, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1641.935512][ T7291] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:52:27 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0xffffffbf00000000) [ 1641.995227][ T7291] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:52:27 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x7f7}, 0x28) 07:52:27 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020192020202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1642.144606][ T7293] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1642.189642][ T7293] CPU: 1 PID: 7293 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1642.198293][ T7293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1642.208384][ T7293] Call Trace: [ 1642.208407][ T7291] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1642.211680][ T7293] dump_stack+0x11d/0x181 [ 1642.211705][ T7293] dump_header+0xaa/0x39c [ 1642.211874][ T7293] oom_kill_process.cold+0x10/0x15 [ 1642.241121][ T7293] out_of_memory+0x231/0xa60 [ 1642.245725][ T7293] ? __rcu_read_unlock+0x66/0x3d0 [ 1642.250778][ T7293] mem_cgroup_out_of_memory+0x128/0x150 [ 1642.256344][ T7293] try_charge+0xb6c/0xbf0 [ 1642.260685][ T7293] ? rcu_note_context_switch+0x720/0x760 [ 1642.266334][ T7293] mem_cgroup_try_charge+0xd2/0x260 [ 1642.271544][ T7293] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1642.277197][ T7293] __handle_mm_fault+0x197f/0x2e00 [ 1642.282471][ T7293] handle_mm_fault+0x21b/0x530 [ 1642.287319][ T7293] __get_user_pages+0x485/0x1130 [ 1642.292282][ T7293] populate_vma_page_range+0xe6/0x100 [ 1642.297671][ T7293] __mm_populate+0x168/0x2a0 [ 1642.302345][ T7293] __x64_sys_mlockall+0x2e3/0x320 [ 1642.307379][ T7293] do_syscall_64+0xcc/0x3a0 [ 1642.311969][ T7293] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1642.318056][ T7293] RIP: 0033:0x45af49 07:52:27 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0xffffffff00000000) 07:52:27 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0xffffffffffffffff) [ 1642.321971][ T7293] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1642.341723][ T7293] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1642.350259][ T7293] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1642.358274][ T7293] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1642.366253][ T7293] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1642.374250][ T7293] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1642.382257][ T7293] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:52:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000000300000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1642.517475][ T7313] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1642.536558][ T7313] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1642.547993][ T7293] memory: usage 307200kB, limit 307200kB, failcnt 1156 [ 1642.555275][ T7293] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1642.562226][ T7293] Memory cgroup stats for /syz4: [ 1642.562409][ T7293] anon 310517760 [ 1642.562409][ T7293] file 8192 [ 1642.562409][ T7293] kernel_stack 294912 [ 1642.562409][ T7293] slab 942080 [ 1642.562409][ T7293] sock 0 [ 1642.562409][ T7293] shmem 0 [ 1642.562409][ T7293] file_mapped 0 [ 1642.562409][ T7293] file_dirty 0 [ 1642.562409][ T7293] file_writeback 0 [ 1642.562409][ T7293] anon_thp 274726912 [ 1642.562409][ T7293] inactive_anon 262729728 [ 1642.562409][ T7293] active_anon 212992 [ 1642.562409][ T7293] inactive_file 0 [ 1642.562409][ T7293] active_file 118784 [ 1642.562409][ T7293] unevictable 47603712 [ 1642.562409][ T7293] slab_reclaimable 135168 [ 1642.562409][ T7293] slab_unreclaimable 806912 [ 1642.562409][ T7293] pgfault 241593 [ 1642.562409][ T7293] pgmajfault 0 [ 1642.562409][ T7293] workingset_refault 0 [ 1642.562409][ T7293] workingset_activate 0 [ 1642.562409][ T7293] workingset_nodereclaim 0 [ 1642.562409][ T7293] pgrefill 164 [ 1642.562409][ T7293] pgscan 253 [ 1642.562409][ T7293] pgsteal 34 [ 1642.657643][ T7293] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7278,uid=0 [ 1642.673307][ T7313] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1642.688947][ T7293] Memory cgroup out of memory: Killed process 7278 (syz-executor.4) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1642.743990][ T7298] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1642.761911][ T7298] CPU: 1 PID: 7298 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1642.770525][ T7298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1642.780577][ T7298] Call Trace: [ 1642.783883][ T7298] dump_stack+0x11d/0x181 [ 1642.788225][ T7298] dump_header+0xaa/0x39c [ 1642.792742][ T7298] oom_kill_process.cold+0x10/0x15 [ 1642.797873][ T7298] out_of_memory+0x231/0xa60 [ 1642.802495][ T7298] mem_cgroup_out_of_memory+0x128/0x150 [ 1642.808327][ T7298] try_charge+0xb6c/0xbf0 [ 1642.812692][ T7298] ? rcu_note_context_switch+0x720/0x760 [ 1642.818379][ T7298] mem_cgroup_try_charge+0xd2/0x260 [ 1642.823699][ T7298] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1642.829359][ T7298] __handle_mm_fault+0x197f/0x2e00 [ 1642.834603][ T7298] handle_mm_fault+0x21b/0x530 [ 1642.839386][ T7298] __get_user_pages+0x485/0x1130 [ 1642.844484][ T7298] populate_vma_page_range+0xe6/0x100 [ 1642.849871][ T7298] __mm_populate+0x168/0x2a0 [ 1642.854483][ T7298] __x64_sys_mlockall+0x2e3/0x320 [ 1642.859530][ T7298] do_syscall_64+0xcc/0x3a0 [ 1642.864124][ T7298] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1642.870279][ T7298] RIP: 0033:0x45af49 [ 1642.874205][ T7298] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1642.893814][ T7298] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1642.902227][ T7298] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1642.911475][ T7298] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1642.919448][ T7298] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1642.927427][ T7298] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1642.935438][ T7298] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1642.959600][ T7298] memory: usage 307200kB, limit 307200kB, failcnt 1178 [ 1642.967329][ T7298] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1642.974979][ T7298] Memory cgroup stats for /syz2: [ 1642.977792][ T7298] anon 309694464 [ 1642.977792][ T7298] file 106496 [ 1642.977792][ T7298] kernel_stack 331776 [ 1642.977792][ T7298] slab 1228800 [ 1642.977792][ T7298] sock 53248 [ 1642.977792][ T7298] shmem 0 [ 1642.977792][ T7298] file_mapped 0 [ 1642.977792][ T7298] file_dirty 0 [ 1642.977792][ T7298] file_writeback 0 [ 1642.977792][ T7298] anon_thp 270532608 [ 1642.977792][ T7298] inactive_anon 258351104 [ 1642.977792][ T7298] active_anon 7081984 [ 1642.977792][ T7298] inactive_file 135168 [ 1642.977792][ T7298] active_file 135168 [ 1642.977792][ T7298] unevictable 44306432 [ 1642.977792][ T7298] slab_reclaimable 405504 [ 1642.977792][ T7298] slab_unreclaimable 823296 [ 1642.977792][ T7298] pgfault 272712 [ 1642.977792][ T7298] pgmajfault 0 [ 1642.977792][ T7298] workingset_refault 0 [ 1642.977792][ T7298] workingset_activate 0 [ 1642.977792][ T7298] workingset_nodereclaim 0 [ 1642.977792][ T7298] pgrefill 110 [ 1642.977792][ T7298] pgscan 141 [ 1642.977792][ T7298] pgsteal 35 [ 1643.112934][ T7298] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=7271,uid=0 [ 1643.173540][ T7298] Memory cgroup out of memory: Killed process 7271 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1643.244476][ T1065] oom_reaper: reaped process 7271 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:52:29 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r6 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r6, 0x0, 0x0) r7 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r7) ioctl$SNDCTL_DSP_NONBLOCK(r7, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:29 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x7f8}, 0x28) 07:52:29 executing program 1: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) r2 = clone3(&(0x7f0000000800)={0x4000000, &(0x7f0000000600), &(0x7f0000000640), &(0x7f0000000680), {0x2d}, &(0x7f00000006c0)=""/9, 0x9, &(0x7f0000000700)=""/186, &(0x7f00000007c0)=[0x0, 0xffffffffffffffff, r0, 0xffffffffffffffff, r1], 0x5}, 0x50) timer_create(0x7, &(0x7f0000000000)={0x0, 0x10, 0xb, @tid=r2}, &(0x7f0000000200)=0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/timers\x00', 0x0, 0x0) syz_open_dev$mice(&(0x7f0000000080)='/dev/input/mice\x00', 0x0, 0x680a40) r4 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r4, &(0x7f00000009c0)='threaded\x00', 0x76656f) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000300)='/proc/capi/capi20ncci\x00', 0x28000, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cachefiles\x00', 0x1, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) r6 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r6, &(0x7f0000000000), 0x377140be6b5ef4c7}]) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f00000019c0)={0x0}, &(0x7f0000001a00)=0xc) process_vm_writev(r7, &(0x7f0000000140)=[{&(0x7f0000001a40)=""/4097, 0x1001}, {&(0x7f0000000c00)=""/134, 0x86}, {&(0x7f00000000c0)=""/77, 0x4d}], 0x3, &(0x7f0000000b40)=[{&(0x7f0000000240)=""/161, 0xa1}, {&(0x7f0000001940)=""/105, 0x69}, {&(0x7f0000000380)=""/164, 0xa4}, {&(0x7f0000000440)=""/199, 0xc7}, {&(0x7f0000001600)=""/200, 0xc8}, {&(0x7f00000001c0)=""/36, 0x24}, {&(0x7f0000001700)=""/164, 0xa4}, {&(0x7f0000001880)=""/173, 0xad}, {&(0x7f0000000a00)=""/171, 0xab}, {&(0x7f0000000ac0)=""/87, 0x57}], 0xa, 0x0) r8 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r8, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000008c0)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r8, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="00fb75d58a0092b886042abd7000fedbdf25010000000017e6ff000f000000037564703a"], 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x4) timer_gettime(r3, &(0x7f0000000000)) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) ioperm(0x6a85, 0x5, 0x3f) 07:52:29 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020201a2020202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:29 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000000400000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:29 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1643.849727][ T7333] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1643.860077][ T7333] CPU: 1 PID: 7333 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1643.868842][ T7333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1643.878942][ T7333] Call Trace: [ 1643.882248][ T7333] dump_stack+0x11d/0x181 [ 1643.886654][ T7333] dump_header+0xaa/0x39c [ 1643.891153][ T7333] oom_kill_process.cold+0x10/0x15 [ 1643.896296][ T7333] out_of_memory+0x231/0xa60 [ 1643.903163][ T7333] ? __rcu_read_unlock+0x66/0x3d0 [ 1643.908282][ T7333] mem_cgroup_out_of_memory+0x128/0x150 [ 1643.913902][ T7333] try_charge+0xb6c/0xbf0 [ 1643.918247][ T7333] ? rcu_note_context_switch+0x720/0x760 [ 1643.923893][ T7333] mem_cgroup_try_charge+0xd2/0x260 [ 1643.929105][ T7333] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1643.934878][ T7333] __handle_mm_fault+0x197f/0x2e00 [ 1643.940000][ T7333] handle_mm_fault+0x21b/0x530 [ 1643.944776][ T7333] __get_user_pages+0x485/0x1130 [ 1643.949750][ T7333] populate_vma_page_range+0xe6/0x100 [ 1643.955381][ T7333] __mm_populate+0x168/0x2a0 [ 1643.960039][ T7333] __x64_sys_mlockall+0x2e3/0x320 [ 1643.965062][ T7333] do_syscall_64+0xcc/0x3a0 [ 1643.969612][ T7333] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1643.975511][ T7333] RIP: 0033:0x45af49 [ 1643.979491][ T7333] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1643.999421][ T7333] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1644.007844][ T7333] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1644.015837][ T7333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1644.023991][ T7333] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1644.032100][ T7333] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1644.040143][ T7333] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1644.066007][ T7337] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1644.122152][ T7333] memory: usage 307200kB, limit 307200kB, failcnt 1195 [ 1644.153067][ T7333] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1644.178819][ T7337] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1644.190133][ T7333] Memory cgroup stats for /syz4: [ 1644.190315][ T7333] anon 310476800 [ 1644.190315][ T7333] file 8192 [ 1644.190315][ T7333] kernel_stack 258048 [ 1644.190315][ T7333] slab 942080 [ 1644.190315][ T7333] sock 0 [ 1644.190315][ T7333] shmem 0 [ 1644.190315][ T7333] file_mapped 0 [ 1644.190315][ T7333] file_dirty 0 [ 1644.190315][ T7333] file_writeback 0 [ 1644.190315][ T7333] anon_thp 274726912 [ 1644.190315][ T7333] inactive_anon 262549504 [ 1644.190315][ T7333] active_anon 229376 [ 1644.190315][ T7333] inactive_file 0 [ 1644.190315][ T7333] active_file 118784 [ 1644.190315][ T7333] unevictable 47857664 [ 1644.190315][ T7333] slab_reclaimable 135168 [ 1644.190315][ T7333] slab_unreclaimable 806912 [ 1644.190315][ T7333] pgfault 243177 [ 1644.190315][ T7333] pgmajfault 0 [ 1644.190315][ T7333] workingset_refault 0 [ 1644.190315][ T7333] workingset_activate 0 [ 1644.190315][ T7333] workingset_nodereclaim 0 [ 1644.190315][ T7333] pgrefill 164 07:52:29 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x7f9}, 0x28) 07:52:29 executing program 1: kexec_load(0xfffffffffffffffc, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x2a0000) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) ioctl$VIDIOC_G_ENC_INDEX(r0, 0x8818564c, &(0x7f0000000600)) ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0x9) [ 1644.190315][ T7333] pgscan 253 [ 1644.190315][ T7333] pgsteal 34 07:52:29 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020201b2020202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:29 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x7fa}, 0x28) [ 1644.381229][ T7333] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7320,uid=0 [ 1644.397570][ T7337] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1644.414702][ T7333] Memory cgroup out of memory: Killed process 7320 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 07:52:29 executing program 1: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) setsockopt$inet_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000000)={0xf32f}, 0x4) kexec_load(0x0, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) socket$pppl2tp(0x18, 0x1, 0x1) 07:52:29 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000000500000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1644.578760][ T7345] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1644.634037][ T7345] CPU: 1 PID: 7345 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1644.643464][ T7345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1644.653526][ T7345] Call Trace: [ 1644.656828][ T7345] dump_stack+0x11d/0x181 [ 1644.661237][ T7345] dump_header+0xaa/0x39c [ 1644.665593][ T7345] oom_kill_process.cold+0x10/0x15 [ 1644.670737][ T7345] out_of_memory+0x231/0xa60 [ 1644.675365][ T7345] mem_cgroup_out_of_memory+0x128/0x150 [ 1644.680936][ T7345] try_charge+0xb6c/0xbf0 [ 1644.685340][ T7345] ? rcu_note_context_switch+0x720/0x760 [ 1644.691003][ T7345] mem_cgroup_try_charge+0xd2/0x260 [ 1644.696265][ T7345] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1644.702004][ T7345] __handle_mm_fault+0x197f/0x2e00 [ 1644.708323][ T7345] handle_mm_fault+0x21b/0x530 [ 1644.713111][ T7345] __get_user_pages+0x485/0x1130 [ 1644.718080][ T7345] populate_vma_page_range+0xe6/0x100 [ 1644.723544][ T7345] __mm_populate+0x168/0x2a0 [ 1644.728204][ T7345] __x64_sys_mlockall+0x2e3/0x320 [ 1644.733255][ T7345] do_syscall_64+0xcc/0x3a0 [ 1644.737832][ T7345] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1644.743725][ T7345] RIP: 0033:0x45af49 [ 1644.747702][ T7345] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1644.767315][ T7345] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1644.775794][ T7345] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1644.783783][ T7345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1644.791757][ T7345] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1644.800090][ T7345] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1644.808159][ T7345] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1644.930103][ T7345] memory: usage 307200kB, limit 307200kB, failcnt 1193 [ 1644.937587][ T7345] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1644.942316][ T7466] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1644.949274][ T7345] Memory cgroup stats for /syz2: [ 1644.949732][ T7345] anon 309673984 [ 1644.949732][ T7345] file 106496 [ 1644.949732][ T7345] kernel_stack 368640 [ 1644.949732][ T7345] slab 1228800 [ 1644.949732][ T7345] sock 53248 [ 1644.949732][ T7345] shmem 0 [ 1644.949732][ T7345] file_mapped 0 [ 1644.949732][ T7345] file_dirty 0 [ 1644.949732][ T7345] file_writeback 0 [ 1644.949732][ T7345] anon_thp 270532608 [ 1644.949732][ T7345] inactive_anon 258387968 [ 1644.949732][ T7345] active_anon 7094272 [ 1644.949732][ T7345] inactive_file 135168 [ 1644.949732][ T7345] active_file 135168 [ 1644.949732][ T7345] unevictable 44277760 [ 1644.949732][ T7345] slab_reclaimable 405504 [ 1644.949732][ T7345] slab_unreclaimable 823296 [ 1644.949732][ T7345] pgfault 274461 [ 1644.949732][ T7345] pgmajfault 0 [ 1644.949732][ T7345] workingset_refault 0 [ 1644.949732][ T7345] workingset_activate 0 [ 1644.949732][ T7345] workingset_nodereclaim 0 [ 1644.949732][ T7345] pgrefill 110 [ 1644.949732][ T7345] pgscan 141 [ 1644.949732][ T7345] pgsteal 35 [ 1644.984369][ T7466] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1645.049819][ T7345] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=7327,uid=0 [ 1645.074073][ T7345] Memory cgroup out of memory: Killed process 7327 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1645.205298][ T7466] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:52:31 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r6 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r6, 0x0, 0x0) r7 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r7) ioctl$SNDCTL_DSP_NONBLOCK(r7, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:31 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x7fb}, 0x28) 07:52:31 executing program 1: kexec_load(0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x9165a000}], 0x0) 07:52:31 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020201c2020202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000000600000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:31 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1645.999435][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:52:31 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x7fc}, 0x28) [ 1646.069821][ T7586] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1646.119633][ T7591] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1646.129530][ T7586] CPU: 0 PID: 7586 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1646.139361][ T7586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1646.149512][ T7586] Call Trace: [ 1646.152838][ T7586] dump_stack+0x11d/0x181 [ 1646.157238][ T7586] dump_header+0xaa/0x39c [ 1646.161608][ T7586] oom_kill_process.cold+0x10/0x15 [ 1646.166747][ T7586] out_of_memory+0x231/0xa60 [ 1646.171348][ T7586] ? __rcu_read_unlock+0x66/0x3d0 [ 1646.176421][ T7586] mem_cgroup_out_of_memory+0x128/0x150 [ 1646.182040][ T7586] try_charge+0xb6c/0xbf0 [ 1646.186394][ T7586] ? rcu_note_context_switch+0x720/0x760 [ 1646.192329][ T7586] mem_cgroup_try_charge+0xd2/0x260 [ 1646.197560][ T7586] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1646.203319][ T7586] __handle_mm_fault+0x197f/0x2e00 [ 1646.208496][ T7586] handle_mm_fault+0x21b/0x530 [ 1646.213352][ T7586] __get_user_pages+0x485/0x1130 [ 1646.218336][ T7586] populate_vma_page_range+0xe6/0x100 [ 1646.223728][ T7586] __mm_populate+0x168/0x2a0 [ 1646.228372][ T7586] __x64_sys_mlockall+0x2e3/0x320 [ 1646.233418][ T7586] do_syscall_64+0xcc/0x3a0 [ 1646.237931][ T7586] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1646.243896][ T7586] RIP: 0033:0x45af49 [ 1646.247795][ T7586] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 07:52:31 executing program 1: r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r2 = accept$ax25(r1, &(0x7f0000000040)={{0x3, @rose}, [@remote, @remote, @remote, @null, @null, @remote, @rose, @default]}, &(0x7f00000000c0)=0x48) ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000100)={0x100, 0x7, 0x4, 0x0, 0xffffff81, {0x77359400}, {0x4, 0x0, 0x1, 0x7f, 0x8, 0x4, "bf078fec"}, 0x3f, 0x3, @fd, 0x1000, 0x0, 0xffffffffffffffff}) r4 = creat(&(0x7f0000000340)='./file0\x00', 0x151) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}]) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000200)={0x0, 0x91, "84db158bf06d8884ac4f066a1f7058805db6364a3ffd952585d0dd559ccf82b78ef8839e15c4ddff5351e066176cd02f271b5a008fdc80980d89e6760aad81b6398c70143a77fa031ca11dbe5d88f3b95354033416c402197a1ce980440c8d5fcd37c92a2ecc39215b7cb86da463f4c36af7f1c6adeb5b8f6d87a9931c17e00cf7f24c46664c4ebec76ec6dfb55de3cf6e"}, &(0x7f0000000180)=0x99) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f00000002c0)=r5, 0x4) fchdir(r2) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0x20, @time={0x0, 0x9}, 0x3, {0x2, 0xc9}, 0x3, 0x0, 0x6}) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) [ 1646.267390][ T7586] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1646.275894][ T7586] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1646.283865][ T7586] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1646.291830][ T7586] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1646.299813][ T7586] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1646.307790][ T7586] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:52:31 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020201d2020202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:31 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x7fd}, 0x28) 07:52:31 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$SOUND_MIXER_READ_CAPS(r0, 0x80044dfc, &(0x7f0000000000)) [ 1646.399122][ T7586] memory: usage 307200kB, limit 307200kB, failcnt 1212 [ 1646.416646][ T7591] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1646.441733][ T7586] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 07:52:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000000700000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1646.469621][ T7586] Memory cgroup stats for /syz4: [ 1646.469801][ T7586] anon 310583296 [ 1646.469801][ T7586] file 8192 [ 1646.469801][ T7586] kernel_stack 258048 [ 1646.469801][ T7586] slab 942080 [ 1646.469801][ T7586] sock 0 [ 1646.469801][ T7586] shmem 0 [ 1646.469801][ T7586] file_mapped 0 [ 1646.469801][ T7586] file_dirty 0 [ 1646.469801][ T7586] file_writeback 0 [ 1646.469801][ T7586] anon_thp 274726912 [ 1646.469801][ T7586] inactive_anon 262557696 [ 1646.469801][ T7586] active_anon 208896 [ 1646.469801][ T7586] inactive_file 0 [ 1646.469801][ T7586] active_file 118784 [ 1646.469801][ T7586] unevictable 47841280 [ 1646.469801][ T7586] slab_reclaimable 135168 [ 1646.469801][ T7586] slab_unreclaimable 806912 [ 1646.469801][ T7586] pgfault 244728 [ 1646.469801][ T7586] pgmajfault 0 [ 1646.469801][ T7586] workingset_refault 0 [ 1646.469801][ T7586] workingset_activate 0 [ 1646.469801][ T7586] workingset_nodereclaim 0 [ 1646.469801][ T7586] pgrefill 164 [ 1646.469801][ T7586] pgscan 253 [ 1646.469801][ T7586] pgsteal 34 [ 1646.566964][ T7586] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7487,uid=0 [ 1646.585199][ T7586] Memory cgroup out of memory: Killed process 7487 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1646.704354][ T7593] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1646.726687][ T7715] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1646.728095][ T7593] CPU: 0 PID: 7593 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1646.742272][ T7593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1646.752395][ T7593] Call Trace: [ 1646.755766][ T7593] dump_stack+0x11d/0x181 [ 1646.760119][ T7593] dump_header+0xaa/0x39c [ 1646.764545][ T7593] oom_kill_process.cold+0x10/0x15 [ 1646.769670][ T7593] out_of_memory+0x231/0xa60 [ 1646.774300][ T7593] mem_cgroup_out_of_memory+0x128/0x150 [ 1646.779931][ T7593] try_charge+0xb6c/0xbf0 [ 1646.784289][ T7593] ? rcu_note_context_switch+0x720/0x760 [ 1646.790050][ T7593] mem_cgroup_try_charge+0xd2/0x260 [ 1646.795499][ T7593] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1646.801211][ T7593] __handle_mm_fault+0x197f/0x2e00 [ 1646.806386][ T7593] handle_mm_fault+0x21b/0x530 [ 1646.811249][ T7593] __get_user_pages+0x485/0x1130 [ 1646.816193][ T7593] populate_vma_page_range+0xe6/0x100 [ 1646.821571][ T7593] __mm_populate+0x168/0x2a0 [ 1646.826211][ T7593] __x64_sys_mlockall+0x2e3/0x320 [ 1646.831489][ T7593] do_syscall_64+0xcc/0x3a0 [ 1646.836074][ T7593] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1646.842102][ T7593] RIP: 0033:0x45af49 [ 1646.846076][ T7593] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1646.865692][ T7593] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1646.874129][ T7593] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1646.882112][ T7593] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1646.890095][ T7593] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1646.898184][ T7593] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1646.906187][ T7593] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1646.988501][ T7593] memory: usage 307200kB, limit 307200kB, failcnt 1233 [ 1647.002628][ T7593] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1647.004486][ T7715] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1647.028808][ T7593] Memory cgroup stats for /syz2: [ 1647.030277][ T7593] anon 309673984 [ 1647.030277][ T7593] file 106496 [ 1647.030277][ T7593] kernel_stack 368640 [ 1647.030277][ T7593] slab 1228800 [ 1647.030277][ T7593] sock 53248 [ 1647.030277][ T7593] shmem 0 [ 1647.030277][ T7593] file_mapped 0 [ 1647.030277][ T7593] file_dirty 0 [ 1647.030277][ T7593] file_writeback 0 [ 1647.030277][ T7593] anon_thp 270532608 [ 1647.030277][ T7593] inactive_anon 258412544 [ 1647.030277][ T7593] active_anon 7114752 [ 1647.030277][ T7593] inactive_file 135168 [ 1647.030277][ T7593] active_file 135168 [ 1647.030277][ T7593] unevictable 44380160 [ 1647.030277][ T7593] slab_reclaimable 405504 [ 1647.030277][ T7593] slab_unreclaimable 823296 [ 1647.030277][ T7593] pgfault 276243 [ 1647.030277][ T7593] pgmajfault 0 [ 1647.030277][ T7593] workingset_refault 0 [ 1647.030277][ T7593] workingset_activate 0 [ 1647.030277][ T7593] workingset_nodereclaim 0 [ 1647.030277][ T7593] pgrefill 110 [ 1647.030277][ T7593] pgscan 141 [ 1647.030277][ T7593] pgsteal 35 [ 1647.125369][ T7593] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=7576,uid=0 [ 1647.141498][ T7593] Memory cgroup out of memory: Killed process 7576 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1647.393407][ T7715] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:52:33 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r6 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r6, 0x0, 0x0) r7 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r7) ioctl$SNDCTL_DSP_NONBLOCK(r7, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:33 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:52:33 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020201e2020202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:33 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x7fe}, 0x28) 07:52:33 executing program 1: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) timer_create(0x5, &(0x7f0000000040)={0x0, 0x4, 0x1, @tid=r0}, &(0x7f0000000080)) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}]) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)) r2 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r3) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={0xffffffffffffffff}, 0x111, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r2, &(0x7f0000000180)={0x15, 0x110, 0xfa00, {r4, 0x3ff, 0x0, 0x0, 0x0, @in={0x2, 0x4e20, @broadcast}, @in={0x2, 0x4e22, @remote}}}, 0x118) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) 07:52:33 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000000a00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1647.963932][ T7846] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:52:33 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000000)) [ 1648.035862][ T7846] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:52:33 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x801}, 0x28) [ 1648.145316][ T7847] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1648.167129][ T7846] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:52:33 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020252020202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1648.233946][ T7847] CPU: 1 PID: 7847 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1648.242591][ T7847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1648.253010][ T7847] Call Trace: [ 1648.256323][ T7847] dump_stack+0x11d/0x181 [ 1648.260662][ T7847] dump_header+0xaa/0x39c [ 1648.265053][ T7847] oom_kill_process.cold+0x10/0x15 [ 1648.270234][ T7847] out_of_memory+0x231/0xa60 [ 1648.274945][ T7847] ? __rcu_read_unlock+0x66/0x3d0 [ 1648.280014][ T7847] mem_cgroup_out_of_memory+0x128/0x150 [ 1648.285562][ T7847] try_charge+0xb6c/0xbf0 [ 1648.289900][ T7847] ? rcu_note_context_switch+0x720/0x760 [ 1648.295544][ T7847] mem_cgroup_try_charge+0xd2/0x260 [ 1648.300768][ T7847] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1648.306444][ T7847] __handle_mm_fault+0x197f/0x2e00 [ 1648.311593][ T7847] handle_mm_fault+0x21b/0x530 [ 1648.316373][ T7847] __get_user_pages+0x485/0x1130 [ 1648.321319][ T7847] populate_vma_page_range+0xe6/0x100 [ 1648.326790][ T7847] __mm_populate+0x168/0x2a0 [ 1648.331456][ T7847] __x64_sys_mlockall+0x2e3/0x320 [ 1648.336481][ T7847] do_syscall_64+0xcc/0x3a0 [ 1648.341043][ T7847] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1648.346924][ T7847] RIP: 0033:0x45af49 [ 1648.350820][ T7847] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1648.371285][ T7847] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1648.379687][ T7847] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1648.387651][ T7847] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1648.395676][ T7847] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1648.403673][ T7847] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1648.411639][ T7847] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1648.428075][ T7847] memory: usage 307200kB, limit 307200kB, failcnt 1236 [ 1648.435033][ T7847] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1648.442368][ T7847] Memory cgroup stats for /syz4: [ 1648.442531][ T7847] anon 310607872 [ 1648.442531][ T7847] file 8192 [ 1648.442531][ T7847] kernel_stack 294912 [ 1648.442531][ T7847] slab 942080 [ 1648.442531][ T7847] sock 0 [ 1648.442531][ T7847] shmem 0 [ 1648.442531][ T7847] file_mapped 0 [ 1648.442531][ T7847] file_dirty 0 [ 1648.442531][ T7847] file_writeback 0 [ 1648.442531][ T7847] anon_thp 274726912 [ 1648.442531][ T7847] inactive_anon 262574080 [ 1648.442531][ T7847] active_anon 188416 [ 1648.442531][ T7847] inactive_file 0 [ 1648.442531][ T7847] active_file 118784 [ 1648.442531][ T7847] unevictable 47996928 [ 1648.442531][ T7847] slab_reclaimable 135168 [ 1648.442531][ T7847] slab_unreclaimable 806912 [ 1648.442531][ T7847] pgfault 246609 [ 1648.442531][ T7847] pgmajfault 0 [ 1648.442531][ T7847] workingset_refault 0 [ 1648.442531][ T7847] workingset_activate 0 [ 1648.442531][ T7847] workingset_nodereclaim 0 [ 1648.442531][ T7847] pgrefill 164 [ 1648.442531][ T7847] pgscan 253 07:52:33 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000000c00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1648.442531][ T7847] pgsteal 34 [ 1648.542611][ T7847] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7823,uid=0 [ 1648.560509][ T7847] Memory cgroup out of memory: Killed process 7823 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1648.579116][ T7848] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1648.593889][ T1065] oom_reaper: reaped process 7823 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1648.612747][ T7848] CPU: 0 PID: 7848 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1648.621372][ T7848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1648.631472][ T7848] Call Trace: [ 1648.634782][ T7848] dump_stack+0x11d/0x181 [ 1648.639143][ T7848] dump_header+0xaa/0x39c [ 1648.643549][ T7848] oom_kill_process.cold+0x10/0x15 [ 1648.648672][ T7848] out_of_memory+0x231/0xa60 [ 1648.653274][ T7848] mem_cgroup_out_of_memory+0x128/0x150 [ 1648.658861][ T7848] try_charge+0xb6c/0xbf0 [ 1648.663235][ T7848] ? rcu_note_context_switch+0x720/0x760 [ 1648.668949][ T7848] mem_cgroup_try_charge+0xd2/0x260 [ 1648.674391][ T7848] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1648.680047][ T7848] __handle_mm_fault+0x197f/0x2e00 [ 1648.685235][ T7848] handle_mm_fault+0x21b/0x530 [ 1648.690027][ T7848] __get_user_pages+0x485/0x1130 [ 1648.695033][ T7848] populate_vma_page_range+0xe6/0x100 [ 1648.700409][ T7848] __mm_populate+0x168/0x2a0 [ 1648.705023][ T7848] __x64_sys_mlockall+0x2e3/0x320 [ 1648.710156][ T7848] do_syscall_64+0xcc/0x3a0 [ 1648.714789][ T7848] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1648.720672][ T7848] RIP: 0033:0x45af49 [ 1648.724702][ T7848] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1648.744302][ T7848] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1648.752998][ T7848] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1648.760966][ T7848] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1648.768948][ T7848] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1648.777016][ T7848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1648.784996][ T7848] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1648.842714][ T7992] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1648.873981][ T7992] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1648.894349][ T7848] memory: usage 307200kB, limit 307200kB, failcnt 1262 [ 1648.925313][ T7992] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1648.930976][ T7848] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 07:52:34 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000000e00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:34 executing program 1: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) r3 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r3, &(0x7f00000009c0)='threaded\x00', 0x76656f) getsockopt$IPT_SO_GET_REVISION_MATCH(r3, 0x0, 0x42, &(0x7f0000000140)={'IDLETIMER\x00'}, &(0x7f0000000180)=0x1e) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0x76656f) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000100)={0xb0, 0x1, 0x101, 0xfffffff9}) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x14, &(0x7f00000001c0)={r5}, 0x8) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={r5, @in6={{0xa, 0x4e22, 0x7ff, @local, 0x3}}, 0x8, 0x4, 0x5, 0xf27, 0xb1807f1dc9e95fca, 0x8, 0xcc}, &(0x7f00000000c0)=0x9c) kexec_load(0xfffffffffffffffc, 0x1, &(0x7f00000005c0), 0x1) [ 1649.032443][ T7848] Memory cgroup stats for /syz2: [ 1649.032636][ T7848] anon 309743616 [ 1649.032636][ T7848] file 106496 [ 1649.032636][ T7848] kernel_stack 368640 [ 1649.032636][ T7848] slab 1228800 [ 1649.032636][ T7848] sock 53248 [ 1649.032636][ T7848] shmem 0 [ 1649.032636][ T7848] file_mapped 0 [ 1649.032636][ T7848] file_dirty 0 [ 1649.032636][ T7848] file_writeback 0 [ 1649.032636][ T7848] anon_thp 270532608 [ 1649.032636][ T7848] inactive_anon 258260992 [ 1649.032636][ T7848] active_anon 7086080 [ 1649.032636][ T7848] inactive_file 135168 [ 1649.032636][ T7848] active_file 135168 [ 1649.032636][ T7848] unevictable 44462080 [ 1649.032636][ T7848] slab_reclaimable 405504 [ 1649.032636][ T7848] slab_unreclaimable 823296 [ 1649.032636][ T7848] pgfault 277827 [ 1649.032636][ T7848] pgmajfault 0 [ 1649.032636][ T7848] workingset_refault 0 [ 1649.032636][ T7848] workingset_activate 0 [ 1649.032636][ T7848] workingset_nodereclaim 0 [ 1649.032636][ T7848] pgrefill 110 [ 1649.032636][ T7848] pgscan 141 [ 1649.032636][ T7848] pgsteal 35 [ 1649.120640][ T8000] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1649.142424][ T7848] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=7822,uid=0 [ 1649.158248][ T7848] Memory cgroup out of memory: Killed process 7822 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1649.205338][ T8000] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1649.286993][ T8000] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:52:35 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000000f00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:35 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020302020202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:35 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x802}, 0x28) 07:52:35 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x485100, 0x0) ioctl$SNDRV_PCM_IOCTL_RESET(r0, 0x4141, 0x0) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) 07:52:35 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:52:35 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x803}, 0x28) [ 1650.304182][ T8189] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1650.314726][ T8189] CPU: 0 PID: 8189 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1650.323330][ T8189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1650.333391][ T8189] Call Trace: [ 1650.336748][ T8189] dump_stack+0x11d/0x181 [ 1650.341091][ T8189] dump_header+0xaa/0x39c [ 1650.345468][ T8189] oom_kill_process.cold+0x10/0x15 [ 1650.350612][ T8189] out_of_memory+0x231/0xa60 [ 1650.355294][ T8189] ? __rcu_read_unlock+0x66/0x3d0 [ 1650.360388][ T8189] mem_cgroup_out_of_memory+0x128/0x150 [ 1650.366484][ T8189] try_charge+0xb6c/0xbf0 [ 1650.370929][ T8189] ? rcu_note_context_switch+0x720/0x760 [ 1650.376706][ T8189] mem_cgroup_try_charge+0xd2/0x260 [ 1650.381929][ T8189] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1650.387580][ T8189] __handle_mm_fault+0x197f/0x2e00 [ 1650.394016][ T8189] handle_mm_fault+0x21b/0x530 [ 1650.398796][ T8189] __get_user_pages+0x485/0x1130 [ 1650.403752][ T8189] populate_vma_page_range+0xe6/0x100 [ 1650.409126][ T8189] __mm_populate+0x168/0x2a0 [ 1650.413803][ T8189] __x64_sys_mlockall+0x2e3/0x320 [ 1650.418958][ T8189] do_syscall_64+0xcc/0x3a0 [ 1650.423554][ T8189] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1650.429468][ T8189] RIP: 0033:0x45af49 [ 1650.433366][ T8189] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 07:52:35 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020205c2020202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000001000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:35 executing program 1: kexec_load(0x0, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000, 0xd93}], 0x0) [ 1650.453041][ T8189] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1650.461625][ T8189] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1650.469666][ T8189] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1650.477853][ T8189] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1650.485835][ T8189] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1650.493801][ T8189] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:52:35 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x804}, 0x28) [ 1650.544753][ T8189] memory: usage 307200kB, limit 307200kB, failcnt 1272 [ 1650.551812][ T8189] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1650.559151][ T8189] Memory cgroup stats for /syz2: [ 1650.559410][ T8189] anon 309628928 [ 1650.559410][ T8189] file 106496 [ 1650.559410][ T8189] kernel_stack 368640 [ 1650.559410][ T8189] slab 1228800 [ 1650.559410][ T8189] sock 53248 [ 1650.559410][ T8189] shmem 0 [ 1650.559410][ T8189] file_mapped 0 [ 1650.559410][ T8189] file_dirty 0 [ 1650.559410][ T8189] file_writeback 0 [ 1650.559410][ T8189] anon_thp 270532608 [ 1650.559410][ T8189] inactive_anon 258355200 [ 1650.559410][ T8189] active_anon 7106560 [ 1650.559410][ T8189] inactive_file 135168 [ 1650.559410][ T8189] active_file 135168 [ 1650.559410][ T8189] unevictable 44306432 [ 1650.559410][ T8189] slab_reclaimable 405504 [ 1650.559410][ T8189] slab_unreclaimable 823296 [ 1650.559410][ T8189] pgfault 279378 [ 1650.559410][ T8189] pgmajfault 0 [ 1650.559410][ T8189] workingset_refault 0 [ 1650.559410][ T8189] workingset_activate 0 [ 1650.559410][ T8189] workingset_nodereclaim 0 [ 1650.559410][ T8189] pgrefill 110 [ 1650.559410][ T8189] pgscan 141 [ 1650.559410][ T8189] pgsteal 35 [ 1650.655499][ T8189] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8108,uid=0 [ 1650.710656][ T8238] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1650.750443][ T8189] Memory cgroup out of memory: Killed process 8108 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1650.784545][ T8238] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1650.831177][ T8238] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:52:36 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x50240, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000000040)={0x800, 0x28, [0x80, 0xa1b4, 0x7, 0x7fff, 0x5, 0x5, 0x6, 0x4, 0x9, 0x3f]}) [ 1650.871591][ T8127] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1650.913902][ T8127] CPU: 1 PID: 8127 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1650.922642][ T8127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1650.932714][ T8127] Call Trace: [ 1650.936157][ T8127] dump_stack+0x11d/0x181 [ 1650.940521][ T8127] dump_header+0xaa/0x39c [ 1650.944922][ T8127] oom_kill_process.cold+0x10/0x15 [ 1650.950103][ T8127] out_of_memory+0x231/0xa60 [ 1650.954727][ T8127] mem_cgroup_out_of_memory+0x128/0x150 [ 1650.960299][ T8127] try_charge+0xb6c/0xbf0 [ 1650.964727][ T8127] ? rcu_note_context_switch+0x720/0x760 [ 1650.970418][ T8127] mem_cgroup_try_charge+0xd2/0x260 [ 1650.975638][ T8127] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1650.981297][ T8127] __handle_mm_fault+0x197f/0x2e00 [ 1650.986438][ T8127] handle_mm_fault+0x21b/0x530 [ 1650.991219][ T8127] __get_user_pages+0x485/0x1130 [ 1650.996179][ T8127] populate_vma_page_range+0xe6/0x100 [ 1651.001564][ T8127] __mm_populate+0x168/0x2a0 [ 1651.006186][ T8127] __x64_sys_mlockall+0x2e3/0x320 [ 1651.011256][ T8127] do_syscall_64+0xcc/0x3a0 [ 1651.015794][ T8127] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1651.021708][ T8127] RIP: 0033:0x45af49 [ 1651.025698][ T8127] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1651.045438][ T8127] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1651.053860][ T8127] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1651.062095][ T8127] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1651.070073][ T8127] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1651.078061][ T8127] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1651.086114][ T8127] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1651.107407][ T8127] memory: usage 307200kB, limit 307200kB, failcnt 1248 [ 1651.136523][ T8127] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1651.173997][ T8127] Memory cgroup stats for /syz4: [ 1651.174228][ T8127] anon 310509568 [ 1651.174228][ T8127] file 8192 [ 1651.174228][ T8127] kernel_stack 294912 [ 1651.174228][ T8127] slab 942080 [ 1651.174228][ T8127] sock 0 [ 1651.174228][ T8127] shmem 0 [ 1651.174228][ T8127] file_mapped 0 [ 1651.174228][ T8127] file_dirty 0 [ 1651.174228][ T8127] file_writeback 0 [ 1651.174228][ T8127] anon_thp 274726912 [ 1651.174228][ T8127] inactive_anon 