}], 0x4924924924924d0, 0x0) [ 855.652609][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 855.661828][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 855.665257][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 855.670911][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 855.682847][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 855.689994][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 855.700588][T15049] CPU: 1 PID: 15049 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 855.708390][T15045] kobject: 'þ€' (000000008f79b4e1): fill_kobj_path: path = '/devices/virtual/net/þ€' [ 855.709708][T15049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 855.709714][T15049] Call Trace: [ 855.709735][T15049] dump_stack+0x172/0x1f0 [ 855.709756][T15049] dump_header+0x10f/0xba6 [ 855.709776][T15049] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 855.730480][ T26] audit: type=1804 audit(2000000418.250:629): pid=15047 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/20/file0/bus" dev="ramfs" ino=118734 res=1 [ 855.732527][T15049] ? ___ratelimit+0x60/0x595 [ 855.732545][T15049] ? do_raw_spin_unlock+0x57/0x270 [ 855.732565][T15049] oom_kill_process.cold+0x10/0x15 [ 855.739229][ T26] audit: type=1804 audit(2000000418.250:630): pid=15047 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/20/file0/bus" dev="ramfs" ino=118734 res=1 [ 855.741280][T15049] out_of_memory+0x79a/0x1280 [ 855.741301][T15049] ? lock_downgrade+0x880/0x880 [ 855.750395][T15045] kobject: 'queues' (000000007db33b55): kobject_add_internal: parent: 'þ€', set: '' [ 855.772144][T15049] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 855.772161][T15049] ? oom_killer_disable+0x280/0x280 [ 855.772183][T15049] mem_cgroup_out_of_memory+0x1ca/0x230 [ 855.772196][T15049] ? memcg_event_wake+0x230/0x230 [ 855.772218][T15049] ? do_raw_spin_unlock+0x57/0x270 [ 855.772235][T15049] ? _raw_spin_unlock+0x2d/0x50 [ 855.772262][T15049] try_charge+0x118d/0x1790 [ 855.791344][T15045] kobject: 'queues' (000000007db33b55): kobject_uevent_env [ 855.812123][T15049] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 855.812140][T15049] ? mem_cgroup_charge_statistics+0x430/0x430 [ 855.812156][T15049] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 855.812178][T15049] __memcg_kmem_charge_memcg+0x7c/0x130 [ 855.812197][T15049] ? memcg_kmem_put_cache+0xb0/0xb0 [ 855.831427][T15045] kobject: 'queues' (000000007db33b55): kobject_uevent_env: filter function caused the event to drop! [ 855.831563][T15049] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 855.831584][T15049] __memcg_kmem_charge+0x136/0x300 [ 855.842602][T15045] kobject: 'rx-0' (000000009f8aa37c): kobject_add_internal: parent: 'queues', set: 'queues' [ 855.842990][T15049] __alloc_pages_nodemask+0x437/0x7e0 [ 855.843011][T15049] ? free_transhuge_page+0x230/0x310 [ 855.853665][T15045] kobject: 'rx-0' (000000009f8aa37c): kobject_uevent_env 03:40:18 executing program 2: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x80, 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) [ 855.858636][T15049] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 855.858653][T15049] ? __put_compound_page+0x96/0xe0 [ 855.858672][T15049] ? put_page+0xe7/0x130 [ 855.858688][T15049] ? do_huge_pmd_anonymous_page+0x420/0x1730 [ 855.858708][T15049] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 855.868357][T15045] kobject: 'rx-0' (000000009f8aa37c): fill_kobj_path: path = '/devices/virtual/net/þ€/queues/rx-0' [ 855.871215][T15049] alloc_pages_current+0x107/0x210 [ 855.879222][T15045] kobject: 'tx-0' (00000000b459ca9f): kobject_add_internal: parent: 'queues', set: 'queues' [ 855.883898][T15049] pte_alloc_one+0x1b/0x1a0 [ 855.883915][T15049] __pte_alloc+0x20/0x310 [ 855.883932][T15049] __handle_mm_fault+0x3391/0x3ec0 [ 855.883951][T15049] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 855.883965][T15049] ? perf_trace_lock+0x510/0x510 [ 855.883984][T15049] ? kasan_check_read+0x11/0x20 [ 855.891846][T15045] kobject: 'tx-0' (00000000b459ca9f): kobject_uevent_env [ 855.895549][T15049] ? handle_mm_fault+0x322/0xb30 [ 855.895571][T15049] ? handle_mm_fault+0xb8/0xb30 [ 855.895594][T15049] ? trace_hardirqs_on+0x67/0x230 [ 855.895612][T15049] handle_mm_fault+0x43f/0xb30 [ 855.901432][T15045] kobject: 'tx-0' (00000000b459ca9f): fill_kobj_path: path = '/devices/virtual/net/þ€/queues/tx-0' [ 855.906308][T15049] __get_user_pages+0x7b6/0x1a40 [ 855.906330][T15049] ? follow_page_mask+0x19a0/0x19a0 [ 855.906345][T15049] ? perf_trace_lock+0xeb/0x510 [ 855.906360][T15049] ? __vma_adjust+0x1840/0x1840 [ 855.906378][T15049] ? lock_acquire+0x16f/0x3f0 [ 855.906404][T15049] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 855.940976][T15045] kobject: 'brif' (0000000087bce835): kobject_add_internal: parent: 'þ€', set: '' [ 855.943313][T15049] populate_vma_page_range+0x20d/0x2a0 [ 855.943331][T15049] __mm_populate+0x204/0x380 [ 855.943348][T15049] ? populate_vma_page_range+0x2a0/0x2a0 [ 855.943371][T15049] __x64_sys_mlockall+0x35c/0x520 [ 855.943395][T15049] do_syscall_64+0x103/0x610 [ 855.949996][T15045] kobject: 'batman_adv' (00000000b8b58d0a): kobject_add_internal: parent: 'þ€', set: '' [ 855.955670][T15049] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 855.955683][T15049] RIP: 0033:0x457e29 [ 855.955698][T15049] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 855.955706][T15049] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 855.955720][T15049] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 855.955728][T15049] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 03:40:18 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0x40030000000000}}], 0x20}], 0x4924924924924d0, 0x0) [ 855.955735][T15049] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 855.955748][T15049] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 855.995745][ T3874] kobject: 'loop2' (00000000f6a9fdf5): kobject_uevent_env [ 855.998697][T15049] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 856.013017][T15049] memory: usage 307200kB, limit 307200kB, failcnt 15458 [ 856.050638][ T3874] kobject: 'loop2' (00000000f6a9fdf5): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 856.095521][T15049] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 856.132443][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 856.132501][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 856.223362][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 856.229624][T15049] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 856.238986][ T7694] kobject: 'rx-0' (0000000056b30046): kobject_cleanup, parent 00000000129d009d 03:40:18 executing program 4: r0 = memfd_create(&(0x7f0000000040)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ftruncate(r1, 0x208200) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x602200, 0x4, 0x4002011, r2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x21, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000340)) [ 856.244587][T15049] Memory cgroup stats for /syz3: cache:0KB rss:291984KB