262578176 [ 1651.174228][ T8127] active_anon 122880 [ 1651.174228][ T8127] inactive_file 0 [ 1651.174228][ T8127] active_file 118784 [ 1651.174228][ T8127] unevictable 47865856 [ 1651.174228][ T8127] slab_reclaimable 135168 [ 1651.174228][ T8127] slab_unreclaimable 806912 [ 1651.174228][ T8127] pgfault 248457 [ 1651.174228][ T8127] pgmajfault 0 [ 1651.174228][ T8127] workingset_refault 0 [ 1651.174228][ T8127] workingset_activate 0 [ 1651.174228][ T8127] workingset_nodereclaim 0 [ 1651.174228][ T8127] pgrefill 164 [ 1651.174228][ T8127] pgscan 253 [ 1651.174228][ T8127] pgsteal 34 [ 1651.269511][ T8127] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8009,uid=0 [ 1651.416746][ T8127] Memory cgroup out of memory: Killed process 8009 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 07:52:36 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:36 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x805}, 0x28) 07:52:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000002000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:36 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200220202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:36 executing program 1: kexec_load(0x0, 0x761297e40cf5a1e, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x2) [ 1651.873270][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1652.012082][ T8372] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1652.142025][ T8372] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1652.197880][ T8377] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1652.222766][ T8377] CPU: 0 PID: 8377 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1652.231499][ T8377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1652.241565][ T8377] Call Trace: [ 1652.244905][ T8377] dump_stack+0x11d/0x181 [ 1652.249260][ T8377] dump_header+0xaa/0x39c [ 1652.253637][ T8377] oom_kill_process.cold+0x10/0x15 [ 1652.258784][ T8377] out_of_memory+0x231/0xa60 [ 1652.263448][ T8377] ? __rcu_read_unlock+0x66/0x3d0 [ 1652.268516][ T8377] mem_cgroup_out_of_memory+0x128/0x150 [ 1652.274217][ T8377] try_charge+0xb6c/0xbf0 [ 1652.278564][ T8377] ? rcu_note_context_switch+0x720/0x760 [ 1652.284283][ T8377] mem_cgroup_try_charge+0xd2/0x260 [ 1652.289518][ T8377] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1652.295182][ T8377] __handle_mm_fault+0x197f/0x2e00 [ 1652.300615][ T8377] handle_mm_fault+0x21b/0x530 [ 1652.305469][ T8377] __get_user_pages+0x485/0x1130 [ 1652.310443][ T8377] populate_vma_page_range+0xe6/0x100 [ 1652.315857][ T8377] __mm_populate+0x168/0x2a0 [ 1652.320442][ T8377] __x64_sys_mlockall+0x2e3/0x320 [ 1652.325476][ T8377] do_syscall_64+0xcc/0x3a0 [ 1652.329984][ T8377] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1652.335863][ T8377] RIP: 0033:0x45af49 [ 1652.339792][ T8377] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1652.359404][ T8377] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1652.367832][ T8377] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1652.375798][ T8377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1652.383892][ T8377] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 07:52:37 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:52:37 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) r1 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) dup3(r0, r1, 0x80000) 07:52:37 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x806}, 0x28) 07:52:37 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200320202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000003f00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1652.391865][ T8377] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1652.399919][ T8377] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1652.409719][ T8377] memory: usage 307200kB, limit 307200kB, failcnt 1298 [ 1652.417092][ T8377] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1652.434823][ T8377] Memory cgroup stats for /syz2: [ 1652.435113][ T8377] anon 309608448 [ 1652.435113][ T8377] file 106496 [ 1652.435113][ T8377] kernel_stack 331776 [ 1652.435113][ T8377] slab 1228800 [ 1652.435113][ T8377] sock 53248 [ 1652.435113][ T8377] shmem 0 [ 1652.435113][ T8377] file_mapped 0 [ 1652.435113][ T8377] file_dirty 0 [ 1652.435113][ T8377] file_writeback 0 [ 1652.435113][ T8377] anon_thp 270532608 [ 1652.435113][ T8377] inactive_anon 258301952 [ 1652.435113][ T8377] active_anon 7090176 [ 1652.435113][ T8377] inactive_file 135168 [ 1652.435113][ T8377] active_file 135168 [ 1652.435113][ T8377] unevictable 44212224 [ 1652.435113][ T8377] slab_reclaimable 405504 [ 1652.435113][ T8377] slab_unreclaimable 823296 [ 1652.435113][ T8377] pgfault 280929 [ 1652.435113][ T8377] pgmajfault 0 [ 1652.435113][ T8377] workingset_refault 0 [ 1652.435113][ T8377] workingset_activate 0 [ 1652.435113][ T8377] workingset_nodereclaim 0 [ 1652.435113][ T8377] pgrefill 110 [ 1652.435113][ T8377] pgscan 141 [ 1652.435113][ T8377] pgsteal 35 [ 1652.538067][ T8384] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1652.567766][ T8377] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8249,uid=0 07:52:37 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000000)=0x1) openat$urandom(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x0, 0x0) 07:52:37 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x807}, 0x28) [ 1652.691627][ T8384] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1652.710781][ T8377] Memory cgroup out of memory: Killed process 8249 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1652.867885][ T1065] oom_reaper: reaped process 8249 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1652.879078][ T8384] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1652.885856][ T8494] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1652.943595][ T8494] CPU: 0 PID: 8494 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1652.952248][ T8494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1652.962300][ T8494] Call Trace: [ 1652.965657][ T8494] dump_stack+0x11d/0x181 [ 1652.970009][ T8494] dump_header+0xaa/0x39c [ 1652.974470][ T8494] oom_kill_process.cold+0x10/0x15 [ 1652.979591][ T8494] out_of_memory+0x231/0xa60 [ 1652.984192][ T8494] mem_cgroup_out_of_memory+0x128/0x150 [ 1652.989752][ T8494] try_charge+0xb6c/0xbf0 [ 1652.994277][ T8494] ? rcu_note_context_switch+0x720/0x760 [ 1652.999996][ T8494] mem_cgroup_try_charge+0xd2/0x260 [ 1653.005197][ T8494] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1653.010904][ T8494] __handle_mm_fault+0x197f/0x2e00 [ 1653.016031][ T8494] handle_mm_fault+0x21b/0x530 [ 1653.020985][ T8494] __get_user_pages+0x485/0x1130 [ 1653.025932][ T8494] populate_vma_page_range+0xe6/0x100 [ 1653.031305][ T8494] __mm_populate+0x168/0x2a0 [ 1653.035912][ T8494] __x64_sys_mlockall+0x2e3/0x320 [ 1653.041035][ T8494] do_syscall_64+0xcc/0x3a0 [ 1653.045976][ T8494] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1653.051879][ T8494] RIP: 0033:0x45af49 [ 1653.055819][ T8494] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1653.075450][ T8494] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1653.083897][ T8494] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1653.091910][ T8494] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1653.099945][ T8494] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1653.108026][ T8494] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1653.116090][ T8494] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1653.486413][ T8494] memory: usage 307200kB, limit 307200kB, failcnt 1283 [ 1653.506313][ T8494] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1653.513265][ T8494] Memory cgroup stats for /syz4: [ 1653.513907][ T8494] anon 310571008 [ 1653.513907][ T8494] file 8192 [ 1653.513907][ T8494] kernel_stack 258048 [ 1653.513907][ T8494] slab 942080 [ 1653.513907][ T8494] sock 0 [ 1653.513907][ T8494] shmem 0 [ 1653.513907][ T8494] file_mapped 0 [ 1653.513907][ T8494] file_dirty 0 [ 1653.513907][ T8494] file_writeback 0 [ 1653.513907][ T8494] anon_thp 274726912 [ 1653.513907][ T8494] inactive_anon 262459392 [ 1653.513907][ T8494] active_anon 204800 [ 1653.513907][ T8494] inactive_file 0 [ 1653.513907][ T8494] active_file 118784 [ 1653.513907][ T8494] unevictable 47955968 [ 1653.513907][ T8494] slab_reclaimable 135168 [ 1653.513907][ T8494] slab_unreclaimable 806912 [ 1653.513907][ T8494] pgfault 249975 [ 1653.513907][ T8494] pgmajfault 0 [ 1653.513907][ T8494] workingset_refault 0 [ 1653.513907][ T8494] workingset_activate 0 [ 1653.513907][ T8494] workingset_nodereclaim 0 [ 1653.513907][ T8494] pgrefill 164 [ 1653.513907][ T8494] pgscan 253 [ 1653.513907][ T8494] pgsteal 34 [ 1653.684905][ T8494] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8361,uid=0 [ 1653.742924][ T8494] Memory cgroup out of memory: Killed process 8361 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 07:52:39 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:39 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200420202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:39 executing program 1: kexec_load(0x0, 0x3, &(0x7f0000000140)=[{0x0, 0xffffffffffffff2f, 0x9165a000}, {&(0x7f0000000000)="8b32b89fbffcd868a95d0bb10644eac8404939b8846154c25dd501219934ed4cd2af29cc823cacaa08c63d3aa20f6952ef866268c117578651f0db8a556daa82b3e37d2ddd7e409e7c7e70e11300839e8a1e35c9674a325ca4a0361134d814a0215801b52ee38fbac59de1571ea84ed7d991faaa60cddc86a41934686b0098082e9f1d4cd369ad994eb028315b390342e96f84525864bec6e5737e863674fc", 0x9f, 0x1000, 0x59da}, {&(0x7f00000001c0)="a919572f6bd798423624ff2ffe4161538190c202953ba5937122c7f69459dde8cf9d365210865570ff0828ae765f2615faec8c1feb6cef87d66a620477db1b6bd830bdf3bb0b15206f6694508db042e1e0", 0x51, 0x82, 0x6}], 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000240)={0x3, 0x8, 0x4, 0x100000, 0x1f, {}, {0x3, 0x8, 0x3, 0x80, 0x0, 0x0, "c6cb086d"}, 0x3, 0x2, @userptr=0x1, 0x3, 0x0, 0xffffffffffffffff}) ioctl$ASHMEM_PURGE_ALL_CACHES(r1, 0x770a, 0x0) ioctl$USBDEVFS_RELEASE_PORT(0xffffffffffffffff, 0x80045519, &(0x7f00000000c0)=0x6) 07:52:39 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x808}, 0x28) 07:52:39 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000004000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1654.381945][ T8636] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1654.559758][ T8636] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1654.683268][ T8636] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1654.806937][ T8723] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1654.840519][ T8723] CPU: 1 PID: 8723 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1654.849231][ T8723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1654.859611][ T8723] Call Trace: [ 1654.863042][ T8723] dump_stack+0x11d/0x181 [ 1654.867498][ T8723] dump_header+0xaa/0x39c [ 1654.871960][ T8723] oom_kill_process.cold+0x10/0x15 [ 1654.877161][ T8723] out_of_memory+0x231/0xa60 [ 1654.882011][ T8723] ? __rcu_read_unlock+0x66/0x3d0 [ 1654.887076][ T8723] mem_cgroup_out_of_memory+0x128/0x150 [ 1654.892807][ T8723] try_charge+0xb6c/0xbf0 [ 1654.897293][ T8723] ? rcu_note_context_switch+0x720/0x760 [ 1654.902962][ T8723] mem_cgroup_try_charge+0xd2/0x260 [ 1654.908256][ T8723] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1654.914020][ T8723] __handle_mm_fault+0x197f/0x2e00 [ 1654.919183][ T8723] handle_mm_fault+0x21b/0x530 [ 1654.924123][ T8723] __get_user_pages+0x485/0x1130 [ 1654.929284][ T8723] populate_vma_page_range+0xe6/0x100 [ 1654.934683][ T8723] __mm_populate+0x168/0x2a0 [ 1654.939307][ T8723] __x64_sys_mlockall+0x2e3/0x320 [ 1654.944417][ T8723] do_syscall_64+0xcc/0x3a0 [ 1654.949013][ T8723] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1654.954915][ T8723] RIP: 0033:0x45af49 [ 1654.958846][ T8723] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1654.978466][ T8723] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1654.987037][ T8723] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1654.995018][ T8723] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1655.003000][ T8723] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1655.010980][ T8723] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1655.019124][ T8723] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1655.033183][ T8723] memory: usage 307200kB, limit 307200kB, failcnt 1311 [ 1655.040290][ T8723] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1655.051047][ T8723] Memory cgroup stats for /syz2: [ 1655.051305][ T8723] anon 309608448 [ 1655.051305][ T8723] file 106496 [ 1655.051305][ T8723] kernel_stack 368640 [ 1655.051305][ T8723] slab 1228800 [ 1655.051305][ T8723] sock 53248 [ 1655.051305][ T8723] shmem 0 [ 1655.051305][ T8723] file_mapped 0 [ 1655.051305][ T8723] file_dirty 0 [ 1655.051305][ T8723] file_writeback 0 [ 1655.051305][ T8723] anon_thp 270532608 [ 1655.051305][ T8723] inactive_anon 258375680 [ 1655.051305][ T8723] active_anon 7102464 [ 1655.051305][ T8723] inactive_file 135168 [ 1655.051305][ T8723] active_file 135168 [ 1655.051305][ T8723] unevictable 44085248 [ 1655.051305][ T8723] slab_reclaimable 405504 [ 1655.051305][ T8723] slab_unreclaimable 823296 [ 1655.051305][ T8723] pgfault 282447 [ 1655.051305][ T8723] pgmajfault 0 [ 1655.051305][ T8723] workingset_refault 0 [ 1655.051305][ T8723] workingset_activate 0 [ 1655.051305][ T8723] workingset_nodereclaim 0 [ 1655.051305][ T8723] pgrefill 110 [ 1655.051305][ T8723] pgscan 141 [ 1655.051305][ T8723] pgsteal 35 [ 1655.146891][ T8723] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8605,uid=0 [ 1655.162373][ T8723] Memory cgroup out of memory: Killed process 8605 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1655.190244][ T1065] oom_reaper: reaped process 8605 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:52:40 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:52:40 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x809}, 0x28) 07:52:40 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200520202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:40 executing program 1: kexec_load(0x2, 0x2, &(0x7f00000000c0)=[{0x0, 0x0, 0x9165a000, 0xfffffffffffffffd}, {&(0x7f0000000040)="87aa1076571ec7806d4e2a3e6aa06adc1b98656885b57ead2be34f13207c3069e0e326d52248d769b76a00a1be2a64d45b3e8b59fc56284676370c9fd9df18ca35aa4aac22503a71c38597d80d12639fb7dcd3cbf8a469f266b33060f45fb4c100335930faa70620ab32aad37eefc7e835b66c1ab8ed91ba2ce9daaad8651e68", 0x443, 0xfffffffffffffff9, 0x800}], 0x2) 07:52:40 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000004800000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:40 executing program 1: kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x9165a000}], 0x320000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) close(r0) socket$unix(0x1, 0x5, 0x0) io_setup(0xa, &(0x7f0000000100)=0x0) io_submit(r1, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0x12f}]) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x2000, 0x0) r3 = geteuid() setresuid(r3, r3, 0x0) setreuid(r3, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2000) mount$fuseblk(&(0x7f0000000040)='/dev/loop0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuseblk\x00', 0x10021, &(0x7f0000000200)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {'user_id', 0x3d, r3}, 0x2c, {'group_id', 0x3d, r4}, 0x2c, {[{@allow_other='allow_other'}, {@allow_other='allow_other'}, {@default_permissions='default_permissions'}, {@blksize={'blksize'}}, {@blksize={'blksize', 0x3d, 0x400}}, {@blksize={'blksize', 0x3d, 0x400}}, {@blksize={'blksize', 0x3d, 0x800}}, {@blksize={'blksize', 0x3d, 0xda3710acccf7b6e1}}, {@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other='allow_other'}], [{@hash='hash'}, {@seclabel='seclabel'}, {@smackfshat={'smackfshat', 0x3d, '\\]-nodev'}}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}, {@context={'context', 0x3d, 'staff_u'}}]}}) [ 1655.470295][ T8739] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:52:40 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x80a}, 0x28) [ 1655.538171][ T8739] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1655.681840][ T8739] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1655.849945][ T8746] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1655.898309][ T8746] CPU: 0 PID: 8746 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1655.906964][ T8746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1655.917024][ T8746] Call Trace: [ 1655.920407][ T8746] dump_stack+0x11d/0x181 [ 1655.924780][ T8746] dump_header+0xaa/0x39c [ 1655.929143][ T8746] oom_kill_process.cold+0x10/0x15 [ 1655.934268][ T8746] out_of_memory+0x231/0xa60 [ 1655.938862][ T8746] ? __rcu_read_unlock+0x66/0x3d0 [ 1655.943936][ T8746] mem_cgroup_out_of_memory+0x128/0x150 [ 1655.949494][ T8746] try_charge+0xb6c/0xbf0 [ 1655.953827][ T8746] ? rcu_note_context_switch+0x720/0x760 [ 1655.959477][ T8746] mem_cgroup_try_charge+0xd2/0x260 [ 1655.964691][ T8746] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1655.970379][ T8746] __handle_mm_fault+0x197f/0x2e00 [ 1655.975529][ T8746] handle_mm_fault+0x21b/0x530 [ 1655.980316][ T8746] __get_user_pages+0x485/0x1130 [ 1655.985405][ T8746] populate_vma_page_range+0xe6/0x100 [ 1655.990786][ T8746] __mm_populate+0x168/0x2a0 [ 1655.995386][ T8746] __x64_sys_mlockall+0x2e3/0x320 [ 1656.000466][ T8746] do_syscall_64+0xcc/0x3a0 [ 1656.004978][ T8746] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1656.011042][ T8746] RIP: 0033:0x45af49 [ 1656.014970][ T8746] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1656.034941][ T8746] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 07:52:41 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:41 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200620202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:41 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x80b}, 0x28) 07:52:41 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000004c00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:41 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x800, 0x0) getxattr(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)=@known='security.apparmor\x00', &(0x7f0000000380)=""/213, 0xd5) syz_mount_image$nfs(&(0x7f0000000080)='nfs\x00', &(0x7f00000000c0)='./file0\x00', 0x20000000000000, 0x2, &(0x7f0000000280)=[{&(0x7f0000000100)="de7ffce9b86e36c048688190ad28ea1ca1168e8c32802d906cfb2de6a2b2cf04e86d8c06eaa1180908c4acc3ae3da38c84a6c0fbf51ab043622d81b8156b83dd368dd1b1f897086f0fd6f5be55687d3528417576fe5ba8064c4ade75b069478ffc4080106508bfc5fb7378a54c77b8831e3975ecbf9f99ed19b026275982224a76f9d87094309c6208c84fa0f59688fae6b7bd0ffbe282e9fdc4050be3cb8071f5ef08e0e2bdce3f46", 0xa9, 0x800}, {&(0x7f00000001c0)="358bdbb9023bdfb49f49ffee17f2a7835571bef081812f05ac86b6148b42d7b9b3fb75e918a365355a9a19b30091fea1b3a7a117fe14b179a3897b56077b8b11b2c620de723604214adb18a4d8d039e0f6dbdf9147c0875f6f4c03e64d59bb8de2f0c91d23ceafe0a1729c4fd27525ebd5e171e5c894ccd2f12de3a0ca9a82a707dd1bc9fb02021410888f65548490ace5dfa639176e1434737c0d5a63fe09ec9b112d71ec836e1ba19649eb2260f3fe2a44e3f684d0", 0xb6, 0x100000000}], 0x4, &(0x7f00000002c0)='/dev/ubi_ctrl\x00') write$UHID_DESTROY(r0, &(0x7f0000000040), 0x4) [ 1656.043367][ T8746] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1656.051340][ T8746] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1656.059296][ T8746] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1656.067254][ T8746] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1656.075271][ T8746] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1656.085889][ T8746] memory: usage 307200kB, limit 307200kB, failcnt 1296 [ 1656.101359][ T8746] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1656.136300][ T8746] Memory cgroup stats for /syz4: [ 1656.137576][ T8746] anon 310587392 [ 1656.137576][ T8746] file 8192 [ 1656.137576][ T8746] kernel_stack 258048 [ 1656.137576][ T8746] slab 942080 [ 1656.137576][ T8746] sock 0 [ 1656.137576][ T8746] shmem 0 [ 1656.137576][ T8746] file_mapped 0 [ 1656.137576][ T8746] file_dirty 0 [ 1656.137576][ T8746] file_writeback 0 [ 1656.137576][ T8746] anon_thp 274726912 [ 1656.137576][ T8746] inactive_anon 262492160 [ 1656.137576][ T8746] active_anon 217088 [ 1656.137576][ T8746] inactive_file 0 [ 1656.137576][ T8746] active_file 118784 [ 1656.137576][ T8746] unevictable 47837184 [ 1656.137576][ T8746] slab_reclaimable 135168 [ 1656.137576][ T8746] slab_unreclaimable 806912 [ 1656.137576][ T8746] pgfault 251823 [ 1656.137576][ T8746] pgmajfault 0 [ 1656.137576][ T8746] workingset_refault 0 [ 1656.137576][ T8746] workingset_activate 0 [ 1656.137576][ T8746] workingset_nodereclaim 0 [ 1656.137576][ T8746] pgrefill 164 [ 1656.137576][ T8746] pgscan 253 [ 1656.137576][ T8746] pgsteal 34 [ 1656.237896][ T8863] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1656.249192][ T8746] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8610,uid=0 [ 1656.356307][ T8746] Memory cgroup out of memory: Killed process 8610 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1656.412268][ T8863] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1656.466455][ T8867] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1656.471683][ T1065] oom_reaper: reaped process 8610 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1656.488243][ T8863] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1656.530439][ T8867] CPU: 0 PID: 8867 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1656.539071][ T8867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1656.549170][ T8867] Call Trace: [ 1656.552548][ T8867] dump_stack+0x11d/0x181 [ 1656.556893][ T8867] dump_header+0xaa/0x39c [ 1656.561243][ T8867] oom_kill_process.cold+0x10/0x15 [ 1656.566412][ T8867] out_of_memory+0x231/0xa60 [ 1656.571033][ T8867] mem_cgroup_out_of_memory+0x128/0x150 [ 1656.576604][ T8867] try_charge+0xb6c/0xbf0 [ 1656.580951][ T8867] ? rcu_note_context_switch+0x720/0x760 [ 1656.586611][ T8867] mem_cgroup_try_charge+0xd2/0x260 [ 1656.591823][ T8867] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1656.597468][ T8867] __handle_mm_fault+0x197f/0x2e00 [ 1656.602611][ T8867] handle_mm_fault+0x21b/0x530 [ 1656.607527][ T8867] __get_user_pages+0x485/0x1130 [ 1656.612611][ T8867] populate_vma_page_range+0xe6/0x100 [ 1656.617998][ T8867] __mm_populate+0x168/0x2a0 [ 1656.622680][ T8867] __x64_sys_mlockall+0x2e3/0x320 [ 1656.627719][ T8867] do_syscall_64+0xcc/0x3a0 [ 1656.632463][ T8867] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1656.638448][ T8867] RIP: 0033:0x45af49 [ 1656.642423][ T8867] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1656.662052][ T8867] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1656.670494][ T8867] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1656.678605][ T8867] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1656.686611][ T8867] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1656.694592][ T8867] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1656.702629][ T8867] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1656.726536][ T8867] memory: usage 307200kB, limit 307200kB, failcnt 1345 [ 1656.736901][ T8867] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1656.744704][ T8867] Memory cgroup stats for /syz2: [ 1656.744926][ T8867] anon 309624832 [ 1656.744926][ T8867] file 106496 [ 1656.744926][ T8867] kernel_stack 368640 [ 1656.744926][ T8867] slab 1228800 [ 1656.744926][ T8867] sock 53248 [ 1656.744926][ T8867] shmem 0 [ 1656.744926][ T8867] file_mapped 0 [ 1656.744926][ T8867] file_dirty 0 [ 1656.744926][ T8867] file_writeback 0 [ 1656.744926][ T8867] anon_thp 270532608 [ 1656.744926][ T8867] inactive_anon 258531328 [ 1656.744926][ T8867] active_anon 7081984 [ 1656.744926][ T8867] inactive_file 135168 [ 1656.744926][ T8867] active_file 135168 [ 1656.744926][ T8867] unevictable 44343296 [ 1656.744926][ T8867] slab_reclaimable 405504 [ 1656.744926][ T8867] slab_unreclaimable 823296 [ 1656.744926][ T8867] pgfault 283998 [ 1656.744926][ T8867] pgmajfault 0 [ 1656.744926][ T8867] workingset_refault 0 [ 1656.744926][ T8867] workingset_activate 0 [ 1656.744926][ T8867] workingset_nodereclaim 0 [ 1656.744926][ T8867] pgrefill 110 [ 1656.744926][ T8867] pgscan 141 [ 1656.744926][ T8867] pgsteal 35 [ 1656.841260][ T8867] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8731,uid=0 [ 1656.857664][ T8867] Memory cgroup out of memory: Killed process 8731 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1656.885427][ T1065] oom_reaper: reaped process 8731 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:52:42 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:52:42 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000165b00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:42 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x80c}, 0x28) 07:52:42 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200720202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:42 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) ioctl$NBD_SET_SIZE(r0, 0xab02, 0x6) [ 1657.472738][ T8988] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1657.612621][ T8988] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:52:42 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x80d}, 0x28) 07:52:42 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200820202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1657.741028][ T8988] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1657.805768][ T9037] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1657.859499][ T9037] CPU: 0 PID: 9037 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1657.868239][ T9037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1657.878323][ T9037] Call Trace: [ 1657.881621][ T9037] dump_stack+0x11d/0x181 [ 1657.885954][ T9037] dump_header+0xaa/0x39c [ 1657.890302][ T9037] oom_kill_process.cold+0x10/0x15 [ 1657.895413][ T9037] out_of_memory+0x231/0xa60 [ 1657.900023][ T9037] ? __rcu_read_unlock+0x66/0x3d0 [ 1657.905053][ T9037] mem_cgroup_out_of_memory+0x128/0x150 [ 1657.910601][ T9037] try_charge+0xb6c/0xbf0 [ 1657.914931][ T9037] ? rcu_note_context_switch+0x720/0x760 [ 1657.920617][ T9037] mem_cgroup_try_charge+0xd2/0x260 [ 1657.925816][ T9037] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1657.931492][ T9037] __handle_mm_fault+0x197f/0x2e00 [ 1657.936612][ T9037] handle_mm_fault+0x21b/0x530 [ 1657.941430][ T9037] __get_user_pages+0x485/0x1130 [ 1657.946441][ T9037] populate_vma_page_range+0xe6/0x100 [ 1657.951809][ T9037] __mm_populate+0x168/0x2a0 [ 1657.956499][ T9037] __x64_sys_mlockall+0x2e3/0x320 [ 1657.961530][ T9037] do_syscall_64+0xcc/0x3a0 [ 1657.966089][ T9037] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1657.972004][ T9037] RIP: 0033:0x45af49 [ 1657.975940][ T9037] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1657.995645][ T9037] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1658.004052][ T9037] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1658.012014][ T9037] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1658.020055][ T9037] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1658.028029][ T9037] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1658.035994][ T9037] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1658.071219][ T9037] memory: usage 307200kB, limit 307200kB, failcnt 1320 [ 1658.145170][ T9037] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1658.193985][ T9037] Memory cgroup stats for /syz4: [ 1658.194742][ T9037] anon 310476800 [ 1658.194742][ T9037] file 8192 [ 1658.194742][ T9037] kernel_stack 294912 [ 1658.194742][ T9037] slab 942080 [ 1658.194742][ T9037] sock 0 [ 1658.194742][ T9037] shmem 0 [ 1658.194742][ T9037] file_mapped 0 [ 1658.194742][ T9037] file_dirty 0 [ 1658.194742][ T9037] file_writeback 0 [ 1658.194742][ T9037] anon_thp 274726912 [ 1658.194742][ T9037] inactive_anon 262590464 [ 1658.194742][ T9037] active_anon 200704 [ 1658.194742][ T9037] inactive_file 0 [ 1658.194742][ T9037] active_file 118784 [ 1658.194742][ T9037] unevictable 47738880 [ 1658.194742][ T9037] slab_reclaimable 135168 [ 1658.194742][ T9037] slab_unreclaimable 806912 [ 1658.194742][ T9037] pgfault 253374 [ 1658.194742][ T9037] pgmajfault 0 [ 1658.194742][ T9037] workingset_refault 0 [ 1658.194742][ T9037] workingset_activate 0 [ 1658.194742][ T9037] workingset_nodereclaim 0 [ 1658.194742][ T9037] pgrefill 164 [ 1658.194742][ T9037] pgscan 253 [ 1658.194742][ T9037] pgsteal 34 07:52:43 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000006000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:43 executing program 1: kexec_load(0x0, 0x2, &(0x7f0000000080)=[{0x0, 0x0, 0x9165a000}, {&(0x7f0000000040)="b294957fca9d504ec08bd8157e8f6af260b55aea7a90396f07c0290add36d1ce125a972e2b7fc97c1d43593f6896192b26d62a74a9c1aa7047b0989ecc", 0x3d, 0x0, 0x1f}], 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, &(0x7f0000000000)={'ip6erspan0\x00', 0x400}) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) r1 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x7fffdf00f000, 0xa, 0x10, r1, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0x80000, 0x0) r3 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000300)={0x100000011, @multicast2, 0x0, 0x0, 'lblc\x00'}, 0x2c) r4 = socket(0xa, 0x4000000001, 0x0) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x11, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x1000000, 'lblcr\x00'}, 0x2c) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000001580)={0x0, @dev, @broadcast}, &(0x7f00000015c0)=0xc) setsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000300)={r5, @loopback, @remote}, 0xc) r6 = socket$inet_tcp(0x2, 0x1, 0x0) fstat(r6, &(0x7f0000000300)) getsockopt$inet_pktinfo(r6, 0x0, 0x8, &(0x7f0000001600)={0x0, @remote, @empty}, &(0x7f0000000100)=0xfffffe78) ioctl$sock_inet_SIOCGIFPFLAGS(r4, 0x8935, &(0x7f00000003c0)={'veth1_to_team\x00', 0x9}) ioctl$EVIOCGMTSLOTS(r2, 0x8040450a, &(0x7f0000000180)=""/231) r8 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r8, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r8, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) r9 = accept$unix(0xffffffffffffffff, &(0x7f00000004c0), &(0x7f0000000380)=0x6e) clock_gettime(0x0, &(0x7f0000001640)={0x0, 0x0}) recvmmsg(r9, &(0x7f0000001480)=[{{&(0x7f0000000540)=@can, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000880)=""/186, 0xba}, {&(0x7f0000000a00)=""/204, 0xcc}, {&(0x7f0000000440)}, {&(0x7f00000007c0)=""/81, 0x51}], 0x4}, 0x503b}, {{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000b00)=""/181, 0xb5}], 0x1, &(0x7f0000000bc0)=""/66, 0x42}, 0x5}, {{&(0x7f0000000c40)=@nfc_llcp, 0x80, &(0x7f0000000ec0)=[{&(0x7f0000000980)=""/38, 0x26}, {&(0x7f0000000cc0)=""/139, 0x8b}, {&(0x7f0000000d80)=""/170, 0xaa}, {&(0x7f0000000e40)=""/18, 0x12}, {&(0x7f0000000e80)=""/6, 0x6}], 0x5, &(0x7f0000000f40)=""/217, 0xd9}, 0x9}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000001040)=""/188, 0xbc}, {&(0x7f0000001100)=""/107, 0x6b}, {&(0x7f0000001180)=""/178, 0xb2}, {&(0x7f0000002040)=""/4096, 0x1000}, {&(0x7f0000001240)=""/24, 0x18}, {&(0x7f0000001280)=""/123, 0x7b}], 0x6, &(0x7f0000001380)=""/204, 0xcc}, 0x9}], 0x4, 0x20, &(0x7f0000001680)={r10, r11+30000000}) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r8, 0x40485404, &(0x7f0000000280)={{0x0, 0x0, 0x8, 0x3, 0x800}, 0x1ff, 0x95e}) setsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000140)={r7, @remote, @loopback}, 0xc) ioctl$FICLONE(r1, 0x40049409, r3) r12 = syz_genetlink_get_family_id$team(&(0x7f0000000840)='team\x00') ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000480)={'team0\x00', r7}) sendmsg$TEAM_CMD_PORT_LIST_GET(r3, &(0x7f0000000780)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x404001}, 0xc, &(0x7f0000000740)={&(0x7f0000000600)={0x124, r12, 0x400, 0x70bd26, 0x25dfdbfe, {}, [{{0x8, 0x1, r5}, {0xbc, 0x2, [{0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0xffffffffffffff17, 0x4, 0x1}}, {0x8, 0x6, r13}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x3}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r5}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x44, 0x2, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r5}}, {0x8}}}]}}]}, 0x124}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001f00)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000002000)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x880090}, 0xc, &(0x7f0000001fc0)={&(0x7f0000001f40)={0x58, r12, 0x200, 0x70bd27, 0x25dfdbfd, {}, [{{0x8, 0x1, r14}, {0x3c, 0x2, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x5}, {0x8, 0x4, 0x1}}}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x40}, 0x8804) 07:52:43 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x80e}, 0x28) [ 1658.304963][ T9037] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8976,uid=0 [ 1658.321839][ T9037] Memory cgroup out of memory: Killed process 8976 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1658.378699][ T1065] oom_reaper: reaped process 8976 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:52:43 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200920202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1658.424614][ T9111] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1658.522960][ T9111] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1658.617521][ T9116] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1658.627996][ T9116] CPU: 0 PID: 9116 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1658.636600][ T9116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1658.636605][ T9116] Call Trace: [ 1658.636681][ T9116] dump_stack+0x11d/0x181 [ 1658.654464][ T9116] dump_header+0xaa/0x39c [ 1658.658837][ T9116] oom_kill_process.cold+0x10/0x15 [ 1658.664025][ T9116] out_of_memory+0x231/0xa60 [ 1658.668632][ T9116] ? __rcu_read_unlock+0x66/0x3d0 [ 1658.673678][ T9116] mem_cgroup_out_of_memory+0x128/0x150 [ 1658.679247][ T9116] try_charge+0xb6c/0xbf0 [ 1658.683589][ T9116] ? rcu_note_context_switch+0x720/0x760 [ 1658.689305][ T9116] mem_cgroup_try_charge+0xd2/0x260 [ 1658.694556][ T9116] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1658.700245][ T9116] __handle_mm_fault+0x197f/0x2e00 [ 1658.705367][ T9116] handle_mm_fault+0x21b/0x530 [ 1658.710130][ T9116] __get_user_pages+0x485/0x1130 [ 1658.715104][ T9116] populate_vma_page_range+0xe6/0x100 [ 1658.720495][ T9116] __mm_populate+0x168/0x2a0 [ 1658.725126][ T9116] __x64_sys_mlockall+0x2e3/0x320 [ 1658.730289][ T9116] do_syscall_64+0xcc/0x3a0 [ 1658.734890][ T9116] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1658.741042][ T9116] RIP: 0033:0x45af49 [ 1658.745022][ T9116] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1658.764706][ T9116] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1658.773235][ T9116] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1658.781493][ T9116] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1658.789473][ T9116] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1658.797519][ T9116] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1658.805657][ T9116] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1658.817403][ T9111] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1658.855481][ T9116] memory: usage 307200kB, limit 307200kB, failcnt 1384 [ 1658.896489][ T9116] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1658.942063][ T9116] Memory cgroup stats for /syz2: [ 1658.942268][ T9116] anon 309739520 [ 1658.942268][ T9116] file 106496 [ 1658.942268][ T9116] kernel_stack 368640 [ 1658.942268][ T9116] slab 1228800 [ 1658.942268][ T9116] sock 53248 [ 1658.942268][ T9116] shmem 0 [ 1658.942268][ T9116] file_mapped 0 [ 1658.942268][ T9116] file_dirty 0 [ 1658.942268][ T9116] file_writeback 0 [ 1658.942268][ T9116] anon_thp 270532608 [ 1658.942268][ T9116] inactive_anon 258469888 [ 1658.942268][ T9116] active_anon 7094272 [ 1658.942268][ T9116] inactive_file 135168 [ 1658.942268][ T9116] active_file 135168 [ 1658.942268][ T9116] unevictable 44212224 [ 1658.942268][ T9116] slab_reclaimable 405504 [ 1658.942268][ T9116] slab_unreclaimable 823296 [ 1658.942268][ T9116] pgfault 285879 [ 1658.942268][ T9116] pgmajfault 0 [ 1658.942268][ T9116] workingset_refault 0 [ 1658.942268][ T9116] workingset_activate 0 [ 1658.942268][ T9116] workingset_nodereclaim 0 [ 1658.942268][ T9116] pgrefill 110 [ 1658.942268][ T9116] pgscan 141 [ 1658.942268][ T9116] pgsteal 35 [ 1659.044772][ T9116] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=8978,uid=0 [ 1659.064733][ T9116] Memory cgroup out of memory: Killed process 8978 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 07:52:44 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:52:44 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x80f}, 0x28) 07:52:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000586500000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:44 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)="c3", 0x1, 0xffffffffffffffff) r1 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f00000001c0)="5c755bb00e32b5f3908b7a908fd86455b6c5cbf577253da3f8458f5d20999bd1a53ca41a5e6173ba85edbe85c4112fccd88794654d4aef715e8de74e2051a561831a59531222ab3c60dcd105449899d623725cde31fe75fc28140fb7babc5191d0657ef9c96df7b81c68f1885a76917a6229f02e7990ca9aacbc864447220c886b71495ead4b0008e14a87af261e70be95d65759dbe2b292b704c67993012152a0fadab652a610c199416c476358e8e577db9e5744b9e8ee2f3c4e248f0a3606", 0xc0, 0xfffffffffffffffb) r2 = add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)="c3", 0x1, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r2}, 0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={'cmac(twofish-generic)\x00'}}) keyctl$link(0x8, 0x0, r2) 07:52:44 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200a20202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:45 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) [ 1659.933047][ T9247] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:52:45 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200b20202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1659.996241][ T9247] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:52:45 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x810}, 0x28) [ 1660.068446][ T9247] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:52:45 executing program 1: openat$vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vsock\x00', 0x400, 0x0) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000640)='/dev/dsp\x00', 0x0, 0x0) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r2, 0x800442d4, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f0000000000)={0x0, @in6}, &(0x7f00000000c0)=0x98) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000180)=@newlink={0x20, 0x10, 0x801}, 0x20}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x0) prctl$PR_GET_FPEXC(0xb, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) times(&(0x7f0000000000)) r6 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r6, &(0x7f00005d5ff3)={0x2, 0x4e20}, 0x10) sendto$inet(r6, 0x0, 0x0, 0x20008005, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback}, 0x10) ioctl$BLKFLSBUF(0xffffffffffffffff, 0xc0481273, 0xffffffffffffffff) openat$dsp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r7 = socket(0x400000000000010, 0x802, 0x0) write(r7, &(0x7f00000000c0)="24000000200099f0003be90000ed190e020008160000100000ba108008000200", 0x20) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r10}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18}}}]}, 0x48}}, 0x0) [ 1660.142806][ T9249] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 07:52:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000006800000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1660.192840][ T9249] CPU: 0 PID: 9249 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1660.211457][ T9249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1660.221521][ T9249] Call Trace: [ 1660.224896][ T9249] dump_stack+0x11d/0x181 [ 1660.229254][ T9249] dump_header+0xaa/0x39c [ 1660.233636][ T9249] oom_kill_process.cold+0x10/0x15 [ 1660.238791][ T9249] out_of_memory+0x231/0xa60 [ 1660.243462][ T9249] ? __rcu_read_unlock+0x66/0x3d0 [ 1660.248556][ T9249] mem_cgroup_out_of_memory+0x128/0x150 [ 1660.254120][ T9249] try_charge+0xb6c/0xbf0 [ 1660.258508][ T9249] ? rcu_note_context_switch+0x720/0x760 [ 1660.264179][ T9249] mem_cgroup_try_charge+0xd2/0x260 [ 1660.269465][ T9249] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1660.275107][ T9249] __handle_mm_fault+0x197f/0x2e00 [ 1660.280237][ T9249] handle_mm_fault+0x21b/0x530 [ 1660.285041][ T9249] __get_user_pages+0x485/0x1130 [ 1660.290077][ T9249] populate_vma_page_range+0xe6/0x100 [ 1660.295461][ T9249] __mm_populate+0x168/0x2a0 [ 1660.300100][ T9249] __x64_sys_mlockall+0x2e3/0x320 [ 1660.305153][ T9249] do_syscall_64+0xcc/0x3a0 [ 1660.309681][ T9249] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1660.315581][ T9249] RIP: 0033:0x45af49 [ 1660.319559][ T9249] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1660.339189][ T9249] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1660.347680][ T9249] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1660.355665][ T9249] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1660.363845][ T9249] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1660.371978][ T9249] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1660.379981][ T9249] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1660.406439][ T9249] memory: usage 307200kB, limit 307200kB, failcnt 1356 [ 1660.428293][ T9249] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1660.443076][ T9249] Memory cgroup stats for /syz4: [ 1660.443343][ T9249] anon 310464512 [ 1660.443343][ T9249] file 8192 [ 1660.443343][ T9249] kernel_stack 294912 [ 1660.443343][ T9249] slab 942080 [ 1660.443343][ T9249] sock 0 [ 1660.443343][ T9249] shmem 0 [ 1660.443343][ T9249] file_mapped 0 [ 1660.443343][ T9249] file_dirty 0 [ 1660.443343][ T9249] file_writeback 0 [ 1660.443343][ T9249] anon_thp 272629760 [ 1660.443343][ T9249] inactive_anon 262578176 [ 1660.443343][ T9249] active_anon 245760 [ 1660.443343][ T9249] inactive_file 0 [ 1660.443343][ T9249] active_file 118784 [ 1660.443343][ T9249] unevictable 47665152 [ 1660.443343][ T9249] slab_reclaimable 135168 [ 1660.443343][ T9249] slab_unreclaimable 806912 [ 1660.443343][ T9249] pgfault 255750 [ 1660.443343][ T9249] pgmajfault 0 [ 1660.443343][ T9249] workingset_refault 0 [ 1660.443343][ T9249] workingset_activate 0 [ 1660.443343][ T9249] workingset_nodereclaim 0 [ 1660.443343][ T9249] pgrefill 164 [ 1660.443343][ T9249] pgscan 253 [ 1660.443343][ T9249] pgsteal 34 [ 1660.545478][ T9426] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1660.561965][ T9249] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9224,uid=0 [ 1660.564096][ T9426] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1660.614736][ T9249] Memory cgroup out of memory: Killed process 9224 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1660.633044][ T9426] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:52:45 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x811}, 0x28) 07:52:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000006c00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1660.847345][ T9354] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1660.887609][ T9354] CPU: 0 PID: 9354 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1660.896273][ T9354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1660.906338][ T9354] Call Trace: [ 1660.909682][ T9354] dump_stack+0x11d/0x181 [ 1660.914077][ T9354] dump_header+0xaa/0x39c [ 1660.918457][ T9354] oom_kill_process.cold+0x10/0x15 [ 1660.923607][ T9354] out_of_memory+0x231/0xa60 [ 1660.928300][ T9354] mem_cgroup_out_of_memory+0x128/0x150 [ 1660.933870][ T9354] try_charge+0xb6c/0xbf0 [ 1660.938267][ T9354] ? rcu_note_context_switch+0x720/0x760 [ 1660.943935][ T9354] mem_cgroup_try_charge+0xd2/0x260 [ 1660.949264][ T9354] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1660.954910][ T9354] __handle_mm_fault+0x197f/0x2e00 [ 1660.960046][ T9354] handle_mm_fault+0x21b/0x530 [ 1660.964845][ T9354] __get_user_pages+0x485/0x1130 [ 1660.969814][ T9354] populate_vma_page_range+0xe6/0x100 [ 1660.975211][ T9354] __mm_populate+0x168/0x2a0 [ 1660.979904][ T9354] __x64_sys_mlockall+0x2e3/0x320 [ 1660.985079][ T9354] do_syscall_64+0xcc/0x3a0 [ 1660.989598][ T9354] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1660.995496][ T9354] RIP: 0033:0x45af49 [ 1660.999429][ T9354] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1661.019110][ T9354] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1661.027632][ T9354] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1661.035610][ T9354] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1661.043623][ T9354] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1661.053017][ T9354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1661.061005][ T9354] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1661.101970][ T9473] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1661.150612][ T9473] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1661.237554][ T9473] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1661.303177][ T9354] memory: usage 307200kB, limit 307200kB, failcnt 1413 [ 1661.314867][ T9354] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1661.327451][ T9354] Memory cgroup stats for /syz2: [ 1661.327687][ T9354] anon 309628928 [ 1661.327687][ T9354] file 106496 [ 1661.327687][ T9354] kernel_stack 368640 [ 1661.327687][ T9354] slab 1228800 [ 1661.327687][ T9354] sock 53248 [ 1661.327687][ T9354] shmem 0 [ 1661.327687][ T9354] file_mapped 0 [ 1661.327687][ T9354] file_dirty 0 [ 1661.327687][ T9354] file_writeback 0 [ 1661.327687][ T9354] anon_thp 270532608 [ 1661.327687][ T9354] inactive_anon 258445312 [ 1661.327687][ T9354] active_anon 7106560 [ 1661.327687][ T9354] inactive_file 135168 [ 1661.327687][ T9354] active_file 135168 [ 1661.327687][ T9354] unevictable 44343296 [ 1661.327687][ T9354] slab_reclaimable 405504 [ 1661.327687][ T9354] slab_unreclaimable 823296 [ 1661.327687][ T9354] pgfault 287430 [ 1661.327687][ T9354] pgmajfault 0 [ 1661.327687][ T9354] workingset_refault 0 [ 1661.327687][ T9354] workingset_activate 0 [ 1661.327687][ T9354] workingset_nodereclaim 0 [ 1661.327687][ T9354] pgrefill 110 [ 1661.327687][ T9354] pgscan 141 [ 1661.327687][ T9354] pgsteal 35 [ 1661.423908][ T9354] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9230,uid=0 [ 1661.452619][ T9354] Memory cgroup out of memory: Killed process 9230 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 07:52:46 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:52:46 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200c20202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:46 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x812}, 0x28) 07:52:46 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x80, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r0, 0x8982, &(0x7f0000000080)) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)=0x9) 07:52:46 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000007400000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1661.774806][ T9487] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1661.920834][ T9487] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1662.057164][ T9487] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:52:47 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:47 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x813}, 0x28) 07:52:47 executing program 1: kexec_load(0x0, 0x1, &(0x7f00000005c0)=[{0x0}], 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/zoneinfo\x00', 0x0, 0x0) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000040)={0x8000, 0x1, 0x0, 0x4}, 0x8) 07:52:47 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200d20202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1662.239418][ T9599] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 07:52:47 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000007a00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1662.356852][ T9599] CPU: 0 PID: 9599 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1662.365508][ T9599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1662.375761][ T9599] Call Trace: [ 1662.379169][ T9599] dump_stack+0x11d/0x181 [ 1662.383520][ T9599] dump_header+0xaa/0x39c [ 1662.387887][ T9599] oom_kill_process.cold+0x10/0x15 [ 1662.393084][ T9599] out_of_memory+0x231/0xa60 [ 1662.397788][ T9599] ? __rcu_read_unlock+0x66/0x3d0 07:52:47 executing program 1: ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000100)={0x5, 0x8}) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x20000, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x14, &(0x7f00000001c0)={r3}, 0x8) getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000080)={0x0, @dev, @multicast2}, &(0x7f00000000c0)=0xc) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000040)={0xfff, 0x39e5111e7c62568c, 0x6, 0x0, r3}, 0x10) [ 1662.402888][ T9599] mem_cgroup_out_of_memory+0x128/0x150 [ 1662.408515][ T9599] try_charge+0xb6c/0xbf0 [ 1662.412906][ T9599] ? rcu_note_context_switch+0x720/0x760 [ 1662.418660][ T9599] mem_cgroup_try_charge+0xd2/0x260 [ 1662.423968][ T9599] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1662.429685][ T9599] __handle_mm_fault+0x197f/0x2e00 [ 1662.434830][ T9599] handle_mm_fault+0x21b/0x530 [ 1662.439675][ T9599] __get_user_pages+0x485/0x1130 [ 1662.444756][ T9599] populate_vma_page_range+0xe6/0x100 [ 1662.450146][ T9599] __mm_populate+0x168/0x2a0 [ 1662.454768][ T9599] __x64_sys_mlockall+0x2e3/0x320 [ 1662.459817][ T9599] do_syscall_64+0xcc/0x3a0 [ 1662.464344][ T9599] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1662.470268][ T9599] RIP: 0033:0x45af49 [ 1662.474184][ T9599] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1662.493822][ T9599] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1662.502246][ T9599] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1662.510216][ T9599] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1662.518259][ T9599] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1662.526251][ T9599] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1662.534220][ T9599] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:52:47 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x814}, 0x28) [ 1662.658917][ T9820] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1662.721064][ T9820] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1662.747676][ T9599] memory: usage 307200kB, limit 307200kB, failcnt 1394 [ 1662.755063][ T9599] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1662.762934][ T9820] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1662.800442][ T9599] Memory cgroup stats for /syz4: [ 1662.800638][ T9599] anon 310525952 [ 1662.800638][ T9599] file 8192 [ 1662.800638][ T9599] kernel_stack 294912 [ 1662.800638][ T9599] slab 942080 [ 1662.800638][ T9599] sock 0 [ 1662.800638][ T9599] shmem 0 [ 1662.800638][ T9599] file_mapped 0 [ 1662.800638][ T9599] file_dirty 0 [ 1662.800638][ T9599] file_writeback 0 [ 1662.800638][ T9599] anon_thp 270532608 [ 1662.800638][ T9599] inactive_anon 262717440 [ 1662.800638][ T9599] active_anon 229376 [ 1662.800638][ T9599] inactive_file 0 [ 1662.800638][ T9599] active_file 118784 [ 1662.800638][ T9599] unevictable 47661056 [ 1662.800638][ T9599] slab_reclaimable 135168 [ 1662.800638][ T9599] slab_unreclaimable 806912 [ 1662.800638][ T9599] pgfault 258126 [ 1662.800638][ T9599] pgmajfault 0 [ 1662.800638][ T9599] workingset_refault 0 [ 1662.800638][ T9599] workingset_activate 0 [ 1662.800638][ T9599] workingset_nodereclaim 0 [ 1662.800638][ T9599] pgrefill 164 [ 1662.800638][ T9599] pgscan 253 [ 1662.800638][ T9599] pgsteal 34 [ 1662.895347][ T9599] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9478,uid=0 [ 1662.910914][ T9599] Memory cgroup out of memory: Killed process 9478 (syz-executor.4) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1662.941408][ T1065] oom_reaper: reaped process 9478 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1662.952770][ T9607] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1662.976069][ T9607] CPU: 1 PID: 9607 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1662.984696][ T9607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1662.994749][ T9607] Call Trace: [ 1662.998056][ T9607] dump_stack+0x11d/0x181 [ 1663.002431][ T9607] dump_header+0xaa/0x39c [ 1663.006792][ T9607] oom_kill_process.cold+0x10/0x15 [ 1663.011937][ T9607] out_of_memory+0x231/0xa60 [ 1663.016747][ T9607] mem_cgroup_out_of_memory+0x128/0x150 [ 1663.022311][ T9607] try_charge+0xb6c/0xbf0 [ 1663.026654][ T9607] ? rcu_note_context_switch+0x720/0x760 [ 1663.032318][ T9607] mem_cgroup_try_charge+0xd2/0x260 [ 1663.037552][ T9607] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1663.043241][ T9607] __handle_mm_fault+0x197f/0x2e00 [ 1663.048398][ T9607] handle_mm_fault+0x21b/0x530 [ 1663.053214][ T9607] __get_user_pages+0x485/0x1130 [ 1663.058267][ T9607] populate_vma_page_range+0xe6/0x100 [ 1663.063669][ T9607] __mm_populate+0x168/0x2a0 [ 1663.068289][ T9607] __x64_sys_mlockall+0x2e3/0x320 [ 1663.073420][ T9607] do_syscall_64+0xcc/0x3a0 [ 1663.077951][ T9607] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1663.083850][ T9607] RIP: 0033:0x45af49 [ 1663.087764][ T9607] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1663.107429][ T9607] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1663.115916][ T9607] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1663.123905][ T9607] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1663.131885][ T9607] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1663.139931][ T9607] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1663.148589][ T9607] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1663.240650][ T9607] memory: usage 307200kB, limit 307200kB, failcnt 1441 [ 1663.250540][ T9607] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1663.261669][ T9607] Memory cgroup stats for /syz2: [ 1663.261911][ T9607] anon 309600256 [ 1663.261911][ T9607] file 106496 [ 1663.261911][ T9607] kernel_stack 331776 [ 1663.261911][ T9607] slab 1228800 [ 1663.261911][ T9607] sock 53248 [ 1663.261911][ T9607] shmem 0 [ 1663.261911][ T9607] file_mapped 0 [ 1663.261911][ T9607] file_dirty 0 [ 1663.261911][ T9607] file_writeback 0 [ 1663.261911][ T9607] anon_thp 270532608 [ 1663.261911][ T9607] inactive_anon 258310144 [ 1663.261911][ T9607] active_anon 7106560 [ 1663.261911][ T9607] inactive_file 135168 [ 1663.261911][ T9607] active_file 135168 [ 1663.261911][ T9607] unevictable 44183552 [ 1663.261911][ T9607] slab_reclaimable 405504 [ 1663.261911][ T9607] slab_unreclaimable 823296 [ 1663.261911][ T9607] pgfault 288948 [ 1663.261911][ T9607] pgmajfault 0 [ 1663.261911][ T9607] workingset_refault 0 [ 1663.261911][ T9607] workingset_activate 0 [ 1663.261911][ T9607] workingset_nodereclaim 0 [ 1663.261911][ T9607] pgrefill 110 [ 1663.261911][ T9607] pgscan 141 [ 1663.261911][ T9607] pgsteal 35 [ 1663.357592][ T9607] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9483,uid=0 [ 1663.373600][ T9607] Memory cgroup out of memory: Killed process 9483 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 07:52:48 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1663.400062][ T1065] oom_reaper: reaped process 9483 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:52:48 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x815}, 0x28) 07:52:48 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200e20202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:48 executing program 1: kexec_load(0x8000000000000000, 0x80000000000003d, &(0x7f00000005c0), 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x54) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r1, 0x4008ae90, &(0x7f0000000000)={0x5, 0x0, [{0x2, 0x1, 0x0, 0x3f, 0x80000001, 0x1, 0x6}, {0xa, 0x4, 0x0, 0x6, 0x5, 0x1, 0xffffffff}, {0x80000000, 0x6, 0x7, 0x3, 0x40, 0x0, 0x4c}, {0x7, 0x80000001, 0x2, 0x2, 0x9, 0x6, 0x101}, {0x40000002, 0x0, 0x4, 0xfce9, 0xe6, 0x2, 0x2}]}) 07:52:48 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000008000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1663.535483][ T9841] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1663.620916][ T9841] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1663.678260][ T9841] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1663.699720][ T9889] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1663.710246][ T9889] CPU: 1 PID: 9889 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1663.718843][ T9889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1663.728916][ T9889] Call Trace: [ 1663.732241][ T9889] dump_stack+0x11d/0x181 [ 1663.736601][ T9889] dump_header+0xaa/0x39c [ 1663.741024][ T9889] oom_kill_process.cold+0x10/0x15 [ 1663.746161][ T9889] out_of_memory+0x231/0xa60 [ 1663.750769][ T9889] ? __rcu_read_unlock+0x66/0x3d0 [ 1663.755868][ T9889] mem_cgroup_out_of_memory+0x128/0x150 [ 1663.761442][ T9889] try_charge+0xb6c/0xbf0 [ 1663.765791][ T9889] ? rcu_note_context_switch+0x720/0x760 [ 1663.771530][ T9889] mem_cgroup_try_charge+0xd2/0x260 [ 1663.776759][ T9889] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1663.782443][ T9889] __handle_mm_fault+0x197f/0x2e00 [ 1663.787589][ T9889] handle_mm_fault+0x21b/0x530 [ 1663.792397][ T9889] __get_user_pages+0x485/0x1130 [ 1663.797367][ T9889] populate_vma_page_range+0xe6/0x100 [ 1663.802769][ T9889] __mm_populate+0x168/0x2a0 [ 1663.807515][ T9889] __x64_sys_mlockall+0x2e3/0x320 [ 1663.812729][ T9889] do_syscall_64+0xcc/0x3a0 [ 1663.817400][ T9889] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1663.823301][ T9889] RIP: 0033:0x45af49 [ 1663.827374][ T9889] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1663.847013][ T9889] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1663.855446][ T9889] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1663.863434][ T9889] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1663.871432][ T9889] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1663.879416][ T9889] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1663.887405][ T9889] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1663.904816][ T9889] memory: usage 307200kB, limit 307200kB, failcnt 1439 [ 1663.971875][ T9889] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1663.990824][ T9889] Memory cgroup stats for /syz4: [ 1663.991236][ T9889] anon 310616064 [ 1663.991236][ T9889] file 8192 [ 1663.991236][ T9889] kernel_stack 294912 [ 1663.991236][ T9889] slab 942080 [ 1663.991236][ T9889] sock 0 [ 1663.991236][ T9889] shmem 0 [ 1663.991236][ T9889] file_mapped 0 [ 1663.991236][ T9889] file_dirty 0 [ 1663.991236][ T9889] file_writeback 0 [ 1663.991236][ T9889] anon_thp 272629760 [ 1663.991236][ T9889] inactive_anon 262705152 [ 1663.991236][ T9889] active_anon 233472 [ 1663.991236][ T9889] inactive_file 0 [ 1663.991236][ T9889] active_file 118784 [ 1663.991236][ T9889] unevictable 47996928 [ 1663.991236][ T9889] slab_reclaimable 135168 [ 1663.991236][ T9889] slab_unreclaimable 806912 [ 1663.991236][ T9889] pgfault 260007 [ 1663.991236][ T9889] pgmajfault 0 [ 1663.991236][ T9889] workingset_refault 0 [ 1663.991236][ T9889] workingset_activate 0 [ 1663.991236][ T9889] workingset_nodereclaim 0 [ 1663.991236][ T9889] pgrefill 164 [ 1663.991236][ T9889] pgscan 253 [ 1663.991236][ T9889] pgsteal 34 [ 1664.128380][ T9889] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9826,uid=0 [ 1664.148549][ T9889] Memory cgroup out of memory: Killed process 9826 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1664.180218][ T1065] oom_reaper: reaped process 9826 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 07:52:49 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x816}, 0x28) 07:52:49 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020200f20202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000008100000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:49 executing program 1: kexec_load(0x4, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = creat(&(0x7f0000000140)='./file0\x00', 0x100) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) creat(&(0x7f0000000100)='./file0\x00', 0x0) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) write$cgroup_type(r2, &(0x7f0000000640)='threaded\x00', 0xfffffffffffffe7a) r3 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000200)={0x0, 0x0, 0x4, 0x0, 0x11}) r4 = creat(&(0x7f0000000180)='./bus\x00', 0x40) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000040)=0xc0cb, 0x4) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}]) socket$inet6_udplite(0xa, 0x2, 0x88) r5 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r5, &(0x7f00000009c0)='threaded\x00', 0x76656f) r6 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r6, &(0x7f00000009c0)='threaded\x00', 0x76656f) r7 = creat(&(0x7f0000000000)='./bus\x00', 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000400)={{{@in6=@ipv4={[], [], @multicast1}, @in6=@mcast1}}, {{@in=@multicast1}, 0x0, @in=@empty}}, &(0x7f00000001c0)=0x151) r8 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0xc0000, 0x0) r9 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r9, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r9, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) signalfd4(r9, &(0x7f0000000500)={0x6}, 0x8, 0x800) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000002c0)={0x0, r8, 0xb}, 0x10) syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$BLKTRACESTOP(r0, 0x1275, 0x0) r10 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r10, &(0x7f00000009c0)='threaded\x00', 0x76656f) bind$netlink(r10, &(0x7f0000000580)={0x10, 0x0, 0x25dfdbfe, 0x60}, 0xc) r11 = fcntl$getown(0xffffffffffffffff, 0x9) ptrace$setregs(0xf, r11, 0x5, &(0x7f0000000300)="ce01c788fbbd0c64170130b13bdcea50f68b7b7a67948f669ae1589c681a416138721733d096a66e913fbcf5bb85eaa888e575f8423668e0ac994a456a9b6bc0161c997385cc17cbe336afabaeb2571407486efad52fb85982396f639154b7887c7df8d3e9310deb360af97a924b156135e1c3d420e8e8b7d1b102e7d380173181df155456dc837789530783dbc7b4782ae26ec9ba4283a88287095c9478b401e425fcf90f7471f3cbf11b686cf443f0967b9a3d2c3905afa76d41b7cb919d7f0cfb9637a46da718eb8286ccd68f398b7f5b781b") 07:52:49 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:49 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x817}, 0x28) [ 1664.766068][ T9965] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1664.821368][ T27] audit: type=1804 audit(1579074769.914:461): pid=9964 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir832725399/syzkaller.FXRSF6/2666/file0" dev="sda1" ino=17097 res=1 [ 1664.882506][ T9965] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:52:50 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201020202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1664.970050][ T9965] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1664.986958][ T27] audit: type=1804 audit(1579074769.964:462): pid=9964 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir832725399/syzkaller.FXRSF6/2666/file0" dev="sda1" ino=17097 res=1 [ 1665.000427][ T9968] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1665.129874][ T9968] CPU: 1 PID: 9968 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1665.138554][ T9968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1665.148620][ T9968] Call Trace: [ 1665.151936][ T9968] dump_stack+0x11d/0x181 [ 1665.156338][ T9968] dump_header+0xaa/0x39c [ 1665.160706][ T9968] oom_kill_process.cold+0x10/0x15 [ 1665.165870][ T9968] out_of_memory+0x231/0xa60 [ 1665.170522][ T9968] ? __rcu_read_unlock+0x66/0x3d0 [ 1665.175581][ T9968] mem_cgroup_out_of_memory+0x128/0x150 [ 1665.181162][ T9968] try_charge+0xb6c/0xbf0 [ 1665.185541][ T9968] ? rcu_note_context_switch+0x720/0x760 [ 1665.191185][ T9968] mem_cgroup_try_charge+0xd2/0x260 [ 1665.196444][ T9968] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1665.202134][ T9968] __handle_mm_fault+0x197f/0x2e00 [ 1665.207314][ T9968] handle_mm_fault+0x21b/0x530 [ 1665.212184][ T9968] __get_user_pages+0x485/0x1130 [ 1665.217247][ T9968] populate_vma_page_range+0xe6/0x100 [ 1665.222640][ T9968] __mm_populate+0x168/0x2a0 [ 1665.227256][ T9968] __x64_sys_mlockall+0x2e3/0x320 [ 1665.232307][ T9968] do_syscall_64+0xcc/0x3a0 [ 1665.236855][ T9968] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1665.242758][ T9968] RIP: 0033:0x45af49 [ 1665.246692][ T9968] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1665.266346][ T9968] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 07:52:50 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:52:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000000ffffa88800000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:50 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x818}, 0x28) [ 1665.274781][ T9968] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1665.282771][ T9968] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1665.290891][ T9968] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1665.298888][ T9968] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1665.306890][ T9968] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1665.361754][ T9968] memory: usage 307200kB, limit 307200kB, failcnt 1460 [ 1665.368661][ T9968] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1665.401318][T10081] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:52:50 executing program 1: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f0000000200)='threaded\x00', 0x202) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x14, &(0x7f00000001c0)={r5}, 0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f00000002c0)={r6, 0xbc, "1272975711e467a12640c5ced4a08f17c6c40db668f7cdfc4fdb30e9b420e0a29e62a30b0b33b8860fa30bc2d2e3452c3a86a44114ab8579277b4231892ef32e16e0671b2829f0de4e7324d13a1ef76917907057e83ca09cb20d5b70d68389f6b5644b7457c7152e71d53515c4a7387f9ce8e3c4aadc19e58b5b4693203236cc8f23c4ca24175ffd1bb9ed7d036a5ccb8696fe3d950a3b742ff7997f0be93223fa76429d82dd5e7c75a3952a9edd9bf6f4eed0d7f0ab4ebb92c93fb3"}, &(0x7f00000003c0)=0xc4) execveat(r0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=[&(0x7f0000000040)='\x00'], &(0x7f0000000100)=[&(0x7f00000000c0)='%/lo+'], 0x1000) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='overlay\x00', 0xb0a0, &(0x7f0000000740)={[{@workdir={'workdir', 0x3d, './bus'}}, {@xino_on='xino=on'}, {@nfs_export_on='nfs_export=on'}, {@xino_auto='xino=auto'}, {@xino_auto='xino=auto'}, {@metacopy_on='metacopy=on'}], [{@smackfsroot={'smackfsroot', 0x3d, '\xff\xeb\x1er\xbc\xf7,\xd2\x1c1\xfd\x99\xaa\xb2\xa0xj\x10a\x10BG\xc8\n\xe8j3\x9c\xe5F\x01\xf6\xf1\x1f\xbe\x05\xd7g\xb3si\\\xa0#\x9a9!\x92Q\xf4S\x8b\x9b_\x19D\xd2\xca\xf0\xab\xad\xe5\xd8\x93\xba\xbe\xb7\x10\xa8+\xc4\xae\xe2gc\xda{1.\xd5\xbd\xc9r\x9c\xbc\xac\xed*\xbc\xb0\x1f\xa0\xda\t\xf9\xb5\x89\xf5\xa4hC\x94\xc3\xe7\xfe\xa7c*4\xda\x93\xda\xe3\xf1\xf63D\x14\xed0E\xb8\xf8\xfb\x87\xff^\xc2\xa7\xeeM\xc1\xc7\xec\x8c\x13\xe2z\x7f\xbaDN\xb9\x98f\xe1\xe5\xa3\xa6\xbeB\x80\x93M\x81\xed7\\\x12O/Ad\x8c\x1e\x7f,Q#\x99\xf3\xca\xf7\xe3\xc3Q\xd5p\xf7$6tA\xbb\xf1\x85\xac\x14\x84\xe9\xcd\xd1\xc3\xc3\x93)\x83\x7fp\x81/\xcbs1\x10\x9e*\x1f\x92\xb6\xaa\x1f\xa5\x00\x00\xad\xf3\xa7\xd9d\xd9\x88\x85\xef@\xe2G\x12\xbee\x17\x88Q2\x93\x93D#\xf4\x0f\xd7r\xb62n\xf5\xbd\x95g\xac\xe5s\xebW\xc3\'&i`\xc6{k\xb85\x95\xa7\xc1\x87\xffY:\xa1?|\x17\x03\x86lA\xbb\xbf\xf3^\x95\xef-w\x80 \xc5\x97\xf1\x97\x88\xfc\xc3:\xa9tl>\xfe|\xe7\xdd\xd5#d3\xf4|\x9f|\x90\x9aU\xd5eKR$|\x0e`\xf5Y\xaa\x18\xefS\xa1\x90\xeb\xc3\xcd\x91\xd8\xd8I\x90\xb8Wl\xd9Z0\xc3'}}]}) [ 1665.451709][T10081] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1665.527205][ T9968] Memory cgroup stats for /syz2: [ 1665.527432][ T9968] anon 309587968 [ 1665.527432][ T9968] file 106496 [ 1665.527432][ T9968] kernel_stack 368640 [ 1665.527432][ T9968] slab 1228800 [ 1665.527432][ T9968] sock 53248 [ 1665.527432][ T9968] shmem 0 [ 1665.527432][ T9968] file_mapped 0 [ 1665.527432][ T9968] file_dirty 0 [ 1665.527432][ T9968] file_writeback 0 [ 1665.527432][ T9968] anon_thp 270532608 [ 1665.527432][ T9968] inactive_anon 258334720 [ 1665.527432][ T9968] active_anon 7098368 [ 1665.527432][ T9968] inactive_file 135168 07:52:50 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x819}, 0x28) [ 1665.527432][ T9968] active_file 135168 [ 1665.527432][ T9968] unevictable 44175360 [ 1665.527432][ T9968] slab_reclaimable 405504 [ 1665.527432][ T9968] slab_unreclaimable 823296 [ 1665.527432][ T9968] pgfault 290796 [ 1665.527432][ T9968] pgmajfault 0 [ 1665.527432][ T9968] workingset_refault 0 [ 1665.527432][ T9968] workingset_activate 0 [ 1665.527432][ T9968] workingset_nodereclaim 0 [ 1665.527432][ T9968] pgrefill 110 [ 1665.527432][ T9968] pgscan 141 [ 1665.527432][ T9968] pgsteal 35 [ 1665.645896][T10081] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1665.701124][ T9968] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9946,uid=0 [ 1665.720020][ T9968] Memory cgroup out of memory: Killed process 9946 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1665.835912][T10188] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1665.855819][T10188] CPU: 1 PID: 10188 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1665.864543][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1665.874598][T10188] Call Trace: [ 1665.878974][T10188] dump_stack+0x11d/0x181 [ 1665.883312][T10188] dump_header+0xaa/0x39c [ 1665.887667][T10188] oom_kill_process.cold+0x10/0x15 [ 1665.892860][T10188] out_of_memory+0x231/0xa60 [ 1665.897489][T10188] mem_cgroup_out_of_memory+0x128/0x150 [ 1665.903080][T10188] try_charge+0xb6c/0xbf0 [ 1665.907513][T10188] ? rcu_note_context_switch+0x720/0x760 [ 1665.913185][T10188] mem_cgroup_try_charge+0xd2/0x260 [ 1665.919782][T10188] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1665.925424][T10188] __handle_mm_fault+0x197f/0x2e00 [ 1665.930568][T10188] handle_mm_fault+0x21b/0x530 [ 1665.935336][T10188] __get_user_pages+0x485/0x1130 [ 1665.940315][T10188] populate_vma_page_range+0xe6/0x100 [ 1665.945792][T10188] __mm_populate+0x168/0x2a0 [ 1665.950649][T10188] __x64_sys_mlockall+0x2e3/0x320 [ 1665.955831][T10188] do_syscall_64+0xcc/0x3a0 [ 1665.960402][T10188] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1665.966305][T10188] RIP: 0033:0x45af49 [ 1665.970217][T10188] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1665.989838][T10188] RSP: 002b:00007fe49bdf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1665.998267][T10188] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1666.006344][T10188] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1666.014313][T10188] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1666.022299][T10188] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49bdf36d4 [ 1666.030295][T10188] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1666.041193][T10188] memory: usage 307200kB, limit 307200kB, failcnt 1474 [ 1666.048228][T10188] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1666.055080][T10188] Memory cgroup stats for /syz4: [ 1666.055314][T10188] anon 310472704 [ 1666.055314][T10188] file 8192 [ 1666.055314][T10188] kernel_stack 331776 [ 1666.055314][T10188] slab 942080 [ 1666.055314][T10188] sock 0 [ 1666.055314][T10188] shmem 0 [ 1666.055314][T10188] file_mapped 0 [ 1666.055314][T10188] file_dirty 0 [ 1666.055314][T10188] file_writeback 0 [ 1666.055314][T10188] anon_thp 274726912 [ 1666.055314][T10188] inactive_anon 262578176 [ 1666.055314][T10188] active_anon 262144 [ 1666.055314][T10188] inactive_file 0 [ 1666.055314][T10188] active_file 118784 [ 1666.055314][T10188] unevictable 47702016 [ 1666.055314][T10188] slab_reclaimable 135168 [ 1666.055314][T10188] slab_unreclaimable 806912 [ 1666.055314][T10188] pgfault 261855 [ 1666.055314][T10188] pgmajfault 0 [ 1666.055314][T10188] workingset_refault 0 [ 1666.055314][T10188] workingset_activate 0 [ 1666.055314][T10188] workingset_nodereclaim 0 [ 1666.055314][T10188] pgrefill 164 [ 1666.055314][T10188] pgscan 253 [ 1666.055314][T10188] pgsteal 34 [ 1666.149879][T10188] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9952,uid=0 [ 1666.165978][T10188] Memory cgroup out of memory: Killed process 9952 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 07:52:51 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:51 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201120202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:51 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000000ffffff9e00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:51 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f00000000c0)={0x0, 0x2, 0x4, 0x10000, 0x91c7, {}, {0x1, 0x0, 0x8, 0x9, 0x0, 0x1f, "bab2c6c4"}, 0x6, 0x9dbbf0ff3e4ad71c, @offset=0x100, 0x328d, 0x0, r1}) ioctl$TCGETS2(r2, 0x802c542a, &(0x7f0000000140)) sendmsg$TIPC_CMD_SET_LINK_TOL(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x148502105}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x30, 0x0, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {}, {0x14, 0x18, {0x6f, @bearer=@l2={'ib', 0x3a, 'xfrm0\x00'}}}}, [""]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x1) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer\x00', 0x100, 0x0) bind$netlink(r4, &(0x7f0000000240)={0x10, 0x0, 0x25dfdbff, 0x50000000}, 0xc) getsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)=""/69, &(0x7f0000000080)=0x45) openat$vcsu(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcsu\x00', 0x800, 0x0) 07:52:51 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x81a}, 0x28) [ 1666.623636][T10239] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:52:51 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video35\x00', 0x2, 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) r1 = geteuid() setresuid(r1, r1, 0x0) setreuid(r1, 0x0) mount$fuseblk(&(0x7f0000000040)='/dev/loop0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuseblk\x00', 0x10004, &(0x7f0000000100)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r1}, 0x2c, {'group_id'}, 0x2c, {[{@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@max_read={'max_read', 0x3d, 0x6}}, {@max_read={'max_read', 0x3d, 0x4}}, {@blksize={'blksize', 0x3d, 0x400}}, {@max_read={'max_read', 0x3d, 0x81}}], [{@subj_role={'subj_role', 0x3d, '/dev/video35\x00'}}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@subj_type={'subj_type', 0x3d, '-selfsystemmd5sumGPLproc'}}, {@dont_appraise='dont_appraise'}]}}) 07:52:51 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1666.761068][T10239] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:52:51 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x81b}, 0x28) 07:52:51 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201220202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1666.881594][T10239] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:52:52 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x81c}, 0x28) [ 1666.969015][T10316] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1667.025684][T10316] CPU: 1 PID: 10316 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1667.034622][T10316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1667.044689][T10316] Call Trace: [ 1667.048180][T10316] dump_stack+0x11d/0x181 [ 1667.052652][T10316] dump_header+0xaa/0x39c [ 1667.057027][T10316] oom_kill_process.cold+0x10/0x15 [ 1667.062160][T10316] out_of_memory+0x231/0xa60 [ 1667.066772][T10316] ? __rcu_read_unlock+0x66/0x3d0 [ 1667.071830][T10316] mem_cgroup_out_of_memory+0x128/0x150 [ 1667.077395][T10316] try_charge+0xb6c/0xbf0 [ 1667.081757][T10316] ? rcu_note_context_switch+0x720/0x760 [ 1667.087419][T10316] mem_cgroup_try_charge+0xd2/0x260 [ 1667.092650][T10316] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1667.098335][T10316] __handle_mm_fault+0x197f/0x2e00 [ 1667.103572][T10316] handle_mm_fault+0x21b/0x530 [ 1667.108373][T10316] __get_user_pages+0x485/0x1130 [ 1667.113344][T10316] populate_vma_page_range+0xe6/0x100 [ 1667.118731][T10316] __mm_populate+0x168/0x2a0 [ 1667.123339][T10316] __x64_sys_mlockall+0x2e3/0x320 [ 1667.128463][T10316] do_syscall_64+0xcc/0x3a0 [ 1667.132982][T10316] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1667.139105][T10316] RIP: 0033:0x45af49 [ 1667.143179][T10316] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1667.162920][T10316] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 07:52:52 executing program 1: kexec_load(0x4, 0x1, &(0x7f00000005c0)=[{0x0, 0x114, 0x9165a000}], 0x0) [ 1667.171355][T10316] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1667.179347][T10316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1667.187321][T10316] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1667.195431][T10316] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1667.203396][T10316] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:52:52 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201320202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1667.464117][T10316] memory: usage 307200kB, limit 307200kB, failcnt 1500 [ 1667.494441][T10316] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1667.502141][T10316] Memory cgroup stats for /syz2: [ 1667.502882][T10316] anon 309604352 [ 1667.502882][T10316] file 106496 [ 1667.502882][T10316] kernel_stack 331776 [ 1667.502882][T10316] slab 1228800 [ 1667.502882][T10316] sock 53248 [ 1667.502882][T10316] shmem 0 [ 1667.502882][T10316] file_mapped 0 [ 1667.502882][T10316] file_dirty 0 [ 1667.502882][T10316] file_writeback 0 [ 1667.502882][T10316] anon_thp 270532608 [ 1667.502882][T10316] inactive_anon 258363392 [ 1667.502882][T10316] active_anon 7069696 [ 1667.502882][T10316] inactive_file 135168 [ 1667.502882][T10316] active_file 135168 [ 1667.502882][T10316] unevictable 44343296 [ 1667.502882][T10316] slab_reclaimable 405504 [ 1667.502882][T10316] slab_unreclaimable 823296 [ 1667.502882][T10316] pgfault 292380 [ 1667.502882][T10316] pgmajfault 0 [ 1667.502882][T10316] workingset_refault 0 [ 1667.502882][T10316] workingset_activate 0 [ 1667.502882][T10316] workingset_nodereclaim 0 [ 1667.502882][T10316] pgrefill 110 [ 1667.502882][T10316] pgscan 141 [ 1667.502882][T10316] pgsteal 35 [ 1667.602500][T10316] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10196,uid=0 [ 1667.620131][T10316] Memory cgroup out of memory: Killed process 10196 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1667.688000][T10375] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1667.711095][T10375] CPU: 0 PID: 10375 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1667.719974][T10375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1667.730024][T10375] Call Trace: [ 1667.733319][T10375] dump_stack+0x11d/0x181 [ 1667.737664][T10375] dump_header+0xaa/0x39c [ 1667.742026][T10375] oom_kill_process.cold+0x10/0x15 [ 1667.747166][T10375] out_of_memory+0x231/0xa60 [ 1667.751882][T10375] mem_cgroup_out_of_memory+0x128/0x150 [ 1667.757443][T10375] try_charge+0xb6c/0xbf0 [ 1667.761800][T10375] ? rcu_note_context_switch+0x720/0x760 [ 1667.767452][T10375] mem_cgroup_try_charge+0xd2/0x260 [ 1667.773403][T10375] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1667.779086][T10375] __handle_mm_fault+0x197f/0x2e00 [ 1667.784254][T10375] handle_mm_fault+0x21b/0x530 [ 1667.789031][T10375] __get_user_pages+0x485/0x1130 [ 1667.794029][T10375] populate_vma_page_range+0xe6/0x100 [ 1667.799422][T10375] __mm_populate+0x168/0x2a0 [ 1667.804068][T10375] __x64_sys_mlockall+0x2e3/0x320 [ 1667.809636][T10375] do_syscall_64+0xcc/0x3a0 [ 1667.814221][T10375] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1667.820199][T10375] RIP: 0033:0x45af49 [ 1667.824113][T10375] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1667.843781][T10375] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1667.852205][T10375] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1667.860258][T10375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1667.868235][T10375] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1667.876222][T10375] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1667.884203][T10375] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1667.893473][T10375] memory: usage 307200kB, limit 307200kB, failcnt 1500 [ 1667.900474][T10375] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1667.907452][T10375] Memory cgroup stats for /syz4: [ 1667.907682][T10375] anon 310538240 [ 1667.907682][T10375] file 8192 [ 1667.907682][T10375] kernel_stack 294912 [ 1667.907682][T10375] slab 942080 [ 1667.907682][T10375] sock 0 [ 1667.907682][T10375] shmem 0 [ 1667.907682][T10375] file_mapped 0 [ 1667.907682][T10375] file_dirty 0 [ 1667.907682][T10375] file_writeback 0 [ 1667.907682][T10375] anon_thp 272629760 [ 1667.907682][T10375] inactive_anon 262725632 [ 1667.907682][T10375] active_anon 253952 [ 1667.907682][T10375] inactive_file 0 [ 1667.907682][T10375] active_file 118784 [ 1667.907682][T10375] unevictable 47632384 [ 1667.907682][T10375] slab_reclaimable 135168 [ 1667.907682][T10375] slab_unreclaimable 806912 [ 1667.907682][T10375] pgfault 264264 [ 1667.907682][T10375] pgmajfault 0 [ 1667.907682][T10375] workingset_refault 0 [ 1667.907682][T10375] workingset_activate 0 [ 1667.907682][T10375] workingset_nodereclaim 0 [ 1667.907682][T10375] pgrefill 164 [ 1667.907682][T10375] pgscan 253 [ 1667.907682][T10375] pgsteal 34 [ 1668.001459][T10375] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10201,uid=0 [ 1668.039785][T10375] Memory cgroup out of memory: Killed process 10201 (syz-executor.4) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1668.092919][ T1065] oom_reaper: reaped process 10201 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:52:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000000ffffffc300000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:53 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x81d}, 0x28) 07:52:53 executing program 1: kexec_load(0x0, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0xc09}], 0x1) 07:52:53 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:53 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201420202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1668.590936][T10468] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:52:53 executing program 1: kexec_load(0xfffffffffffffffe, 0x9, &(0x7f0000000600)=[{0x0, 0x0, 0x2}, {&(0x7f0000000000)="36f4983664f5a270eced79ba7f7ac463dda51b4b8e3c36d87c7abf021fe5fd1f1c510159d049dd28150aa4d7a835f4eff03eee4eb36790105d7b5b2fcbcef0d8a4f5cb51f8b50787d5bc0db649da826754f28ab044e575fc1dc427ee004ca7bc1804f04c80ccc62e44fad20e73cca33a9fff0eb6b3f7936e570c7df3b04fec462950f8786c45c3f683e1a9df39fac510478672485fdad5823a2a06b7f937883f36cd89de4d251240d48f12c4ccee17f40b6743a0c89ae4dd0770cb1e5f6815db3e1bee4b6ceb82990900d1f18bed39e9c2114b", 0xd3, 0x8, 0x8}, {&(0x7f0000000800)="4b22ee84988f0c308b855f622c8d17a36b84b523fc3351534f676e40969344d22c554a3de90f141fe29334b8f318c7d47011f697e8b0719a17ade96d0ddcd3338cbdd7e18b1e52f523d667bd06d286137c3be9389a999065ecda1f065930f6eec70ccb6119904c5ffc1befd4b4c36e1e37cb361d98c339bb44df0876b388256fa762c5c1c6468009ac1418251a37f456f0d20d7fbea41d5fa59835dc23d315cb3d6c6769ba457d139047bffccbf951e1620ce4e82e", 0xb5, 0x4, 0x797a}, {&(0x7f00000001c0)="c270ee073bbc0168d98e989651929d5abb60412a4090f0e963b456f61e8f34c3437b0e5936120031c337d07e18235320294d1dcdda8c44638faa", 0x3a, 0xfffffffffffffffb, 0x2}, {&(0x7f0000000200)="a5c603023b397e65ab4981cb4830127551fab6902569ddda1e7463a44f7dab65ac69a92a6b434e95b6a53b747a928cfd3c3384b8703d0c0c5ef96696012ec6e3b0bfb329b9dd1ef63ae33d60fe2e53ce38706c8dc561e2b1ca9a45d87276fa7d41268801706def673e440151023d157cc028285c857fa8f26dc0ce54fdb9dc2b31cd81303303ead38508e00d5482b7e2298ed728391df2750d230fd98feefa87bba2dab3cc080a", 0xa7, 0x8, 0x2}, {&(0x7f00000002c0)="1b2c96c741b90702af3a2715004a59753323bd5810d5100fcdeb0656640459802957d9da40526a968ea63b2c0759848bc2f8d781fa31be8f427af673a1c78e1e7e247486bcc541744c999692e1c45e6dee42c9a5d036511fde771c8ab67be2d0cdbafc72c1be9b78d360196e42524ae00d7b5d1380d1e685b7036cea62896d1d35c88ad3582ad3d29387e1651425063c0476435d77f6ce7044d179e330a7744094f6f26e2841e5bf7bcd6d2fbad82e9b9cf9a468cc6667ed96782ac6c661eb81bd1b", 0xc2, 0xc5f1, 0x3}, {&(0x7f00000003c0)="40245aefb9e905a97fc597d08a149edb5e04668fa7aa6694ff604a", 0x1b, 0x7, 0x7ff}, {&(0x7f0000000400)="a869f5dad5a7c1fb0baabad016868fc4e504cda907000000000000000df0249b7374e25adf52cf29bc492c00729ad2d6136b1002781d7f9a614b2fcb1260e95532c39ad19f8e61ae960da3bf6698274988f80903e9878bea777655e9c9aa2aa3ac9159169aeacbe26cd03762ee788be14f6523c6727d4aa95b5392c3545bf63333a143aed3433444c2d153321005a9c93312c52174899ee06c9808ec7c7ef3fbe1a5ae40a16969ccaf8169670f61fd2df4b2728ad66d7842cf2f70d4d38a", 0xbe, 0x8, 0x8}, {&(0x7f00000004c0)="638142eadaca91e6f6d52b73ca95ac285f94d851eaedf1a8a4f11f5bdb35318b7e31674eb24f9caaad8c7b8149c7c8953b235cca8be8c7922eb318dffeb673590c91ff64c8a41e301f63731bfc2fc26c7899210f5a88e1c7231a4969523c1ffc5e44a76dcebf78992c500d8badd4ff5dbf34ff867a7be02a9623f32b07f4a7d47e3ea5d8356fc2e521be218c4168157a9f175eed11eedfb634062df1aba2b8803fb80ff0cc5a65cac192a46f101def9fc5e00c73fe4576e8a5c9271ff3a7a1823594", 0xc2, 0x7ff, 0x3}], 0x2a0000) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x200b00, 0x0) getsockopt$SO_COOKIE(r0, 0x1, 0x39, &(0x7f0000000140), &(0x7f0000000180)=0x8) getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000005c0), 0x10) [ 1668.754302][T10468] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1668.874337][T10468] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1668.894562][T10466] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1668.919341][T10466] CPU: 1 PID: 10466 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1668.928062][T10466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1668.938160][T10466] Call Trace: [ 1668.941540][T10466] dump_stack+0x11d/0x181 [ 1668.945893][T10466] dump_header+0xaa/0x39c [ 1668.950301][T10466] oom_kill_process.cold+0x10/0x15 [ 1668.955509][T10466] out_of_memory+0x231/0xa60 [ 1668.960119][T10466] ? __rcu_read_unlock+0x66/0x3d0 [ 1668.965168][T10466] mem_cgroup_out_of_memory+0x128/0x150 [ 1668.970760][T10466] try_charge+0xb6c/0xbf0 [ 1668.975114][T10466] ? rcu_note_context_switch+0x720/0x760 [ 1668.980930][T10466] mem_cgroup_try_charge+0xd2/0x260 [ 1668.986187][T10466] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1668.991841][T10466] __handle_mm_fault+0x197f/0x2e00 [ 1668.996986][T10466] handle_mm_fault+0x21b/0x530 [ 1669.001821][T10466] __get_user_pages+0x485/0x1130 [ 1669.006898][T10466] populate_vma_page_range+0xe6/0x100 [ 1669.012293][T10466] __mm_populate+0x168/0x2a0 [ 1669.016983][T10466] __x64_sys_mlockall+0x2e3/0x320 [ 1669.022044][T10466] do_syscall_64+0xcc/0x3a0 [ 1669.026640][T10466] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1669.032590][T10466] RIP: 0033:0x45af49 [ 1669.036498][T10466] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1669.057143][T10466] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1669.065588][T10466] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1669.073604][T10466] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1669.081596][T10466] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1669.089587][T10466] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1669.097575][T10466] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1669.113021][T10466] memory: usage 307200kB, limit 307200kB, failcnt 1510 [ 1669.152347][T10466] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1669.162780][T10466] Memory cgroup stats for /syz2: [ 1669.162992][T10466] anon 309637120 [ 1669.162992][T10466] file 106496 [ 1669.162992][T10466] kernel_stack 405504 [ 1669.162992][T10466] slab 1228800 [ 1669.162992][T10466] sock 53248 [ 1669.162992][T10466] shmem 0 [ 1669.162992][T10466] file_mapped 0 [ 1669.162992][T10466] file_dirty 0 [ 1669.162992][T10466] file_writeback 0 [ 1669.162992][T10466] anon_thp 270532608 [ 1669.162992][T10466] inactive_anon 258297856 [ 1669.162992][T10466] active_anon 7094272 [ 