rss_huge:180224KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:225392KB active_anon:48808KB inactive_file:0KB active_file:0KB unevictable:17856KB [ 856.259866][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 856.297848][T15049] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13918,uid=0 [ 856.327746][ T7694] kobject: 'rx-0' (0000000056b30046): auto cleanup 'remove' event 03:40:19 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0x100000000000000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:19 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) r1 = socket$inet6(0xa, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x5, 0x30}, &(0x7f0000000280)=0xc) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000002c0)={r2, 0xffffffffffffff00}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x77, 0x0, 0x8) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000200)=0x4, 0x4) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x100, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') rt_sigsuspend(&(0x7f0000000300)={0xc9b}, 0x8) sendmsg$TIPC_CMD_GET_NETID(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40400000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r4, 0x400, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) [ 856.382591][ T7694] kobject: 'rx-0' (0000000056b30046): kobject_uevent_env [ 856.390079][ T7694] kobject: 'rx-0' (0000000056b30046): kobject_uevent_env: uevent_suppress caused the event to drop! [ 856.399111][T15049] Memory cgroup out of memory: Killed process 13918 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 856.434091][ T3874] kobject: 'loop4' (00000000cf95f2ed): kobject_uevent_env [ 856.453376][ T3874] kobject: 'loop4' (00000000cf95f2ed): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 856.458145][ T7694] kobject: 'rx-0' (0000000056b30046): auto cleanup kobject_del [ 856.503199][ T7694] kobject: 'rx-0' (0000000056b30046): calling ktype release [ 856.525289][ T7694] kobject: 'rx-0': free name [ 856.532246][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 856.539396][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 856.557617][ T7694] kobject: 'tx-0' (0000000074925f66): kobject_cleanup, parent 00000000129d009d [ 856.582872][ T7694] kobject: 'tx-0' (0000000074925f66): auto cleanup 'remove' event [ 856.598666][ T7694] kobject: 'tx-0' (0000000074925f66): kobject_uevent_env [ 856.616327][ T7694] kobject: 'tx-0' (0000000074925f66): kobject_uevent_env: uevent_suppress caused the event to drop! [ 856.639754][ T7694] kobject: 'tx-0' (0000000074925f66): auto cleanup kobject_del [ 856.660767][ T7694] kobject: 'tx-0' (0000000074925f66): calling ktype release [ 856.681777][ T7694] kobject: 'tx-0': free name [ 856.686573][ T7694] kobject: 'queues' (00000000129d009d): kobject_cleanup, parent (null) [ 856.695891][ T7694] kobject: 'queues' (00000000129d009d): calling ktype release [ 856.703553][ T7694] kobject: 'queues' (00000000129d009d): kset_release [ 856.710385][ T7694] kobject: 'queues': free name [ 856.715777][ T7694] kobject: 'ip6gre0' (00000000fafb092d): kobject_uevent_env [ 856.723284][ T7694] kobject: 'ip6gre0' (00000000fafb092d): kobject_uevent_env: uevent_suppress caused the event to drop! [ 856.743827][ T3874] kobject: 'loop4' (00000000cf95f2ed): kobject_uevent_env [ 856.747246][ T7694] kobject: 'rx-0' (000000004b7a25d6): kobject_cleanup, parent 00000000f3106130 [ 856.752772][ T3874] kobject: 'loop4' (00000000cf95f2ed): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 856.760392][ T7694] kobject: 'rx-0' (000000004b7a25d6): auto cleanup 'remove' event [ 856.782666][ T7694] kobject: 'rx-0' (000000004b7a25d6): kobject_uevent_env [ 856.789788][ T7694] kobject: 'rx-0' (000000004b7a25d6): kobject_uevent_env: uevent_suppress caused the event to drop! [ 856.801046][ T7694] kobject: 'rx-0' (000000004b7a25d6): auto cleanup kobject_del [ 856.808983][ T7694] kobject: 'rx-0' (000000004b7a25d6): calling ktype release [ 856.816375][ T7694] kobject: 'rx-0': free name [ 856.821070][ T7694] kobject: 'tx-0' (000000002fa75a2a): kobject_cleanup, parent 00000000f3106130 [ 856.830081][ T7694] kobject: 'tx-0' (000000002fa75a2a): auto cleanup 'remove' event [ 856.837991][ T7694] kobject: 'tx-0' (000000002fa75a2a): kobject_uevent_env [ 856.845101][ T7694] kobject: 'tx-0' (000000002fa75a2a): kobject_uevent_env: uevent_suppress caused the event to drop! [ 856.856605][ T7694] kobject: 'tx-0' (000000002fa75a2a): auto cleanup kobject_del [ 856.859382][T15081] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 856.864297][ T7694] kobject: 'tx-0' (000000002fa75a2a): calling ktype release [ 856.878848][T15081] CPU: 0 PID: 15081 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 856.881608][ T7694] kobject: 'tx-0': free name [ 856.890654][T15081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 856.890659][T15081] Call Trace: [ 856.890679][T15081] dump_stack+0x172/0x1f0 [ 856.890699][T15081] dump_header+0x10f/0xba6 [ 856.890716][T15081] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 856.890736][T15081] ? ___ratelimit+0x60/0x595 [ 856.895393][ T7694] kobject: 'queues' (00000000f3106130): kobject_cleanup, parent (null) [ 856.905334][T15081] ? do_raw_spin_unlock+0x57/0x270 [ 856.905353][T15081] oom_kill_process.cold+0x10/0x15 [ 856.905370][T15081] out_of_memory+0x79a/0x1280 [ 856.908657][ T7694] kobject: 'queues' (00000000f3106130): calling ktype release [ 856.912937][T15081] ? lock_downgrade+0x880/0x880 [ 856.912963][T15081] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 856.912976][T15081] ? oom_killer_disable+0x280/0x280 [ 856.912999][T15081] mem_cgroup_out_of_memory+0x1ca/0x230 [ 856.917407][ T7694] kobject: 'queues' (00000000f3106130): kset_release [ 856.923160][T15081] ? memcg_event_wake+0x230/0x230 [ 856.923182][T15081] ? do_raw_spin_unlock+0x57/0x270 [ 856.923195][T15081] ? _raw_spin_unlock+0x2d/0x50 [ 856.923208][T15081] try_charge+0x118d/0x1790 [ 856.923228][T15081] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 856.927818][ T7694] kobject: 'queues': free name [ 856.936881][T15081] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 856.936900][T15081] mem_cgroup_try_charge+0x24d/0x5e0 [ 856.936919][T15081] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 856.942408][ T7694] kobject: 'ip6gre0' (00000000f4f72db5): kobject_uevent_env [ 856.947094][T15081] wp_page_copy+0x408/0x1740 [ 856.947114][T15081] ? pmd_pfn+0x1d0/0x1d0 [ 856.951824][ T7694] kobject: 'ip6gre0' (00000000f4f72db5): kobject_uevent_env: uevent_suppress caused the event to drop! [ 856.959198][T15081] ? lock_downgrade+0x880/0x880 [ 856.959210][T15081] ? swp_swapcount+0x540/0x540 [ 856.959230][T15081] ? kasan_check_read+0x11/0x20 [ 857.075646][T15081] ? do_raw_spin_unlock+0x57/0x270 [ 857.080756][T15081] do_wp_page+0x5d8/0x16c0 [ 857.085184][T15081] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 857.090538][T15081] __handle_mm_fault+0x22e8/0x3ec0 [ 857.095628][T15081] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 857.101153][T15081] ? perf_trace_lock+0x510/0x510 [ 857.106070][T15081] ? kasan_check_read+0x11/0x20 [ 857.110906][T15081] ? handle_mm_fault+0x322/0xb30 [ 857.115830][T15081] ? handle_mm_fault+0xb8/0xb30 [ 857.120660][T15081] ? trace_hardirqs_on+0x67/0x230 [ 857.125672][T15081] handle_mm_fault+0x43f/0xb30 [ 857.130415][T15081] __get_user_pages+0x7b6/0x1a40 [ 857.135332][T15081] ? follow_page_mask+0x19a0/0x19a0 [ 857.140533][T15081] ? perf_trace_lock+0xeb/0x510 [ 857.145361][T15081] ? __vma_adjust+0x1840/0x1840 [ 857.150190][T15081] ? lock_acquire+0x16f/0x3f0 [ 857.154846][T15081] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 857.161063][T15081] populate_vma_page_range+0x20d/0x2a0 [ 857.166502][T15081] __mm_populate+0x204/0x380 [ 857.171081][T15081] ? populate_vma_page_range+0x2a0/0x2a0 [ 857.176701][T15081] __x64_sys_mlockall+0x35c/0x520 [ 857.181702][T15081] do_syscall_64+0x103/0x610 [ 857.186277][T15081] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 857.192144][T15081] RIP: 0033:0x457e29 [ 857.196030][T15081] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 857.215611][T15081] RSP: 002b:00007f83d0fb8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 857.224007][T15081] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 857.231954][T15081] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 857.239904][T15081] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 857.247857][T15081] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fb96d4 [ 857.255813][T15081] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 857.264949][T15081] memory: usage 307128kB, limit 307200kB, failcnt 15490 [ 857.272065][T15081] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 857.279576][T15081] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 857.286915][T15081] Memory cgroup stats for /syz3: cache:0KB rss:291824KB rss_huge:184320KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:216776KB active_anon:48800KB inactive_file:0KB active_file:0KB unevictable:26320KB [ 857.311886][ T7694] kobject: 'ip6gre0' (00000000fafb092d): kobject_cleanup, parent (null) [ 857.321101][ T7694] kobject: 'ip6gre0' (00000000fafb092d): auto cleanup 'remove' event [ 857.341077][ T7694] kobject: 'ip6gre0' (00000000fafb092d): kobject_uevent_env [ 857.348790][ T7694] kobject: 'ip6gre0' (00000000fafb092d): kobject_uevent_env: uevent_suppress caused the event to drop! [ 857.364028][T15081] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=15048,uid=0 [ 857.379709][ T7694] kobject: 'ip6gre0' (00000000fafb092d): calling ktype release [ 857.387578][ T7694] kobject: 'ip6gre0': free name [ 857.392772][ T7694] kobject: 'ip6gre0' (00000000f4f72db5): kobject_cleanup, parent (null) [ 857.402307][T15081] Memory cgroup out of memory: Killed process 15048 (syz-executor.3) total-vm:72580kB, anon-rss:11856kB, file-rss:53540kB, shmem-rss:0kB [ 857.417496][ T7694] kobject: 'ip6gre0' (00000000f4f72db5): auto cleanup 'remove' event [ 857.429461][ T3874] kobject: 'loop2' (00000000f6a9fdf5): kobject_uevent_env [ 857.429759][ T7694] kobject: 'ip6gre0' (00000000f4f72db5): kobject_uevent_env [ 857.441888][ T3874] kobject: 'loop2' (00000000f6a9fdf5): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 857.444654][ T1042] oom_reaper: reaped process 15048 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB [ 857.465846][ T7694] kobject: 'ip6gre0' (00000000f4f72db5): kobject_uevent_env: uevent_suppress caused the event to drop! [ 857.491777][ T7694] kobject: 'ip6gre0' (00000000f4f72db5): calling ktype release [ 857.499343][ T7694] kobject: 'ip6gre0': free name 03:40:20 executing program 3: mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x80, 0x0) r2 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x2, 0x80) perf_event_open$cgroup(&(0x7f0000000000)={0x0, 0x70, 0x5, 0x5, 0xe9f, 0x7, 0x0, 0x43, 0xa0, 0x9, 0x6, 0xba, 0x2, 0x2, 0xfffffffffffffffc, 0x1, 0x0, 0x7, 0x6, 0x0, 0x4, 0xc53, 0x322, 0x3da4, 0x1ff, 0x8, 0x20, 0xffff, 0x1f, 0x9, 0xd7d6, 0x3f, 0x8, 0x0, 0x3, 0x7fffffff, 0x8, 0x4, 0x0, 0xffffffff, 0x1, @perf_config_ext={0x9c}, 0x2010, 0x1, 0x75, 0x4, 0x3, 0x0, 0xa}, r1, 0x1, r2, 0x7) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x1, 0x6032, 0xffffffffffffffff, 0x0) [ 857.516825][ T7694] kobject: 'rx-0' (00000000403ba5d8): kobject_cleanup, parent 00000000db5a8fa7 [ 857.526137][ T7694] kobject: 'rx-0' (00000000403ba5d8): auto cleanup 'remove' event [ 857.538354][ T7694] kobject: 'rx-0' (00000000403ba5d8): kobject_uevent_env [ 857.547053][ T7694] kobject: 'rx-0' (00000000403ba5d8): kobject_uevent_env: uevent_suppress caused the event to drop! [ 857.562142][ T7694] kobject: 'rx-0' (00000000403ba5d8): auto cleanup kobject_del 03:40:20 executing program 4: r0 = memfd_create(&(0x7f0000000040)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ftruncate(r1, 0x208200) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x602200, 0x4, 0x4002011, r2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x21, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)) getresuid(&(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000340)) 03:40:20 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0x200000000000000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:20 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) r1 = socket$inet6(0xa, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x5, 0x30}, &(0x7f0000000280)=0xc) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000002c0)={r2, 0xffffffffffffff00}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x77, 0x0, 0x8) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000200)=0x4, 0x4) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x100, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') rt_sigsuspend(&(0x7f0000000300)={0xc9b}, 0x8) 03:40:20 executing program 2: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x80, 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:40:20 executing program 5: mlockall(0x1) r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) r1 = openat$cgroup_subtree(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000040)={0x80000001}) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f00000000c0)={0x7fff, 0x400000000, 0x4}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r2, r3) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) [ 857.571868][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 857.577651][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 857.595616][ T7694] kobject: 'rx-0' (00000000403ba5d8): calling ktype release [ 857.611838][ T7694] kobject: 'rx-0': free name 03:40:20 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0xe000000000000000}}], 0x20}], 0x4924924924924d0, 0x0) [ 857.634123][ T7694] kobject: 'tx-0' (00000000532fdf7c): kobject_cleanup, parent 00000000db5a8fa7 [ 857.657944][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 857.662301][T15091] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 857.667393][ T7694] kobject: 'tx-0' (00000000532fdf7c): auto cleanup 'remove' event [ 857.687081][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 857.729065][ T7694] kobject: 'tx-0' (00000000532fdf7c): kobject_uevent_env [ 857.750337][T15091] CPU: 0 PID: 15091 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 