1669.162992][T10466] inactive_file 135168 [ 1669.162992][T10466] active_file 135168 [ 1669.162992][T10466] unevictable 44343296 [ 1669.162992][T10466] slab_reclaimable 405504 [ 1669.162992][T10466] slab_unreclaimable 823296 [ 1669.162992][T10466] pgfault 293931 [ 1669.162992][T10466] pgmajfault 0 [ 1669.162992][T10466] workingset_refault 0 [ 1669.162992][T10466] workingset_activate 0 [ 1669.162992][T10466] workingset_nodereclaim 0 [ 1669.162992][T10466] pgrefill 110 07:52:54 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:52:54 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x81e}, 0x28) 07:52:54 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201520202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:54 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000000000018d900000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1669.162992][T10466] pgscan 141 [ 1669.162992][T10466] pgsteal 35 [ 1669.274363][T10466] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10447,uid=0 07:52:54 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201620202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1669.376972][T10586] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1669.415435][T10466] Memory cgroup out of memory: Killed process 10447 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1669.440715][ T1065] oom_reaper: reaped process 10447 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 07:52:54 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x81f}, 0x28) [ 1669.511588][T10586] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1669.602698][T10587] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1669.627359][T10586] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1669.656952][T10587] CPU: 0 PID: 10587 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1669.665760][T10587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1669.675823][T10587] Call Trace: [ 1669.679150][T10587] dump_stack+0x11d/0x181 [ 1669.683608][T10587] dump_header+0xaa/0x39c [ 1669.688000][T10587] oom_kill_process.cold+0x10/0x15 [ 1669.693159][T10587] out_of_memory+0x231/0xa60 [ 1669.697808][T10587] ? __rcu_read_unlock+0x66/0x3d0 [ 1669.702894][T10587] mem_cgroup_out_of_memory+0x128/0x150 [ 1669.708527][T10587] try_charge+0xb6c/0xbf0 [ 1669.712961][T10587] ? rcu_note_context_switch+0x720/0x760 [ 1669.718627][T10587] mem_cgroup_try_charge+0xd2/0x260 [ 1669.723847][T10587] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1669.729567][T10587] __handle_mm_fault+0x197f/0x2e00 [ 1669.734767][T10587] handle_mm_fault+0x21b/0x530 [ 1669.739551][T10587] __get_user_pages+0x485/0x1130 [ 1669.744551][T10587] populate_vma_page_range+0xe6/0x100 [ 1669.749955][T10587] __mm_populate+0x168/0x2a0 [ 1669.754609][T10587] __x64_sys_mlockall+0x2e3/0x320 [ 1669.759674][T10587] do_syscall_64+0xcc/0x3a0 [ 1669.764201][T10587] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1669.770133][T10587] RIP: 0033:0x45af49 [ 1669.774119][T10587] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1669.793744][T10587] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 07:52:54 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000000fffffff000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1669.802331][T10587] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1669.810360][T10587] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1669.818531][T10587] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1669.826528][T10587] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1669.834631][T10587] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1669.869167][T10587] memory: usage 307200kB, limit 307200kB, failcnt 1517 [ 1669.876281][T10587] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1669.883752][T10597] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1669.911273][T10587] Memory cgroup stats for /syz4: [ 1669.911919][T10597] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1669.914474][T10587] anon 310595584 [ 1669.914474][T10587] file 8192 [ 1669.914474][T10587] kernel_stack 294912 [ 1669.914474][T10587] slab 942080 [ 1669.914474][T10587] sock 0 [ 1669.914474][T10587] shmem 0 [ 1669.914474][T10587] file_mapped 0 [ 1669.914474][T10587] file_dirty 0 [ 1669.914474][T10587] file_writeback 0 [ 1669.914474][T10587] anon_thp 272629760 [ 1669.914474][T10587] inactive_anon 262545408 [ 1669.914474][T10587] active_anon 118784 [ 1669.914474][T10587] inactive_file 0 [ 1669.914474][T10587] active_file 118784 [ 1669.914474][T10587] unevictable 47943680 [ 1669.914474][T10587] slab_reclaimable 135168 [ 1669.914474][T10587] slab_unreclaimable 806912 [ 1669.914474][T10587] pgfault 266112 [ 1669.914474][T10587] pgmajfault 0 [ 1669.914474][T10587] workingset_refault 0 [ 1669.914474][T10587] workingset_activate 0 [ 1669.914474][T10587] workingset_nodereclaim 0 [ 1669.914474][T10587] pgrefill 164 [ 1669.914474][T10587] pgscan 253 [ 1669.914474][T10587] pgsteal 34 07:52:55 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201720202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:55 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x820}, 0x28) [ 1669.983371][T10587] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10453,uid=0 [ 1670.050333][T10587] Memory cgroup out of memory: Killed process 10453 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1670.101698][ T1065] oom_reaper: reaped process 10453 (syz-executor.4), now anon-rss:0kB, file-rss:34692kB, shmem-rss:0kB [ 1670.181757][T10597] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:52:55 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:55 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201820202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:55 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000000fffffff500000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1670.901115][T10622] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1670.966233][T10622] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1670.999479][T10623] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1671.010239][T10623] CPU: 0 PID: 10623 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1671.018952][T10623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1671.029042][T10623] Call Trace: [ 1671.032417][T10623] dump_stack+0x11d/0x181 [ 1671.036768][T10623] dump_header+0xaa/0x39c [ 1671.041112][T10623] oom_kill_process.cold+0x10/0x15 [ 1671.046471][T10623] out_of_memory+0x231/0xa60 [ 1671.051087][T10623] ? __rcu_read_unlock+0x66/0x3d0 [ 1671.056221][T10623] mem_cgroup_out_of_memory+0x128/0x150 [ 1671.061780][T10623] try_charge+0xb6c/0xbf0 [ 1671.066120][T10623] ? rcu_note_context_switch+0x720/0x760 [ 1671.071789][T10623] mem_cgroup_try_charge+0xd2/0x260 [ 1671.077001][T10623] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1671.082648][T10623] __handle_mm_fault+0x197f/0x2e00 [ 1671.087813][T10623] handle_mm_fault+0x21b/0x530 [ 1671.092645][T10623] __get_user_pages+0x485/0x1130 [ 1671.097883][T10623] populate_vma_page_range+0xe6/0x100 [ 1671.103306][T10623] __mm_populate+0x168/0x2a0 [ 1671.107927][T10623] __x64_sys_mlockall+0x2e3/0x320 [ 1671.113116][T10623] do_syscall_64+0xcc/0x3a0 [ 1671.117633][T10623] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1671.123639][T10623] RIP: 0033:0x45af49 [ 1671.127547][T10623] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1671.147157][T10623] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1671.155593][T10623] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 07:52:56 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:52:56 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x821}, 0x28) [ 1671.163562][T10623] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1671.171549][T10623] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1671.179503][T10623] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1671.187566][T10623] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:52:56 executing program 1: kexec_load(0x0, 0x6, &(0x7f0000000500)=[{&(0x7f0000000000)="899947ea42c3fae26d7c43574dfd9072773e3e30fddb2229893204c34fdcaaed0f7a40743cb03e129c9f5622186c041ef4182cdafc93c94e3d74bf346f2de47cd5d4e483de3140b3238253363ec5001468cdd9ac1b72f73e39d939cbc653a745d459e2f9a841449e8e08edb201a64417411c600831482b940d9c39bf03311d18e8d01bc9a99d153b7d7f39aa", 0x8c, 0x100000000001f, 0x8}, {&(0x7f00000000c0)="c57bccb6401845118fd96d45db6bb7509686d006458a667f9168e7e114162331a231dd08f458d239c5e0c3f1cde837716cf63ee8353c9f1f601b814f5a818f658f2ede51058933ebecd38718b5a16703aeed2bd838efa814cbb4b567f55e2ba65d139a04c3d231e345141e22598ff449e1aa9c8864c9c17d323d39099e9f3014f9fb75be9bb0e00f22ebcaac7e25eaf21e6e2820196792b5a1a9f38d1caff586f6ace7217c34a83c2437904d1890f811a9ec59567f886d5e9cf7fecd47847cd21fe097ddab94bf8d01fa2ab9a61fcb3e96986dcb4ccd2226ffef05edd449394662862b58d9dcb4da263e1e2abe8a94aa88", 0xffffffffffffff49, 0x3, 0x2}, {&(0x7f00000001c0)="9b49b8f3febef1baccebd2bd5e38b090f932795a908b5cd9293f5ebcf934a39565ce1259d3cc1ab534307402eef1118514731c4f4ee6fc62f894a0f5f96b9451a160f0fbc65f4b0d1626072bb1d4a2f3ee69d93afae4817d0a34c9a7356b3c75845cdb9a42f0de5a48844d6fb8fef48857e23f8b3033f7ed2c346400e2156c7cbbe98f527fdd625b338748365040f6502f377fdd88e2f19cf45aa80224afcafd9b4003a8ad22d28d62a36e48ea64927fd4974ba59eb884df88ce93c6851b1e55acb549441959ff38290b1106a5873ac1c82af2f916772e956e1e0bfdcb32f805dcd0a8fe425ae8497539dc9d66742cb62be6e5d99c85", 0xf6, 0x476738fd, 0x3}, {&(0x7f00000002c0)="bdac7e036d18e0dc23e354374e6c3a4734fdb7bae053a0970b542287376c53945c51af806f13b79ef3dde5d9035c1a4786cdc1fa4b719162f7225ab1a981b9890de92e80117c7011c2153166dcde6f34713a6a856eba7e4a9c5ec450585b9eb6c79bc2954f455881a2", 0x69, 0x20, 0x1}, {&(0x7f0000000340)="a0df089e7a13e1bc0d3bec45ff6e29e0a5073a65f35afc48bec59798d2a7a851d18f51d1be9c0f0b6633f625274594d5acc77f9e0344b196d8fa0b7d0bb83afc9fcb87deff3da8b838bc48b2bab2d8daa33e77e5a1fe2beeb6e16402eb894344de90d860f93eebf58c35c9464f2d2de996de772bc6c2c76c6b7b02b108ef7e475a014866206cdb8584a61bcc0535f504964f5242ec1d71f5c3132b0670cbb5d8dbf12bd8b4218b1adf12a84b796d549ac1c5fb42527503ec01279e7da39512a6a4e0b12e134abfa172dea79dae2698cf8122e0e4455309f5", 0xd8, 0x0, 0xfffffffffffffffd}, {&(0x7f0000000600)="7a1ed0dd2e252b0655572c19b7fb2d58f7c9b3ec2a12a0c401f30b3f8d243717e6f496803e3cc82a5459b0f2d0e926f37cbaca62c8b96f3480e5f4679575f7a89b55ee205b93cbdbbea0fe587cf4c57ebbaaf997f48ce43e2befce7b0011224cdc7a9d86a27433428fca7b7138f12722691d8a6edcb026e97c17ba94ee471ffa6075f37e08511214eb4a21da843b2ec010e0d6c7cee6282923ee5152ddb39479b72f6e70e93ff8dda52051d9e3d9d9d555caae3803487581c75777398692c7a1cbeb51b85ed44b9dd85a41fb86d25b0b9814ede644400a3b9f6e7b2d99093315edac4ebcc6a1582f47896de6405888f1ffe65818112bdde6e7a8f7c3240b1db48f631d47487bc1213414abaa336a09111b420fdd060cfdc276c6eb13e9f343d79cfd73546fb1e7f045fd56062aaaa75d8579c5239296fe504a791eb815d61649af5e8f4f7a8d7147501eb229038988edbf99989918f093aa5312", 0x15a, 0x8, 0xb}], 0x0) r0 = syz_open_dev$vcsn(&(0x7f0000000440)='/dev/vcs#\x00', 0x9e9, 0x1) r1 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000080)='NLBL_CALIPSO\x00') sendmsg$NLBL_CALIPSO_C_REMOVE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, r1, 0x400, 0x70bd26, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x59589ea006b6bade}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x34}}, 0x4000000) sendmsg$NLBL_CALIPSO_C_ADD(r0, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000005c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000828bd70bec599c9c2f3284700080001000000000008000200020000000800010000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x8020) 07:52:56 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201920202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1671.205747][T10622] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1671.225201][T10623] memory: usage 307200kB, limit 307200kB, failcnt 1543 [ 1671.232980][T10623] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1671.239887][T10623] Memory cgroup stats for /syz2: [ 1671.240181][T10623] anon 309583872 [ 1671.240181][T10623] file 106496 [ 1671.240181][T10623] kernel_stack 368640 [ 1671.240181][T10623] slab 1228800 [ 1671.240181][T10623] sock 53248 [ 1671.240181][T10623] shmem 0 [ 1671.240181][T10623] file_mapped 0 [ 1671.240181][T10623] file_dirty 0 [ 1671.240181][T10623] file_writeback 0 [ 1671.240181][T10623] anon_thp 270532608 [ 1671.240181][T10623] inactive_anon 258351104 [ 1671.240181][T10623] active_anon 7094272 [ 1671.240181][T10623] inactive_file 135168 [ 1671.240181][T10623] active_file 135168 [ 1671.240181][T10623] unevictable 44183552 [ 1671.240181][T10623] slab_reclaimable 405504 [ 1671.240181][T10623] slab_unreclaimable 823296 [ 1671.240181][T10623] pgfault 295779 [ 1671.240181][T10623] pgmajfault 0 [ 1671.240181][T10623] workingset_refault 0 [ 1671.240181][T10623] workingset_activate 0 [ 1671.240181][T10623] workingset_nodereclaim 0 [ 1671.240181][T10623] pgrefill 110 [ 1671.240181][T10623] pgscan 141 [ 1671.240181][T10623] pgsteal 35 [ 1671.336791][T10623] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10599,uid=0 [ 1671.352968][T10623] Memory cgroup out of memory: Killed process 10599 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 07:52:56 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000000000000fc00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:56 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x822}, 0x28) 07:52:56 executing program 1: r0 = semget(0x0, 0x3, 0x800) semctl$SETALL(r0, 0x0, 0x11, 0x0) semctl$GETVAL(r0, 0x2, 0xc, &(0x7f00000006c0)=""/66) semctl$SEM_STAT(r0, 0x0, 0x12, &(0x7f0000000040)=""/244) r1 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000440)=ANY=[@ANYBLOB="030000000000000035078130d3138eeb00000000000000000a0000008f30268dc7165f37828b0d2eba5ca100deff0000db10ec50e7a3d90de451743b317f000000c4bf40dedb6a8c30000000000077632a242e7d7a80031b63adb0a9b992bece09c43693720c3b657eb849019b7fc13b708a04b14ae93b844b4a3416a321f20e9bd6168b77e8e93974d024baf184291c95bc4b931df9adcec2f786aa49dc40986d58f1f6e8535b0c80f0637c16361aa5e480b78a9556e76cda605e1e9c6d3956fbdaf9bebcc42b19ef237599d8cae1c25cc402469381d8b8b747196acd9eb3ee7c578a3e9fe0568f84c87ae6cb9c1a41e55c81d8801392491a8c4fbc0f4dc4f49c85344830182b467c66e3a471d835001cdb5328ee91a481ce9b5250ec1c803f735047b9474d3c2502bda5cbf0a509537d0800b9409d358c398b276b56ef96745132347381a9585c8506dbed685b4305b47032d0ccc2dc089690e2eb82bc6a15e924dd7df1fc825722d4f8bd8755667a42c0db9db587e64c9adfd084bb72a7fdd2b843c434edbc36bff14b1034a61a81ce"]) kexec_load(0x2, 0x1, &(0x7f0000000240)=[{0x0, 0xa0, 0xfffffffffffffc00}, {&(0x7f0000000140)="1380a14d65ebae68bd1e4ee015b65d5f8b9c5272d7ade2467159bda0e76d61877a1f1dd29f26e17e653391e9a92b9648b06709db2518c5fc6790a02284320638d612bb2ca1c775090ffb71b3265bac521451dcf3d975a0b5ef4951ceaaa89b24589a373d46279dff800e8151f285f0014315c3b9ed8af151aa9a1251d4efdbade64e7439ecf7dbc6455498a0a2491c55991dea328db9bef21327034103b79b024e7e269aa771a72c86a071a74b560c23c80851d4ed02325a463189d07f0751e287788d", 0x0, 0x800, 0x9}], 0x2b989d8a0345032c) syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x0, 0x0) [ 1671.605194][T10740] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:52:56 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201a20202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1671.733028][T10740] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1671.758450][T10734] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1671.784427][T10734] CPU: 1 PID: 10734 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1671.793158][T10734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1671.803286][T10734] Call Trace: [ 1671.806587][T10734] dump_stack+0x11d/0x181 [ 1671.810925][T10734] dump_header+0xaa/0x39c [ 1671.815257][T10734] oom_kill_process.cold+0x10/0x15 [ 1671.820369][T10734] out_of_memory+0x231/0xa60 [ 1671.824956][T10734] ? __rcu_read_unlock+0x66/0x3d0 [ 1671.829987][T10734] mem_cgroup_out_of_memory+0x128/0x150 [ 1671.835540][T10734] try_charge+0xb6c/0xbf0 [ 1671.839868][T10734] ? rcu_note_context_switch+0x720/0x760 [ 1671.845645][T10734] mem_cgroup_try_charge+0xd2/0x260 [ 1671.850855][T10734] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1671.856757][T10734] __handle_mm_fault+0x197f/0x2e00 [ 1671.861915][T10734] handle_mm_fault+0x21b/0x530 [ 1671.866773][T10734] __get_user_pages+0x485/0x1130 [ 1671.871803][T10734] populate_vma_page_range+0xe6/0x100 [ 1671.877174][T10734] __mm_populate+0x168/0x2a0 [ 1671.881806][T10734] __x64_sys_mlockall+0x2e3/0x320 [ 1671.886832][T10734] do_syscall_64+0xcc/0x3a0 [ 1671.891352][T10734] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1671.897236][T10734] RIP: 0033:0x45af49 [ 1671.901231][T10734] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1671.920922][T10734] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 07:52:57 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x823}, 0x28) [ 1671.929327][T10734] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1671.937294][T10734] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1671.945272][T10734] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1671.953237][T10734] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1671.961218][T10734] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1671.976833][T10740] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1672.211784][T10734] memory: usage 307200kB, limit 307200kB, failcnt 1527 [ 1672.220318][T10734] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1672.227308][T10734] Memory cgroup stats for /syz4: [ 1672.227509][T10734] anon 310599680 [ 1672.227509][T10734] file 8192 [ 1672.227509][T10734] kernel_stack 294912 [ 1672.227509][T10734] slab 942080 [ 1672.227509][T10734] sock 0 [ 1672.227509][T10734] shmem 0 [ 1672.227509][T10734] file_mapped 0 [ 1672.227509][T10734] file_dirty 0 [ 1672.227509][T10734] file_writeback 0 [ 1672.227509][T10734] anon_thp 274726912 [ 1672.227509][T10734] inactive_anon 262541312 [ 1672.227509][T10734] active_anon 204800 [ 1672.227509][T10734] inactive_file 0 [ 1672.227509][T10734] active_file 118784 [ 1672.227509][T10734] unevictable 47890432 [ 1672.227509][T10734] slab_reclaimable 135168 [ 1672.227509][T10734] slab_unreclaimable 806912 [ 1672.227509][T10734] pgfault 267993 [ 1672.227509][T10734] pgmajfault 0 [ 1672.227509][T10734] workingset_refault 0 [ 1672.227509][T10734] workingset_activate 0 [ 1672.227509][T10734] workingset_nodereclaim 0 [ 1672.227509][T10734] pgrefill 164 [ 1672.227509][T10734] pgscan 253 [ 1672.227509][T10734] pgsteal 34 [ 1672.462719][T10734] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10613,uid=0 [ 1672.479841][T10734] Memory cgroup out of memory: Killed process 10613 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 07:52:57 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:52:57 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000000000080fe00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:57 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201b20202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1672.765744][T10871] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1672.870731][T10871] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1672.990862][T10875] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1673.003534][T10875] CPU: 0 PID: 10875 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1673.012208][T10875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1673.012276][T10871] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1673.022337][T10875] Call Trace: [ 1673.022367][T10875] dump_stack+0x11d/0x181 [ 1673.022392][T10875] dump_header+0xaa/0x39c [ 1673.022417][T10875] oom_kill_process.cold+0x10/0x15 [ 1673.022475][T10875] out_of_memory+0x231/0xa60 [ 1673.022513][T10875] ? __rcu_read_unlock+0x66/0x3d0 [ 1673.064557][T10875] mem_cgroup_out_of_memory+0x128/0x150 [ 1673.070115][T10875] try_charge+0xb6c/0xbf0 [ 1673.074496][T10875] ? rcu_note_context_switch+0x720/0x760 [ 1673.080204][T10875] mem_cgroup_try_charge+0xd2/0x260 [ 1673.085465][T10875] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1673.091171][T10875] __handle_mm_fault+0x197f/0x2e00 [ 1673.096308][T10875] handle_mm_fault+0x21b/0x530 [ 1673.101092][T10875] __get_user_pages+0x485/0x1130 [ 1673.106109][T10875] populate_vma_page_range+0xe6/0x100 [ 1673.111540][T10875] __mm_populate+0x168/0x2a0 [ 1673.116192][T10875] __x64_sys_mlockall+0x2e3/0x320 [ 1673.121225][T10875] do_syscall_64+0xcc/0x3a0 [ 1673.125748][T10875] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1673.131773][T10875] RIP: 0033:0x45af49 [ 1673.135700][T10875] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1673.155342][T10875] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1673.163846][T10875] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1673.171844][T10875] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1673.179801][T10875] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 07:52:58 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:52:58 executing program 1: kexec_load(0x0, 0x4, &(0x7f0000000300)=[{&(0x7f0000000140)="65512776aebd984574d055b0aa11c221ddc47b0e355d34d4ae944474c3b4663fdaac927fc216254557f256fa466146ccfc2160c7790522a83853142a1e06887270429a0cda5dac413543a1e984ae145ef18bf5dc6ab30ba0c843e4d4d80f9540acf1abf7d4b8175dd26220e95e7c95e87246ceb47f01f1236c6ae97855ba14fdb56117c7e68901ccc266b0b2ea34d1c8e3ec29612b68208367f4e138e0911b157e8d70ce088f6e3886b9937483f4d6b2eb5f6b30c3f1940b6efd07617e03a203dc226a9c965423f5cd71bdac268235176f0384a475681a59e250a5", 0xdb, 0x1a6b, 0xfffffffffffffff7}, {&(0x7f0000000040)="1ecb3f5694810424025b4c006c3174ff90a84e00000000abc62d008000000000000077", 0x23, 0x100000000, 0x100000000}, {&(0x7f0000000240)="660f5fc297fc31f264e2d964b0880b080570c7f1a7541104f0cca44ec8c4cb1cf107ded7df354f27e732df4540eba446ecd4537e13df29422871e318e67dc3a1869a3a296c690168f1286df7502bab168960b2b22a50861db551a832893a811c2801a6944d719c1604048db2ad15ba26492d13841283cdd751b350b3cce271c87f2a8ef98b26e84d57d87f872a8fadd2aaf800b0218e952da488a901661edc0fc4e088145de5", 0xa6, 0x0, 0x3}, {&(0x7f0000000400)="340d0695beebb837306d63ee45848fe8ad186db54800007ddbda15c39487cbbe7d9e9d82a62edfc3ffff430400009693b9fe05bd526d9891245f5b01380b416b170a5a8d7912d6d99c5d6118c3f03e2fad3e4ed8ce604cfcf4ab9657cd9883d0c73e83b805f61ab9ca5e000000000000000000004707da00f8ffffff0000000000d0fe16f764bb66c68aadc58ba854256c2270a8dbd8c9ec83c9e5f8ffe3c11b0beea9e2a431cd0d8551f22291bdf913a36b1f1c33169b83ddca371f43438f65b9fd559559e1483a094ed586dd374f7a45f0bc80c3a8d2f527f4616894c844bc08a0aee7a8a7ef927ed94d46649639c948f3cf376b1a4973ac5ed1617bd8caf85f06af180ba549ab53c9808cb2e3596433d64cc841b75ad359a356f9dc491f80aba8bd630e53372ddfaf22f0b8bc2a6e1a005483dc8323eb837a51fa273d2a4156ef5711bf7f789c39e28ef25ff936c81c815577742b23af9e4fa4931ba60f52", 0x160, 0x2, 0x2}], 0x140000) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) r1 = socket$rxrpc(0x21, 0x2, 0xa) finit_module(r1, &(0x7f0000000080)='/losecurityvmnet0vmnet1+:\x00', 0x1) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) setsockopt$inet_dccp_int(r0, 0x21, 0x33, &(0x7f0000000000)=0x80, 0x4) 07:52:58 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x824}, 0x28) 07:52:58 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201c20202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1673.187780][T10875] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1673.195783][T10875] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:52:58 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000000c0fe00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1673.245863][T10875] memory: usage 307200kB, limit 307200kB, failcnt 1565 [ 1673.307156][T10875] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1673.335628][T10875] Memory cgroup stats for /syz2: [ 1673.335922][T10875] anon 309608448 [ 1673.335922][T10875] file 106496 [ 1673.335922][T10875] kernel_stack 368640 [ 1673.335922][T10875] slab 1228800 [ 1673.335922][T10875] sock 53248 [ 1673.335922][T10875] shmem 0 [ 1673.335922][T10875] file_mapped 0 [ 1673.335922][T10875] file_dirty 0 [ 1673.335922][T10875] file_writeback 0 [ 1673.335922][T10875] anon_thp 270532608 [ 1673.335922][T10875] inactive_anon 258347008 [ 1673.335922][T10875] active_anon 7090176 [ 1673.335922][T10875] inactive_file 135168 [ 1673.335922][T10875] active_file 135168 [ 1673.335922][T10875] unevictable 44343296 [ 1673.335922][T10875] slab_reclaimable 405504 [ 1673.335922][T10875] slab_unreclaimable 823296 [ 1673.335922][T10875] pgfault 297660 07:52:58 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x825}, 0x28) [ 1673.335922][T10875] pgmajfault 0 [ 1673.335922][T10875] workingset_refault 0 [ 1673.335922][T10875] workingset_activate 0 [ 1673.335922][T10875] workingset_nodereclaim 0 [ 1673.335922][T10875] pgrefill 110 [ 1673.335922][T10875] pgscan 141 [ 1673.335922][T10875] pgsteal 35 [ 1673.367730][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1673.499317][T10875] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10856,uid=0 07:52:58 executing program 1: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/hwrng\x00', 0x10d400, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) r2 = open(&(0x7f0000000400)='./bus\x00', 0x181800, 0x0) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000200)='devlink\x00') sendmsg$DEVLINK_CMD_PORT_SET(r2, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x108040580}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0x100, r3, 0x100, 0x70bd25, 0x25dfdbfd, {}, [{{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x6, 0x4, 0x2}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x6, 0x4, 0x2}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x6, 0x4, 0x3}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}, {0x6}}, {{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x6}}]}, 0x100}, 0x1, 0x0, 0x0, 0x4000000}, 0x8800) io_submit(0x0, 0x0, &(0x7f0000000480)) getsockopt$inet6_dccp_int(r0, 0x21, 0x3, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000100)=0x1ff) kexec_load(0x23, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000, 0x800000000000000}], 0x0) r4 = accept(0xffffffffffffffff, &(0x7f0000000000)=@tipc=@name, &(0x7f0000000080)=0x80) ioctl$IMCTRLREQ(r4, 0x80044945, &(0x7f00000000c0)={0x4006, 0x1000, 0x0, 0x2}) [ 1673.590170][T10875] Memory cgroup out of memory: Killed process 10856 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 07:52:58 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201d20202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:52:58 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x826}, 0x28) [ 1673.679142][ T27] audit: type=1804 audit(1579074778.691:463): pid=10998 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir832725399/syzkaller.FXRSF6/2676/bus" dev="sda1" ino=17313 res=1 [ 1673.704942][T10886] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1673.751617][T10886] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1673.828647][T10991] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1673.871395][T10991] CPU: 1 PID: 10991 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1673.880188][T10991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1673.890274][T10991] Call Trace: [ 1673.893583][T10991] dump_stack+0x11d/0x181 [ 1673.897999][T10991] dump_header+0xaa/0x39c [ 1673.902417][T10991] oom_kill_process.cold+0x10/0x15 [ 1673.907578][T10991] out_of_memory+0x231/0xa60 [ 1673.912281][T10991] mem_cgroup_out_of_memory+0x128/0x150 [ 1673.917912][T10991] try_charge+0xb6c/0xbf0 [ 1673.922257][T10991] ? rcu_note_context_switch+0x720/0x760 [ 1673.927907][T10991] mem_cgroup_try_charge+0xd2/0x260 [ 1673.933116][T10991] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1673.938853][T10991] __handle_mm_fault+0x197f/0x2e00 [ 1673.944060][T10991] handle_mm_fault+0x21b/0x530 [ 1673.948833][T10991] __get_user_pages+0x485/0x1130 [ 1673.953787][T10991] populate_vma_page_range+0xe6/0x100 [ 1673.959254][T10991] __mm_populate+0x168/0x2a0 [ 1673.963870][T10991] __x64_sys_mlockall+0x2e3/0x320 [ 1673.968993][T10991] do_syscall_64+0xcc/0x3a0 [ 1673.973515][T10991] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1673.979404][T10991] RIP: 0033:0x45af49 [ 1673.983314][T10991] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1674.003015][T10991] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1674.011609][T10991] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1674.019601][T10991] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1674.027580][T10991] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1674.035680][T10991] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1674.043653][T10991] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1674.187120][T10991] memory: usage 307200kB, limit 307200kB, failcnt 1543 [ 1674.194150][T10991] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1674.204696][T10991] Memory cgroup stats for /syz4: [ 1674.204904][T10991] anon 310603776 [ 1674.204904][T10991] file 8192 [ 1674.204904][T10991] kernel_stack 294912 [ 1674.204904][T10991] slab 942080 [ 1674.204904][T10991] sock 0 [ 1674.204904][T10991] shmem 0 [ 1674.204904][T10991] file_mapped 0 [ 1674.204904][T10991] file_dirty 0 [ 1674.204904][T10991] file_writeback 0 [ 1674.204904][T10991] anon_thp 274726912 [ 1674.204904][T10991] inactive_anon 262680576 [ 1674.204904][T10991] active_anon 208896 [ 1674.204904][T10991] inactive_file 0 [ 1674.204904][T10991] active_file 118784 [ 1674.204904][T10991] unevictable 47865856 [ 1674.204904][T10991] slab_reclaimable 135168 [ 1674.204904][T10991] slab_unreclaimable 806912 [ 1674.204904][T10991] pgfault 269544 [ 1674.204904][T10991] pgmajfault 0 [ 1674.204904][T10991] workingset_refault 0 [ 1674.204904][T10991] workingset_activate 0 [ 1674.204904][T10991] workingset_nodereclaim 0 [ 1674.204904][T10991] pgrefill 164 [ 1674.204904][T10991] pgscan 253 [ 1674.204904][T10991] pgsteal 34 [ 1674.315635][T10991] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10864,uid=0 [ 1674.334850][T10991] Memory cgroup out of memory: Killed process 10864 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1674.397198][ T1065] oom_reaper: reaped process 10864 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:52:59 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000000fffffffe00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:52:59 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)="c3", 0x1, 0xffffffffffffffff) r1 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f00000001c0)="5c755bb00e32b5f3908b7a908fd86455b6c5cbf577253da3f8458f5d20999bd1a53ca41a5e6173ba85edbe85c4112fccd88794654d4aef715e8de74e2051a561831a59531222ab3c60dcd105449899d623725cde31fe75fc28140fb7babc5191d0657ef9c96df7b81c68f1885a76917a6229f02e7990ca9aacbc864447220c886b71495ead4b0008e14a87af261e70be95d65759dbe2b292b704c67993012152a0fadab652a610c199416c476358e8e577db9e5744b9e8ee2f3c4e248f0a3606", 0xc0, 0xfffffffffffffffb) r2 = add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)="c3", 0x1, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r2}, 0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={'cmac(twofish-generic)\x00'}}) r3 = add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)="c3", 0x1, 0xffffffffffffffff) r4 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000400)="5c755bb00e32b5f3908b7a908fd86455b6c5cbf577253da3f8458f5d20999bd1a53ca41a5e6173ba85edbe85c4112fccd88794654d4aef715e8de74e2051a561831a59531222ab3c60dcd105449899d623725cde31fe75fc28140fb7babc5191d0657ef9c96df7b81c68f1885a76917a6229f02e7990ca9aacbc864447220c886b71495ead4b0008e14a87af261e70be95d65759dbe2b292b704c67993012152a0fadab652a610c199416c476358e8e577db9e5744b9e8ee2f3c4e248f0a3606", 0xc0, 0xfffffffffffffffb) r5 = syz_open_dev$vcsu(&(0x7f0000000080)='/dev/vcsu#\x00', 0x5, 0x10000) accept4$nfc_llcp(r5, &(0x7f0000000280), &(0x7f0000000180)=0x60, 0xcafc60afd0c01077) r6 = add_key(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)="c3", 0x1, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r4, r6}, 0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={'cmac(twofish-generic)\x00'}}) keyctl$KEYCTL_MOVE(0x1e, 0x0, r2, r6, 0x1) 07:52:59 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020201e20202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1674.651000][T11121] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1674.715331][T11121] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1674.840487][T11121] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:00 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:00 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x827}, 0x28) 07:53:00 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:00 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4000) accept$nfc_llcp(r0, &(0x7f0000000040), &(0x7f0000000100)=0xffffffffffffff27) 07:53:00 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202520202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000000000000ff00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:00 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x828}, 0x28) [ 1675.107060][T11240] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1675.190976][T11240] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1675.274400][T11240] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1675.274496][T11238] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 07:53:00 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020203020202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:00 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x220000) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x14, &(0x7f00000001c0)={r3}, 0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000040)={r3, 0xe4, "743591d6e847838fdecb447c470dfc58f790b12dedaa1fb6665a90d7ed2f1a9104013c50c7ded96a47f00ad73a2021beb13c9a7e5ded1df727b474b9d4510a8d04d03ea98dbd0f837919872f6d8d525aa1800a0a7fe537b18be9a3c53565fdf841777e2a2760aecde468e505664a1e649a93c01d5d7e28c5e4844bf40061472cfee9723512073c55d58ce6d3e0703ee209cf30c998bf8334b55f740180155f456b09962e4c81b27d2937078fcc85599a09ab80206cbaea760e7b531f34dcd688e1bab07c18e3a89279d5a9217f10cbad8f96d4db0c1cea518c51a6edcb18b20d247ba6ca"}, &(0x7f0000000140)=0xec) r4 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r4, &(0x7f00000009c0)='threaded\x00', 0x76656f) ioctl$sock_TIOCOUTQ(r4, 0x5411, &(0x7f0000000180)) [ 1675.384953][T11238] CPU: 0 PID: 11238 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1675.393814][T11238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1675.403887][T11238] Call Trace: [ 1675.407257][T11238] dump_stack+0x11d/0x181 [ 1675.411614][T11238] dump_header+0xaa/0x39c [ 1675.416089][T11238] oom_kill_process.cold+0x10/0x15 [ 1675.421254][T11238] out_of_memory+0x231/0xa60 [ 1675.425935][T11238] ? __rcu_read_unlock+0x66/0x3d0 [ 1675.431075][T11238] mem_cgroup_out_of_memory+0x128/0x150 [ 1675.436700][T11238] try_charge+0xb6c/0xbf0 [ 1675.441121][T11238] ? rcu_note_context_switch+0x720/0x760 [ 1675.446802][T11238] mem_cgroup_try_charge+0xd2/0x260 [ 1675.452068][T11238] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1675.457718][T11238] __handle_mm_fault+0x197f/0x2e00 [ 1675.462858][T11238] handle_mm_fault+0x21b/0x530 [ 1675.467645][T11238] __get_user_pages+0x485/0x1130 [ 1675.472717][T11238] populate_vma_page_range+0xe6/0x100 [ 1675.478105][T11238] __mm_populate+0x168/0x2a0 [ 1675.482830][T11238] __x64_sys_mlockall+0x2e3/0x320 [ 1675.487875][T11238] do_syscall_64+0xcc/0x3a0 [ 1675.492395][T11238] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1675.498509][T11238] RIP: 0033:0x45af49 [ 1675.502421][T11238] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1675.522135][T11238] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 07:53:00 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x829}, 0x28) 07:53:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000000000004ff00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1675.531360][T11238] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1675.539360][T11238] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1675.547364][T11238] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1675.555389][T11238] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1675.563367][T11238] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1675.596698][T11238] memory: usage 307200kB, limit 307200kB, failcnt 1596 [ 1675.603599][T11238] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1675.625823][T11238] Memory cgroup stats for /syz2: [ 1675.625984][T11238] anon 309555200 [ 1675.625984][T11238] file 106496 [ 1675.625984][T11238] kernel_stack 368640 [ 1675.625984][T11238] slab 1228800 [ 1675.625984][T11238] sock 53248 [ 1675.625984][T11238] shmem 0 [ 1675.625984][T11238] file_mapped 0 [ 1675.625984][T11238] file_dirty 0 [ 1675.625984][T11238] file_writeback 0 [ 1675.625984][T11238] anon_thp 270532608 [ 1675.625984][T11238] inactive_anon 258334720 [ 1675.625984][T11238] active_anon 7077888 [ 1675.625984][T11238] inactive_file 135168 [ 1675.625984][T11238] active_file 135168 [ 1675.625984][T11238] unevictable 44183552 [ 1675.625984][T11238] slab_reclaimable 405504 [ 1675.625984][T11238] slab_unreclaimable 823296 [ 1675.625984][T11238] pgfault 299541 07:53:00 executing program 1: kexec_load(0x0, 0x0, &(0x7f0000000000), 0x0) r0 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0xffffffffffffffff, 0x2, 0x4}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x4) [ 1675.625984][T11238] pgmajfault 0 [ 1675.625984][T11238] workingset_refault 0 [ 1675.625984][T11238] workingset_activate 0 [ 1675.625984][T11238] workingset_nodereclaim 0 [ 1675.625984][T11238] pgrefill 110 [ 1675.625984][T11238] pgscan 141 [ 1675.625984][T11238] pgsteal 35 [ 1675.723303][T11238] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11108,uid=0 [ 1675.786780][T11238] Memory cgroup out of memory: Killed process 11108 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1675.855455][T11463] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1675.967772][T11352] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1675.979872][T11463] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1675.992187][T11352] CPU: 1 PID: 11352 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1676.000914][T11352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1676.000929][T11352] Call Trace: [ 1676.000956][T11352] dump_stack+0x11d/0x181 [ 1676.001035][T11352] dump_header+0xaa/0x39c [ 1676.023224][T11352] oom_kill_process.cold+0x10/0x15 [ 1676.028452][T11352] out_of_memory+0x231/0xa60 [ 1676.033110][T11352] mem_cgroup_out_of_memory+0x128/0x150 [ 1676.033163][T11352] try_charge+0xb6c/0xbf0 [ 1676.042997][T11352] ? rcu_note_context_switch+0x720/0x760 [ 1676.048734][T11352] mem_cgroup_try_charge+0xd2/0x260 [ 1676.054025][T11352] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1676.059684][T11352] __handle_mm_fault+0x197f/0x2e00 [ 1676.064875][T11352] handle_mm_fault+0x21b/0x530 [ 1676.069664][T11352] __get_user_pages+0x485/0x1130 [ 1676.074657][T11352] populate_vma_page_range+0xe6/0x100 [ 1676.080036][T11352] __mm_populate+0x168/0x2a0 [ 1676.084704][T11352] __x64_sys_mlockall+0x2e3/0x320 [ 1676.089816][T11352] do_syscall_64+0xcc/0x3a0 [ 1676.094345][T11352] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1676.100236][T11352] RIP: 0033:0x45af49 [ 1676.104153][T11352] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1676.123765][T11352] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1676.132305][T11352] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1676.140262][T11352] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1676.148218][T11352] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1676.156175][T11352] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1676.164243][T11352] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1676.176882][T11352] memory: usage 307200kB, limit 307200kB, failcnt 1596 [ 1676.183939][T11352] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1676.190879][T11352] Memory cgroup stats for /syz4: [ 1676.191195][T11352] anon 310505472 [ 1676.191195][T11352] file 8192 [ 1676.191195][T11352] kernel_stack 294912 [ 1676.191195][T11352] slab 942080 [ 1676.191195][T11352] sock 0 [ 1676.191195][T11352] shmem 0 [ 1676.191195][T11352] file_mapped 0 [ 1676.191195][T11352] file_dirty 0 [ 1676.191195][T11352] file_writeback 0 [ 1676.191195][T11352] anon_thp 272629760 [ 1676.191195][T11352] inactive_anon 262549504 [ 1676.191195][T11352] active_anon 221184 [ 1676.191195][T11352] inactive_file 0 [ 1676.191195][T11352] active_file 118784 [ 1676.191195][T11352] unevictable 47710208 [ 1676.191195][T11352] slab_reclaimable 135168 [ 1676.191195][T11352] slab_unreclaimable 806912 [ 1676.191195][T11352] pgfault 271623 [ 1676.191195][T11352] pgmajfault 0 [ 1676.191195][T11352] workingset_refault 0 [ 1676.191195][T11352] workingset_activate 0 [ 1676.191195][T11352] workingset_nodereclaim 0 [ 1676.191195][T11352] pgrefill 164 [ 1676.191195][T11352] pgscan 253 [ 1676.191195][T11352] pgsteal 34 [ 1676.320450][T11352] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11117,uid=0 [ 1676.336913][T11352] Memory cgroup out of memory: Killed process 11117 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1676.387865][T11463] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:01 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:01 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020205c20202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:01 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x82a}, 0x28) 07:53:01 executing program 1: openat$rtc(0xffffffffffffff9c, &(0x7f0000000500)='/dev/rtc0\x00', 0x60002, 0x0) umount2(&(0x7f0000000540)='./file0\x00', 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r1) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000580)={0x0, 0x7fffffff, 0x60}, &(0x7f00000005c0)=0xc) setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000600)=@assoc_value={r2, 0x2}, 0x8) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000000)={{0x8, 0x1, 0x0, 0x8, 'syz0\x00', 0x9}, 0x0, [0x1000, 0x6a05e4d, 0x4, 0x100000001, 0x8000, 0x200, 0x61d, 0x100, 0x6, 0x4, 0x8, 0x101, 0x400, 0x3ff, 0x10001, 0x6, 0x5, 0x3, 0x4, 0x0, 0xffff, 0x2, 0x6, 0x0, 0x7fff, 0x0, 0x7, 0x8, 0x93, 0x7f, 0x4, 0x400, 0x8001, 0x1, 0x1, 0xdabb6a9, 0x7, 0x0, 0x84, 0x5, 0x1ff, 0x0, 0x0, 0x0, 0x7, 0x100, 0x6, 0x6, 0x5, 0x80000000, 0x50, 0x9, 0x6, 0x0, 0x80000000, 0x1, 0x10000, 0xd, 0x100000001, 0x6, 0x3, 0x9, 0x3, 0x7, 0xea, 0x5, 0x1, 0x0, 0x7ff, 0x1, 0xed, 0x6, 0x1, 0x5, 0x6, 0x5, 0xb6, 0x3, 0x8000, 0x3, 0x589, 0xfffffffffffff606, 0x800, 0x0, 0x6d02f084, 0x9, 0x5, 0x8000, 0x8, 0x7ff, 0x0, 0x80000001, 0x5, 0x101, 0x79, 0x5000000000000000, 0x10001, 0x2, 0x100000001, 0x0, 0x400, 0x5, 0x8, 0x3, 0xc0000000000000, 0x20000000000000, 0x98, 0x20, 0xc1, 0x0, 0x10000, 0xbc3e, 0x5224, 0x1, 0x2, 0x1, 0x1, 0x329, 0x7fff, 0x0, 0x1ff, 0x3, 0x5, 0x6, 0x0, 0xef6f, 0x5, 0x1]}) kexec_load(0x0, 0x2b4d69575e0bd02, &(0x7f0000000000), 0x80000) 07:53:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000007fffffff00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:01 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) [ 1677.035289][T11587] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1677.083670][T11587] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1677.148430][T11595] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1677.159252][T11595] CPU: 0 PID: 11595 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1677.167957][T11595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1677.178184][T11595] Call Trace: [ 1677.181493][T11595] dump_stack+0x11d/0x181 [ 1677.185839][T11595] dump_header+0xaa/0x39c [ 1677.190180][T11595] oom_kill_process.cold+0x10/0x15 [ 1677.195391][T11595] out_of_memory+0x231/0xa60 [ 1677.200090][T11595] ? __rcu_read_unlock+0x66/0x3d0 [ 1677.205134][T11595] mem_cgroup_out_of_memory+0x128/0x150 [ 1677.205235][T11595] try_charge+0xb6c/0xbf0 [ 1677.215174][T11595] ? rcu_note_context_switch+0x720/0x760 [ 1677.220825][T11595] mem_cgroup_try_charge+0xd2/0x260 [ 1677.226104][T11595] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1677.231762][T11595] __handle_mm_fault+0x197f/0x2e00 [ 1677.236905][T11595] handle_mm_fault+0x21b/0x530 [ 1677.241706][T11595] __get_user_pages+0x485/0x1130 [ 1677.246666][T11595] populate_vma_page_range+0xe6/0x100 [ 1677.252121][T11595] __mm_populate+0x168/0x2a0 [ 1677.256808][T11595] __x64_sys_mlockall+0x2e3/0x320 [ 1677.261853][T11595] do_syscall_64+0xcc/0x3a0 [ 1677.266372][T11595] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1677.272282][T11595] RIP: 0033:0x45af49 [ 1677.276178][T11595] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1677.295809][T11595] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1677.304216][T11595] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1677.312222][T11595] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1677.320205][T11595] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1677.328285][T11595] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1677.336266][T11595] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:53:02 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x82b}, 0x28) [ 1677.379906][T11595] memory: usage 307200kB, limit 307200kB, failcnt 1624 [ 1677.387162][T11587] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1677.403642][T11595] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1677.410498][T11595] Memory cgroup stats for /syz4: [ 1677.410728][T11595] anon 310628352 [ 1677.410728][T11595] file 8192 [ 1677.410728][T11595] kernel_stack 258048 [ 1677.410728][T11595] slab 942080 [ 1677.410728][T11595] sock 0 [ 1677.410728][T11595] shmem 0 [ 1677.410728][T11595] file_mapped 0 [ 1677.410728][T11595] file_dirty 0 [ 1677.410728][T11595] file_writeback 0 [ 1677.410728][T11595] anon_thp 272629760 [ 1677.410728][T11595] inactive_anon 262578176 [ 1677.410728][T11595] active_anon 221184 [ 1677.410728][T11595] inactive_file 0 [ 1677.410728][T11595] active_file 118784 [ 1677.410728][T11595] unevictable 47996928 [ 1677.410728][T11595] slab_reclaimable 135168 [ 1677.410728][T11595] slab_unreclaimable 806912 [ 1677.410728][T11595] pgfault 273471 07:53:02 executing program 1: kexec_load(0x4, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0xffffffffffffff68}], 0x80000) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000040)=@add_del={0x2, &(0x7f0000000000)='syzkaller0\x00'}) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x2000, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f00000000c0)={0x5}, 0x4) ioctl$KVM_SET_GSI_ROUTING(r0, 0x4008ae6a, &(0x7f0000000400)=ANY=[@ANYBLOB="050000000000000063000000000000000000000000000000090000000000ff00000000000000dfb9b476ef369f000000000000000000000028bb8329958271b5e1a300000000b300000000000000000eb8935d9a001000000c008d0100000000c001000000000000000000000000000000000000020004000000000000000000000049760000f07f00000000000000000000000000000000000000000000000000000400000004000000000000000000000007000000010000800000000000000000000000000000000000000000000000000000000094c5e38b000000000000000007000000000000007600000000000000000000000000b19e799a6cface7115f5ca91fb50b798925f18a352fef51b04792e139bb509999668a4775edb64e6be86836751cf0aa57f5df3607e55a980c0872f0eda76ff2c35f8b84b7a0324647007531885c5dc29468dde96eec2963445637d7a2de9878647978c96d5955ec1bffb2fdcf226dbefbfd877075d159d"]) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f00000002c0)={0xfd40000, 0x6, 0xe309, r0, 0x0, &(0x7f0000000280)={0x20370, 0xd2, [], @p_u32=&(0x7f0000000240)=0x80000000}}) mprotect(&(0x7f0000fea000/0x14000)=nil, 0x14000, 0x4) ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f0000000300)) 07:53:02 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202002202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1677.410728][T11595] pgmajfault 0 [ 1677.410728][T11595] workingset_refault 0 [ 1677.410728][T11595] workingset_activate 0 [ 1677.410728][T11595] workingset_nodereclaim 0 [ 1677.410728][T11595] pgrefill 164 [ 1677.410728][T11595] pgscan 253 [ 1677.410728][T11595] pgsteal 34 [ 1677.505961][T11595] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11578,uid=0 07:53:02 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000000ffffffff00000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1677.552965][T11595] Memory cgroup out of memory: Killed process 11578 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1677.581134][T11589] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1677.608806][ T1065] oom_reaper: reaped process 11578 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1677.649483][T11589] CPU: 0 PID: 11589 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1677.658206][T11589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1677.668278][T11589] Call Trace: [ 1677.671572][T11589] dump_stack+0x11d/0x181 [ 1677.675906][T11589] dump_header+0xaa/0x39c [ 1677.680237][T11589] oom_kill_process.cold+0x10/0x15 [ 1677.685440][T11589] out_of_memory+0x231/0xa60 [ 1677.690043][T11589] mem_cgroup_out_of_memory+0x128/0x150 [ 1677.695626][T11589] try_charge+0xb6c/0xbf0 [ 1677.700000][T11589] ? rcu_note_context_switch+0x720/0x760 [ 1677.705700][T11589] mem_cgroup_try_charge+0xd2/0x260 [ 1677.710968][T11589] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1677.716623][T11589] __handle_mm_fault+0x197f/0x2e00 [ 1677.721856][T11589] handle_mm_fault+0x21b/0x530 [ 1677.726622][T11589] __get_user_pages+0x485/0x1130 [ 1677.731581][T11589] populate_vma_page_range+0xe6/0x100 [ 1677.737028][T11589] __mm_populate+0x168/0x2a0 [ 1677.741624][T11589] __x64_sys_mlockall+0x2e3/0x320 [ 1677.746700][T11589] do_syscall_64+0xcc/0x3a0 [ 1677.751242][T11589] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1677.757474][T11589] RIP: 0033:0x45af49 [ 1677.761500][T11589] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1677.781218][T11589] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1677.789664][T11589] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1677.797673][T11589] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1677.805730][T11589] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1677.813784][T11589] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1677.821880][T11589] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:53:02 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x82c}, 0x28) [ 1677.872643][T11705] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1677.892018][T11589] memory: usage 307200kB, limit 307200kB, failcnt 1631 [ 1677.910641][T11589] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1677.986160][T11589] Memory cgroup stats for /syz2: [ 1677.986328][T11589] anon 309608448 [ 1677.986328][T11589] file 106496 [ 1677.986328][T11589] kernel_stack 331776 [ 1677.986328][T11589] slab 1228800 [ 1677.986328][T11589] sock 53248 [ 1677.986328][T11589] shmem 0 [ 1677.986328][T11589] file_mapped 0 [ 1677.986328][T11589] file_dirty 0 [ 1677.986328][T11589] file_writeback 0 [ 1677.986328][T11589] anon_thp 270532608 [ 1677.986328][T11589] inactive_anon 258334720 [ 1677.986328][T11589] active_anon 7159808 07:53:03 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202003202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1677.986328][T11589] inactive_file 135168 [ 1677.986328][T11589] active_file 135168 [ 1677.986328][T11589] unevictable 44134400 [ 1677.986328][T11589] slab_reclaimable 405504 [ 1677.986328][T11589] slab_unreclaimable 823296 [ 1677.986328][T11589] pgfault 301422 [ 1677.986328][T11589] pgmajfault 0 [ 1677.986328][T11589] workingset_refault 0 [ 1677.986328][T11589] workingset_activate 0 [ 1677.986328][T11589] workingset_nodereclaim 0 [ 1677.986328][T11589] pgrefill 110 [ 1677.986328][T11589] pgscan 141 [ 1677.986328][T11589] pgsteal 35 [ 1678.099149][T11705] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1678.115484][T11589] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11572,uid=0 [ 1678.131278][T11589] Memory cgroup out of memory: Killed process 11572 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1678.164226][ T1065] oom_reaper: reaped process 11572 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1678.228586][T11705] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:03 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000200"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:03 executing program 1: openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/renderD128\x00', 0x984000, 0x0) 07:53:03 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x82d}, 0x28) 07:53:03 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202004202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1678.946476][T11839] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1679.007950][T11839] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1679.065558][T11839] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1679.198941][T11846] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1679.210010][T11846] CPU: 1 PID: 11846 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1679.218727][T11846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1679.228785][T11846] Call Trace: [ 1679.232091][T11846] dump_stack+0x11d/0x181 [ 1679.236485][T11846] dump_header+0xaa/0x39c [ 1679.240862][T11846] oom_kill_process.cold+0x10/0x15 [ 1679.246148][T11846] out_of_memory+0x231/0xa60 [ 1679.250748][T11846] ? __rcu_read_unlock+0x66/0x3d0 [ 1679.255793][T11846] mem_cgroup_out_of_memory+0x128/0x150 [ 1679.261412][T11846] try_charge+0xb6c/0xbf0 [ 1679.265880][T11846] ? rcu_note_context_switch+0x720/0x760 [ 1679.271537][T11846] mem_cgroup_try_charge+0xd2/0x260 [ 1679.276853][T11846] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1679.282565][T11846] __handle_mm_fault+0x197f/0x2e00 [ 1679.287708][T11846] handle_mm_fault+0x21b/0x530 [ 1679.292546][T11846] __get_user_pages+0x485/0x1130 [ 1679.297534][T11846] populate_vma_page_range+0xe6/0x100 [ 1679.302915][T11846] __mm_populate+0x168/0x2a0 [ 1679.307529][T11846] __x64_sys_mlockall+0x2e3/0x320 [ 1679.312583][T11846] do_syscall_64+0xcc/0x3a0 [ 1679.317109][T11846] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1679.323001][T11846] RIP: 0033:0x45af49 [ 1679.327005][T11846] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 07:53:04 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:04 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202005202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000300"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:04 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x82e}, 0x28) 07:53:04 executing program 1: kexec_load(0x0, 0xf, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000, 0x9}], 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) [ 1679.346725][T11846] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1679.355148][T11846] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1679.363128][T11846] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1679.371105][T11846] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1679.379103][T11846] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1679.387080][T11846] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:53:04 executing program 1: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x4, [0x0, 0x4], 0x9}, 0x10) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) [ 1679.511449][T11859] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1679.518690][T11846] memory: usage 307200kB, limit 307200kB, failcnt 1666 [ 1679.543912][T11846] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1679.591741][T11859] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1679.615954][T11846] Memory cgroup stats for /syz4: [ 1679.616149][T11846] anon 310591488 [ 1679.616149][T11846] file 8192 [ 1679.616149][T11846] kernel_stack 294912 [ 1679.616149][T11846] slab 942080 [ 1679.616149][T11846] sock 0 [ 1679.616149][T11846] shmem 0 [ 1679.616149][T11846] file_mapped 0 [ 1679.616149][T11846] file_dirty 0 [ 1679.616149][T11846] file_writeback 0 [ 1679.616149][T11846] anon_thp 274726912 [ 1679.616149][T11846] inactive_anon 262709248 [ 1679.616149][T11846] active_anon 221184 [ 1679.616149][T11846] inactive_file 0 [ 1679.616149][T11846] active_file 118784 [ 1679.616149][T11846] unevictable 47833088 [ 1679.616149][T11846] slab_reclaimable 135168 [ 1679.616149][T11846] slab_unreclaimable 806912 [ 1679.616149][T11846] pgfault 275319 [ 1679.616149][T11846] pgmajfault 0 [ 1679.616149][T11846] workingset_refault 0 07:53:04 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x82f}, 0x28) [ 1679.616149][T11846] workingset_activate 0 [ 1679.616149][T11846] workingset_nodereclaim 0 [ 1679.616149][T11846] pgrefill 164 [ 1679.616149][T11846] pgscan 253 [ 1679.616149][T11846] pgsteal 34 [ 1679.771465][T11859] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1679.869493][T11846] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11824,uid=0 [ 1679.889978][T11846] Memory cgroup out of memory: Killed process 11824 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1679.983547][T11862] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1679.999372][T11862] CPU: 0 PID: 11862 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1680.008065][T11862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1680.018131][T11862] Call Trace: [ 1680.021433][T11862] dump_stack+0x11d/0x181 [ 1680.025770][T11862] dump_header+0xaa/0x39c [ 1680.030312][T11862] oom_kill_process.cold+0x10/0x15 [ 1680.035555][T11862] out_of_memory+0x231/0xa60 [ 1680.040238][T11862] mem_cgroup_out_of_memory+0x128/0x150 [ 1680.045833][T11862] try_charge+0xb6c/0xbf0 [ 1680.050180][T11862] ? rcu_note_context_switch+0x720/0x760 [ 1680.055842][T11862] mem_cgroup_try_charge+0xd2/0x260 [ 1680.061490][T11862] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1680.067132][T11862] __handle_mm_fault+0x197f/0x2e00 [ 1680.072291][T11862] handle_mm_fault+0x21b/0x530 [ 1680.077084][T11862] __get_user_pages+0x485/0x1130 [ 1680.082038][T11862] populate_vma_page_range+0xe6/0x100 [ 1680.087727][T11862] __mm_populate+0x168/0x2a0 [ 1680.092345][T11862] __x64_sys_mlockall+0x2e3/0x320 [ 1680.097467][T11862] do_syscall_64+0xcc/0x3a0 [ 1680.102037][T11862] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1680.107938][T11862] RIP: 0033:0x45af49 [ 1680.111960][T11862] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1680.131756][T11862] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1680.140243][T11862] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1680.148232][T11862] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1680.156228][T11862] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1680.164212][T11862] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1680.173500][T11862] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1680.187677][T11862] memory: usage 307200kB, limit 307200kB, failcnt 1647 [ 1680.197977][T11862] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1680.208371][T11862] Memory cgroup stats for /syz2: [ 1680.208622][T11862] anon 309608448 [ 1680.208622][T11862] file 106496 [ 1680.208622][T11862] kernel_stack 368640 [ 1680.208622][T11862] slab 1228800 [ 1680.208622][T11862] sock 53248 [ 1680.208622][T11862] shmem 0 [ 1680.208622][T11862] file_mapped 0 [ 1680.208622][T11862] file_dirty 0 [ 1680.208622][T11862] file_writeback 0 [ 1680.208622][T11862] anon_thp 270532608 [ 1680.208622][T11862] inactive_anon 258334720 [ 1680.208622][T11862] active_anon 7159808 [ 1680.208622][T11862] inactive_file 135168 [ 1680.208622][T11862] active_file 135168 [ 1680.208622][T11862] unevictable 44212224 [ 1680.208622][T11862] slab_reclaimable 405504 [ 1680.208622][T11862] slab_unreclaimable 823296 [ 1680.208622][T11862] pgfault 303270 [ 1680.208622][T11862] pgmajfault 0 [ 1680.208622][T11862] workingset_refault 0 [ 1680.208622][T11862] workingset_activate 0 [ 1680.208622][T11862] workingset_nodereclaim 0 [ 1680.208622][T11862] pgrefill 110 [ 1680.208622][T11862] pgscan 141 [ 1680.208622][T11862] pgsteal 35 07:53:05 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:05 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202006202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:05 executing program 1: kexec_load(0x3, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) 07:53:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000400"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:05 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x830}, 0x28) [ 1680.335043][T11862] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11826,uid=0 [ 1680.350641][T11862] Memory cgroup out of memory: Killed process 11826 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1680.508927][T11990] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1680.680666][T11990] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1680.760161][T11990] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1680.797354][T11994] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1680.822466][T11994] CPU: 1 PID: 11994 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1680.831378][T11994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1680.841439][T11994] Call Trace: [ 1680.844754][T11994] dump_stack+0x11d/0x181 [ 1680.849912][T11994] dump_header+0xaa/0x39c [ 1680.854303][T11994] oom_kill_process.cold+0x10/0x15 [ 1680.859442][T11994] out_of_memory+0x231/0xa60 [ 1680.864093][T11994] ? __rcu_read_unlock+0x66/0x3d0 [ 1680.869148][T11994] mem_cgroup_out_of_memory+0x128/0x150 [ 1680.874771][T11994] try_charge+0xb6c/0xbf0 [ 1680.879127][T11994] ? rcu_note_context_switch+0x720/0x760 [ 1680.884801][T11994] mem_cgroup_try_charge+0xd2/0x260 [ 1680.890087][T11994] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1680.895736][T11994] __handle_mm_fault+0x197f/0x2e00 [ 1680.900930][T11994] handle_mm_fault+0x21b/0x530 [ 1680.905767][T11994] __get_user_pages+0x485/0x1130 [ 1680.910832][T11994] populate_vma_page_range+0xe6/0x100 [ 1680.916218][T11994] __mm_populate+0x168/0x2a0 [ 1680.920827][T11994] __x64_sys_mlockall+0x2e3/0x320 [ 1680.925949][T11994] do_syscall_64+0xcc/0x3a0 [ 1680.930484][T11994] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1680.936441][T11994] RIP: 0033:0x45af49 [ 1680.941918][T11994] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1680.961642][T11994] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1680.970204][T11994] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1680.978186][T11994] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1680.986234][T11994] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1680.994237][T11994] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1681.002227][T11994] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1681.025917][T11994] memory: usage 307200kB, limit 307200kB, failcnt 1703 [ 1681.033042][T11994] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1681.039943][T11994] Memory cgroup stats for /syz4: [ 1681.040283][T11994] anon 310607872 [ 1681.040283][T11994] file 8192 [ 1681.040283][T11994] kernel_stack 258048 [ 1681.040283][T11994] slab 942080 [ 1681.040283][T11994] sock 0 [ 1681.040283][T11994] shmem 0 [ 1681.040283][T11994] file_mapped 0 [ 1681.040283][T11994] file_dirty 0 [ 1681.040283][T11994] file_writeback 0 [ 1681.040283][T11994] anon_thp 274726912 [ 1681.040283][T11994] inactive_anon 262709248 [ 1681.040283][T11994] active_anon 204800 [ 1681.040283][T11994] inactive_file 0 [ 1681.040283][T11994] active_file 118784 [ 1681.040283][T11994] unevictable 47833088 [ 1681.040283][T11994] slab_reclaimable 135168 [ 1681.040283][T11994] slab_unreclaimable 806912 [ 1681.040283][T11994] pgfault 277200 [ 1681.040283][T11994] pgmajfault 0 [ 1681.040283][T11994] workingset_refault 0 [ 1681.040283][T11994] workingset_activate 0 [ 1681.040283][T11994] workingset_nodereclaim 0 [ 1681.040283][T11994] pgrefill 164 [ 1681.040283][T11994] pgscan 253 [ 1681.040283][T11994] pgsteal 34 [ 1681.139964][T11994] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11977,uid=0 [ 1681.156277][T11994] Memory cgroup out of memory: Killed process 11977 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 07:53:06 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000500"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:06 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x831}, 0x28) 07:53:06 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202007202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:06 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) r2 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f00000002c0)={0x4, 0x0, 0x4}) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000040)={0x7fffffff, 0x1f, 0x4, 0x0, 0x5012, {r0, r1/1000+30000}, {0x5, 0x2, 0x3, 0x4, 0x0, 0x20, "ff77b50d"}, 0x2, 0x2, @fd, 0x3f, 0x0, r2}) r4 = creat(&(0x7f0000000100)='./file0\x00', 0x92) write$tun(r4, &(0x7f00000001c0)={@val, @val={0x1, 0x80, 0x3f, 0xff, 0x8000, 0x1}, @ipv4=@tipc={{0x12, 0x4, 0x2, 0x2b, 0x65, 0x66, 0x0, 0x1, 0x6, 0x0, @rand_addr=0x538, @remote, {[@lsrr={0x83, 0x17, 0xf, [@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @remote]}, @end, @timestamp={0x44, 0x1c, 0x26, 0x0, 0x9, [0x7f, 0xfff, 0x44100000, 0x8, 0x9, 0x5]}]}}, @payload_conn={{{0x1d, 0x0, 0x0, 0x0, 0x1, 0x6, 0x41d398b786eaa6e, 0x2, 0x8, 0x0, 0x1, 0x4, 0x2, 0x0, 0x42, 0x1, 0x1, 0x4e20, 0x4e21}}, [0x0, 0x0, 0x0, 0x0, 0x0]}}}, 0x73) write$USERIO_CMD_SET_PORT_TYPE(r3, &(0x7f00000000c0)={0x1, 0x20}, 0x2) [ 1681.297514][T12007] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:53:06 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202008202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1681.406828][T12007] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1681.497106][T12017] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1681.509336][T12017] CPU: 0 PID: 12017 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1681.518031][T12017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1681.528189][T12017] Call Trace: [ 1681.528298][T12017] dump_stack+0x11d/0x181 [ 1681.535903][T12017] dump_header+0xaa/0x39c [ 1681.540256][T12017] oom_kill_process.cold+0x10/0x15 [ 1681.545390][T12017] out_of_memory+0x231/0xa60 [ 1681.550057][T12017] ? __rcu_read_unlock+0x66/0x3d0 [ 1681.550100][T12017] mem_cgroup_out_of_memory+0x128/0x150 [ 1681.560655][T12017] try_charge+0xb6c/0xbf0 [ 1681.565000][T12017] ? rcu_note_context_switch+0x720/0x760 [ 1681.566949][T12007] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1681.570652][T12017] mem_cgroup_try_charge+0xd2/0x260 [ 1681.570694][T12017] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1681.596853][T12017] __handle_mm_fault+0x197f/0x2e00 [ 1681.601988][T12017] handle_mm_fault+0x21b/0x530 [ 1681.606828][T12017] __get_user_pages+0x485/0x1130 [ 1681.611803][T12017] populate_vma_page_range+0xe6/0x100 [ 1681.617202][T12017] __mm_populate+0x168/0x2a0 [ 1681.621850][T12017] __x64_sys_mlockall+0x2e3/0x320 [ 1681.626894][T12017] do_syscall_64+0xcc/0x3a0 [ 1681.631445][T12017] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1681.637362][T12017] RIP: 0033:0x45af49 [ 1681.641369][T12017] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1681.660998][T12017] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1681.669429][T12017] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1681.677413][T12017] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1681.685461][T12017] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 07:53:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000600"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1681.694503][T12017] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1681.702663][T12017] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1681.739112][T12017] memory: usage 307200kB, limit 307200kB, failcnt 1671 [ 1681.746089][T12017] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1681.753133][T12017] Memory cgroup stats for /syz2: [ 1681.753374][T12017] anon 309608448 [ 1681.753374][T12017] file 106496 [ 1681.753374][T12017] kernel_stack 368640 [ 1681.753374][T12017] slab 1228800 [ 1681.753374][T12017] sock 53248 [ 1681.753374][T12017] shmem 0 [ 1681.753374][T12017] file_mapped 0 [ 1681.753374][T12017] file_dirty 0 [ 1681.753374][T12017] file_writeback 0 [ 1681.753374][T12017] anon_thp 270532608 [ 1681.753374][T12017] inactive_anon 258367488 [ 1681.753374][T12017] active_anon 7163904 [ 1681.753374][T12017] inactive_file 135168 [ 1681.753374][T12017] active_file 135168 [ 1681.753374][T12017] unevictable 44212224 [ 1681.753374][T12017] slab_reclaimable 405504 [ 1681.753374][T12017] slab_unreclaimable 823296 [ 1681.753374][T12017] pgfault 305118 [ 1681.753374][T12017] pgmajfault 0 [ 1681.753374][T12017] workingset_refault 0 [ 1681.753374][T12017] workingset_activate 0 [ 1681.753374][T12017] workingset_nodereclaim 0 [ 1681.753374][T12017] pgrefill 110 [ 1681.753374][T12017] pgscan 141 [ 1681.753374][T12017] pgsteal 35 [ 1681.847548][T12123] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1681.949554][T12017] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11997,uid=0 [ 1681.999635][T12017] Memory cgroup out of memory: Killed process 11997 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1682.001358][T12123] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:53:07 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:07 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x832}, 0x28) 07:53:07 executing program 1: kexec_load(0x0, 0x8000199, &(0x7f0000000000)=[{0x0, 0x2ce, 0x91659ffd}], 0x0) fstat(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = geteuid() setresuid(r1, r1, 0x0) setreuid(r1, 0x0) mount$9p_virtio(&(0x7f0000000040)='syz\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x8, &(0x7f0000000180)={'trans=virtio,', {[{@uname={'uname'}}, {@posixacl='posixacl'}, {@dfltgid={'dfltgid', 0x3d, r0}}, {@access_client='access=client'}, {@mmap='mmap'}, {@fscache='fscache'}, {@version_u='version=9p2000.u'}, {@access_any='access=any'}], [{@fscontext={'fscontext', 0x3d, 'user_u'}}, {@audit='audit'}, {@obj_type={'obj_type', 0x3d, '\\$ppp1*'}}, {@euid_eq={'euid', 0x3d, r1}}]}}) 07:53:07 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202009202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1682.151079][T12123] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:07 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x833}, 0x28) [ 1682.477994][T12240] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1682.521918][T12240] CPU: 1 PID: 12240 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1682.530641][T12240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1682.540707][T12240] Call Trace: [ 1682.544021][T12240] dump_stack+0x11d/0x181 [ 1682.548375][T12240] dump_header+0xaa/0x39c [ 1682.552791][T12240] oom_kill_process.cold+0x10/0x15 [ 1682.558031][T12240] out_of_memory+0x231/0xa60 [ 1682.562640][T12240] ? __rcu_read_unlock+0x66/0x3d0 [ 1682.567692][T12240] mem_cgroup_out_of_memory+0x128/0x150 [ 1682.573257][T12240] try_charge+0xb6c/0xbf0 [ 1682.577622][T12240] ? rcu_note_context_switch+0x720/0x760 [ 1682.583287][T12240] mem_cgroup_try_charge+0xd2/0x260 [ 1682.588597][T12240] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1682.594248][T12240] __handle_mm_fault+0x197f/0x2e00 [ 1682.600532][T12240] handle_mm_fault+0x21b/0x530 [ 1682.605328][T12240] __get_user_pages+0x485/0x1130 [ 1682.610482][T12240] populate_vma_page_range+0xe6/0x100 [ 1682.615883][T12240] __mm_populate+0x168/0x2a0 [ 1682.620501][T12240] __x64_sys_mlockall+0x2e3/0x320 [ 1682.625552][T12240] do_syscall_64+0xcc/0x3a0 [ 1682.630081][T12240] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1682.635985][T12240] RIP: 0033:0x45af49 [ 1682.639905][T12240] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1682.659653][T12240] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1682.668085][T12240] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1682.676191][T12240] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1682.684185][T12240] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1682.692229][T12240] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1682.700252][T12240] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1682.722138][T12240] memory: usage 307192kB, limit 307200kB, failcnt 1723 [ 1682.729113][T12240] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1682.736045][T12240] Memory cgroup stats for /syz4: [ 1682.736210][T12240] anon 310607872 [ 1682.736210][T12240] file 8192 [ 1682.736210][T12240] kernel_stack 294912 [ 1682.736210][T12240] slab 942080 [ 1682.736210][T12240] sock 0 [ 1682.736210][T12240] shmem 0 [ 1682.736210][T12240] file_mapped 0 [ 1682.736210][T12240] file_dirty 0 [ 1682.736210][T12240] file_writeback 0 [ 1682.736210][T12240] anon_thp 274726912 [ 1682.736210][T12240] inactive_anon 262574080 [ 1682.736210][T12240] active_anon 212992 [ 1682.736210][T12240] inactive_file 0 [ 1682.736210][T12240] active_file 118784 [ 1682.736210][T12240] unevictable 47865856 [ 1682.736210][T12240] slab_reclaimable 135168 [ 1682.736210][T12240] slab_unreclaimable 806912 [ 1682.736210][T12240] pgfault 279081 [ 1682.736210][T12240] pgmajfault 0 [ 1682.736210][T12240] workingset_refault 0 [ 1682.736210][T12240] workingset_activate 0 [ 1682.736210][T12240] workingset_nodereclaim 0 [ 1682.736210][T12240] pgrefill 164 [ 1682.736210][T12240] pgscan 253 [ 1682.736210][T12240] pgsteal 34 [ 1682.830561][T12240] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12118,uid=0 [ 1682.846253][T12240] Memory cgroup out of memory: Killed process 12118 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 07:53:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000700"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:08 executing program 1: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x101000, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x14c) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) ioctl$SNDCTL_DSP_SETDUPLEX(r0, 0x5016, 0x0) prctl$PR_MCE_KILL_GET(0x22) 07:53:08 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e5558202020202020202020202020202020202020200a202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:08 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:08 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x834}, 0x28) 07:53:08 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x835}, 0x28) [ 1683.219361][T12267] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1683.239737][T12267] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:53:08 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) ioctl$TIOCGRS485(r1, 0x542e, &(0x7f00000000c0)) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000140)='./file0\x00', 0x0, 0x1004, 0x0) mount$overlay(0x400000, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='overlay\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB=',lowerdir=.:file0']) r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) openat$cgroup_subtree(r3, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) openat$cgroup_subtree(r4, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0x76656f) r5 = getpid() ptrace$setregs(0xd, r5, 0xe8, &(0x7f0000000200)="33078bbc6d2e254ad9cca8e3681e8f1bbed7cbd96e7834aedcf22dbba59f3ce665090872e4356c5ceafc4e50bcdc817472efc5c20c9159f432575294546b72ab6404b3c5047c9df393773b266ac584d15063f2ada99834c699ef340576e954f6bf8011f58c121a7299fe8d4ab04a7a1c6c186b0ebcad10b555b3e9eeedd69175e5d137b0d5d505f48ee67f376cf211fa851d8764e810cd") write$FUSE_INIT(r2, &(0x7f0000000040)={0x50, 0x3c3f72e9052b1d86, 0x4, {0x7, 0x1f, 0x7, 0x95a1ccacc839c577, 0x0, 0x1, 0x0, 0xc9}}, 0x50) fchdir(r0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000000)) [ 1683.441839][T12267] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1683.569763][T12372] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1683.628072][T12372] CPU: 1 PID: 12372 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1683.639050][T12372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1683.649113][T12372] Call Trace: [ 1683.652419][T12372] dump_stack+0x11d/0x181 [ 1683.656775][T12372] dump_header+0xaa/0x39c [ 1683.661322][T12372] oom_kill_process.cold+0x10/0x15 [ 1683.666508][T12372] out_of_memory+0x231/0xa60 [ 1683.671121][T12372] ? __rcu_read_unlock+0x66/0x3d0 [ 1683.676181][T12372] mem_cgroup_out_of_memory+0x128/0x150 [ 1683.681892][T12372] try_charge+0xb6c/0xbf0 [ 1683.686257][T12372] ? rcu_note_context_switch+0x720/0x760 [ 1683.691910][T12372] mem_cgroup_try_charge+0xd2/0x260 [ 1683.697150][T12372] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1683.702789][T12372] __handle_mm_fault+0x197f/0x2e00 [ 1683.707966][T12372] handle_mm_fault+0x21b/0x530 [ 1683.712738][T12372] __get_user_pages+0x485/0x1130 [ 1683.717701][T12372] populate_vma_page_range+0xe6/0x100 [ 1683.723092][T12372] __mm_populate+0x168/0x2a0 [ 1683.727707][T12372] __x64_sys_mlockall+0x2e3/0x320 [ 1683.732847][T12372] do_syscall_64+0xcc/0x3a0 [ 1683.737409][T12372] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1683.743299][T12372] RIP: 0033:0x45af49 [ 1683.747202][T12372] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1683.766841][T12372] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 07:53:08 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:08 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e5558202020202020202020202020202020202020200b202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:08 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x836}, 0x28) 07:53:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000a00"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1683.775388][T12372] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1683.783486][T12372] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1683.791465][T12372] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1683.799447][T12372] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1683.807430][T12372] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1683.835127][T12372] memory: usage 307200kB, limit 307200kB, failcnt 1683 [ 1683.843171][T12372] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 07:53:08 executing program 1: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x2000, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x400) newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) write$P9_RSTATu(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="990000007d010000000000000000000020408100000000f0fffb07000000000000000200232407002f2d7070703023230081656375726974792f246b657972696e67707205632873656c66657468301e73656c661e0023d373656c6673797374656d70726f6384245d6b657972696e676264657607002f766d6e65743000"/141, @ANYRES32=r1, @ANYRES32=r2, @ANYRES32], 0x99) r3 = geteuid() setresuid(r3, r3, 0x0) setreuid(r3, 0x0) mount$9p_virtio(&(0x7f0000000000)='syz\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x7080000, &(0x7f00000000c0)={'trans=virtio,', {[{@dfltgid={'dfltgid', 0x3d, r2}}, {@noextend='noextend'}], [{@obj_role={'obj_role', 0x3d, 'securityvboxnet1\\/securitysystemem0^-ppp0'}}, {@uid_lt={'uid<', r3}}, {@hash='hash'}, {@dont_appraise='dont_appraise'}, {@audit='audit'}, {@obj_role={'obj_role', 0x3d, 'cgrouplocgroup%'}}]}}) r4 = geteuid() setresuid(r4, r4, 0x0) setreuid(r4, 0x0) fstat(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(r4, r5, 0xffffffffffffffff) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) [ 1683.943301][T12490] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1684.006464][T12372] Memory cgroup stats for /syz2: [ 1684.006668][T12372] anon 309534720 [ 1684.006668][T12372] file 106496 [ 1684.006668][T12372] kernel_stack 368640 [ 1684.006668][T12372] slab 1228800 [ 1684.006668][T12372] sock 53248 [ 1684.006668][T12372] shmem 0 [ 1684.006668][T12372] file_mapped 0 [ 1684.006668][T12372] file_dirty 0 [ 1684.006668][T12372] file_writeback 0 [ 1684.006668][T12372] anon_thp 270532608 [ 1684.006668][T12372] inactive_anon 258473984 [ 1684.006668][T12372] active_anon 7131136 [ 1684.006668][T12372] inactive_file 135168 07:53:09 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e5558202020202020202020202020202020202020200c202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:09 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x837}, 0x28) [ 1684.006668][T12372] active_file 135168 [ 1684.006668][T12372] unevictable 44232704 [ 1684.006668][T12372] slab_reclaimable 405504 [ 1684.006668][T12372] slab_unreclaimable 823296 [ 1684.006668][T12372] pgfault 306966 [ 1684.006668][T12372] pgmajfault 0 [ 1684.006668][T12372] workingset_refault 0 [ 1684.006668][T12372] workingset_activate 0 [ 1684.006668][T12372] workingset_nodereclaim 0 [ 1684.006668][T12372] pgrefill 110 [ 1684.006668][T12372] pgscan 141 [ 1684.006668][T12372] pgsteal 35 [ 1684.117052][T12490] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1684.141992][T12372] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12249,uid=0 [ 1684.158556][T12372] Memory cgroup out of memory: Killed process 12249 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1684.179819][T12490] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000c00"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1684.303519][T12493] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1684.329214][T12493] CPU: 1 PID: 12493 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1684.338223][T12493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1684.348285][T12493] Call Trace: [ 1684.351590][T12493] dump_stack+0x11d/0x181 [ 1684.356043][T12493] dump_header+0xaa/0x39c [ 1684.360411][T12493] oom_kill_process.cold+0x10/0x15 [ 1684.365549][T12493] out_of_memory+0x231/0xa60 [ 1684.370182][T12493] mem_cgroup_out_of_memory+0x128/0x150 [ 1684.376267][T12493] try_charge+0xb6c/0xbf0 [ 1684.380629][T12493] ? rcu_note_context_switch+0x720/0x760 [ 1684.386486][T12493] mem_cgroup_try_charge+0xd2/0x260 [ 1684.391768][T12493] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1684.397422][T12493] __handle_mm_fault+0x197f/0x2e00 [ 1684.402548][T12493] handle_mm_fault+0x21b/0x530 [ 1684.407317][T12493] __get_user_pages+0x485/0x1130 [ 1684.412342][T12493] populate_vma_page_range+0xe6/0x100 [ 1684.417806][T12493] __mm_populate+0x168/0x2a0 [ 1684.422605][T12493] __x64_sys_mlockall+0x2e3/0x320 [ 1684.427630][T12493] do_syscall_64+0xcc/0x3a0 [ 1684.432134][T12493] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1684.438027][T12493] RIP: 0033:0x45af49 [ 1684.442369][T12493] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1684.462162][T12493] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1684.470669][T12493] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1684.478737][T12493] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1684.486720][T12493] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1684.494811][T12493] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1684.502788][T12493] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1684.622260][T12493] memory: usage 307200kB, limit 307200kB, failcnt 1744 [ 1684.630308][T12493] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1684.656720][T12605] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1684.699652][T12605] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1684.772948][T12605] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1684.781835][T12493] Memory cgroup stats for /syz4: [ 1684.782199][T12493] anon 310587392 [ 1684.782199][T12493] file 8192 [ 1684.782199][T12493] kernel_stack 294912 [ 1684.782199][T12493] slab 942080 [ 1684.782199][T12493] sock 0 [ 1684.782199][T12493] shmem 0 [ 1684.782199][T12493] file_mapped 0 [ 1684.782199][T12493] file_dirty 0 [ 1684.782199][T12493] file_writeback 0 [ 1684.782199][T12493] anon_thp 274726912 [ 1684.782199][T12493] inactive_anon 262713344 [ 1684.782199][T12493] active_anon 217088 [ 1684.782199][T12493] inactive_file 0 [ 1684.782199][T12493] active_file 118784 [ 1684.782199][T12493] unevictable 47833088 [ 1684.782199][T12493] slab_reclaimable 135168 [ 1684.782199][T12493] slab_unreclaimable 806912 [ 1684.782199][T12493] pgfault 280896 [ 1684.782199][T12493] pgmajfault 0 [ 1684.782199][T12493] workingset_refault 0 [ 1684.782199][T12493] workingset_activate 0 [ 1684.782199][T12493] workingset_nodereclaim 0 [ 1684.782199][T12493] pgrefill 164 [ 1684.782199][T12493] pgscan 253 [ 1684.782199][T12493] pgsteal 34 [ 1684.888029][T12493] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12256,uid=0 [ 1684.903765][T12493] Memory cgroup out of memory: Killed process 12256 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1684.931255][ T1065] oom_reaper: reaped process 12256 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:53:10 executing program 1: r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x37, &(0x7f0000002040)=""/4096, &(0x7f0000000600)=0x1000) r1 = syz_genetlink_get_family_id$nbd(&(0x7f00000002c0)='nbd\x00') r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0x76656f) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f0000000140), 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x68, r1, 0x2, 0x70bd2a, 0x25dfdbfd, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_SOCKETS={0x34, 0x7, [{0x8}, {0x8, 0x1, r0}, {0x8, 0x1, r2}, {0x8, 0x1, r0}, {0x8}, {0x8}]}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc, 0x8, 0xee16}, @NBD_ATTR_DEAD_CONN_TIMEOUT={0xc}]}, 0x68}, 0x1, 0x0, 0x0, 0x24000000}, 0x2040) fchdir(r0) ioctl$KVM_S390_VCPU_FAULT(r0, 0x4008ae52, &(0x7f0000000040)=0x5) kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x9165a000}], 0x0) tee(r0, 0xffffffffffffffff, 0x8, 0x2) r3 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r3) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r4, &(0x7f0000000000), 0x377140be6b5ef4c7}]) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000001bc0)={0x0, @multicast1, @local}, &(0x7f0000001c00)=0xc) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000002000)={&(0x7f0000000f40)=@ll={0x11, 0x0, 0x0}, 0x80, &(0x7f0000001fc0)}, 0x2080) setxattr$trusted_overlay_origin(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0)='trusted.overlay.origin\x00', &(0x7f0000000700)='y\x00', 0x2, 0x3) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000800), &(0x7f0000000380)=0x7, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x15, 0xc, &(0x7f0000000e40)=ANY=[@ANYBLOB="1800005268826a4e81365c2d27aa8f34cdcf000000000004a909000104000085000000120000003bfbe0fff0", @ANYRES32, @ANYBLOB="01f1210f6ed7e1000000000000003a7ef030", @ANYRESOCT=r6, @ANYBLOB="0002060000ff010200000000"], &(0x7f00000004c0)='syzkaller\x00', 0x0, 0x47, &(0x7f0000000580)=""/71, 0x40f00, 0x3, [], r7, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000640)={0x3, 0xf, 0x10001, 0xffffffff}, 0x10, r8}, 0x78) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000740)=r8, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000001cc0)={0x1a, 0x10, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff}, [@generic={0x5, 0x0, 0x6, 0x5, 0x5}, @map_val={0x18, 0x7, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x1f79972a}, @call={0x85, 0x0, 0x0, 0x17}, @alu={0x7, 0x1, 0x0, 0x3, 0x0, 0x10, 0xfffffffffffffffc}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, @jmp={0x5, 0x1, 0x2, 0x6, 0x3, 0xfffffffffffffffc, 0xfffffffffffffff0}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffb}, @map={0x18, 0x2, 0x1, 0x0, r4}, @initr0={0x18, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000000100)='GPL\x00', 0x8, 0x9e, &(0x7f0000000200)=""/158, 0x41100, 0x9, [], r5, 0x9, r0, 0x8, &(0x7f0000001c40)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000001c80)={0x3, 0x8, 0x1}, 0x10, r8}, 0x78) 07:53:10 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x838}, 0x28) 07:53:10 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000e00"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:10 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:10 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e5558202020202020202020202020202020202020200d202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:10 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1685.453443][T12622] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:53:10 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e5558202020202020202020202020202020202020200e202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:10 