857.751960][ T7694] kobject: 'tx-0' (00000000532fdf7c): kobject_uevent_env: uevent_suppress caused the event to drop! [ 857.759471][T15091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 857.759477][T15091] Call Trace: [ 857.759498][T15091] dump_stack+0x172/0x1f0 [ 857.759517][T15091] dump_header+0x10f/0xba6 [ 857.759538][T15091] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 857.788957][ T7694] kobject: 'tx-0' (00000000532fdf7c): auto cleanup kobject_del [ 857.792304][T15091] ? ___ratelimit+0x60/0x595 [ 857.792324][T15091] ? do_raw_spin_unlock+0x57/0x270 [ 857.792342][T15091] oom_kill_process.cold+0x10/0x15 [ 857.792361][T15091] out_of_memory+0x79a/0x1280 [ 857.801568][ T7694] kobject: 'tx-0' (00000000532fdf7c): calling ktype release [ 857.805668][T15091] ? lock_downgrade+0x880/0x880 [ 857.805687][T15091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 857.805702][T15091] ? oom_killer_disable+0x280/0x280 [ 857.805728][T15091] mem_cgroup_out_of_memory+0x1ca/0x230 [ 857.814785][ T7694] kobject: 'tx-0': free name [ 857.815416][T15091] ? memcg_event_wake+0x230/0x230 [ 857.826173][ T7694] kobject: 'queues' (00000000db5a8fa7): kobject_cleanup, parent (null) [ 857.832433][T15091] ? do_raw_spin_unlock+0x57/0x270 [ 857.832452][T15091] ? _raw_spin_unlock+0x2d/0x50 [ 857.832470][T15091] try_charge+0x118d/0x1790 [ 857.832494][T15091] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 857.844096][ T7694] kobject: 'queues' (00000000db5a8fa7): calling ktype release [ 857.848719][T15091] ? mem_cgroup_charge_statistics+0x430/0x430 [ 857.848733][T15091] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 857.848757][T15091] __memcg_kmem_charge_memcg+0x7c/0x130 [ 857.870969][ T7694] kobject: 'queues' (00000000db5a8fa7): kset_release [ 857.872956][T15091] ? memcg_kmem_put_cache+0xb0/0xb0 [ 857.872976][T15091] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 857.873011][T15091] __memcg_kmem_charge+0x136/0x300 [ 857.873025][T15091] __alloc_pages_nodemask+0x437/0x7e0 [ 857.873036][T15091] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 857.873051][T15091] ? do_huge_pmd_anonymous_page+0x420/0x1730 [ 857.873064][T15091] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 857.873075][T15091] alloc_pages_current+0x107/0x210 [ 857.873087][T15091] pte_alloc_one+0x1b/0x1a0 [ 857.873097][T15091] __pte_alloc+0x20/0x310 [ 857.873111][T15091] __handle_mm_fault+0x3391/0x3ec0 [ 857.873121][T15091] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 857.873131][T15091] ? perf_trace_lock+0x510/0x510 [ 857.873140][T15091] ? kasan_check_read+0x11/0x20 [ 857.873148][T15091] ? handle_mm_fault+0x322/0xb30 [ 857.873184][T15091] ? handle_mm_fault+0xb8/0xb30 [ 857.873195][T15091] ? trace_hardirqs_on+0x67/0x230 [ 857.873204][T15091] handle_mm_fault+0x43f/0xb30 [ 857.873214][T15091] __get_user_pages+0x7b6/0x1a40 [ 857.873227][T15091] ? follow_page_mask+0x19a0/0x19a0 [ 857.873234][T15091] ? perf_trace_lock+0xeb/0x510 [ 857.873242][T15091] ? __vma_adjust+0x1840/0x1840 [ 857.873253][T15091] ? lock_acquire+0x16f/0x3f0 [ 857.873261][T15091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 857.873302][T15091] populate_vma_page_range+0x20d/0x2a0 [ 857.873313][T15091] __mm_populate+0x204/0x380 [ 857.873323][T15091] ? populate_vma_page_range+0x2a0/0x2a0 [ 857.873335][T15091] __x64_sys_mlockall+0x35c/0x520 [ 857.873366][T15091] do_syscall_64+0x103/0x610 03:40:20 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0xeffdffff00000000}}], 0x20}], 0x4924924924924d0, 0x0) [ 857.873380][T15091] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 857.873418][T15091] RIP: 0033:0x457e29 [ 857.873430][T15091] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 857.873437][T15091] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 857.873450][T15091] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 857.873458][T15091] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 857.873471][T15091] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 857.883604][ T7694] kobject: 'queues': free name [ 857.885035][T15091] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 857.885045][T15091] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 858.109240][T15091] memory: usage 307200kB, limit 307200kB, failcnt 15519 [ 858.115842][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 858.135254][T15091] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 858.171295][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 858.180288][T15091] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:40:20 executing program 4: r0 = memfd_create(&(0x7f0000000040)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ftruncate(r1, 0x208200) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x602200, 0x4, 0x4002011, r2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x21, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)) [ 858.220696][T15091] Memory cgroup stats for /syz3: cache:0KB rss:291972KB rss_huge:184320KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:225392KB active_anon:48808KB inactive_file:0KB active_file:0KB unevictable:17856KB [ 858.258079][ T3874] kobject: 'loop4' (00000000cf95f2ed): kobject_uevent_env 03:40:20 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0xff03000000000000}}], 0x20}], 0x4924924924924d0, 0x0) [ 858.267952][T15091] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=13968,uid=0 [ 858.269779][ T3874] kobject: 'loop4' (00000000cf95f2ed): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 858.321877][T15091] Memory cgroup out of memory: Killed process 13968 (syz-executor.3) total-vm:72580kB, anon-rss:18124kB, file-rss:34816kB, shmem-rss:0kB [ 858.344331][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 858.358951][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' 03:40:21 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241, 0x0, 0xffffffff00000000}}], 0x20}], 0x4924924924924d0, 0x0) 03:40:21 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) r1 = socket$inet6(0xa, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x5, 0x30}, &(0x7f0000000280)=0xc) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000002c0)={r2, 0xffffffffffffff00}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x77, 0x0, 0x8) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000200)=0x4, 0x4) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x100, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00') [ 858.447791][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 858.461464][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 858.567636][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 858.570138][ T7694] kobject: 'ip6tnl0' (000000006a259370): kobject_uevent_env [ 858.580952][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 858.596019][ T7694] kobject: 'ip6tnl0' (000000006a259370): kobject_uevent_env: uevent_suppress caused the event to drop! [ 858.617140][ T7694] kobject: 'rx-0' (00000000175bc351): kobject_cleanup, parent 0000000055758ad4 [ 858.621695][ T3874] kobject: 'loop4' (00000000cf95f2ed): kobject_uevent_env [ 858.636069][ T7694] kobject: 'rx-0' (00000000175bc351): auto cleanup 'remove' event [ 858.642174][ T3874] kobject: 'loop4' (00000000cf95f2ed): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 858.650400][ T7694] kobject: 'rx-0' (00000000175bc351): kobject_uevent_env [ 858.666337][ T7694] kobject: 'rx-0' (00000000175bc351): kobject_uevent_env: uevent_suppress caused the event to drop! [ 858.690134][ T7694] kobject: 'rx-0' (00000000175bc351): auto cleanup kobject_del [ 858.705377][ T7694] kobject: 'rx-0' (00000000175bc351): calling ktype release [ 858.712864][ T7694] kobject: 'rx-0': free name [ 858.717513][ T7694] kobject: 'tx-0' (00000000f9164e31): kobject_cleanup, parent 0000000055758ad4 [ 858.726537][ T7694] kobject: 'tx-0' (00000000f9164e31): auto cleanup 'remove' event [ 858.734535][ T7694] kobject: 'tx-0' (00000000f9164e31): kobject_uevent_env [ 858.741544][ T7694] kobject: 'tx-0' (00000000f9164e31): kobject_uevent_env: uevent_suppress caused the event to drop! [ 858.752371][ T7694] kobject: 'tx-0' (00000000f9164e31): auto cleanup kobject_del [ 858.759952][ T7694] kobject: 'tx-0' (00000000f9164e31): calling ktype release [ 858.767260][ T7694] kobject: 'tx-0': free name [ 858.771965][ T7694] kobject: 'queues' (0000000055758ad4): kobject_cleanup, parent (null) [ 858.781066][ T7694] kobject: 'queues' (0000000055758ad4): calling ktype release [ 858.788684][ T7694] kobject: 'queues' (0000000055758ad4): kset_release [ 858.795741][ T7694] kobject: 'queues': free name [ 858.800751][ T7694] kobject: 'ip6tnl0' (00000000fed73119): kobject_uevent_env [ 858.808056][ T7694] kobject: 'ip6tnl0' (00000000fed73119): kobject_uevent_env: uevent_suppress caused the event to drop! [ 858.831864][ T7694] kobject: 'ip6tnl0' (000000006a259370): kobject_cleanup, parent (null) [ 858.841077][ T7694] kobject: 'ip6tnl0' (000000006a259370): auto cleanup 'remove' event [ 858.861808][ T7694] kobject: 'ip6tnl0' (000000006a259370): kobject_uevent_env [ 858.863277][T15091] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 858.869105][ T7694] kobject: 'ip6tnl0' (000000006a259370): kobject_uevent_env: uevent_suppress caused the event to drop! [ 858.869117][ T7694] kobject: 'ip6tnl0' (000000006a259370): calling ktype release [ 858.869143][ T7694] kobject: 'ip6tnl0': free name [ 858.869204][ T7694] kobject: 'ip6tnl0' (00000000fed73119): kobject_cleanup, parent (null) [ 858.909269][T15091] CPU: 1 PID: 15091 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 858.923666][T15091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 858.933715][T15091] Call Trace: [ 858.937009][T15091] dump_stack+0x172/0x1f0 [ 858.941346][T15091] dump_header+0x10f/0xba6 [ 858.945760][T15091] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 858.951566][T15091] ? ___ratelimit+0x60/0x595 [ 858.956163][T15091] ? do_raw_spin_unlock+0x57/0x270 [ 858.960263][ T7694] kobject: 'ip6tnl0' (00000000fed73119): auto cleanup 'remove' event [ 858.961278][T15091] oom_kill_process.cold+0x10/0x15 [ 858.969366][ T7694] kobject: 'ip6tnl0' (00000000fed73119): kobject_uevent_env [ 858.974400][T15091] out_of_memory+0x79a/0x1280 [ 858.974416][T15091] ? lock_downgrade+0x880/0x880 [ 858.974436][T15091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 858.981703][ T7694] kobject: 'ip6tnl0' (00000000fed73119): kobject_uevent_env: uevent_suppress caused the event to drop! [ 858.986355][T15091] ? oom_killer_disable+0x280/0x280 [ 858.986376][T15091] mem_cgroup_out_of_memory+0x1ca/0x230 [ 858.986394][T15091] ? memcg_event_wake+0x230/0x230 [ 858.991215][ T7694] kobject: 'ip6tnl0' (00000000fed73119): calling ktype release [ 858.997434][T15091] ? do_raw_spin_unlock+0x57/0x270 [ 858.997456][T15091] ? _raw_spin_unlock+0x2d/0x50 [ 859.008467][ T7694] kobject: 'ip6tnl0': free name [ 859.013615][T15091] try_charge+0x118d/0x1790 [ 859.013634][T15091] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 859.013657][T15091] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 859.062413][T15091] mem_cgroup_try_charge+0x24d/0x5e0 [ 859.067676][T15091] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 859.073284][T15091] wp_page_copy+0x408/0x1740 [ 859.077851][T15091] ? pmd_pfn+0x1d0/0x1d0 [ 859.082114][T15091] ? lock_downgrade+0x880/0x880 [ 859.086940][T15091] ? swp_swapcount+0x540/0x540 [ 859.091683][T15091] ? kasan_check_read+0x11/0x20 [ 859.096509][T15091] ? do_raw_spin_unlock+0x57/0x270 [ 859.101602][T15091] do_wp_page+0x5d8/0x16c0 [ 859.105998][T15091] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 859.111347][T15091] __handle_mm_fault+0x22e8/0x3ec0 [ 859.116436][T15091] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 859.121960][T15091] ? perf_trace_lock+0x510/0x510 [ 859.126872][T15091] ? kasan_check_read+0x11/0x20 [ 859.131698][T15091] ? handle_mm_fault+0x322/0xb30 [ 859.136618][T15091] ? handle_mm_fault+0xb8/0xb30 [ 859.141444][T15091] ? trace_hardirqs_on+0x67/0x230 [ 859.146449][T15091] handle_mm_fault+0x43f/0xb30 [ 859.151190][T15091] __get_user_pages+0x7b6/0x1a40 [ 859.156106][T15091] ? follow_page_mask+0x19a0/0x19a0 [ 859.161277][T15091] ? perf_trace_lock+0xeb/0x510 [ 859.166102][T15091] ? __vma_adjust+0x1840/0x1840 [ 859.170928][T15091] ? lock_acquire+0x16f/0x3f0 [ 859.175580][T15091] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 859.181807][T15091] populate_vma_page_range+0x20d/0x2a0 [ 859.187250][T15091] __mm_populate+0x204/0x380 [ 859.191817][T15091] ? populate_vma_page_range+0x2a0/0x2a0 [ 859.197429][T15091] __x64_sys_mlockall+0x35c/0x520 [ 859.202432][T15091] do_syscall_64+0x103/0x610 [ 859.207005][T15091] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 859.212874][T15091] RIP: 0033:0x457e29 [ 859.216744][T15091] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 859.236363][T15091] RSP: 002b:00007f83d0fd9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 859.244749][T15091] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000457e29 [ 859.252700][T15091] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 859.260650][T15091] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 859.268596][T15091] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f83d0fda6d4 [ 859.276542][T15091] R13: 00000000004c3b80 R14: 00000000004d6c88 R15: 00000000ffffffff [ 859.292184][ T3874] kobject: 'loop2' (00000000f6a9fdf5): kobject_uevent_env [ 859.292726][T15091] memory: usage 307200kB, limit 307200kB, failcnt 15543 [ 859.299860][ T3874] kobject: 'loop2' (00000000f6a9fdf5): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 859.310905][ T7694] kobject: 'rx-0' (000000009d24adcf): kobject_cleanup, parent 000000004135eb07 [ 859.330680][T15091] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 859.335393][ T7694] kobject: 'rx-0' (000000009d24adcf): auto cleanup 'remove' event [ 859.338654][T15091] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 859.346402][ T7694] kobject: 'rx-0' (000000009d24adcf): kobject_uevent_env [ 859.353038][T15091] Memory cgroup stats for /syz3: cache:0KB rss:291868KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:218884KB active_anon:48804KB inactive_file:0KB active_file:0KB unevictable:24272KB [ 859.363893][ T7694] kobject: 'rx-0' (000000009d24adcf): kobject_uevent_env: uevent_suppress caused the event to drop! [ 859.382641][T15091] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=15090,uid=0 [ 859.397481][ T7694] kobject: 'rx-0' (000000009d24adcf): auto cleanup kobject_del [ 859.409126][T15091] Memory cgroup out of memory: Killed process 15090 (syz-executor.3) total-vm:72580kB, anon-rss:11960kB, file-rss:53544kB, shmem-rss:0kB [ 859.421693][ T7694] kobject: 'rx-0' (000000009d24adcf): calling ktype release [ 859.432488][ T1042] oom_reaper: reaped process 15090 (syz-executor.3), now anon-rss:11980kB, file-rss:54312kB, shmem-rss:0kB [ 859.442032][ T7694] kobject: 'rx-0': free name [ 859.458336][ T7694] kobject: 'tx-0' (00000000b84f5816): kobject_cleanup, parent 000000004135eb07 [ 859.468268][ T7694] kobject: 'tx-0' (00000000b84f5816): auto cleanup 'remove' event [ 859.479652][ T7694] kobject: 'tx-0' (00000000b84f5816): kobject_uevent_env [ 859.487670][ T7694] kobject: 'tx-0' (00000000b84f5816): kobject_uevent_env: uevent_suppress caused the event to drop! [ 859.503100][ T7694] kobject: 'tx-0' (00000000b84f5816): auto cleanup kobject_del [ 859.510810][ T7694] kobject: 'tx-0' (00000000b84f5816): calling ktype release 03:40:22 executing program 3: mlockall(0x200000000000004) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x4001, 0x0) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1b, &(0x7f0000000440)={0x0, 0xfb, "2e4b5f9521f618b635ee695044d1fbcc728c5c33faec2a2b9b365868ca4f56114040c255fa445724e955ccf8a731069136a4596e208242f1ec59568e9097a1db4e29ae1b4a7515f2d94ef1ed96a026e0b9b213af6c51edadba2ea0a4cdbfbeaffa4226e8c21f5dd5dfae67d93a247887d78aaf325e02e25fc02fe7fc964bbc724635a1fc413efc6eb047a838450d661ec80a310dfd1fa1293a75a92293f8b425316ddc19728dddd171b7ec2a85e03c649a1f8628b4b222bf305375791ed91291221e5d38d522fbb78779c6d7a1fc370ac7695d2486add59ce428f9a108200dec4d41a3963d6ab178f8586db8d90d4ad5d7c980b681d79eb688a137"}, &(0x7f0000000580)=0x103) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f00000005c0)={0x0, 0x1f, 0x20, 0x383b, 0x5}, &(0x7f0000000600)=0x18) ioctl$KVM_SET_DEBUGREGS(r1, 0x4080aea2, &(0x7f0000000840)={[0x6006, 0x4, 0x6000, 0x2000], 0x81, 0x80, 0x2}) sendmsg$inet_sctp(r1, &(0x7f0000000740)={&(0x7f0000000040)=@in6={0xa, 0x4e20, 0x1590, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x16}}, 0x6}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000080)="8c5e563561bb656cfbba8a555226d578678a8a6c94d0d6d0615593997527eba939f879fb7c8eadefa8ca3fd302b52f74735295d8cdc0", 0x36}, {&(0x7f0000000180)="1d0e61307e9b0248a3ab62d4972b0b88cb4fa7498bc187ee9f811b4fe9d7ab0692217b8ac87b1ce7bc45d4111a49ce5ad60bfe6a1c5ced0e8567c6c58fd1287731e3991828b5d5d33a0241b79d5b74031f85fbb29809b71b304901cfce9769d38b9943214cfa20133b7de4a67e4d1441d62ee9c2b77facecd6b300016e2016c37cedc46b7101a22870dbfe0eb77931b056b05fabff04158023f429ea7993b98ab6f381fd", 0xa4}, {&(0x7f00000000c0)="963dd562ecec002395bcb141b3939c9dda72dfbc546b7c9567da0fc41ad2dd5394e9f2799030048d52cafc224add4dec048ee20405179033bcb53b03fe582f6d802bdd948d728b1395337209ba8379b5b00723e06b975e110b98daff33cdcd52d992aa7d7071ade7724735d2c7c07b0a62", 0x71}, {&(0x7f0000000240)="08d390486d1a05f16440b3a54625c1ae46a7685804d641d407c853dc5abf1d801d1d31e79fcaa03469dc7fe4291b5bb194f5c85f41963f59cf149d697d267af5e9be3351baaafd3a5e098d9b07a8d0172d74a9d9df18920ca129624647fa1ef4722917f27010b2bc2ca1b02b307b1c714f4d7366604c5bdb17dfc150c6eaec1bce95b0937716453ecfc5ea64e12f2b5fb3f6c1965dd595e8f4493d09531625f33f48f223be4168e3b7ac7cf39b560fd11fac917d5692b977532acf375607827f2a28becad2e246ed55410d6ca377f0d496f590938193f4f675805659cbc3f4ccb1f01ab0a0abfa2791", 0xe9}, {&(0x7f0000000340)="df015b8fc69080e80f99ba0cd114455131fef7a68621df9406bf14e2e2fbf70769b86d2ea56d408c02f87058183ab81a30d191567f1d78c9ad976fb6fcf3718cd5d4ba9a0ecb0ddab2de9ea3ea9950f236bff329729eb66d7c4f", 0x5a}], 0x5, &(0x7f0000000640)=[@init={0x18, 0x84, 0x0, {0x2, 0x4fe, 0x3, 0x7fff}}, @prinfo={0x18, 0x84, 0x5, {0x10, 0xfffffffffffffffd}}, @init={0x18, 0x84, 0x0, {0x100, 0x4, 0x47, 0x7ff}}, @sndinfo={0x20, 0x84, 0x2, {0x7, 0x0, 0x100000001, 0x9, r2}}, @prinfo={0x18, 0x84, 0x5, {0x10, 0x5}}, @dstaddrv6={0x20, 0x84, 0x8, @mcast1}, @sndrcv={0x30, 0x84, 0x1, {0x5, 0x0, 0x1, 0x3, 0x10001, 0x4, 0x8000, 0x101, r3}}], 0xd0, 0x4048000}, 0x4000050) getpeername$unix(r1, &(0x7f0000000780), &(0x7f0000000800)=0x6e) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:40:22 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) r1 = socket$inet6(0xa, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x5, 0x30}, &(0x7f0000000280)=0xc) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000002c0)={r2, 0xffffffffffffff00}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x77, 0x0, 0x8) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000200)=0x4, 0x4) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x100, 0x0) 03:40:22 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0xf}], 0x4924924924924d0, 0x0) 03:40:22 executing program 5: mlockall(0x1) r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) r1 = openat$cgroup_subtree(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000040)={0x80000001}) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f00000000c0)={0x7fff, 0x400000000, 0x4}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r2, r3) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:40:22 executing program 4: r0 = memfd_create(&(0x7f0000000040)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ftruncate(r1, 0x208200) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x602200, 0x4, 0x4002011, r2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x21, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) 03:40:22 executing program 2: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x80, 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) [ 859.521072][ T7694] kobject: 'tx-0': free name [ 859.527257][ T7694] kobject: 'queues' (000000004135eb07): kobject_cleanup, parent (null) [ 859.549722][ T7694] kobject: 'queues' (000000004135eb07): calling ktype release [ 859.573821][ T26] kauditd_printk_skb: 9 callbacks suppressed [ 859.573835][ T26] audit: type=1804 audit(2000000422.200:640): pid=15139 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/24/file0/bus" dev="ramfs" ino=119905 res=1 03:40:22 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) r1 = socket$inet6(0xa, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x5, 0x30}, &(0x7f0000000280)=0xc) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000002c0)={r2, 0xffffffffffffff00}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x77, 0x0, 0x8) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r0, 0x10e, 0x8, &(0x7f0000000200)=0x4, 0x4) [ 859.635548][ T7694] kobject: 'queues' (000000004135eb07): kset_release [ 859.662385][ T7694] kobject: 'queues': free name 03:40:22 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x24}], 0x4924924924924d0, 0x0) [ 859.680317][ T7694] kobject: 'sit0' (0000000080ce8f39): kobject_uevent_env [ 859.688345][ T26] audit: type=1804 audit(2000000422.200:641): pid=15139 