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x839}, 0x28) [ 1685.579775][T12622] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1685.636020][T12632] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1685.646542][T12632] CPU: 0 PID: 12632 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1685.655246][T12632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1685.665313][T12632] Call Trace: [ 1685.668629][T12632] dump_stack+0x11d/0x181 [ 1685.673033][T12632] dump_header+0xaa/0x39c [ 1685.677583][T12632] oom_kill_process.cold+0x10/0x15 [ 1685.682714][T12632] out_of_memory+0x231/0xa60 [ 1685.687318][T12632] ? __rcu_read_unlock+0x66/0x3d0 [ 1685.692391][T12632] mem_cgroup_out_of_memory+0x128/0x150 [ 1685.698037][T12632] try_charge+0xb6c/0xbf0 [ 1685.702377][T12632] ? rcu_note_context_switch+0x720/0x760 [ 1685.708028][T12632] mem_cgroup_try_charge+0xd2/0x260 [ 1685.713242][T12632] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1685.718906][T12632] __handle_mm_fault+0x197f/0x2e00 [ 1685.724243][T12632] handle_mm_fault+0x21b/0x530 [ 1685.729063][T12632] __get_user_pages+0x485/0x1130 [ 1685.734023][T12632] populate_vma_page_range+0xe6/0x100 [ 1685.739526][T12632] __mm_populate+0x168/0x2a0 [ 1685.744141][T12632] __x64_sys_mlockall+0x2e3/0x320 [ 1685.749209][T12632] do_syscall_64+0xcc/0x3a0 [ 1685.753797][T12632] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1685.759753][T12632] RIP: 0033:0x45af49 [ 1685.763696][T12632] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 07:53:10 executing program 1: kexec_load(0x7ffffffc, 0x1, &(0x7f0000000000)=[{0x0, 0x162, 0x9165a000}], 0x280000) r0 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000080)={0x990000, 0x1, 0x80000000, r0, 0x0, &(0x7f0000000040)={0x98090d, 0x0, [], @ptr=0x800}}) ioctl$IOC_PR_RELEASE(r1, 0x401070ca, &(0x7f00000000c0)={0x80000001, 0x0, 0x1}) [ 1685.783360][T12632] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1685.791883][T12632] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1685.799888][T12632] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1685.807869][T12632] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1685.815928][T12632] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1685.823995][T12632] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1685.855468][T12632] memory: usage 307200kB, limit 307200kB, failcnt 1712 [ 1685.873836][T12622] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1685.893493][T12632] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1685.900952][T12632] Memory cgroup stats for /syz2: [ 1685.901530][T12632] anon 309608448 [ 1685.901530][T12632] file 106496 [ 1685.901530][T12632] kernel_stack 368640 [ 1685.901530][T12632] slab 1228800 [ 1685.901530][T12632] sock 53248 [ 1685.901530][T12632] shmem 0 [ 1685.901530][T12632] file_mapped 0 [ 1685.901530][T12632] file_dirty 0 [ 1685.901530][T12632] file_writeback 0 [ 1685.901530][T12632] anon_thp 270532608 [ 1685.901530][T12632] inactive_anon 258478080 [ 1685.901530][T12632] active_anon 7090176 [ 1685.901530][T12632] inactive_file 135168 [ 1685.901530][T12632] active_file 135168 [ 1685.901530][T12632] unevictable 44343296 [ 1685.901530][T12632] slab_reclaimable 405504 [ 1685.901530][T12632] slab_unreclaimable 823296 [ 1685.901530][T12632] pgfault 308847 [ 1685.901530][T12632] pgmajfault 0 [ 1685.901530][T12632] workingset_refault 0 [ 1685.901530][T12632] workingset_activate 0 [ 1685.901530][T12632] workingset_nodereclaim 0 [ 1685.901530][T12632] pgrefill 110 [ 1685.901530][T12632] pgscan 141 [ 1685.901530][T12632] pgsteal 35 07:53:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000f00"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:11 executing program 1: openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x20100, 0x0) 07:53:11 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e5558202020202020202020202020202020202020200f202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:11 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x83a}, 0x28) [ 1686.348629][T12632] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12609,uid=0 [ 1686.349610][T12851] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:53:11 executing program 1: r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000000)={0x4, 0x8, 0x4, 0x80000800, 0x9, {0x77359400}, {0x2, 0x8, 0xf9, 0x3f, 0x0, 0x80, "4a10ddc8"}, 0x800, 0x0, @userptr=0x1000, 0xfff, 0x0, 0xffffffffffffffff}) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000080)={0x74, 0x0, [0x4, 0x10001, 0x5, 0x8]}) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x280f00, 0x0) mkdirat(r2, &(0x7f0000000140)='./file0\x00', 0x40) 07:53:11 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1686.397904][T12851] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1686.409395][T12632] Memory cgroup out of memory: Killed process 12609 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1686.467077][T12851] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:12 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x83b}, 0x28) 07:53:12 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108001000"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:12 executing program 1: ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000040)={0x9f0000, 0x6, 0x1, 0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x990001, 0x3, [], @value=0x6}}) r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x10000, 0x0) ioctl$VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f00000000c0)={0xa, 0x81, 0x1, 0x6000, r1}) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) 07:53:12 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202010202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:12 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, 0xffffffffffffffff) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:12 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:12 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202011202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1687.485308][T12988] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1687.533482][T12988] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1687.533735][T12985] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1687.562940][T12985] CPU: 1 PID: 12985 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1687.571668][T12985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1687.581820][T12985] Call Trace: [ 1687.585209][T12985] dump_stack+0x11d/0x181 [ 1687.589563][T12985] dump_header+0xaa/0x39c [ 1687.593947][T12985] oom_kill_process.cold+0x10/0x15 [ 1687.599069][T12985] out_of_memory+0x231/0xa60 [ 1687.603774][T12985] ? __rcu_read_unlock+0x66/0x3d0 [ 1687.608865][T12985] mem_cgroup_out_of_memory+0x128/0x150 [ 1687.614506][T12985] try_charge+0xb6c/0xbf0 [ 1687.618926][T12985] ? rcu_note_context_switch+0x720/0x760 [ 1687.624629][T12985] mem_cgroup_try_charge+0xd2/0x260 [ 1687.629834][T12985] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1687.635521][T12985] __handle_mm_fault+0x197f/0x2e00 [ 1687.640646][T12985] handle_mm_fault+0x21b/0x530 [ 1687.645528][T12985] __get_user_pages+0x485/0x1130 [ 1687.651953][T12985] populate_vma_page_range+0xe6/0x100 [ 1687.657705][T12985] __mm_populate+0x168/0x2a0 [ 1687.662304][T12985] __x64_sys_mlockall+0x2e3/0x320 [ 1687.667379][T12985] do_syscall_64+0xcc/0x3a0 [ 1687.672735][T12985] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1687.678675][T12985] RIP: 0033:0x45af49 [ 1687.682578][T12985] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1687.702222][T12985] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1687.710628][T12985] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1687.718639][T12985] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1687.726739][T12985] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1687.734875][T12985] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1687.743030][T12985] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1687.777894][T12988] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1687.831289][T12985] memory: usage 307200kB, limit 307200kB, failcnt 1754 [ 1687.839722][T12985] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1687.855834][T12985] Memory cgroup stats for /syz2: [ 1687.856113][T12985] anon 309608448 [ 1687.856113][T12985] file 106496 [ 1687.856113][T12985] kernel_stack 368640 [ 1687.856113][T12985] slab 1228800 [ 1687.856113][T12985] sock 53248 [ 1687.856113][T12985] shmem 0 [ 1687.856113][T12985] file_mapped 0 [ 1687.856113][T12985] file_dirty 0 [ 1687.856113][T12985] file_writeback 0 [ 1687.856113][T12985] anon_thp 270532608 [ 1687.856113][T12985] inactive_anon 258424832 [ 1687.856113][T12985] active_anon 7081984 [ 1687.856113][T12985] inactive_file 135168 [ 1687.856113][T12985] active_file 135168 [ 1687.856113][T12985] unevictable 44212224 [ 1687.856113][T12985] slab_reclaimable 405504 [ 1687.856113][T12985] slab_unreclaimable 823296 [ 1687.856113][T12985] pgfault 310695 [ 1687.856113][T12985] pgmajfault 0 07:53:12 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x83c}, 0x28) 07:53:12 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) set_thread_area(&(0x7f0000000000)={0x3, 0x100801, 0x2000, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1}) [ 1687.856113][T12985] workingset_refault 0 [ 1687.856113][T12985] workingset_activate 0 [ 1687.856113][T12985] workingset_nodereclaim 0 [ 1687.856113][T12985] pgrefill 110 [ 1687.856113][T12985] pgscan 141 [ 1687.856113][T12985] pgsteal 35 07:53:12 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202012202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:13 executing program 1: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$SIOCAX25ADDUID(0xffffffffffffffff, 0x89e1, &(0x7f0000000080)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0xee01}) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0x76656f) clock_gettime(0x0, &(0x7f0000000600)={0x0, 0x0}) ioctl$VIDIOC_PREPARE_BUF(r2, 0xc058565d, &(0x7f0000000780)={0x3, 0xa, 0x4, 0x0, 0x9, {r3, r4/1000+10000}, {0x2, 0x1, 0x3f, 0x3, 0x9, 0x0, "39c8b999"}, 0x6, 0x4, @offset, 0x1538, 0x0, r1}) connect(r5, &(0x7f0000000800)=@pptp={0x18, 0x2, {0x2, @remote}}, 0x80) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r1, &(0x7f0000000000), 0x377140be6b5ef4c7}]) getsockopt$inet_sctp6_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000500)={0x0, 0x800, 0x3, 0x1, 0x6, 0x2, 0x6, 0x2, {0x0, @in6={{0xa, 0x4e22, 0xffffffff, @remote, 0x5}}, 0x10001, 0x3, 0x6, 0x54, 0x7fff}}, &(0x7f00000005c0)=0xb0) kexec_load(0x9, 0x6, &(0x7f0000000440)=[{&(0x7f0000000000)="0f51287987cc4eb408141c78b51d7ec964da6bf7212f7b623b7fa1f7fd6dd651232a6d05b2d1392825a952401a9f33ad1e3705654048591ab8a00817231520cd89b97758752c4ee2383338f8d8e90dc259da4ffdf7b712833b729e43b9c5c38f8231cd57277996565478a8d219cd3ab28ef06ca89324b9da357b", 0x1e, 0x8000, 0x20000002}, {&(0x7f0000000640)="d60df7bb1ce849c47bd6fef47e700317742cbafbd1961756d5c25f46a5c1426979c7441d62bacb8eedff1de48308078e19d35ef4a0c4140192f87b6e115d4e53636110de0c741b9575d9909dbd0a77733c26eadacb3be1122d8f17a23cce54c36b32969836064108aa3e3d6847aa2e8a3b9f94b153b709731d05208044fa5bbbe9803140dce30d82f842a4344494a887f76c23fdb7834a7fa8a83015eb4cebb69f9b214c9df455598ef62c540e489319998d003f2bb4b01011b7d3a89153c2393116793a2ebbcaf96a156ada1f1e90dfb50c042dbaf5b190e428848640d6d68f9a57d4444f2c91ebf5eee6f857df005445369bd55bb92fdb3b2332e4adec047d2ceb678f444710", 0x107, 0x3f, 0x1ff}, {&(0x7f0000000100)="85acc565b1f7a05c947507206d2e5656690dd734e4f29af02dbfbdc2dbfee8a235b99b64baa91e4231b1204c90c55051e224fd1fb242640b11b0f1dde0dc64f375a488b5f8bbac4c5c699040587c5a907eb62d745a81e669c5634b6a5e4b44778721300742c94bdb12ce1c4c8d6adb56ecd4e27a14d50559e143972d155da18ec81a2d6d0ec874a591b609dd241872a87c9c6266012f16b7ff9aee4b8565b83ff8d10bc8c40bab6b7faaba5cb35c633a6fbdb0c0e5d039cd5431bdfec1b4c1e27e78d8a501ef03a5a403254aa8605d710fdb6fdfb2c0", 0xd6, 0x9}, {&(0x7f0000000200)="f6173c91f16f96ddb145a1a866b14fb0dc367ea6726822830ad610685161681f4058b44c3914ac8a522a761954ba224a7258f0d1ffa848f3a902657e6b21a77419dd7aa5df660125e21d31877dac6f3305120423bc35cc19326785b7dbe3ed0663062ebe95bbb113997fa77a0352ba0ead1ae4254a4f4a54dc4924549005d111316a52b7c0e39918b449b1840ec335e5a7993b3f1402b7f8a8", 0x99, 0x9, 0xa3}, {&(0x7f00000002c0)="21d2976016f779370c86ea49a8cf4a47159d8f24e02f4743dfad2f6d9c8f27d868f81a3922f9a39cbda5381a64e27cacb383a2c0da293d15da93e5eaffa21d0371c62c1bcac01a8e11e0762feb283d61a2e95dc8e9d92b912ac83754053606387280b4845431e24bc6fa2d1ad117c76cc84dcdae66767d79eb1c694c8255b36a243e6b549a8b3f4f55e790446f2978f3107e216a814bdcb400c80bb5c2699843c5aaae7490537d88062a7d206b94783e5ba2eaf61ec47ff91b809153656885cc13d88d4efdfb906c81ac7f688de6ee450eb6e7eb32c218d9d766d413ccdcc6a7e3bf5bfdb652abe76fde", 0xea, 0x8000, 0xfffffffffffffffb}, {&(0x7f00000003c0)="b0f9ee800c54e45e56336818f5621017ed9e29cd9353729328fbd1c37441f25b6cadb10f9f41647c97a47e2dcf7c5d89d7c296daa3c81d75909ecc4384986e3d1b23dfd5405c2e2e58bf829fef4d45059402af765fffd5a777e5b55e5a302762a9572b0de33eb49ce2f358f2", 0x6c, 0x8, 0x4}], 0x0) 07:53:13 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108004800"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:13 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x83d}, 0x28) [ 1688.162196][T12985] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12974,uid=0 07:53:13 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1688.203247][T12985] Memory cgroup out of memory: Killed process 12974 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1688.359906][ T1065] oom_reaper: reaped process 12974 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1688.409108][T13181] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:53:13 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x83e}, 0x28) 07:53:13 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202013202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1688.526168][T13181] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1688.698366][T13181] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:14 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:14 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) recvfrom$ax25(r0, &(0x7f0000000000)=""/98, 0x62, 0x0, &(0x7f0000000080)={{0x3, @default, 0x2}, [@default, @default, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default]}, 0x48) 07:53:14 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x83f}, 0x28) 07:53:14 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:14 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108004c00"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:14 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202014202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:14 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x840}, 0x28) [ 1689.362250][T13257] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1689.469102][T13261] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1689.493907][T13261] CPU: 0 PID: 13261 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1689.502690][T13261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1689.506605][T13257] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1689.512746][T13261] Call Trace: [ 1689.512786][T13261] dump_stack+0x11d/0x181 [ 1689.512813][T13261] dump_header+0xaa/0x39c [ 1689.512839][T13261] oom_kill_process.cold+0x10/0x15 [ 1689.512883][T13261] out_of_memory+0x231/0xa60 [ 1689.542043][T13261] ? __rcu_read_unlock+0x66/0x3d0 [ 1689.547111][T13261] mem_cgroup_out_of_memory+0x128/0x150 [ 1689.552692][T13261] try_charge+0xb6c/0xbf0 [ 1689.557058][T13261] ? rcu_note_context_switch+0x720/0x760 [ 1689.562935][T13261] mem_cgroup_try_charge+0xd2/0x260 [ 1689.568299][T13261] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1689.574028][T13261] __handle_mm_fault+0x197f/0x2e00 [ 1689.579288][T13261] handle_mm_fault+0x21b/0x530 [ 1689.584133][T13261] __get_user_pages+0x485/0x1130 [ 1689.589307][T13261] populate_vma_page_range+0xe6/0x100 [ 1689.594887][T13261] __mm_populate+0x168/0x2a0 [ 1689.599519][T13261] __x64_sys_mlockall+0x2e3/0x320 [ 1689.604573][T13261] do_syscall_64+0xcc/0x3a0 [ 1689.609149][T13261] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1689.615070][T13261] RIP: 0033:0x45af49 [ 1689.619086][T13261] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1689.638734][T13261] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1689.638753][T13261] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1689.638763][T13261] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 07:53:14 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x841}, 0x28) [ 1689.638773][T13261] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1689.638783][T13261] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1689.638833][T13261] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1689.659266][T13261] memory: usage 307200kB, limit 307200kB, failcnt 1792 [ 1689.703770][T13261] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1689.731480][T13261] Memory cgroup stats for /syz2: [ 1689.731647][T13261] anon 309628928 [ 1689.731647][T13261] file 106496 [ 1689.731647][T13261] kernel_stack 368640 [ 1689.731647][T13261] slab 1228800 [ 1689.731647][T13261] sock 53248 [ 1689.731647][T13261] shmem 0 [ 1689.731647][T13261] file_mapped 0 [ 1689.731647][T13261] file_dirty 0 [ 1689.731647][T13261] file_writeback 0 [ 1689.731647][T13261] anon_thp 270532608 [ 1689.731647][T13261] inactive_anon 258347008 [ 1689.731647][T13261] active_anon 7098368 [ 1689.731647][T13261] inactive_file 135168 [ 1689.731647][T13261] active_file 135168 [ 1689.731647][T13261] unevictable 44343296 [ 1689.731647][T13261] slab_reclaimable 405504 [ 1689.731647][T13261] slab_unreclaimable 823296 [ 1689.731647][T13261] pgfault 312576 [ 1689.731647][T13261] pgmajfault 0 [ 1689.731647][T13261] workingset_refault 0 [ 1689.731647][T13261] workingset_activate 0 [ 1689.731647][T13261] workingset_nodereclaim 0 [ 1689.731647][T13261] pgrefill 110 [ 1689.731647][T13261] pgscan 141 [ 1689.731647][T13261] pgsteal 35 07:53:14 executing program 1: kexec_load(0x0, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000, 0x7086}], 0x0) ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000080)={0x100, 0x6, 0x4, 0x4000, 0x6, {0x77359400}, {0x5, 0x1, 0xed, 0x3d, 0x5, 0x2, "5cb79302"}, 0xfffffffa, 0x3, @offset=0x1, 0x0, 0x0, 0xffffffffffffffff}) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r0, &(0x7f0000000180)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000160}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0xffffffffffffff11, 0x7, 0x1, 0x300, 0x70bd25, 0x25dfdbfc, {0xa, 0x0, 0x1}, ["", "", "", ""]}, 0x14}}, 0x40000) uselib(&(0x7f0000000040)='./file0\x00') [ 1689.840333][T13257] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:14 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202015202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:14 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r0, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(0xffffffffffffffff) 07:53:14 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x842}, 0x28) [ 1689.952301][T13261] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13238,uid=0 [ 1689.975158][T13261] Memory cgroup out of memory: Killed process 13238 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 07:53:15 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108006000"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:15 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x843}, 0x28) 07:53:15 executing program 1: r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SIOCAX25GETUID(r0, 0x89e0, &(0x7f00000000c0)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, r1}) syz_open_dev$vcsu(&(0x7f0000000140)='/dev/vcsu#\x00', 0x1000, 0x20cc02) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000100)={0x1, [0x200]}, 0x6) 07:53:15 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202016202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1690.708538][T13505] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1690.726289][T13505] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1690.772667][T13505] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108006800"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:15 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x844}, 0x28) 07:53:15 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202017202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1690.983514][T13614] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1691.035397][T13614] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:53:16 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000180)={0x9c0000, 0x4f, 0xa9, 0xffffffffffffffff, 0x0, &(0x7f0000000140)={0xa30904, 0x7, [], @p_u8=&(0x7f0000000100)=0x1}}) socket(0x7, 0x6, 0x1) getsockname$llc(r1, &(0x7f0000000200)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000240)=0x10) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000000c0)=0xfffffffffffffef5) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x14, &(0x7f00000001c0)={r3}, 0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000000)={r3, @in6={{0xa, 0x4e20, 0x77, @ipv4={[], [], @local}, 0xfffffff9}}, 0x4, 0xffff}, 0x90) [ 1691.095319][T13614] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1691.121183][T13613] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1691.132514][T13613] CPU: 0 PID: 13613 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1691.141338][T13613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1691.151398][T13613] Call Trace: [ 1691.154700][T13613] dump_stack+0x11d/0x181 [ 1691.159079][T13613] dump_header+0xaa/0x39c [ 1691.163485][T13613] oom_kill_process.cold+0x10/0x15 [ 1691.168653][T13613] out_of_memory+0x231/0xa60 [ 1691.173239][T13613] ? __rcu_read_unlock+0x66/0x3d0 [ 1691.178351][T13613] mem_cgroup_out_of_memory+0x128/0x150 [ 1691.183897][T13613] try_charge+0xb6c/0xbf0 [ 1691.188225][T13613] ? rcu_note_context_switch+0x720/0x760 [ 1691.193861][T13613] mem_cgroup_try_charge+0xd2/0x260 [ 1691.199061][T13613] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1691.204758][T13613] __handle_mm_fault+0x197f/0x2e00 [ 1691.209896][T13613] handle_mm_fault+0x21b/0x530 [ 1691.214658][T13613] __get_user_pages+0x485/0x1130 [ 1691.219603][T13613] populate_vma_page_range+0xe6/0x100 [ 1691.224977][T13613] __mm_populate+0x168/0x2a0 [ 1691.229584][T13613] __x64_sys_mlockall+0x2e3/0x320 [ 1691.234612][T13613] do_syscall_64+0xcc/0x3a0 [ 1691.239218][T13613] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1691.245100][T13613] RIP: 0033:0x45af49 [ 1691.248997][T13613] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1691.268655][T13613] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1691.277082][T13613] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1691.285048][T13613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1691.293013][T13613] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1691.300977][T13613] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1691.308963][T13613] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:53:16 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x845}, 0x28) [ 1691.350477][T13613] memory: usage 307200kB, limit 307200kB, failcnt 1821 [ 1691.398400][T13613] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1691.414224][T13613] Memory cgroup stats for /syz2: [ 1691.414684][T13613] anon 309587968 [ 1691.414684][T13613] file 106496 [ 1691.414684][T13613] kernel_stack 368640 [ 1691.414684][T13613] slab 1228800 [ 1691.414684][T13613] sock 53248 [ 1691.414684][T13613] shmem 0 [ 1691.414684][T13613] file_mapped 0 [ 1691.414684][T13613] file_dirty 0 [ 1691.414684][T13613] file_writeback 0 [ 1691.414684][T13613] anon_thp 270532608 [ 1691.414684][T13613] inactive_anon 258387968 [ 1691.414684][T13613] active_anon 7102464 [ 1691.414684][T13613] inactive_file 135168 [ 1691.414684][T13613] active_file 135168 [ 1691.414684][T13613] unevictable 44179456 [ 1691.414684][T13613] slab_reclaimable 405504 [ 1691.414684][T13613] slab_unreclaimable 823296 [ 1691.414684][T13613] pgfault 314424 [ 1691.414684][T13613] pgmajfault 0 [ 1691.414684][T13613] workingset_refault 0 [ 1691.414684][T13613] workingset_activate 0 [ 1691.414684][T13613] workingset_nodereclaim 0 [ 1691.414684][T13613] pgrefill 110 [ 1691.414684][T13613] pgscan 141 [ 1691.414684][T13613] pgsteal 35 [ 1691.520251][T13613] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13491,uid=0 [ 1691.535971][T13613] Memory cgroup out of memory: Killed process 13491 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 07:53:16 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r0, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(0xffffffffffffffff) 07:53:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108006c00"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1691.944258][T13741] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1692.006551][T13741] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1692.063726][T13741] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1692.090188][T13744] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1692.100593][T13744] CPU: 1 PID: 13744 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1692.109275][T13744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1692.119331][T13744] Call Trace: [ 1692.122634][T13744] dump_stack+0x11d/0x181 [ 1692.126975][T13744] dump_header+0xaa/0x39c [ 1692.131393][T13744] oom_kill_process.cold+0x10/0x15 [ 1692.136515][T13744] out_of_memory+0x231/0xa60 [ 1692.141156][T13744] ? __rcu_read_unlock+0x66/0x3d0 [ 1692.146201][T13744] mem_cgroup_out_of_memory+0x128/0x150 [ 1692.151766][T13744] try_charge+0xb6c/0xbf0 [ 1692.156121][T13744] ? rcu_note_context_switch+0x720/0x760 07:53:17 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:17 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202018202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:17 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x846}, 0x28) 07:53:17 executing program 1: kexec_load(0x80000005, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a002}], 0x0) 07:53:17 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108007400"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1692.161780][T13744] mem_cgroup_try_charge+0xd2/0x260 [ 1692.167002][T13744] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1692.172675][T13744] __handle_mm_fault+0x197f/0x2e00 [ 1692.177817][T13744] handle_mm_fault+0x21b/0x530 [ 1692.182598][T13744] __get_user_pages+0x485/0x1130 [ 1692.187560][T13744] populate_vma_page_range+0xe6/0x100 [ 1692.192945][T13744] __mm_populate+0x168/0x2a0 [ 1692.197553][T13744] __x64_sys_mlockall+0x2e3/0x320 [ 1692.202623][T13744] do_syscall_64+0xcc/0x3a0 [ 1692.207239][T13744] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1692.213140][T13744] RIP: 0033:0x45af49 [ 1692.217045][T13744] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1692.237371][T13744] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1692.245797][T13744] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1692.253902][T13744] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1692.261046][T13748] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1692.261884][T13744] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1692.261895][T13744] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1692.261918][T13744] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:53:17 executing program 1: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x505103, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/key-users\x00', 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x5000, 0x80000}) [ 1692.339314][T13748] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:53:17 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x847}, 0x28) [ 1692.419114][T13748] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1692.471729][T13744] memory: usage 307200kB, limit 307200kB, failcnt 1785 [ 1692.497090][T13744] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1692.513555][T13744] Memory cgroup stats for /syz4: [ 1692.513815][T13744] anon 310013952 [ 1692.513815][T13744] file 8192 [ 1692.513815][T13744] kernel_stack 294912 [ 1692.513815][T13744] slab 942080 [ 1692.513815][T13744] sock 0 [ 1692.513815][T13744] shmem 0 [ 1692.513815][T13744] file_mapped 0 [ 1692.513815][T13744] file_dirty 0 [ 1692.513815][T13744] file_writeback 0 [ 1692.513815][T13744] anon_thp 274726912 [ 1692.513815][T13744] inactive_anon 262549504 [ 1692.513815][T13744] active_anon 6791168 [ 1692.513815][T13744] inactive_file 0 [ 1692.513815][T13744] active_file 118784 [ 1692.513815][T13744] unevictable 40751104 07:53:17 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108007a00"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:17 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202019202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1692.513815][T13744] slab_reclaimable 135168 [ 1692.513815][T13744] slab_unreclaimable 806912 [ 1692.513815][T13744] pgfault 287067 [ 1692.513815][T13744] pgmajfault 0 [ 1692.513815][T13744] workingset_refault 0 [ 1692.513815][T13744] workingset_activate 0 [ 1692.513815][T13744] workingset_nodereclaim 0 [ 1692.513815][T13744] pgrefill 164 [ 1692.513815][T13744] pgscan 253 [ 1692.513815][T13744] pgsteal 34 [ 1692.647414][T13852] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1692.670265][T13744] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13496,uid=0 [ 1692.687307][T13744] Memory cgroup out of memory: Killed process 13496 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1692.708536][T13852] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1692.753856][T13758] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1692.772198][T13758] CPU: 0 PID: 13758 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1692.780909][T13758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1692.791212][T13758] Call Trace: [ 1692.795024][T13758] dump_stack+0x11d/0x181 [ 1692.799484][T13758] dump_header+0xaa/0x39c [ 1692.799511][T13758] oom_kill_process.cold+0x10/0x15 [ 1692.799566][T13758] out_of_memory+0x231/0xa60 [ 1692.799607][T13758] mem_cgroup_out_of_memory+0x128/0x150 [ 1692.799681][T13758] try_charge+0xb6c/0xbf0 [ 1692.799705][T13758] ? rcu_note_context_switch+0x720/0x760 [ 1692.799815][T13758] mem_cgroup_try_charge+0xd2/0x260 [ 1692.809286][T13758] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1692.840367][T13758] __handle_mm_fault+0x197f/0x2e00 [ 1692.845522][T13758] handle_mm_fault+0x21b/0x530 07:53:17 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x848}, 0x28) [ 1692.850306][T13758] __get_user_pages+0x485/0x1130 [ 1692.855274][T13758] populate_vma_page_range+0xe6/0x100 [ 1692.860659][T13758] __mm_populate+0x168/0x2a0 [ 1692.865276][T13758] __x64_sys_mlockall+0x2e3/0x320 [ 1692.870450][T13758] do_syscall_64+0xcc/0x3a0 [ 1692.875076][T13758] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1692.880969][T13758] RIP: 0033:0x45af49 [ 1692.884906][T13758] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1692.904542][T13758] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1692.913096][T13758] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1692.921195][T13758] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1692.929165][T13758] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1692.937132][T13758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1692.945107][T13758] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1693.002366][T13852] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1693.126758][T13758] memory: usage 307200kB, limit 307200kB, failcnt 1860 [ 1693.134297][T13758] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1693.153296][T13758] Memory cgroup stats for /syz2: [ 1693.153542][T13758] anon 309608448 [ 1693.153542][T13758] file 106496 [ 1693.153542][T13758] kernel_stack 368640 [ 1693.153542][T13758] slab 1228800 [ 1693.153542][T13758] sock 53248 [ 1693.153542][T13758] shmem 0 [ 1693.153542][T13758] file_mapped 0 [ 1693.153542][T13758] file_dirty 0 [ 1693.153542][T13758] file_writeback 0 [ 1693.153542][T13758] anon_thp 270532608 [ 1693.153542][T13758] inactive_anon 258351104 [ 1693.153542][T13758] active_anon 7086080 [ 1693.153542][T13758] inactive_file 135168 [ 1693.153542][T13758] active_file 135168 [ 1693.153542][T13758] unevictable 44212224 [ 1693.153542][T13758] slab_reclaimable 405504 [ 1693.153542][T13758] slab_unreclaimable 823296 [ 1693.153542][T13758] pgfault 316305 [ 1693.153542][T13758] pgmajfault 0 [ 1693.153542][T13758] workingset_refault 0 [ 1693.153542][T13758] workingset_activate 0 [ 1693.153542][T13758] workingset_nodereclaim 0 [ 1693.153542][T13758] pgrefill 110 [ 1693.153542][T13758] pgscan 141 [ 1693.153542][T13758] pgsteal 35 [ 1693.253228][T13758] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13734,uid=0 [ 1693.323211][T13758] Memory cgroup out of memory: Killed process 13734 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 07:53:18 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e5558202020202020202020202020202020202020201a202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:18 executing program 1: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000000)={0x1, 0x200, 0x1, 0xe25, 0x1}, 0x14) 07:53:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800fc00"/20, @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:18 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x849}, 0x28) 07:53:18 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r0, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(0xffffffffffffffff) 07:53:18 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) [ 1693.947356][T13898] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1693.965265][T13898] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1694.029911][T13898] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1694.077915][T13897] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1694.100435][T13897] CPU: 0 PID: 13897 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1694.109162][T13897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1694.119228][T13897] Call Trace: [ 1694.122592][T13897] dump_stack+0x11d/0x181 [ 1694.126942][T13897] dump_header+0xaa/0x39c [ 1694.131365][T13897] oom_kill_process.cold+0x10/0x15 [ 1694.136626][T13897] out_of_memory+0x231/0xa60 [ 1694.141232][T13897] ? __rcu_read_unlock+0x66/0x3d0 [ 1694.146281][T13897] mem_cgroup_out_of_memory+0x128/0x150 [ 1694.151872][T13897] try_charge+0xb6c/0xbf0 [ 1694.156232][T13897] ? rcu_note_context_switch+0x720/0x760 [ 1694.161897][T13897] mem_cgroup_try_charge+0xd2/0x260 [ 1694.167156][T13897] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1694.172885][T13897] __handle_mm_fault+0x197f/0x2e00 [ 1694.178130][T13897] handle_mm_fault+0x21b/0x530 [ 1694.182918][T13897] __get_user_pages+0x485/0x1130 [ 1694.187870][T13897] populate_vma_page_range+0xe6/0x100 [ 1694.193246][T13897] __mm_populate+0x168/0x2a0 [ 1694.198297][T13897] __x64_sys_mlockall+0x2e3/0x320 [ 1694.203337][T13897] do_syscall_64+0xcc/0x3a0 [ 1694.207909][T13897] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1694.213867][T13897] RIP: 0033:0x45af49 [ 1694.217832][T13897] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1694.237534][T13897] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1694.246021][T13897] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1694.254059][T13897] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1694.262248][T13897] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1694.270333][T13897] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 07:53:19 executing program 1: ioctl$KVM_SET_GUEST_DEBUG(0xffffffffffffffff, 0x4048ae9b, &(0x7f0000000000)={0x80000, 0x0, [0xffffffffffff8001, 0x8, 0x96f, 0x3, 0x8, 0xbe, 0x10001, 0x2b27]}) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 07:53:19 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e5558202020202020202020202020202020202020201b202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:19 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x84a}, 0x28) 07:53:19 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000003000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1694.278396][T13897] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1694.307314][T13897] memory: usage 307200kB, limit 307200kB, failcnt 1894 [ 1694.332266][T13897] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1694.352392][T13897] Memory cgroup stats for /syz2: [ 1694.352802][T13897] anon 309596160 [ 1694.352802][T13897] file 106496 [ 1694.352802][T13897] kernel_stack 405504 [ 1694.352802][T13897] slab 1228800 [ 1694.352802][T13897] sock 53248 [ 1694.352802][T13897] shmem 0 [ 1694.352802][T13897] file_mapped 0 [ 1694.352802][T13897] file_dirty 0 [ 1694.352802][T13897] file_writeback 0 [ 1694.352802][T13897] anon_thp 270532608 [ 1694.352802][T13897] inactive_anon 258215936 [ 1694.352802][T13897] active_anon 7139328 [ 1694.352802][T13897] inactive_file 135168 [ 1694.352802][T13897] active_file 135168 [ 1694.352802][T13897] unevictable 44175360 [ 1694.352802][T13897] slab_reclaimable 405504 [ 1694.352802][T13897] slab_unreclaimable 823296 [ 1694.352802][T13897] pgfault 318153 [ 1694.352802][T13897] pgmajfault 0 [ 1694.352802][T13897] workingset_refault 0 [ 1694.352802][T13897] workingset_activate 0 [ 1694.352802][T13897] workingset_nodereclaim 0 [ 1694.352802][T13897] pgrefill 110 [ 1694.352802][T13897] pgscan 141 [ 1694.352802][T13897] pgsteal 35 [ 1694.479222][T13897] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13882,uid=0 [ 1694.497048][T13897] Memory cgroup out of memory: Killed process 13882 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1694.500428][T14079] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1694.523208][ T1065] oom_reaper: reaped process 13882 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1694.534996][T13970] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1694.593391][T13970] CPU: 1 PID: 13970 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1694.602106][T13970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1694.612159][T13970] Call Trace: [ 1694.615498][T13970] dump_stack+0x11d/0x181 [ 1694.619855][T13970] dump_header+0xaa/0x39c [ 1694.624340][T13970] oom_kill_process.cold+0x10/0x15 [ 1694.629511][T13970] out_of_memory+0x231/0xa60 [ 1694.634173][T13970] mem_cgroup_out_of_memory+0x128/0x150 [ 1694.639736][T13970] try_charge+0xb6c/0xbf0 [ 1694.644074][T13970] ? rcu_note_context_switch+0x720/0x760 [ 1694.649809][T13970] mem_cgroup_try_charge+0xd2/0x260 [ 1694.655017][T13970] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1694.660686][T13970] __handle_mm_fault+0x197f/0x2e00 [ 1694.666255][T13970] handle_mm_fault+0x21b/0x530 [ 1694.671084][T13970] __get_user_pages+0x485/0x1130 [ 1694.676143][T13970] populate_vma_page_range+0xe6/0x100 [ 1694.681639][T13970] __mm_populate+0x168/0x2a0 [ 1694.686294][T13970] __x64_sys_mlockall+0x2e3/0x320 [ 1694.691397][T13970] do_syscall_64+0xcc/0x3a0 [ 1694.695929][T13970] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1694.701965][T13970] RIP: 0033:0x45af49 [ 1694.705910][T13970] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1694.721147][T14079] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1694.725579][T13970] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 07:53:19 executing program 1: r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$USBDEVFS_RELEASE_PORT(r0, 0x80045519, &(0x7f0000000100)=0xe04e) kexec_load(0x0, 0x2, &(0x7f0000000080)=[{0x0, 0x0, 0x3}, {&(0x7f0000000000)="272b79e1a1252266ace631366e29dabc44b61b93837732aebac74e9fd8d5b5f6a2aadaf89dc088d8a552dff6bb9e0529f94e2b665d7a2d65b9439dd8829fe4d3d5fdd089ed663ba4cadf41e7f209bf24bc19b6969070233da8e34df71fd73963c4c9c983c7a4f7366f3bf2158cd05e2241", 0x71, 0x2a753cc3, 0x9}], 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/nvram\x00', 0x100400, 0x0) [ 1694.725597][T13970] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1694.725607][T13970] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1694.725617][T13970] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1694.725638][T13970] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1694.765210][T13970] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:53:19 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x84b}, 0x28) [ 1694.876766][T14079] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:19 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800ff04000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:19 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e5558202020202020202020202020202020202020201c202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1695.010077][T13970] memory: usage 307200kB, limit 307200kB, failcnt 1821 [ 1695.017744][T13970] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1695.028044][T13970] Memory cgroup stats for /syz4: [ 1695.065298][T13970] anon 310099968 [ 1695.065298][T13970] file 8192 [ 1695.065298][T13970] kernel_stack 331776 [ 1695.065298][T13970] slab 942080 [ 1695.065298][T13970] sock 0 [ 1695.065298][T13970] shmem 0 [ 1695.065298][T13970] file_mapped 0 [ 1695.065298][T13970] file_dirty 0 [ 1695.065298][T13970] file_writeback 0 [ 1695.065298][T13970] anon_thp 272629760 [ 1695.065298][T13970] inactive_anon 262647808 [ 1695.065298][T13970] active_anon 6828032 [ 1695.065298][T13970] inactive_file 0 [ 1695.065298][T13970] active_file 118784 [ 1695.065298][T13970] unevictable 40579072 [ 1695.065298][T13970] slab_reclaimable 135168 [ 1695.065298][T13970] slab_unreclaimable 806912 [ 1695.065298][T13970] pgfault 288651 [ 1695.065298][T13970] pgmajfault 0 [ 1695.065298][T13970] workingset_refault 0 [ 1695.065298][T13970] workingset_activate 0 [ 1695.065298][T13970] workingset_nodereclaim 0 [ 1695.065298][T13970] pgrefill 164 [ 1695.065298][T13970] pgscan 253 [ 1695.065298][T13970] pgsteal 34 [ 1695.094260][T14163] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1695.189656][T13970] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13878,uid=0 [ 1695.215441][T13970] Memory cgroup out of memory: Killed process 13878 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 07:53:20 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) [ 1695.284810][T14163] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:53:20 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x84c}, 0x28) [ 1695.403709][T14163] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1696.292190][T13970] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1696.303063][T13970] CPU: 0 PID: 13970 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1696.311763][T13970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1696.322064][T13970] Call Trace: [ 1696.325473][T13970] dump_stack+0x11d/0x181 [ 1696.329892][T13970] dump_header+0xaa/0x39c [ 1696.334291][T13970] oom_kill_process.cold+0x10/0x15 [ 1696.339436][T13970] out_of_memory+0x231/0xa60 [ 1696.344014][T13970] ? __rcu_read_unlock+0x66/0x3d0 [ 1696.349147][T13970] mem_cgroup_out_of_memory+0x128/0x150 [ 1696.354768][T13970] try_charge+0xb6c/0xbf0 [ 1696.359087][T13970] ? rcu_note_context_switch+0x720/0x760 [ 1696.364715][T13970] mem_cgroup_try_charge+0xd2/0x260 [ 1696.370003][T13970] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1696.375633][T13970] __handle_mm_fault+0x197f/0x2e00 [ 1696.380751][T13970] handle_mm_fault+0x21b/0x530 [ 1696.385500][T13970] __get_user_pages+0x485/0x1130 [ 1696.390474][T13970] populate_vma_page_range+0xe6/0x100 [ 1696.399755][T13970] __mm_populate+0x168/0x2a0 [ 1696.404339][T13970] __x64_sys_mremap+0x5df/0x750 [ 1696.409234][T13970] do_syscall_64+0xcc/0x3a0 [ 1696.413748][T13970] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1696.419636][T13970] RIP: 0033:0x45af49 [ 1696.423585][T13970] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1696.443298][T13970] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1696.460427][T13970] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1696.468397][T13970] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1696.476365][T13970] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1696.484390][T13970] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1696.492353][T13970] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1696.502088][T13970] memory: usage 307200kB, limit 307200kB, failcnt 1895 [ 1696.509119][T13970] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1696.516188][T13970] Memory cgroup stats for /syz4: [ 1696.517792][T13970] anon 310001664 [ 1696.517792][T13970] file 8192 [ 1696.517792][T13970] kernel_stack 331776 [ 1696.517792][T13970] slab 942080 [ 1696.517792][T13970] sock 0 [ 1696.517792][T13970] shmem 0 [ 1696.517792][T13970] file_mapped 0 [ 1696.517792][T13970] file_dirty 0 [ 1696.517792][T13970] file_writeback 0 [ 1696.517792][T13970] anon_thp 270532608 [ 1696.517792][T13970] inactive_anon 258654208 [ 1696.517792][T13970] active_anon 6828032 [ 1696.517792][T13970] inactive_file 0 [ 1696.517792][T13970] active_file 118784 [ 1696.517792][T13970] unevictable 44695552 [ 1696.517792][T13970] slab_reclaimable 135168 [ 1696.517792][T13970] slab_unreclaimable 806912 [ 1696.517792][T13970] pgfault 290070 [ 1696.517792][T13970] pgmajfault 0 [ 1696.517792][T13970] workingset_refault 0 [ 1696.517792][T13970] workingset_activate 0 [ 1696.517792][T13970] workingset_nodereclaim 0 [ 1696.517792][T13970] pgrefill 164 [ 1696.517792][T13970] pgscan 253 [ 1696.517792][T13970] pgsteal 34 [ 1696.612438][T13970] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13901,uid=0 [ 1696.629252][T13970] Memory cgroup out of memory: Killed process 13901 (syz-executor.4) total-vm:72708kB, anon-rss:13432kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1696.650837][ T1065] oom_reaper: reaped process 13901 (syz-executor.4), now anon-rss:13424kB, file-rss:54364kB, shmem-rss:0kB 07:53:22 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:22 executing program 1: statfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000002600)=""/4086) kexec_load(0x80000000, 0x800000000000139, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) mincore(&(0x7f0000ffd000/0x1000)=nil, 0x1000, &(0x7f0000000040)=""/160) 07:53:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000005000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:22 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e5558202020202020202020202020202020202020201d202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:22 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x84d}, 0x28) 07:53:22 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) [ 1697.470893][T14255] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1697.543134][T14255] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:53:22 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e5558202020202020202020202020202020202020201e202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1697.684061][T14255] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:22 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x84e}, 0x28) 07:53:22 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x202000, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x5080}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="94000025020000020c0004800800024000000003060002408035000006000240141e00000900010073797a30000000000900010073797a31000000003c00048008ff2bd12f50da78d300014000000008080001400000000608000140000000090800014000000006080001400000000f0800014000000009060002400037000006000240809b0000"], 0x94}, 0x1, 0x0, 0x0, 0x40004054}, 0x1) 07:53:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000006000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:22 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202025202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1698.065743][T14452] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:53:22 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x84f}, 0x28) [ 1698.108430][T14452] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1698.177455][T14452] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:23 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:23 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202030202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:23 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in={{0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x0, 0x0, 0x4d, 0x0, "bc2acb7f41f41a548f8675698731ae1cacbeb515d19913906c50afc4fd59c49970f235f194a8ed7c92dd127892cf992bff5decfe0743e320e9bb8a3ffd706a0c21b2ed4ea612798d93597dab2d8ea4f0"}, 0xd8) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='lp\x00', 0x3) 07:53:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000007000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:23 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x850}, 0x28) 07:53:23 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) [ 1698.819216][T14505] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:53:23 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e5558202020202020202020202020202020202020205c202020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1698.869366][T14505] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1698.940541][T14505] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:23 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x851}, 0x28) 07:53:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000a000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:24 executing program 1: kexec_load(0x0, 0x800000000000055, &(0x7f0000000000)=[{0x0}], 0x40000) 07:53:24 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x852}, 0x28) [ 1699.192991][T14593] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1699.240853][T14593] CPU: 0 PID: 14593 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1699.249605][T14593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1699.259675][T14593] Call Trace: [ 1699.262984][T14593] dump_stack+0x11d/0x181 [ 1699.267387][T14593] dump_header+0xaa/0x39c [ 1699.271741][T14593] oom_kill_process.cold+0x10/0x15 [ 1699.276955][T14593] out_of_memory+0x231/0xa60 [ 1699.281581][T14593] ? __rcu_read_unlock+0x66/0x3d0 [ 1699.286713][T14593] mem_cgroup_out_of_memory+0x128/0x150 [ 1699.292284][T14593] try_charge+0xb6c/0xbf0 [ 1699.296703][T14593] ? rcu_note_context_switch+0x720/0x760 [ 1699.302467][T14593] mem_cgroup_try_charge+0xd2/0x260 [ 1699.307686][T14593] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1699.313353][T14593] __handle_mm_fault+0x197f/0x2e00 [ 1699.318767][T14593] handle_mm_fault+0x21b/0x530 [ 1699.323612][T14593] __get_user_pages+0x485/0x1130 [ 1699.328779][T14593] populate_vma_page_range+0xe6/0x100 [ 1699.334183][T14593] __mm_populate+0x168/0x2a0 [ 1699.338819][T14593] __x64_sys_mlockall+0x2e3/0x320 [ 1699.344840][T14593] do_syscall_64+0xcc/0x3a0 [ 1699.349634][T14593] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1699.355738][T14593] RIP: 0033:0x45af49 [ 1699.359735][T14593] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1699.380171][T14593] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1699.380532][T14631] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1699.388752][T14593] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1699.388762][T14593] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1699.388772][T14593] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1699.388783][T14593] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1699.388793][T14593] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:53:24 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r0, 0xc0bc5310, &(0x7f0000000000)) [ 1699.422334][T14593] memory: usage 307200kB, limit 307200kB, failcnt 1931 [ 1699.443733][T14593] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1699.451466][T14593] Memory cgroup stats for /syz4: [ 1699.451740][T14593] anon 310018048 [ 1699.451740][T14593] file 8192 [ 1699.451740][T14593] kernel_stack 331776 [ 1699.451740][T14593] slab 942080 [ 1699.451740][T14593] sock 0 [ 1699.451740][T14593] shmem 0 [ 1699.451740][T14593] file_mapped 0 [ 1699.451740][T14593] file_dirty 0 [ 1699.451740][T14593] file_writeback 0 [ 1699.451740][T14593] anon_thp 274726912 [ 1699.451740][T14593] inactive_anon 262561792 [ 1699.451740][T14593] active_anon 6836224 [ 1699.451740][T14593] inactive_file 0 [ 1699.451740][T14593] active_file 118784 [ 1699.451740][T14593] unevictable 40652800 [ 1699.451740][T14593] slab_reclaimable 135168 [ 1699.451740][T14593] slab_unreclaimable 806912 [ 1699.451740][T14593] pgfault 291951 [ 1699.451740][T14593] pgmajfault 0 [ 1699.451740][T14593] workingset_refault 0 [ 1699.451740][T14593] workingset_activate 0 [ 1699.451740][T14593] workingset_nodereclaim 0 [ 1699.451740][T14593] pgrefill 164 [ 1699.451740][T14593] pgscan 253 [ 1699.451740][T14593] pgsteal 34 [ 1699.546319][T14593] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=14365,uid=0 [ 1699.563366][T14593] Memory cgroup out of memory: Killed process 14365 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1699.585467][ T1065] oom_reaper: reaped process 14365 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1699.689693][T14631] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1699.757336][T14631] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:25 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:25 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020022020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:25 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:25 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x853}, 0x28) 07:53:25 executing program 1: kexec_load(0x1, 0xa25, &(0x7f00000005c0)=[{0x0, 0x0, 0x6, 0x4000000}], 0x0) 07:53:25 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000c000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1700.436180][T14756] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1700.518656][T14756] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1700.544435][T14763] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1700.555888][T14763] CPU: 0 PID: 14763 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 07:53:25 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x854}, 0x28) [ 1700.564576][T14763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1700.574637][T14763] Call Trace: [ 1700.577941][T14763] dump_stack+0x11d/0x181 [ 1700.582349][T14763] dump_header+0xaa/0x39c [ 1700.586761][T14763] oom_kill_process.cold+0x10/0x15 [ 1700.586785][T14763] out_of_memory+0x231/0xa60 [ 1700.586806][T14763] ? __rcu_read_unlock+0x66/0x3d0 [ 1700.586836][T14763] mem_cgroup_out_of_memory+0x128/0x150 [ 1700.586873][T14763] try_charge+0xb6c/0xbf0 [ 1700.586894][T14763] ? rcu_note_context_switch+0x720/0x760 [ 1700.586942][T14763] mem_cgroup_try_charge+0xd2/0x260 [ 1700.617114][T14763] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1700.617136][T14763] __handle_mm_fault+0x197f/0x2e00 [ 1700.617170][T14763] handle_mm_fault+0x21b/0x530 [ 1700.617190][T14763] __get_user_pages+0x485/0x1130 [ 1700.617259][T14763] populate_vma_page_range+0xe6/0x100 [ 1700.648484][T14763] __mm_populate+0x168/0x2a0 [ 1700.653089][T14763] __x64_sys_mlockall+0x2e3/0x320 [ 1700.658146][T14763] do_syscall_64+0xcc/0x3a0 [ 1700.662710][T14763] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1700.668774][T14763] RIP: 0033:0x45af49 [ 1700.672781][T14763] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1700.692485][T14763] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1700.700918][T14763] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1700.708905][T14763] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 07:53:25 executing program 1: [ 1700.716889][T14763] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1700.724950][T14763] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1700.732949][T14763] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1700.775881][T14756] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1700.779498][T14763] memory: usage 307192kB, limit 307200kB, failcnt 1957 07:53:25 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:25 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000e000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:25 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020032020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:25 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x855}, 0x28) [ 1700.952926][T14763] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1700.978152][T14763] Memory cgroup stats for /syz4: [ 1700.978362][T14763] anon 310157312 [ 1700.978362][T14763] file 8192 [ 1700.978362][T14763] kernel_stack 331776 [ 1700.978362][T14763] slab 942080 [ 1700.978362][T14763] sock 0 [ 1700.978362][T14763] shmem 0 [ 1700.978362][T14763] file_mapped 0 [ 1700.978362][T14763] file_dirty 0 [ 1700.978362][T14763] file_writeback 0 [ 1700.978362][T14763] anon_thp 272629760 [ 1700.978362][T14763] inactive_anon 262635520 [ 1700.978362][T14763] active_anon 6860800 [ 1700.978362][T14763] inactive_file 0 [ 1700.978362][T14763] active_file 118784 [ 1700.978362][T14763] unevictable 40824832 [ 1700.978362][T14763] slab_reclaimable 135168 [ 1700.978362][T14763] slab_unreclaimable 806912 [ 1700.978362][T14763] pgfault 293898 [ 1700.978362][T14763] pgmajfault 0 [ 1700.978362][T14763] workingset_refault 0 [ 1700.978362][T14763] workingset_activate 0 [ 1700.978362][T14763] workingset_nodereclaim 0 [ 1700.978362][T14763] pgrefill 164 [ 1700.978362][T14763] pgscan 253 [ 1700.978362][T14763] pgsteal 34 [ 1701.016676][T14776] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1701.074703][T14763] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=14639,uid=0 [ 1701.094514][T14776] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1701.103126][T14763] Memory cgroup out of memory: Killed process 14639 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1701.125770][ T1065] oom_reaper: reaped process 14639 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1701.199467][T14776] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1701.952668][T14763] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1701.963474][T14763] CPU: 0 PID: 14763 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1701.972159][T14763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1701.982202][T14763] Call Trace: [ 1701.985519][T14763] dump_stack+0x11d/0x181 [ 1701.989937][T14763] dump_header+0xaa/0x39c [ 1701.994256][T14763] oom_kill_process.cold+0x10/0x15 [ 1701.999356][T14763] out_of_memory+0x231/0xa60 [ 1702.003931][T14763] ? __rcu_read_unlock+0x66/0x3d0 [ 1702.008956][T14763] mem_cgroup_out_of_memory+0x128/0x150 [ 1702.014487][T14763] try_charge+0xb6c/0xbf0 [ 1702.018875][T14763] ? rcu_note_context_switch+0x720/0x760 [ 1702.024520][T14763] mem_cgroup_try_charge+0xd2/0x260 [ 1702.029787][T14763] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1702.035411][T14763] __handle_mm_fault+0x197f/0x2e00 [ 1702.040533][T14763] handle_mm_fault+0x21b/0x530 [ 1702.045284][T14763] __get_user_pages+0x485/0x1130 [ 1702.050270][T14763] populate_vma_page_range+0xe6/0x100 [ 1702.055670][T14763] __mm_populate+0x168/0x2a0 [ 1702.060424][T14763] __x64_sys_mremap+0x5df/0x750 [ 1702.065291][T14763] do_syscall_64+0xcc/0x3a0 [ 1702.069911][T14763] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1702.075804][T14763] RIP: 0033:0x45af49 [ 1702.079710][T14763] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1702.099325][T14763] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1702.107734][T14763] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1702.115741][T14763] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1702.123760][T14763] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1702.131732][T14763] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1702.139704][T14763] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1702.149443][T14763] memory: usage 307200kB, limit 307200kB, failcnt 2033 [ 1702.156363][T14763] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1702.163414][T14763] Memory cgroup stats for /syz4: [ 1702.164564][T14763] anon 310022144 [ 1702.164564][T14763] file 8192 [ 1702.164564][T14763] kernel_stack 331776 [ 1702.164564][T14763] slab 942080 [ 1702.164564][T14763] sock 0 [ 1702.164564][T14763] shmem 0 [ 1702.164564][T14763] file_mapped 0 [ 1702.164564][T14763] file_dirty 0 [ 1702.164564][T14763] file_writeback 0 [ 1702.164564][T14763] anon_thp 270532608 [ 1702.164564][T14763] inactive_anon 258789376 [ 1702.164564][T14763] active_anon 6860800 [ 1702.164564][T14763] inactive_file 0 [ 1702.164564][T14763] active_file 118784 [ 1702.164564][T14763] unevictable 44609536 [ 1702.164564][T14763] slab_reclaimable 135168 [ 1702.164564][T14763] slab_unreclaimable 806912 [ 1702.164564][T14763] pgfault 295317 [ 1702.164564][T14763] pgmajfault 0 [ 1702.164564][T14763] workingset_refault 0 [ 1702.164564][T14763] workingset_activate 0 [ 1702.164564][T14763] workingset_nodereclaim 0 [ 1702.164564][T14763] pgrefill 164 [ 1702.164564][T14763] pgscan 253 [ 1702.164564][T14763] pgsteal 34 [ 1702.260055][T14763] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=14755,uid=0 [ 1702.277050][T14763] Memory cgroup out of memory: Killed process 14755 (syz-executor.4) total-vm:72708kB, anon-rss:13432kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1702.297843][ T1065] oom_reaper: reaped process 14755 (syz-executor.4), now anon-rss:13424kB, file-rss:54364kB, shmem-rss:0kB 07:53:27 executing program 4: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:27 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x856}, 0x28) 07:53:27 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800000f000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:27 executing program 1: r0 = socket(0x25, 0x2, 0x54) connect$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x1, 0x2, 0x7, 0x81, 0x81, "b26cf4deb4047b56e2b8d749e1edcbf884dbd57c9e7de44e4dcf5e8b25cb4ad8ec4aa4b75e893495fe263040b52abfd9c5540fa3f93db466e815750c3b5d15", 0x2d}, 0x60) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) ioctl$KVM_S390_UCAS_UNMAP(r1, 0x4018ae51, &(0x7f0000000080)={0x101, 0x8, 0x7f}) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) 07:53:27 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020042020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:27 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r0, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(0xffffffffffffffff) 07:53:27 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x857}, 0x28) [ 1703.264948][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:53:28 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020052020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1703.324780][T14810] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1703.335328][T14810] CPU: 0 PID: 14810 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1703.344124][T14810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1703.354186][T14810] Call Trace: [ 1703.357571][T14810] dump_stack+0x11d/0x181 [ 1703.361957][T14810] dump_header+0xaa/0x39c [ 1703.366335][T14810] oom_kill_process.cold+0x10/0x15 [ 1703.371521][T14810] out_of_memory+0x231/0xa60 [ 1703.376154][T14810] ? __rcu_read_unlock+0x66/0x3d0 [ 1703.381206][T14810] mem_cgroup_out_of_memory+0x128/0x150 [ 1703.386819][T14810] try_charge+0xb6c/0xbf0 [ 1703.391153][T14810] ? rcu_note_context_switch+0x720/0x760 [ 1703.396846][T14810] mem_cgroup_try_charge+0xd2/0x260 [ 1703.402165][T14810] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1703.407848][T14810] __handle_mm_fault+0x197f/0x2e00 [ 1703.413029][T14810] handle_mm_fault+0x21b/0x530 [ 1703.418549][T14810] __get_user_pages+0x485/0x1130 [ 1703.423648][T14810] populate_vma_page_range+0xe6/0x100 [ 1703.429134][T14810] __mm_populate+0x168/0x2a0 [ 1703.433810][T14810] __x64_sys_mlockall+0x2e3/0x320 [ 1703.438977][T14810] do_syscall_64+0xcc/0x3a0 [ 1703.443503][T14810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1703.449422][T14810] RIP: 0033:0x45af49 [ 1703.453329][T14810] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1703.473046][T14810] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1703.481464][T14810] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1703.489439][T14810] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1703.497410][T14810] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1703.505498][T14810] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1703.513481][T14810] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1703.523386][T14810] memory: usage 307200kB, limit 307200kB, failcnt 2073 [ 1703.531164][T14810] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1703.540419][T14810] Memory cgroup stats for /syz4: [ 1703.540675][T14810] anon 310104064 [ 1703.540675][T14810] file 8192 [ 1703.540675][T14810] kernel_stack 331776 [ 1703.540675][T14810] slab 942080 [ 1703.540675][T14810] sock 0 [ 1703.540675][T14810] shmem 0 [ 1703.540675][T14810] file_mapped 0 [ 1703.540675][T14810] file_dirty 0 [ 1703.540675][T14810] file_writeback 0 [ 1703.540675][T14810] anon_thp 272629760 [ 1703.540675][T14810] inactive_anon 262696960 [ 1703.540675][T14810] active_anon 6836224 [ 1703.540675][T14810] inactive_file 0 [ 1703.540675][T14810] active_file 118784 [ 1703.540675][T14810] unevictable 40693760 [ 1703.540675][T14810] slab_reclaimable 135168 [ 1703.540675][T14810] slab_unreclaimable 806912 [ 1703.540675][T14810] pgfault 296175 [ 1703.540675][T14810] pgmajfault 0 [ 1703.540675][T14810] workingset_refault 0 [ 1703.540675][T14810] workingset_activate 0 [ 1703.540675][T14810] workingset_nodereclaim 0 [ 1703.540675][T14810] pgrefill 164 [ 1703.540675][T14810] pgscan 253 [ 1703.540675][T14810] pgsteal 34 [ 1703.636175][T14810] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=14794,uid=0 [ 1703.652653][T14810] Memory cgroup out of memory: Killed process 14794 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1703.658691][T14812] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:53:28 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) stat(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgid(r0) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r1, &(0x7f00000009c0)='threaded\x00', 0x76656f) ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000000)) [ 1703.774815][T14812] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:28 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x858}, 0x28) 07:53:28 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x859}, 0x28) 07:53:28 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108005b16000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1704.116416][T15031] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1704.135786][T15031] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1704.184765][T15031] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1704.440849][T14805] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1704.463149][T14805] CPU: 1 PID: 14805 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1704.471950][T14805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1704.482025][T14805] Call Trace: [ 1704.485335][T14805] dump_stack+0x11d/0x181 [ 1704.489728][T14805] dump_header+0xaa/0x39c [ 1704.494075][T14805] oom_kill_process.cold+0x10/0x15 [ 1704.499204][T14805] out_of_memory+0x231/0xa60 [ 1704.503845][T14805] ? __rcu_read_unlock+0x66/0x3d0 [ 1704.508977][T14805] mem_cgroup_out_of_memory+0x128/0x150 [ 1704.514538][T14805] try_charge+0xb6c/0xbf0 [ 1704.518884][T14805] ? rcu_note_context_switch+0x720/0x760 [ 1704.524612][T14805] mem_cgroup_try_charge+0xd2/0x260 [ 1704.529842][T14805] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1704.535515][T14805] __handle_mm_fault+0x197f/0x2e00 [ 1704.540653][T14805] handle_mm_fault+0x21b/0x530 [ 1704.546064][T14805] __get_user_pages+0x485/0x1130 [ 1704.551026][T14805] populate_vma_page_range+0xe6/0x100 [ 1704.556446][T14805] __mm_populate+0x168/0x2a0 [ 1704.561113][T14805] __x64_sys_mremap+0x5df/0x750 [ 1704.566065][T14805] do_syscall_64+0xcc/0x3a0 [ 1704.570588][T14805] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1704.576491][T14805] RIP: 0033:0x45af49 [ 1704.580502][T14805] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1704.600381][T14805] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1704.608937][T14805] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1704.616916][T14805] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1704.624911][T14805] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1704.633091][T14805] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1704.641077][T14805] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1704.669241][T14805] memory: usage 307152kB, limit 307200kB, failcnt 1946 [ 1704.676360][T14805] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1704.687083][T14805] Memory cgroup stats for /syz2: [ 1704.687260][T14805] anon 309112832 [ 1704.687260][T14805] file 106496 [ 1704.687260][T14805] kernel_stack 442368 [ 1704.687260][T14805] slab 1228800 [ 1704.687260][T14805] sock 53248 [ 1704.687260][T14805] shmem 0 [ 1704.687260][T14805] file_mapped 0 [ 1704.687260][T14805] file_dirty 0 [ 1704.687260][T14805] file_writeback 0 [ 1704.687260][T14805] anon_thp 270532608 [ 1704.687260][T14805] inactive_anon 254652416 [ 1704.687260][T14805] active_anon 13688832 [ 1704.687260][T14805] inactive_file 135168 [ 1704.687260][T14805] active_file 135168 [ 1704.687260][T14805] unevictable 41050112 [ 1704.687260][T14805] slab_reclaimable 405504 [ 1704.687260][T14805] slab_unreclaimable 823296 [ 1704.687260][T14805] pgfault 324588 [ 1704.687260][T14805] pgmajfault 0 [ 1704.687260][T14805] workingset_refault 0 [ 1704.687260][T14805] workingset_activate 0 [ 1704.687260][T14805] workingset_nodereclaim 0 [ 1704.687260][T14805] pgrefill 110 [ 1704.687260][T14805] pgscan 141 [ 1704.687260][T14805] pgsteal 35 [ 1704.787283][T14805] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=14798,uid=0 [ 1704.807317][T14805] Memory cgroup out of memory: Killed process 14805 (syz-executor.2) total-vm:72840kB, anon-rss:14020kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:188416kB oom_score_adj:1000 [ 1704.829579][ T1065] oom_reaper: reaped process 14805 (syz-executor.2), now anon-rss:14012kB, file-rss:54364kB, shmem-rss:0kB [ 1705.236999][T14810] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1705.247545][T14810] CPU: 0 PID: 14810 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1705.256346][T14810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1705.266451][T14810] Call Trace: [ 1705.269779][T14810] dump_stack+0x11d/0x181 [ 1705.274128][T14810] dump_header+0xaa/0x39c [ 1705.278493][T14810] oom_kill_process.cold+0x10/0x15 [ 1705.283612][T14810] out_of_memory+0x231/0xa60 [ 1705.288368][T14810] ? __rcu_read_unlock+0x66/0x3d0 [ 1705.293398][T14810] mem_cgroup_out_of_memory+0x128/0x150 [ 1705.298934][T14810] try_charge+0xb6c/0xbf0 [ 1705.303366][T14810] ? rcu_note_context_switch+0x720/0x760 [ 1705.308992][T14810] mem_cgroup_try_charge+0xd2/0x260 [ 1705.314181][T14810] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1705.319801][T14810] __handle_mm_fault+0x197f/0x2e00 [ 1705.324971][T14810] handle_mm_fault+0x21b/0x530 [ 1705.329769][T14810] __get_user_pages+0x485/0x1130 [ 1705.334697][T14810] populate_vma_page_range+0xe6/0x100 [ 1705.340132][T14810] __mm_populate+0x168/0x2a0 [ 1705.344775][T14810] __x64_sys_mremap+0x5df/0x750 [ 1705.349734][T14810] do_syscall_64+0xcc/0x3a0 [ 1705.354336][T14810] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1705.360214][T14810] RIP: 0033:0x45af49 [ 1705.364164][T14810] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1705.384255][T14810] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1705.392651][T14810] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1705.400746][T14810] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1705.408787][T14810] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1705.416744][T14810] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1705.424701][T14810] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1705.435396][T14810] memory: usage 307200kB, limit 307200kB, failcnt 2121 [ 1705.442547][T14810] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1705.449691][T14810] Memory cgroup stats for /syz4: [ 1705.451444][T14810] anon 309968896 [ 1705.451444][T14810] file 8192 [ 1705.451444][T14810] kernel_stack 368640 [ 1705.451444][T14810] slab 942080 [ 1705.451444][T14810] sock 0 [ 1705.451444][T14810] shmem 0 [ 1705.451444][T14810] file_mapped 0 [ 1705.451444][T14810] file_dirty 0 [ 1705.451444][T14810] file_writeback 0 [ 1705.451444][T14810] anon_thp 270532608 [ 1705.451444][T14810] inactive_anon 258785280 [ 1705.451444][T14810] active_anon 6836224 [ 1705.451444][T14810] inactive_file 0 [ 1705.451444][T14810] active_file 118784 [ 1705.451444][T14810] unevictable 44474368 [ 1705.451444][T14810] slab_reclaimable 135168 [ 1705.451444][T14810] slab_unreclaimable 806912 [ 1705.451444][T14810] pgfault 297594 [ 1705.451444][T14810] pgmajfault 0 [ 1705.451444][T14810] workingset_refault 0 [ 1705.451444][T14810] workingset_activate 0 [ 1705.451444][T14810] workingset_nodereclaim 0 [ 1705.451444][T14810] pgrefill 164 [ 1705.451444][T14810] pgscan 253 [ 1705.451444][T14810] pgsteal 34 [ 1705.546211][T14810] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=14806,uid=0 [ 1705.564576][T14810] Memory cgroup out of memory: Killed process 14806 (syz-executor.4) total-vm:72840kB, anon-rss:13440kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1705.588870][ T1065] oom_reaper: reaped process 14806 (syz-executor.4), now anon-rss:13424kB, file-rss:54364kB, shmem-rss:0kB 07:53:31 executing program 4: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:31 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020062020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800d918000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:31 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x85a}, 0x28) 07:53:31 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r0, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(0xffffffffffffffff) 07:53:31 executing program 1: r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) write$FUSE_POLL(r0, &(0x7f0000000000)={0x18, 0xffffffffffffffda, 0x6, {0x5}}, 0x18) kexec_load(0x80000000000, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x2}], 0x0) [ 1706.432412][T15046] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1706.490397][T15046] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:53:31 executing program 1: kexec_load(0x0, 0x2e5, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000, 0x10001}], 0x0) 07:53:31 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x85b}, 0x28) [ 1706.597053][T15046] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1706.606683][T15050] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1706.646148][T15050] CPU: 0 PID: 15050 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1706.654878][T15050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1706.664950][T15050] Call Trace: [ 1706.668400][T15050] dump_stack+0x11d/0x181 [ 1706.672753][T15050] dump_header+0xaa/0x39c [ 1706.677133][T15050] oom_kill_process.cold+0x10/0x15 [ 1706.682261][T15050] out_of_memory+0x231/0xa60 [ 1706.686956][T15050] ? __rcu_read_unlock+0x66/0x3d0 [ 1706.692033][T15050] mem_cgroup_out_of_memory+0x128/0x150 [ 1706.697600][T15050] try_charge+0xb6c/0xbf0 [ 1706.701992][T15050] ? rcu_note_context_switch+0x720/0x760 [ 1706.707644][T15050] mem_cgroup_try_charge+0xd2/0x260 [ 1706.712943][T15050] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1706.718664][T15050] __handle_mm_fault+0x197f/0x2e00 [ 1706.723803][T15050] handle_mm_fault+0x21b/0x530 [ 1706.728593][T15050] __get_user_pages+0x485/0x1130 [ 1706.733560][T15050] populate_vma_page_range+0xe6/0x100 [ 1706.738944][T15050] __mm_populate+0x168/0x2a0 [ 1706.743631][T15050] __x64_sys_mlockall+0x2e3/0x320 [ 1706.748741][T15050] do_syscall_64+0xcc/0x3a0 [ 1706.753322][T15050] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1706.759224][T15050] RIP: 0033:0x45af49 [ 1706.763136][T15050] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1706.782847][T15050] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 07:53:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000020000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:31 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020072020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:31 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) socketpair(0x18, 0xb, 0x8, &(0x7f0000000000)={0xffffffffffffffff}) accept4$bt_l2cap(r0, &(0x7f0000000040), &(0x7f0000000080)=0xe, 0x905f0322c58ed768) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput\x00', 0x802, 0x0) write$uinput_user_dev(r1, &(0x7f0000000100)={'syz0\x00', {0x3, 0x1, 0x1, 0x1a4}, 0x20, [0xfffffff9, 0x9, 0x9, 0x1f, 0x738, 0x5, 0x9, 0x1, 0x5, 0x274, 0xfffffffd, 0xd4, 0x7, 0x400, 0x2, 0x2, 0xff, 0x16da, 0x3f, 0xa5, 0x3, 0x7fffffff, 0x2fe6, 0xbc, 0x3, 0xfffffffc, 0x4def, 0x1, 0x2d4c9285, 0x1f, 0x0, 0xfae, 0x1000, 0x5, 0xff800000, 0x7, 0x20, 0xb6a, 0xfff, 0x1, 0x6, 0xfaaa, 0x4, 0xff, 0x1a3e, 0x9, 0x4, 0x6ec, 0x400, 0x2, 0x3, 0x2, 0x1, 0x1f, 0x4, 0x0, 0x3, 0x1, 0x3, 0xea, 0x0, 0x800000, 0x7fffffff], [0x3, 0x6, 0x20, 0xd669, 0x1000, 0x40, 0x0, 0x7, 0x6, 0x2, 0xbb5, 0x1, 0x3f, 0x2, 0x9, 0x100, 0x8000, 0x8, 0x1, 0x1, 0x5, 0xffff, 0xc918, 0x3, 0xbc3, 0x5, 0x5da3, 0x81, 0x4, 0xde59, 0x7fff, 0x3, 0x4, 0x7, 0x400, 0xfffffbff, 0x4, 0x8, 0x1ff, 0x0, 0x210d, 0x6, 0x7ff, 0x80, 0x3, 0xb5, 0x910d, 0x7fff, 0xfffffff9, 0x1, 0x7, 0x1, 0x27, 0x401, 0xff, 0x5, 0x3, 0x1, 0x16d, 0x42, 0xfffffff9, 0x800, 0x3, 0x3], [0x1ff, 0x1, 0x9, 0x1, 0x0, 0xfffffffe, 0x4, 0x10000, 0x7fff, 0x0, 0x9, 0x9, 0x5, 0x9, 0x8, 0x3, 0x3, 0x7592, 0x800, 0x200, 0x0, 0x10001, 0x7, 0x7, 0xff, 0xffff, 0x0, 0xffffffc0, 0x1f, 0x5, 0x0, 0x7d139341, 0x1, 0x79f, 0x1fe07b61, 0x7f0000, 0x4, 0x9, 0x400, 0x6, 0x4, 0x7f, 0x3, 0x81, 0x8000, 0x8000, 0x2, 0x6862, 0x5, 0xe278, 0x1ff, 0x9, 0x7f, 0xcc72, 0x180, 0x8, 0x10001, 0x8001, 0x5, 0xfff, 0xff, 0x8, 0x6, 0x2], [0x5, 0x7f, 0xc79b, 0x2, 0x80, 0x3, 0xfffff829, 0x0, 0x3f, 0x7, 0x1, 0x80, 0xffffffff, 0x7, 0x7, 0x8c, 0xfffffffe, 0xfffffc00, 0x7f, 0x80000000, 0x9, 0x100, 0x0, 0x3, 0x2, 0xddc4, 0x4, 0x1, 0x5, 0x3, 0x7, 0x4, 0x7, 0x2, 0x100, 0x0, 0x0, 0x9, 0x7, 0x5, 0x4, 0x0, 0x3, 0x4, 0xffffffff, 0x7ff, 0x2dc3, 0x2, 0x1353467e, 0xddc, 0x3, 0x8001, 0x5, 0x80000000, 0x15a, 0x2, 0x9, 0xfffff001, 0x247e, 0xe335, 0x0, 0x56, 0x7ff, 0xfffffffd]}, 0x45c) [ 1706.791291][T15050] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1706.799292][T15050] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1706.807340][T15050] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1706.815613][T15050] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1706.823693][T15050] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1706.881530][T15050] memory: usage 307200kB, limit 307200kB, failcnt 1963 [ 1706.890429][T15050] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1706.907749][T15050] Memory cgroup stats for /syz2: [ 1706.907953][T15050] anon 309096448 [ 1706.907953][T15050] file 106496 [ 1706.907953][T15050] kernel_stack 405504 [ 1706.907953][T15050] slab 1228800 [ 1706.907953][T15050] sock 53248 [ 1706.907953][T15050] shmem 0 [ 1706.907953][T15050] file_mapped 0 [ 1706.907953][T15050] file_dirty 0 [ 1706.907953][T15050] file_writeback 0 [ 1706.907953][T15050] anon_thp 270532608 [ 1706.907953][T15050] inactive_anon 258637824 [ 1706.907953][T15050] active_anon 13709312 [ 1706.907953][T15050] inactive_file 135168 [ 1706.907953][T15050] active_file 135168 [ 1706.907953][T15050] unevictable 36995072 [ 1706.907953][T15050] slab_reclaimable 405504 [ 1706.907953][T15050] slab_unreclaimable 823296 [ 1706.907953][T15050] pgfault 325512 [ 1706.907953][T15050] pgmajfault 0 07:53:31 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020082020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1706.907953][T15050] workingset_refault 0 [ 1706.907953][T15050] workingset_activate 0 [ 1706.907953][T15050] workingset_nodereclaim 0 [ 1706.907953][T15050] pgrefill 110 [ 1706.907953][T15050] pgscan 141 [ 1706.907953][T15050] pgsteal 35 [ 1707.016038][T15167] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1707.036667][T15167] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1707.067855][T15050] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15033,uid=0 [ 1707.084357][T15050] Memory cgroup out of memory: Killed process 15033 (syz-executor.2) total-vm:72716kB, anon-rss:18328kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1707.109110][T15167] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1707.111557][ T1065] oom_reaper: reaped process 15033 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1708.182522][T15159] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1708.193427][T15159] CPU: 1 PID: 15159 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1708.202109][T15159] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1708.212147][T15159] Call Trace: [ 1708.215456][T15159] dump_stack+0x11d/0x181 [ 1708.219790][T15159] dump_header+0xaa/0x39c [ 1708.224119][T15159] oom_kill_process.cold+0x10/0x15 [ 1708.229382][T15159] out_of_memory+0x231/0xa60 [ 1708.233970][T15159] ? __rcu_read_unlock+0x66/0x3d0 [ 1708.239076][T15159] mem_cgroup_out_of_memory+0x128/0x150 [ 1708.244623][T15159] try_charge+0xb6c/0xbf0 [ 1708.248992][T15159] ? rcu_note_context_switch+0x720/0x760 [ 1708.254663][T15159] mem_cgroup_try_charge+0xd2/0x260 [ 1708.259903][T15159] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1708.265676][T15159] __handle_mm_fault+0x197f/0x2e00 [ 1708.270782][T15159] handle_mm_fault+0x21b/0x530 [ 1708.275533][T15159] __get_user_pages+0x485/0x1130 [ 1708.280538][T15159] populate_vma_page_range+0xe6/0x100 [ 1708.285910][T15159] __mm_populate+0x168/0x2a0 [ 1708.290505][T15159] __x64_sys_mremap+0x5df/0x750 [ 1708.295351][T15159] do_syscall_64+0xcc/0x3a0 [ 1708.299865][T15159] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1708.305857][T15159] RIP: 0033:0x45af49 [ 1708.309843][T15159] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1708.329467][T15159] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1708.337962][T15159] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1708.345923][T15159] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1708.353912][T15159] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1708.361878][T15159] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1708.370021][T15159] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1708.381388][T15159] memory: usage 307200kB, limit 307200kB, failcnt 2157 [ 1708.388334][T15159] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1708.395528][T15159] Memory cgroup stats for /syz4: [ 1708.396736][T15159] anon 309997568 [ 1708.396736][T15159] file 8192 [ 1708.396736][T15159] kernel_stack 331776 [ 1708.396736][T15159] slab 942080 [ 1708.396736][T15159] sock 0 [ 1708.396736][T15159] shmem 0 [ 1708.396736][T15159] file_mapped 0 [ 1708.396736][T15159] file_dirty 0 [ 1708.396736][T15159] file_writeback 0 [ 1708.396736][T15159] anon_thp 272629760 [ 1708.396736][T15159] inactive_anon 258678784 [ 1708.396736][T15159] active_anon 6803456 [ 1708.396736][T15159] inactive_file 0 [ 1708.396736][T15159] active_file 118784 [ 1708.396736][T15159] unevictable 44474368 [ 1708.396736][T15159] slab_reclaimable 135168 [ 1708.396736][T15159] slab_unreclaimable 806912 [ 1708.396736][T15159] pgfault 299310 [ 1708.396736][T15159] pgmajfault 0 [ 1708.396736][T15159] workingset_refault 0 [ 1708.396736][T15159] workingset_activate 0 [ 1708.396736][T15159] workingset_nodereclaim 0 [ 1708.396736][T15159] pgrefill 164 [ 1708.396736][T15159] pgscan 253 [ 1708.396736][T15159] pgsteal 34 [ 1708.493368][T15159] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=15155,uid=0 [ 1708.509949][T15159] Memory cgroup out of memory: Killed process 15155 (syz-executor.4) total-vm:72708kB, anon-rss:13432kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1708.532594][ T1065] oom_reaper: reaped process 15155 (syz-executor.4), now anon-rss:13424kB, file-rss:54364kB, shmem-rss:0kB 07:53:34 executing program 4: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:34 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x85c}, 0x28) 07:53:34 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800003f000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:34 executing program 1: kexec_load(0x4, 0x800000000000025, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) 07:53:34 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020092020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:34 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r2 = syz_open_procfs(0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r3, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, 0x0) r4 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r0, 0x3) sendmsg$NBD_CMD_DISCONNECT(r4, 0x0, 0x0) r5 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r5) ioctl$SNDCTL_DSP_NONBLOCK(r5, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(0xffffffffffffffff) 07:53:34 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x85d}, 0x28) [ 1709.430860][T15295] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:53:34 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020202020200a2020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1709.559576][T15295] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1709.607343][T15304] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1709.618324][T15304] CPU: 0 PID: 15304 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1709.627023][T15304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1709.637551][T15304] Call Trace: [ 1709.641404][T15304] dump_stack+0x11d/0x181 [ 1709.645764][T15304] dump_header+0xaa/0x39c [ 1709.650136][T15304] oom_kill_process.cold+0x10/0x15 07:53:34 executing program 1: kexec_load(0x0, 0x80000000000001b, &(0x7f00000005c0)=[{0x0, 0x0, 0x7}], 0x0) ioctl$PPPIOCSMRU1(0xffffffffffffffff, 0x40047452, &(0x7f0000000000)=0x8) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x14, &(0x7f00000001c0)={r3}, 0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000040)={r3, @in6={{0xa, 0x4e23, 0x1f, @mcast1}}, 0x0, 0xff, 0x3, 0x401, 0x11, 0x9, 0x1}, 0x9c) 07:53:34 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x85e}, 0x28) [ 1709.655340][T15304] out_of_memory+0x231/0xa60 [ 1709.659956][T15304] ? __rcu_read_unlock+0x66/0x3d0 [ 1709.665048][T15304] mem_cgroup_out_of_memory+0x128/0x150 [ 1709.670605][T15304] try_charge+0xb6c/0xbf0 [ 1709.675027][T15304] ? rcu_note_context_switch+0x720/0x760 [ 1709.680744][T15304] mem_cgroup_try_charge+0xd2/0x260 [ 1709.686075][T15304] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1709.691770][T15304] __handle_mm_fault+0x197f/0x2e00 [ 1709.696889][T15304] handle_mm_fault+0x21b/0x530 [ 1709.701680][T15304] __get_user_pages+0x485/0x1130 [ 1709.706604][T15304] populate_vma_page_range+0xe6/0x100 [ 1709.712064][T15304] __mm_populate+0x168/0x2a0 [ 1709.716728][T15304] __x64_sys_mlockall+0x2e3/0x320 [ 1709.721787][T15304] do_syscall_64+0xcc/0x3a0 [ 1709.726279][T15304] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1709.732152][T15304] RIP: 0033:0x45af49 [ 1709.736035][T15304] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1709.755869][T15304] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1709.765232][T15304] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1709.773565][T15304] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1709.781592][T15304] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1709.789622][T15304] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1709.798064][T15304] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1709.808486][T15295] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1709.823996][T15304] memory: usage 307200kB, limit 307200kB, failcnt 2185 [ 1709.831642][T15304] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1709.847584][T15304] Memory cgroup