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/24/file0/bus" dev="ramfs" ino=119905 res=1 [ 859.690042][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 859.718925][ T7694] kobject: 'sit0' (0000000080ce8f39): kobject_uevent_env: uevent_suppress caused the event to drop! [ 859.743580][ T7694] kobject: 'rx-0' (0000000062a82cc5): kobject_cleanup, parent 0000000072253233 [ 859.756833][ T7694] kobject: 'rx-0' (0000000062a82cc5): auto cleanup 'remove' event [ 859.765012][ T26] audit: type=1804 audit(2000000422.200:642): pid=15139 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/24/file0/bus" dev="ramfs" ino=119905 res=1 03:40:22 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) r1 = socket$inet6(0xa, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x5, 0x30}, &(0x7f0000000280)=0xc) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000002c0)={r2, 0xffffffffffffff00}, 0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x77, 0x0, 0x8) [ 859.789548][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 859.817281][ T7694] kobject: 'rx-0' (0000000062a82cc5): kobject_uevent_env 03:40:22 executing program 4: r0 = memfd_create(&(0x7f0000000040)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ftruncate(r1, 0x208200) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x602200, 0x4, 0x4002011, r2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x21, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) 03:40:22 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x30}], 0x4924924924924d0, 0x0) [ 859.839465][ T7694] kobject: 'rx-0' (0000000062a82cc5): kobject_uevent_env: uevent_suppress caused the event to drop! [ 859.865172][ T7694] kobject: 'rx-0' (0000000062a82cc5): auto cleanup kobject_del [ 859.875687][ T7694] kobject: 'rx-0' (0000000062a82cc5): calling ktype release [ 859.885821][ T7694] kobject: 'rx-0': free name 03:40:22 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) r1 = socket$inet6(0xa, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x5, 0x30}, &(0x7f0000000280)=0xc) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x77, 0x0, 0x8) [ 859.890540][ T7694] kobject: 'tx-0' (00000000ebcb0db9): kobject_cleanup, parent 0000000072253233 [ 859.891372][ T3874] kobject: 'loop4' (00000000cf95f2ed): kobject_uevent_env [ 859.901051][ T7694] kobject: 'tx-0' (00000000ebcb0db9): auto cleanup 'remove' event [ 859.919045][ T7694] kobject: 'tx-0' (00000000ebcb0db9): kobject_uevent_env [ 859.940385][ T7694] kobject: 'tx-0' (00000000ebcb0db9): kobject_uevent_env: uevent_suppress caused the event to drop! [ 859.943335][ T3874] kobject: 'loop4' (00000000cf95f2ed): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 859.969339][ T26] audit: type=1804 audit(2000000422.590:643): pid=15158 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/25/file0/bus" dev="ramfs" ino=119401 res=1 [ 859.994811][ T7694] kobject: 'tx-0' (00000000ebcb0db9): auto cleanup kobject_del [ 860.035226][ T26] audit: type=1804 audit(2000000422.600:644): pid=15158 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/25/file0/bus" dev="ramfs" ino=119401 res=1 [ 860.054808][ T7694] kobject: 'tx-0' (00000000ebcb0db9): calling ktype release [ 860.108062][ T7694] kobject: 'tx-0': free name [ 860.108084][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 860.119533][ T7694] kobject: 'queues' (0000000072253233): kobject_cleanup, parent (null) [ 860.135577][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 860.145297][ T26] audit: type=1804 audit(2000000422.600:645): pid=15158 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/25/file0/bus" dev="ramfs" ino=119401 res=1 [ 860.179485][ T7694] kobject: 'queues' (0000000072253233): calling ktype release [ 860.200214][ T7694] kobject: 'queues' (0000000072253233): kset_release [ 860.211229][ T7694] kobject: 'queues': free name [ 860.216649][ T7694] kobject: 'sit0' (00000000318b71a1): kobject_uevent_env [ 860.224217][ T7694] kobject: 'sit0' (00000000318b71a1): kobject_uevent_env: uevent_suppress caused the event to drop! 03:40:22 executing program 3: mlockall(0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$key(0xf, 0x3, 0x2) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) 03:40:22 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x77, 0x0, 0x8) 03:40:22 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x200c3020}], 0x4924924924924d0, 0x0) [ 860.281884][ T7694] kobject: 'sit0' (0000000080ce8f39): kobject_cleanup, parent (null) [ 860.307401][ T7694] kobject: 'sit0' (0000000080ce8f39): auto cleanup 'remove' event [ 860.328857][ T7694] kobject: 'sit0' (0000000080ce8f39): kobject_uevent_env [ 860.363104][ T7694] kobject: 'sit0' (0000000080ce8f39): kobject_uevent_env: uevent_suppress caused the event to drop! [ 860.366767][ T3874] kobject: 'loop4' (00000000cf95f2ed): kobject_uevent_env [ 860.395550][ T3874] kobject: 'loop4' (00000000cf95f2ed): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 860.401382][ T7694] kobject: 'sit0' (0000000080ce8f39): calling ktype release [ 860.424686][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env [ 860.441022][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 860.451533][ T7694] kobject: 'sit0': free name [ 860.470894][ T7694] kobject: 'sit0' (00000000318b71a1): kobject_cleanup, parent (null) 03:40:23 executing program 5: mlockall(0x1) r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) r1 = openat$cgroup_subtree(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.subtree_control\x00', 0x2, 0x0) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000040)={0x80000001}) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f00000000c0)={0x7fff, 0x400000000, 0x4}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup2(r2, r3) 03:40:23 executing program 4: r0 = memfd_create(&(0x7f0000000040)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ftruncate(r1, 0x208200) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) r2 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x602200, 0x4, 0x4002011, r2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x21, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) [ 860.499626][ T7694] kobject: 'sit0' (00000000318b71a1): auto cleanup 'remove' event [ 860.520360][ T7694] kobject: 'sit0' (00000000318b71a1): kobject_uevent_env [ 860.529122][ T7694] kobject: 'sit0' (00000000318b71a1): kobject_uevent_env: uevent_suppress caused the event to drop! [ 860.540425][ T7694] kobject: 'sit0' (00000000318b71a1): calling ktype release [ 860.555593][ T26] audit: type=1804 audit(2000000423.180:646): pid=15186 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/26/file0/bus" dev="ramfs" ino=119977 res=1 [ 860.564158][ T7694] kobject: 'sit0': free name [ 860.612905][ T7694] kobject: 'rx-0' (000000003d63ef08): kobject_cleanup, parent 000000005b3b3b73 [ 860.614155][ T26] audit: type=1804 audit(2000000423.180:647): pid=15186 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/26/file0/bus" dev="ramfs" ino=119977 res=1 [ 860.635090][ T7694] kobject: 'rx-0' (000000003d63ef08): auto cleanup 'remove' event [ 860.686987][ T7694] kobject: 'rx-0' (000000003d63ef08): kobject_uevent_env [ 860.706312][ T26] audit: type=1804 audit(2000000423.180:648): pid=15186 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir147812284/syzkaller.DIu7ec/26/file0/bus" dev="ramfs" ino=119977 res=1 [ 860.709539][ T7694] kobject: 'rx-0' (000000003d63ef08): kobject_uevent_env: uevent_suppress caused the event to drop! 03:40:23 executing program 2: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x80, 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000040), &(0x7f0000000080)=0x4) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:40:23 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20, 0x2}], 0x4924924924924d0, 0x0) 03:40:23 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x8) 03:40:23 executing program 3: mlockall(0x1) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x410100, 0x0) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000240)={{0x6, 0x3, 0x400, 0x6, 'syz1\x00', 0x277}, 0x0, [0x1, 0x9, 0x9, 0x6, 0x1, 0x9, 0x5, 0x0, 0x0, 0x1f, 0x91, 0x4, 0xffffffff, 0x7f, 0x7929, 0x8, 0x1, 0x200, 0x1, 0x8, 0x4, 0xfffffffffffffff8, 0x2, 0x474c, 0x4efe, 0x9, 0x3, 0x6, 0xfffffffffffffffa, 0x51d, 0x2, 0xff, 0x7, 0x3ff, 0x8, 0x100000001, 0x20, 0x6, 0x4, 0xffffffff, 0x6, 0x100000001, 0x5, 0x5, 0x5ca, 0xa9c, 0x6, 0x7fff, 0x7, 0x15b, 0x0, 0x7, 0x2, 0x0, 0x3f, 0x9, 0x8, 0x6, 0x80000001, 0x8, 0x400, 0x7, 0x800, 0x2, 0x200, 0x9, 0xe09, 0x8, 0x6, 0x100000001, 0x9, 0x100000000, 0x0, 0x0, 0x40, 0x7fffffff, 0x9, 0x1, 0x9, 0xd3, 0x1, 0xfffffffffffffff9, 0x3, 0x0, 0x101, 0xfff, 0x0, 0x9, 0xe7f9, 0x788, 0x7, 0x6, 0x20, 0x1, 0x1fe0000000000, 0x5, 0x6, 0x6, 0xb9, 0x2, 0x2, 0x1000, 0xffffffff, 0x80, 0x9, 0x9, 0x0, 0x4, 0x8000, 0x200, 0x4, 0x3, 0x50, 0xb9be, 0x1, 0xfffffffffffffff9, 0x36, 0x1000, 0x0, 0x101, 0x4, 0x401, 0x2, 0x3, 0x2a05, 0x8, 0x9, 0xfff], {r1, r2+10000000}}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r3 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x6, 0x48002) ioctl$VT_GETSTATE(r3, 0x5603, &(0x7f0000000040)={0x8, 0xfffffffffffffff8, 0x4}) getsockopt$inet6_buf(r3, 0x29, 0x2b, &(0x7f0000000080)=""/19, &(0x7f00000000c0)=0x13) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x80010, r3, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000740)='/proc/self/net/pfkey\x00', 0x301800, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) setsockopt$IP_VS_SO_SET_EDITDEST(r3, 0x0, 0x489, &(0x7f0000000100)={{0x3e, @rand_addr=0x101, 0x4e21, 0x3, 'lblcr\x00', 0x12, 0x7fffffff, 0x5a}, {@multicast1, 0x4e22, 0x4, 0x0, 0xc19, 0x1}}, 0x44) ioctl$PPPIOCSFLAGS(r3, 0x40047459, &(0x7f0000000180)=0x1100) 03:40:23 executing program 4: memfd_create(&(0x7f0000000040)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000700)='./bus\x00', 0x0) open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ftruncate(r0, 0x208200) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) r1 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x602200, 0x4, 0x4002011, r1, 0x0) [ 860.760857][ T7694] kobject: 'rx-0' (000000003d63ef08): auto cleanup kobject_del [ 860.770968][ T3874] kobject: 'loop2' (00000000f6a9fdf5): kobject_uevent_env [ 860.804808][ T3874] kobject: 'loop2' (00000000f6a9fdf5): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 860.811905][ T7694] kobject: 'rx-0' (000000003d63ef08): calling ktype release [ 860.834778][T15194] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 860.839756][ T7694] kobject: 'rx-0': free name 03:40:23 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x8) 03:40:23 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000600)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x200}}], 0x30}, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ion\x00', 0x0, 0x0) ioctl$FITRIM(r1, 0xc0184908, &(0x7f0000000000)) sendmmsg$inet_sctp(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=@in={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10, &(0x7f0000562000), 0x0, &(0x7f00000c3000)=[@sndinfo={0x20, 0x84, 0x2, {0x0, 0x241}}], 0x20, 0x4}], 0x4924924924924d0, 0x0) [ 860.864987][ T3874] kobject: 'loop4' (00000000cf95f2ed): kobject_uevent_env [ 860.880176][ T7694] kobject: 'tx-0' (00000000cc0c3a90): kobject_cleanup, parent 000000005b3b3b73 [ 860.895093][T15194] CPU: 1 PID: 15194 Comm: syz-executor.3 Not tainted 5.0.0-rc6-next-20190215 #36 [ 860.904213][T15194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 860.908212][ T7694] kobject: 'tx-0' (00000000cc0c3a90): auto cleanup 'remove' event [ 860.914258][T15194] Call Trace: [ 860.914279][T15194] dump_stack+0x172/0x1f0 [ 860.914300][T15194] dump_header+0x10f/0xba6 [ 860.914318][T15194] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 860.914334][T15194] ? ___ratelimit+0x60/0x595 [ 860.914351][T15194] ? do_raw_spin_unlock+0x57/0x270 [ 860.914369][T15194] oom_kill_process.cold+0x10/0x15 [ 860.954696][T15194] out_of_memory+0x79a/0x1280 [ 860.955577][ T7694] kobject: 'tx-0' (00000000cc0c3a90): kobject_uevent_env [ 860.959374][T15194] ? lock_downgrade+0x880/0x880 [ 860.959390][T15194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 860.959407][T15194] ? oom_killer_disable+0x280/0x280 [ 860.970522][ T3874] kobject: 'loop4' (00000000cf95f2ed): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 860.971254][T15194] mem_cgroup_out_of_memory+0x1ca/0x230 [ 860.998310][T15194] ? memcg_event_wake+0x230/0x230 [ 860.999926][ T3874] kobject: 'loop1' (000000007af1e5b2): kobject_uevent_env 03:40:23 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0xc9, 0x0) write$P9_RXATTRWALK(r0, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0xa126}, 0xf) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x8) [ 861.003340][T15194] ? do_raw_spin_unlock+0x57/0x270 [ 861.003359][T15194] ? _raw_spin_unlock+0x2d/0x50 [ 861.003378][T15194] try_charge+0x118d/0x1790 [ 861.003398][T15194] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 861.003421][T15194] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 861.003436][T15194] mem_cgroup_try_charge+0x24d/0x5e0 [ 861.003454][T15194] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 861.035132][ T7694] kobject: 'tx-0' (00000000cc0c3a90): kobject_uevent_env: uevent_suppress caused the event to drop! [ 861.036979][T15194] __handle_mm_fault+0x1e1f/0x3ec0 [ 861.036999][T15194] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 861.044592][ T3874] kobject: 'loop1' (000000007af1e5b2): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 861.047877][T15194] ? perf_trace_lock+0x510/0x510 [ 861.047898][T15194] ? kasan_check_read+0x11/0x20 [ 861.075889][ T7694] kobject: 'tx-0' (00000000cc0c3a90): auto cleanup kobject_del [ 861.079408][T15194] ? handle_mm_fault+0x322/0xb30 [ 861.079429][T15194] ? handle_mm_fault+0xb8/0xb30 [ 861.106487][T15194] ? trace_hardirqs_on+0x67/0x230 [ 861.111527][T15194] handle_mm_fault+0x43f/0xb30 [ 861.114031][ T7694] kobject: 'tx-0' (00000000cc0c3a90): calling ktype release [ 861.116302][T15194] __get_user_pages+0x7b6/0x1a40 [ 861.116323][T15194] ? follow_page_mask+0x19a0/0x19a0 [ 861.133681][T15194] ? perf_trace_lock+0xeb/0x510 [ 861.138535][T15194] ? __vma_adjust+0x1840/0x1840 [ 861.143395][T15194] ? lock_acqui