stats for /syz4: [ 1709.847924][T15304] anon 310005760 [ 1709.847924][T15304] file 8192 [ 1709.847924][T15304] kernel_stack 368640 [ 1709.847924][T15304] slab 942080 [ 1709.847924][T15304] sock 0 [ 1709.847924][T15304] shmem 0 [ 1709.847924][T15304] file_mapped 0 [ 1709.847924][T15304] file_dirty 0 [ 1709.847924][T15304] file_writeback 0 [ 1709.847924][T15304] anon_thp 274726912 [ 1709.847924][T15304] inactive_anon 262639616 [ 1709.847924][T15304] active_anon 6840320 [ 1709.847924][T15304] inactive_file 0 [ 1709.847924][T15304] active_file 118784 [ 1709.847924][T15304] unevictable 40693760 [ 1709.847924][T15304] slab_reclaimable 135168 [ 1709.847924][T15304] slab_unreclaimable 806912 [ 1709.847924][T15304] pgfault 300168 [ 1709.847924][T15304] pgmajfault 0 [ 1709.847924][T15304] workingset_refault 0 [ 1709.847924][T15304] workingset_activate 0 [ 1709.847924][T15304] workingset_nodereclaim 0 [ 1709.847924][T15304] pgrefill 164 [ 1709.847924][T15304] pgscan 253 [ 1709.847924][T15304] pgsteal 34 07:53:34 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x85f}, 0x28) 07:53:34 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000040000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1710.080017][T15304] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=15277,uid=0 [ 1710.099636][T15304] Memory cgroup out of memory: Killed process 15277 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1710.201576][T15299] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1710.218706][T15420] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1710.230289][T15299] CPU: 1 PID: 15299 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1710.239172][T15299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1710.249246][T15299] Call Trace: [ 1710.252582][T15299] dump_stack+0x11d/0x181 [ 1710.256972][T15299] dump_header+0xaa/0x39c [ 1710.261323][T15299] oom_kill_process.cold+0x10/0x15 [ 1710.266475][T15299] out_of_memory+0x231/0xa60 [ 1710.271138][T15299] mem_cgroup_out_of_memory+0x128/0x150 [ 1710.276709][T15299] try_charge+0xb6c/0xbf0 [ 1710.281055][T15299] ? rcu_note_context_switch+0x720/0x760 [ 1710.286733][T15299] mem_cgroup_try_charge+0xd2/0x260 [ 1710.291991][T15299] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1710.297643][T15299] __handle_mm_fault+0x197f/0x2e00 [ 1710.303502][T15299] handle_mm_fault+0x21b/0x530 [ 1710.308318][T15299] __get_user_pages+0x485/0x1130 [ 1710.314144][T15299] populate_vma_page_range+0xe6/0x100 [ 1710.319521][T15299] __mm_populate+0x168/0x2a0 [ 1710.324158][T15299] __x64_sys_mlockall+0x2e3/0x320 [ 1710.329195][T15299] do_syscall_64+0xcc/0x3a0 [ 1710.333718][T15299] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1710.339630][T15299] RIP: 0033:0x45af49 [ 1710.343542][T15299] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1710.363152][T15299] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1710.371607][T15299] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1710.379587][T15299] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1710.387671][T15299] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1710.395654][T15299] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1710.403762][T15299] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1710.417170][T15420] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1710.443558][T15299] memory: usage 307192kB, limit 307200kB, failcnt 2026 [ 1710.455145][T15299] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1710.463134][T15299] Memory cgroup stats for /syz2: [ 1710.463405][T15299] anon 309157888 [ 1710.463405][T15299] file 106496 [ 1710.463405][T15299] kernel_stack 405504 [ 1710.463405][T15299] slab 1228800 [ 1710.463405][T15299] sock 53248 [ 1710.463405][T15299] shmem 0 [ 1710.463405][T15299] file_mapped 0 [ 1710.463405][T15299] file_dirty 0 [ 1710.463405][T15299] file_writeback 0 [ 1710.463405][T15299] anon_thp 268435456 [ 1710.463405][T15299] inactive_anon 258306048 [ 1710.463405][T15299] active_anon 13729792 [ 1710.463405][T15299] inactive_file 135168 [ 1710.463405][T15299] active_file 135168 [ 1710.463405][T15299] unevictable 37306368 [ 1710.463405][T15299] slab_reclaimable 405504 [ 1710.463405][T15299] slab_unreclaimable 823296 [ 1710.463405][T15299] pgfault 327228 [ 1710.463405][T15299] pgmajfault 0 [ 1710.463405][T15299] workingset_refault 0 [ 1710.463405][T15299] workingset_activate 0 [ 1710.463405][T15299] workingset_nodereclaim 0 [ 1710.463405][T15299] pgrefill 110 [ 1710.463405][T15299] pgscan 141 [ 1710.463405][T15299] pgsteal 35 [ 1710.564632][T15299] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15282,uid=0 [ 1710.584196][T15299] Memory cgroup out of memory: Killed process 15282 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1710.602450][T15420] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1710.636924][ T1065] oom_reaper: reaped process 15282 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:53:35 executing program 4: socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:35 executing program 1: r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x233, &(0x7f0000000540)=[&(0x7f0000000080)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x3, r0, &(0x7f0000000100), 0x0, 0x2, 0x0, 0x78751fdfc5e86a9a}]) r1 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r1) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) ioctl$MON_IOCX_GETX(r0, 0x4018920a, &(0x7f0000000bc0)={&(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000c00)=""/240, 0xfffffffffffffd7f}) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000000), &(0x7f0000000040)=0x2) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r3, &(0x7f0000000000), 0x377140be6b5ef4c7}]) ioctl$KVM_GET_LAPIC(r3, 0x8400ae8e, &(0x7f0000000600)={"a1b634f3e8e95ee5453e5f4bdede685366cd8e8e32d72fed6c24fbf804de5c795159b1237e3f95a857adebc8ff57b3174c8bea582350445281a1a16685b6ae5834985192190f19bb54b82679395fe18e89d31f3910edb2b7eba6b1154c4ded9d7df56cc846671cacef1d893b574990dc11faa79cd1c745493574ac62813dfaa2cbc4d42b2e02551288dfd00ce5d564438b493a7b21988b62f6a2246ef8234c1e2674556104e7f173f88b9d479688262b45bb44859b51e7d9653bc7a61b93a1d5aa2d291bb301050cd48738bd0d57f042578e02de463fc76261ee2f8ea13da216e393c324b02a8fd0a58fd31128d04929362251a7f515447b4bd5bf2a159142df9eb239a5920beb18651366a3e2c366447cf31bd5a90fcb5b89c3600acf81d98ed8d9d0ff12f9f0341426a86b1a19cb3f1c006880b6e12f38889d5b60616e19dff9e2c2e76c08e501094e9bd8e8b58591f24d5e37bd5c656743f8e3f78c1b6bf303800ae7270501681f2340531719329f2db5e83388a64af34c838af841bf30087a59bd7be3f037f9487044ccdfe403d21bf787dbe51e168573499edaa0085b4dcbd08be13619b85aa1fd07fdafeb8e03e58a278d30b3b0e508302189e37c115407f0ef5b43dfd1533feaf68d908a120a94d62413f6617db6145472a4c77f6644c6a94f8e6f0cf05f1232aad52b50a128bd8597536859cb1543fe4d1d393c3e1d2baddecf40fb052836970906ead56b238844f5f78f62da93059ba0dbc31094ebf5a5f95b008e92d53fe01685a6aeb1371e38a5872c122c4cb93fdd4bfc1ccef7926b50fae1f7669059e090a06bf15111e3ace2aec3156123ce7c75e2af15592747274046211b42aba6a243c2d6f46ed2c1910f3cbe56f36d8d1a1c4532749383f9ded866731e4ea1a1374c894ff5d77c9364b1e0cc2842b99ae9d6ca838e3d386a6d89a1eaffd96b3d99c2d83a8297e521eb099bcee8d0a3005313544a9d880cf852526ef54c609f03926b78d27459234eaf8dc123882906c8eb4d77cb8a2cddce690153164c740596e46057792cc3f28d01247127fb6fe60236a0a2f8776ec79d12e69c3a59cdc4a0e145e4a65f6784d97032792127d46b64fd3e249a8bab1550b25fa9f8956eaf1a3e59ae33b453eb79f7843f9ac7f1f4c36f6fb8c348c494cae15c55b2bbe3d1db8d51061c4645051ae41245102572b165180ba632add0f0c41d5274baaf2ec737351f58a61659d51b63fcea56ed76cb6e07ac1343af8247ac91912136af8b07943685365efeb3af84625f8f48a256d63ffc98aef869d5d05f554c1ee8b1294c0835c2bf7f09202f85c9a546fd50671d6321914ef3a5759b662bd330a0d051f0c740a72a6d7c3db5c1e186db144040ad238d8aad37037cd37c0c2a71b15b8271760cb82d5ccf5c47d45644e7722dd1e84f34be0160d5798f"}) kexec_load(0x80, 0x0, &(0x7f00000005c0)=[{0x0}], 0x0) 07:53:35 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020202020200b2020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:35 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x860}, 0x28) 07:53:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000048000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1711.135225][T15437] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1711.312865][T15437] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1711.434232][T15437] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1711.490475][T15543] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1711.582244][T15543] CPU: 1 PID: 15543 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1711.591037][T15543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1711.601103][T15543] Call Trace: [ 1711.604417][T15543] dump_stack+0x11d/0x181 [ 1711.608790][T15543] dump_header+0xaa/0x39c [ 1711.613269][T15543] oom_kill_process.cold+0x10/0x15 [ 1711.618384][T15543] out_of_memory+0x231/0xa60 [ 1711.623029][T15543] ? __rcu_read_unlock+0x66/0x3d0 [ 1711.628109][T15543] mem_cgroup_out_of_memory+0x128/0x150 [ 1711.633672][T15543] try_charge+0xb6c/0xbf0 [ 1711.638017][T15543] ? rcu_note_context_switch+0x720/0x760 [ 1711.643727][T15543] mem_cgroup_try_charge+0xd2/0x260 [ 1711.649036][T15543] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1711.654680][T15543] __handle_mm_fault+0x197f/0x2e00 [ 1711.659829][T15543] handle_mm_fault+0x21b/0x530 [ 1711.664652][T15543] __get_user_pages+0x485/0x1130 [ 1711.669685][T15543] populate_vma_page_range+0xe6/0x100 [ 1711.675077][T15543] __mm_populate+0x168/0x2a0 [ 1711.679761][T15543] __x64_sys_mlockall+0x2e3/0x320 [ 1711.684823][T15543] do_syscall_64+0xcc/0x3a0 [ 1711.689349][T15543] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1711.695249][T15543] RIP: 0033:0x45af49 [ 1711.699379][T15543] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1711.719036][T15543] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1711.727555][T15543] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1711.735574][T15543] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1711.743635][T15543] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1711.751641][T15543] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1711.759620][T15543] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1711.772725][T15543] memory: usage 307200kB, limit 307200kB, failcnt 2195 [ 1711.779772][T15543] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1711.786616][T15543] Memory cgroup stats for /syz4: [ 1711.786799][T15543] anon 309936128 [ 1711.786799][T15543] file 8192 [ 1711.786799][T15543] kernel_stack 331776 [ 1711.786799][T15543] slab 942080 [ 1711.786799][T15543] sock 0 [ 1711.786799][T15543] shmem 0 [ 1711.786799][T15543] file_mapped 0 [ 1711.786799][T15543] file_dirty 0 [ 1711.786799][T15543] file_writeback 0 [ 1711.786799][T15543] anon_thp 272629760 [ 1711.786799][T15543] inactive_anon 262586368 [ 1711.786799][T15543] active_anon 6832128 [ 1711.786799][T15543] inactive_file 0 [ 1711.786799][T15543] active_file 118784 [ 1711.786799][T15543] unevictable 40640512 [ 1711.786799][T15543] slab_reclaimable 135168 [ 1711.786799][T15543] slab_unreclaimable 806912 [ 1711.786799][T15543] pgfault 301719 [ 1711.786799][T15543] pgmajfault 0 [ 1711.786799][T15543] workingset_refault 0 [ 1711.786799][T15543] workingset_activate 0 [ 1711.786799][T15543] workingset_nodereclaim 0 [ 1711.786799][T15543] pgrefill 164 [ 1711.786799][T15543] pgscan 253 [ 1711.786799][T15543] pgsteal 34 [ 1711.886853][T15543] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=15424,uid=0 [ 1711.907258][T15543] Memory cgroup out of memory: Killed process 15424 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1711.936129][ T1065] oom_reaper: reaped process 15424 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1712.161503][T15299] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1712.172350][T15299] CPU: 0 PID: 15299 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1712.181029][T15299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1712.191215][T15299] Call Trace: [ 1712.194524][T15299] dump_stack+0x11d/0x181 [ 1712.199013][T15299] dump_header+0xaa/0x39c [ 1712.203373][T15299] oom_kill_process.cold+0x10/0x15 [ 1712.208521][T15299] out_of_memory+0x231/0xa60 [ 1712.213133][T15299] ? mem_cgroup_out_of_memory+0x85/0x150 [ 1712.218927][T15299] mem_cgroup_out_of_memory+0x128/0x150 [ 1712.224693][T15299] try_charge+0xb6c/0xbf0 [ 1712.229042][T15299] ? rcu_note_context_switch+0x720/0x760 [ 1712.234832][T15299] mem_cgroup_try_charge+0xd2/0x260 [ 1712.240052][T15299] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1712.245703][T15299] __handle_mm_fault+0x197f/0x2e00 [ 1712.250867][T15299] handle_mm_fault+0x21b/0x530 [ 1712.255639][T15299] __get_user_pages+0x485/0x1130 [ 1712.260617][T15299] populate_vma_page_range+0xe6/0x100 [ 1712.266159][T15299] __mm_populate+0x168/0x2a0 [ 1712.270874][T15299] __x64_sys_mremap+0x5df/0x750 [ 1712.275784][T15299] do_syscall_64+0xcc/0x3a0 [ 1712.280349][T15299] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1712.286253][T15299] RIP: 0033:0x45af49 [ 1712.290182][T15299] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1712.309799][T15299] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1712.318219][T15299] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1712.326261][T15299] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1712.334576][T15299] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1712.342563][T15299] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1712.350574][T15299] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1712.363441][T15299] memory: usage 307200kB, limit 307200kB, failcnt 2068 [ 1712.382159][T15299] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1712.392358][T15299] Memory cgroup stats for /syz2: [ 1712.396472][T15299] anon 309014528 [ 1712.396472][T15299] file 106496 [ 1712.396472][T15299] kernel_stack 442368 [ 1712.396472][T15299] slab 1228800 [ 1712.396472][T15299] sock 53248 [ 1712.396472][T15299] shmem 0 [ 1712.396472][T15299] file_mapped 0 [ 1712.396472][T15299] file_dirty 0 [ 1712.396472][T15299] file_writeback 0 [ 1712.396472][T15299] anon_thp 268435456 [ 1712.396472][T15299] inactive_anon 256520192 [ 1712.396472][T15299] active_anon 13729792 [ 1712.396472][T15299] inactive_file 135168 [ 1712.396472][T15299] active_file 135168 [ 1712.396472][T15299] unevictable 38895616 [ 1712.396472][T15299] slab_reclaimable 405504 [ 1712.396472][T15299] slab_unreclaimable 823296 [ 1712.396472][T15299] pgfault 328185 [ 1712.396472][T15299] pgmajfault 0 [ 1712.396472][T15299] workingset_refault 0 [ 1712.396472][T15299] workingset_activate 0 [ 1712.396472][T15299] workingset_nodereclaim 0 [ 1712.396472][T15299] pgrefill 110 [ 1712.396472][T15299] pgscan 141 [ 1712.396472][T15299] pgsteal 35 [ 1712.507838][T15299] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15292,uid=0 [ 1712.525378][T15299] Memory cgroup out of memory: Killed process 15299 (syz-executor.2) total-vm:72708kB, anon-rss:14156kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:188416kB oom_score_adj:1000 [ 1712.549111][ T1065] oom_reaper: reaped process 15299 (syz-executor.2), now anon-rss:14148kB, file-rss:54364kB, shmem-rss:0kB [ 1713.094968][T15543] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1713.106361][T15543] CPU: 0 PID: 15543 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1713.115085][T15543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1713.125173][T15543] Call Trace: [ 1713.128562][T15543] dump_stack+0x11d/0x181 [ 1713.132941][T15543] dump_header+0xaa/0x39c [ 1713.137291][T15543] oom_kill_process.cold+0x10/0x15 [ 1713.142433][T15543] out_of_memory+0x231/0xa60 [ 1713.147026][T15543] ? __rcu_read_unlock+0x66/0x3d0 [ 1713.152118][T15543] mem_cgroup_out_of_memory+0x128/0x150 [ 1713.157679][T15543] try_charge+0xb6c/0xbf0 [ 1713.162060][T15543] ? rcu_note_context_switch+0x720/0x760 [ 1713.167853][T15543] mem_cgroup_try_charge+0xd2/0x260 [ 1713.173071][T15543] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1713.178849][T15543] __handle_mm_fault+0x197f/0x2e00 [ 1713.183994][T15543] handle_mm_fault+0x21b/0x530 [ 1713.188783][T15543] __get_user_pages+0x485/0x1130 [ 1713.193859][T15543] populate_vma_page_range+0xe6/0x100 [ 1713.199358][T15543] __mm_populate+0x168/0x2a0 [ 1713.203970][T15543] __x64_sys_mremap+0x5df/0x750 [ 1713.208864][T15543] do_syscall_64+0xcc/0x3a0 [ 1713.213390][T15543] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1713.219286][T15543] RIP: 0033:0x45af49 [ 1713.223194][T15543] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1713.242840][T15543] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1713.251255][T15543] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1713.259231][T15543] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1713.267341][T15543] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1713.275397][T15543] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1713.283389][T15543] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1713.330417][T15543] memory: usage 307200kB, limit 307200kB, failcnt 2258 [ 1713.340805][T15543] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1713.352524][T15543] Memory cgroup stats for /syz4: [ 1713.355480][T15543] anon 310042624 [ 1713.355480][T15543] file 8192 [ 1713.355480][T15543] kernel_stack 368640 [ 1713.355480][T15543] slab 942080 [ 1713.355480][T15543] sock 0 [ 1713.355480][T15543] shmem 0 [ 1713.355480][T15543] file_mapped 0 [ 1713.355480][T15543] file_dirty 0 [ 1713.355480][T15543] file_writeback 0 [ 1713.355480][T15543] anon_thp 270532608 [ 1713.355480][T15543] inactive_anon 258707456 [ 1713.355480][T15543] active_anon 6832128 [ 1713.355480][T15543] inactive_file 0 [ 1713.355480][T15543] active_file 118784 [ 1713.355480][T15543] unevictable 44556288 [ 1713.355480][T15543] slab_reclaimable 135168 [ 1713.355480][T15543] slab_unreclaimable 806912 [ 1713.355480][T15543] pgfault 303171 [ 1713.355480][T15543] pgmajfault 0 [ 1713.355480][T15543] workingset_refault 0 [ 1713.355480][T15543] workingset_activate 0 [ 1713.355480][T15543] workingset_nodereclaim 0 [ 1713.355480][T15543] pgrefill 164 [ 1713.355480][T15543] pgscan 253 [ 1713.355480][T15543] pgsteal 34 [ 1713.454356][T15543] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=15500,uid=0 [ 1713.476034][T15543] Memory cgroup out of memory: Killed process 15500 (syz-executor.4) total-vm:72708kB, anon-rss:13432kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1713.501968][ T1065] oom_reaper: reaped process 15500 (syz-executor.4), now anon-rss:13424kB, file-rss:54364kB, shmem-rss:0kB 07:53:41 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:41 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x861}, 0x28) 07:53:41 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000000)=0x2) 07:53:41 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020202020200c2020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:41 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800004c000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:41 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x862}, 0x28) 07:53:41 executing program 1: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$BLKTRACESTOP(r0, 0x1275, 0x0) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) [ 1716.963757][T15645] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1717.042707][T15645] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1717.111345][T15645] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:42 executing program 4: socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:42 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x863}, 0x28) 07:53:42 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020202020200d2020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:42 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108006558000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:42 executing program 1: syz_genetlink_get_family_id$l2tp(&(0x7f0000000040)='l2tp\x00') r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000280)={'bridge_slave_1\x00', {0x2, 0x4e24, @broadcast}}) kexec_load(0x0, 0x324, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000340)) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) r3 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r4 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sequencer2\x00', 0x20000, 0x0) write$P9_RLERROR(r4, &(0x7f0000000300)={0x1c, 0x7, 0x1, {0x13, 'keyringGPLnodev-lo/'}}, 0x1c) fchdir(r3) setsockopt$CAN_RAW_ERR_FILTER(r3, 0x65, 0x2, &(0x7f0000000180)=0x7fffffff, 0x4) r5 = syz_open_dev$video4linux(&(0x7f0000000080)='/dev/v4l-subdev#\x00', 0x12, 0x400000) r6 = openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vsock\x00', 0x800, 0x0) r7 = gettid() ptrace$setopts(0x4206, r7, 0x0, 0x0) tkill(r7, 0x3c) ptrace$setregs(0xd, r7, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r7, 0x0, 0x0) ptrace$setregs(0xc39f3e4aa4ea0e90, r7, 0x1f, &(0x7f0000000200)="a0cd92867c812d027f34cd8704a350e9adf08f35fb1f00d361e1a65cd99b7da8c41b2e5ba4982f14e78549ca6d5dafbcb1cb84d31758cd14aacb2015f8d3ddbb78b4c84242ecabbc28cfc98137ae829b9c5518675af086e72e710deed90c5c8439b117e52bc9") r8 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video2\x00', 0x2, 0x0) kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r5, &(0x7f0000000140)={r6, r8, 0x6}) 07:53:42 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:43 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x864}, 0x28) [ 1718.435367][T15687] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:53:43 executing program 1: kexec_load(0x0, 0x37e, &(0x7f00000005c0), 0x150000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x2000, 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) getitimer(0x1, &(0x7f0000000040)) r1 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x8) inotify_rm_watch(r0, r1) [ 1718.529375][T15687] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1718.554417][T15685] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1718.580980][T15685] CPU: 1 PID: 15685 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1718.589948][T15685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1718.600010][T15685] Call Trace: [ 1718.603339][T15685] dump_stack+0x11d/0x181 [ 1718.607816][T15685] dump_header+0xaa/0x39c [ 1718.612222][T15685] oom_kill_process.cold+0x10/0x15 [ 1718.617429][T15685] out_of_memory+0x231/0xa60 [ 1718.622042][T15685] ? __rcu_read_unlock+0x66/0x3d0 [ 1718.627111][T15685] mem_cgroup_out_of_memory+0x128/0x150 [ 1718.632693][T15685] try_charge+0xb6c/0xbf0 [ 1718.637249][T15685] ? rcu_note_context_switch+0x720/0x760 [ 1718.642933][T15685] mem_cgroup_try_charge+0xd2/0x260 [ 1718.648709][T15685] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1718.654372][T15685] __handle_mm_fault+0x197f/0x2e00 [ 1718.659521][T15685] handle_mm_fault+0x21b/0x530 [ 1718.664338][T15685] __get_user_pages+0x485/0x1130 [ 1718.669341][T15685] populate_vma_page_range+0xe6/0x100 [ 1718.674745][T15685] __mm_populate+0x168/0x2a0 [ 1718.679411][T15685] __x64_sys_mlockall+0x2e3/0x320 [ 1718.684513][T15685] do_syscall_64+0xcc/0x3a0 [ 1718.689280][T15685] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1718.695164][T15685] RIP: 0033:0x45af49 [ 1718.699113][T15685] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1718.719031][T15685] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1718.727875][T15685] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1718.736121][T15685] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1718.744458][T15685] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1718.753453][T15685] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1718.761580][T15685] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:53:43 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020202020200e2020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:43 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x865}, 0x28) [ 1718.815772][T15687] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:43 executing program 1: kexec_load(0x0, 0x5, &(0x7f00000003c0)=[{0x0, 0x0, 0x9165a000}, {&(0x7f0000000000)="46681aaf45393078f61d2f8162f154376dd32d757a992421a10907b36f4adfcd2cdaa1c630b7eac8d1e1a15381c94af49ccb42d31fb27cfc995efb86e65b47a54fbfb329cb771f57c2b1340cba84e7d3352b265addca57f520dfcbc347a6ebea4435efc1c6e55deaca7c60be3ac581ad574b84c469aee782954ee30602daf40ae7d36c8ff82b388b207511c87488a2538a2ef4d364030c08513e72b254db987a786b6bf166a2a51d7b81994345493e6c1fee49086da6f378ed8a8ae80830eeedfe4e2002499f06694eb72a8fbca7bea213e9c7d4bb8c71307b4f415dce78ab8e4d04a1a4e719d2b03f957ea4138642d06a49334999625bf9", 0xf8, 0x200, 0x8}, {&(0x7f0000000100)="e3dfb04867acebfd6491dcc321be28ead56693c1e44dd3422bd6a947e7dde57afaadaf25e134e70b167894feaa0221e060be5e0b58e4f6018a7055976e85a88535f90f66346264f8844977a303133110fc57a04f4c9376efcfed035f81e4f4a0b584aa9cc6201d2314c3bc6b3316de2c0bc28f1793efca71b1887a24db88dbc775c651b289d7131dcadae57a930896db3cc18147561fb676948ac0cb113898bc2585eccec051c0ba953d4e92ac624f1ca68f72a398353368039d8245395780bd79d4463b467921fc16d1285b77536ba5c89f2304a5998aedea", 0xd9, 0x3f, 0x8}, {&(0x7f0000000200)="1096ff8b8aa8ed81bc88028004cc217332776db20f799cff037563c03c0691fff60d9dddbe9f655d2edc30e51f67a9a968fcb2c7a06ca1de6240d44486fb6845c6a21496b2f0a11dd21d2d533e1b50270f64fce4e0901cf22b64e9642a4a5cdd46dd369e95ea3f0584d09e4119dedcc4867b217d90e0beb2596b40754ebe7fcdf66743075ad68df75e8ec4d726b3a3798f6802e2ef970dfa479616d39470b9e77194bba5244566afa88e447160afae0fbe6e64702aa52dbcd40dfa9383337c62da3b5e67bfeb", 0xc6, 0x5, 0xf814}, {&(0x7f0000000540)="84816e2834799159ee035670f9e9b1f5cdcafdc12fa4fb69951e4c7cfcf020b9fcc8074c97de54bf98166d0e138f3d8772bf0008e6fc935de9acd81bec2f7a04f514dee75f2d200b876664b97cb6dad2fdc2a46daa69dcadc690790726fc8adc0cc067a7cde29934d692396510bb55da89347599eeb105bfd53dc5133f4da3e3b692e3cfc6f252aa2961c740d0e60bcce7bdb76cebb7a7ae2a62ebb59a609a33f708a8eddecec8218163d5d056a5c436f6f5aef36d316947d7d69b4c055ee28958609c16b8cde4a29d500998aa58bc2d6be862", 0x363, 0x1, 0xfffffffffffffff8}], 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r0, &(0x7f0000000000), 0x377140be6b5ef4c7}]) recvmsg$can_raw(r0, &(0x7f0000000880)={&(0x7f0000000300)=@generic, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/12, 0xc}, {&(0x7f0000000640)=""/117, 0x75}, {&(0x7f00000006c0)=""/250, 0xfa}], 0x3, &(0x7f0000000800)=""/80, 0x50}, 0x10162) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000480)='/proc/capi/capi20\x00', 0x0, 0x0) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000fff000/0x1000)=nil) mq_getsetattr(r1, &(0x7f00000004c0)={0x80, 0x2, 0x101}, &(0x7f0000000500)) socket$inet6(0xa, 0x80000, 0x8) readlink(&(0x7f00000008c0)='./bus\x00', &(0x7f0000000900)=""/4096, 0x1000) 07:53:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800165b000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1719.132051][T15811] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1719.135293][T15685] memory: usage 307200kB, limit 307200kB, failcnt 2102 [ 1719.146315][T15685] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1719.153397][T15685] Memory cgroup stats for /syz2: [ 1719.153580][T15685] anon 309141504 [ 1719.153580][T15685] file 106496 [ 1719.153580][T15685] kernel_stack 405504 [ 1719.153580][T15685] slab 1228800 [ 1719.153580][T15685] sock 53248 [ 1719.153580][T15685] shmem 0 [ 1719.153580][T15685] file_mapped 0 [ 1719.153580][T15685] file_dirty 0 [ 1719.153580][T15685] file_writeback 0 [ 1719.153580][T15685] anon_thp 270532608 [ 1719.153580][T15685] inactive_anon 258428928 [ 1719.153580][T15685] active_anon 13713408 [ 1719.153580][T15685] inactive_file 135168 [ 1719.153580][T15685] active_file 135168 [ 1719.153580][T15685] unevictable 37306368 [ 1719.153580][T15685] slab_reclaimable 405504 [ 1719.153580][T15685] slab_unreclaimable 823296 [ 1719.153580][T15685] pgfault 330297 [ 1719.153580][T15685] pgmajfault 0 [ 1719.153580][T15685] workingset_refault 0 [ 1719.153580][T15685] workingset_activate 0 [ 1719.153580][T15685] workingset_nodereclaim 0 [ 1719.153580][T15685] pgrefill 110 [ 1719.153580][T15685] pgscan 141 [ 1719.153580][T15685] pgsteal 35 [ 1719.225397][T15811] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1719.250298][T15685] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15673,uid=0 [ 1719.272367][T15685] Memory cgroup out of memory: Killed process 15673 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1719.364150][T15811] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1720.071177][T15686] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1720.082012][T15686] CPU: 1 PID: 15686 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1720.090737][T15686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1720.100795][T15686] Call Trace: [ 1720.104110][T15686] dump_stack+0x11d/0x181 [ 1720.108488][T15686] dump_header+0xaa/0x39c [ 1720.112972][T15686] oom_kill_process.cold+0x10/0x15 [ 1720.118182][T15686] out_of_memory+0x231/0xa60 [ 1720.122784][T15686] ? __rcu_read_unlock+0x66/0x3d0 [ 1720.127834][T15686] mem_cgroup_out_of_memory+0x128/0x150 [ 1720.133410][T15686] try_charge+0xb6c/0xbf0 [ 1720.137749][T15686] ? rcu_note_context_switch+0x720/0x760 [ 1720.143403][T15686] mem_cgroup_try_charge+0xd2/0x260 [ 1720.149059][T15686] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1720.154709][T15686] __handle_mm_fault+0x197f/0x2e00 [ 1720.159849][T15686] handle_mm_fault+0x21b/0x530 [ 1720.164634][T15686] __get_user_pages+0x485/0x1130 [ 1720.169689][T15686] populate_vma_page_range+0xe6/0x100 [ 1720.175148][T15686] __mm_populate+0x168/0x2a0 [ 1720.179772][T15686] __x64_sys_mremap+0x5df/0x750 [ 1720.184645][T15686] do_syscall_64+0xcc/0x3a0 [ 1720.189183][T15686] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1720.195076][T15686] RIP: 0033:0x45af49 [ 1720.199060][T15686] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1720.218677][T15686] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1720.227803][T15686] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1720.235969][T15686] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1720.243940][T15686] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1720.252003][T15686] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1720.259975][T15686] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1720.270269][T15686] memory: usage 307200kB, limit 307200kB, failcnt 2311 [ 1720.277370][T15686] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1720.285271][T15686] Memory cgroup stats for /syz4: [ 1720.293452][T15686] anon 309993472 [ 1720.293452][T15686] file 8192 [ 1720.293452][T15686] kernel_stack 331776 [ 1720.293452][T15686] slab 942080 [ 1720.293452][T15686] sock 0 [ 1720.293452][T15686] shmem 0 [ 1720.293452][T15686] file_mapped 0 [ 1720.293452][T15686] file_dirty 0 [ 1720.293452][T15686] file_writeback 0 [ 1720.293452][T15686] anon_thp 272629760 [ 1720.293452][T15686] inactive_anon 258723840 [ 1720.293452][T15686] active_anon 6823936 [ 1720.293452][T15686] inactive_file 0 [ 1720.293452][T15686] active_file 118784 [ 1720.293452][T15686] unevictable 44609536 [ 1720.293452][T15686] slab_reclaimable 135168 [ 1720.293452][T15686] slab_unreclaimable 806912 [ 1720.293452][T15686] pgfault 304887 [ 1720.293452][T15686] pgmajfault 0 [ 1720.293452][T15686] workingset_refault 0 [ 1720.293452][T15686] workingset_activate 0 [ 1720.293452][T15686] workingset_nodereclaim 0 [ 1720.293452][T15686] pgrefill 164 [ 1720.293452][T15686] pgscan 253 [ 1720.293452][T15686] pgsteal 34 [ 1720.388849][T15686] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=15683,uid=0 [ 1720.405370][T15686] Memory cgroup out of memory: Killed process 15683 (syz-executor.4) total-vm:72708kB, anon-rss:13696kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1720.428584][ T1065] oom_reaper: reaped process 15683 (syz-executor.4), now anon-rss:13688kB, file-rss:54364kB, shmem-rss:0kB 07:53:45 executing program 4: socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000060000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:45 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x866}, 0x28) 07:53:45 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020202020200f2020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:45 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:45 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x202, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="102000010007202e2f66696ce12f0080"], 0x10) syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f0000000300)='/dev/snd/timer\x00', 0x0, 0x101c00) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000000)={{0x3}}) r2 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r2, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) r3 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000200)={{0xffffffffffffffff, 0x0, 0x0, 0x5, 0x400000c4}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, &(0x7f0000000140)={0x8, 0x7fffffff, 0x8, 0x0, 0x3}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r4, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) r5 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) r6 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x14800, 0x0) ioctl$KVM_GET_LAPIC(r7, 0x8400ae8e, &(0x7f0000000600)={"e847f9213f9e3fcfda78843c34d88826b0b2ecf24c7ca4a43e0fbc4c9312445439a19440254eb50a6c56ed14e2c61ea1ca4bb51605fc9837b829d12e142ea545c65094b1446f8f95db3d8714243965fc981b5a93569049c0a289658fb1fe11d4803f4e0106db99a03dfee1fe4f2db670b9e86e95ff4ce922159b77083f609a89ca8cb0f2d7996ca51276eb01878d7b2ab4f703bac74e3a7b3cae4433c8c329fd943a0d11cfebae613d637abdd9021bfd2315ed893222993532fef765b2de1e4aa76272928b8247e47418a3921c21350e853454d7c9f37e5849e88e1025eb3c2b9b667815f58018d7c023b17256fa831d0770b55e8d8de7de4f256845c7b1501cee86daace1747fc5beb58a5cf608bce1d9c0139e0bfa88668eb46d918854ef7f2ef0ad090a11a787b4f283f8349b089fa0bda1c07cccc06730fc7df488b022f4624c6413dc25b6869a0f20af37fe8e3dd67460b40d4a79ad164402ea10656dc836a64ed7ae51028a90a4492605e93e2a4bb8284225db9a6201bafa4ba2703740c5ca043e97a87c2003bdf3f443479f162118c6df4da44c097fde9c823dfeb5d1059557500722d16dc9c8ba3c09e60758675d9945e6fc247e9ef1085affb562573a18b7f5ece126e0898d5288705200f736b161c8ecf256fdd0f9aafcfccdf1360e9e7e4855ea815bb1e1136887b190253209b0b13e9d6ddda21c79c2b08bcde63331db5d92d9f8de272ee69ecbd4ecbf77b058f7c2f1196d6febb7909fc0b481be04e59cd3f92692df63c8763ecbab20e059cff083e1b0208de0b43e7056a6f70a5616536758d3cb58baee5b4b50bfc873afc4596d6e7159ccd15a35c124277784cf96a0534c1953259b8137c2998b1d7b23999a5353f541994cf1dc394a3e78cbdff84d90dbe606b9eecfdd11c011018c7be0093b30e0354ad4ec0722e98c6666b5ca0a4fdd3a274607f2c1bba2fa4dec5f29aee151e373f62f586c3b1aba8798b65ea0217f9c617c7ff05787b6251c40a8adb742d6033b7b009591e80adccb84e6a3386259986874bcfb318a77f7a52e125845978f66bd0af515db2cb1ae24603f1a809cedffab401dd953c4cc88f0fc20ba0d7f2b0e2adc1e94987cea1f9421e943e47a09d58d85127ed4b2d4cf3ab513dbaf8f51526f7a6d73ed617bf74787596ec4719cb870433f520b39f373ad67c0b4a4e14f3723f0c000b50d9c6cad4f4d5ba6ceec342f0e562d503e7d050037976ea29bdbb3a707932c098bb219ba0e282ca3abfadba9341d44267742e9de366da0741a5142160337e3578e34b5744ef18fbd2ef1b67a446a842306b12663dbc76ad754c88a516c48f10227286b31f43b36d8ffe3db73183f555e567944063fc1f9837cbce19e1b77ca93c8bef7eae644e6445fbff607f96ff5d9d98820fee34ac6f1ddae621747113e382f3f49fd"}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r6, 0x40345410, &(0x7f0000000000)={{0x3}}) r8 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x7fffdf00f000, 0xa, 0x10, r8, 0x0) r9 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0x80000, 0x0) r10 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r10, 0x0, 0x482, &(0x7f0000000300)={0x100000011, @multicast2, 0x0, 0x0, 'lblc\x00'}, 0x2c) r11 = socket(0xa, 0x4000000001, 0x0) setsockopt$IP_VS_SO_SET_ADD(r11, 0x0, 0x482, &(0x7f0000000000)={0x11, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x1000000, 'lblcr\x00'}, 0x2c) getsockopt$inet_pktinfo(r9, 0x0, 0x8, &(0x7f0000001580)={0x0, @dev, @broadcast}, &(0x7f00000015c0)=0xc) setsockopt$inet_pktinfo(r9, 0x0, 0x8, &(0x7f0000000300)={r12, @loopback, @remote}, 0xc) r13 = socket$inet_tcp(0x2, 0x1, 0x0) r14 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r14, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r14, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) fstat(r14, &(0x7f00000004c0)) getsockopt$inet_pktinfo(r13, 0x0, 0x8, &(0x7f0000001600)={0x0, @remote, @empty}, &(0x7f0000000100)=0xfffffe78) ioctl$sock_inet_SIOCGIFPFLAGS(r11, 0x8935, &(0x7f00000003c0)={'veth1_to_team\x00', 0x9}) setsockopt$inet_pktinfo(r11, 0x0, 0x8, &(0x7f0000000140)={r15, @remote, @loopback}, 0xc) ioctl$FICLONE(r8, 0x40049409, r10) r16 = syz_genetlink_get_family_id$team(&(0x7f0000000840)='team\x00') ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000000480)={'team0\x00', r15}) sendmsg$TEAM_CMD_PORT_LIST_GET(r10, &(0x7f0000000780)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x404001}, 0xc, &(0x7f0000000740)={&(0x7f0000000d80)=ANY=[@ANYBLOB="24010000", @ANYRES16=r16, @ANYBLOB="000426bd7000fedbdf250300000008000100", @ANYRES32=r12, @ANYBLOB="bc000200c0000100240001000800696f72697479000006000000000000000000000000000000000000000000080003000e00000017ff0001000000080006004669d8a31ce34c7ac802e1d5568722b96b9f6026983d40557988232d5a6f09a4bcce6437a884ae98a3c9e0fc0ff1ace95a", @ANYRES32=r17, @ANYBLOB="38000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000300030003000000080004000700000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r12, @ANYBLOB="080007000000000008000100", @ANYRES32=r12, @ANYBLOB="4400020040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000080003000300000008000400", @ANYRES32=r12, @ANYBLOB='\b\x00\a\x00\x00\x00\x00\x00'], 0x124}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) r18 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r18, &(0x7f00000009c0)='threaded\x00', 0x76656f) getsockopt$inet6_mreq(r18, 0x29, 0x0, &(0x7f0000000580)={@ipv4={[], [], @initdev}, 0x0}, &(0x7f0000000a00)=0x14) r20 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r20, &(0x7f00000009c0)='threaded\x00', 0x76656f) ioctl$sock_SIOCADDRT(r20, 0x890b, &(0x7f0000000a40)={0x0, @phonet={0x23, 0x0, 0x40}, @xdp={0x2c, 0x78a15ba9b0e0493f, 0x0, 0x16}, @ipx={0x4, 0x20, 0x8001, "93fd5b5b78f5", 0x7f}, 0x80, 0x0, 0x0, 0x0, 0x20, 0x0, 0xfc35, 0x1, 0x82}) r22 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r22, &(0x7f0000000000), 0x377140be6b5ef4c7}]) getsockname$packet(r22, &(0x7f0000000ac0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000b00)=0x14) sendmsg$TEAM_CMD_NOOP(r7, &(0x7f0000000d40)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x910}, 0xc, &(0x7f0000000240)={&(0x7f0000000b40)={0x18c, r16, 0x8, 0x70bd25, 0x25dfdbfc, {}, [{{0x8, 0x1, r19}, {0x170, 0x2, [{0x13, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x5}, {0x8, 0x4, 0x2a11cf03}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x5}, {0x8, 0x4, 0x7ff}}, {0x8, 0x6, r21}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r23}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x5}, {0x8, 0x4, 0xffffffff}}}]}}]}, 0x18c}, 0x1, 0x0, 0x0, 0x4040001}, 0x20000004) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r6, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) r24 = accept$inet6(r0, 0x0, &(0x7f00000000c0)) r25 = fcntl$dupfd(r24, 0x80c, r5) ioctl$KVM_DIRTY_TLB(r25, 0x4010aeaa, &(0x7f0000000080)={0x800, 0x1}) [ 1721.235640][T15930] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1721.358177][T15930] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:53:46 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x867}, 0x28) 07:53:46 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020102020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1721.487633][T15930] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1721.505965][T15934] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1721.531519][T15934] CPU: 1 PID: 15934 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1721.540240][T15934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1721.550300][T15934] Call Trace: [ 1721.553608][T15934] dump_stack+0x11d/0x181 [ 1721.558003][T15934] dump_header+0xaa/0x39c [ 1721.562339][T15934] oom_kill_process.cold+0x10/0x15 [ 1721.567459][T15934] out_of_memory+0x231/0xa60 [ 1721.572073][T15934] ? __rcu_read_unlock+0x66/0x3d0 [ 1721.577154][T15934] mem_cgroup_out_of_memory+0x128/0x150 [ 1721.582800][T15934] try_charge+0xb6c/0xbf0 [ 1721.587142][T15934] ? rcu_note_context_switch+0x720/0x760 [ 1721.592783][T15934] mem_cgroup_try_charge+0xd2/0x260 [ 1721.598040][T15934] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1721.603670][T15934] __handle_mm_fault+0x197f/0x2e00 [ 1721.608862][T15934] handle_mm_fault+0x21b/0x530 [ 1721.613623][T15934] __get_user_pages+0x485/0x1130 [ 1721.618584][T15934] populate_vma_page_range+0xe6/0x100 [ 1721.624017][T15934] __mm_populate+0x168/0x2a0 [ 1721.628608][T15934] __x64_sys_mlockall+0x2e3/0x320 [ 1721.633637][T15934] do_syscall_64+0xcc/0x3a0 [ 1721.638236][T15934] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1721.644346][T15934] RIP: 0033:0x45af49 [ 1721.648305][T15934] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1721.667910][T15934] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1721.676395][T15934] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 07:53:46 executing program 1: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x80000, 0x8) ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000000040)=0x10000) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000240)='/dev/vcs#\x00', 0x7, 0x620002) sendmsg$NFT_MSG_GETCHAIN(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1080000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="12f58765a70a000129bd7000ffdbdf25690000542d07fdfbff020073797a3100"], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x8000) r2 = creat(&(0x7f0000000100)='./file0\x00', 0x0) r3 = dup(r0) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000200)) write$cgroup_type(r2, &(0x7f00000009c0)='threaded\x00', 0x76656f) ioctl$VT_GETSTATE(r2, 0x5603, &(0x7f00000001c0)={0x3ff, 0x20, 0x8000}) [ 1721.684371][T15934] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1721.692335][T15934] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1721.700296][T15934] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1721.708259][T15934] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1721.790163][T15934] memory: usage 307200kB, limit 307200kB, failcnt 2121 [ 1721.803828][T15934] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 07:53:46 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108005865000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:46 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x868}, 0x28) [ 1721.839407][T15934] Memory cgroup stats for /syz2: [ 1721.839595][T15934] anon 309125120 [ 1721.839595][T15934] file 106496 [ 1721.839595][T15934] kernel_stack 405504 [ 1721.839595][T15934] slab 1228800 [ 1721.839595][T15934] sock 53248 [ 1721.839595][T15934] shmem 0 [ 1721.839595][T15934] file_mapped 0 [ 1721.839595][T15934] file_dirty 0 [ 1721.839595][T15934] file_writeback 0 [ 1721.839595][T15934] anon_thp 268435456 [ 1721.839595][T15934] inactive_anon 258514944 [ 1721.839595][T15934] active_anon 13684736 [ 1721.839595][T15934] inactive_file 135168 [ 1721.839595][T15934] active_file 135168 [ 1721.839595][T15934] unevictable 37306368 [ 1721.839595][T15934] slab_reclaimable 405504 [ 1721.839595][T15934] slab_unreclaimable 823296 [ 1721.839595][T15934] pgfault 331947 [ 1721.839595][T15934] pgmajfault 0 [ 1721.839595][T15934] workingset_refault 0 [ 1721.839595][T15934] workingset_activate 0 [ 1721.839595][T15934] workingset_nodereclaim 0 [ 1721.839595][T15934] pgrefill 110 [ 1721.839595][T15934] pgscan 141 [ 1721.839595][T15934] pgsteal 35 [ 1721.976304][T16052] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:53:46 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x869}, 0x28) [ 1722.105849][T16052] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1722.120443][T15934] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=15919,uid=0 [ 1722.141114][T15934] Memory cgroup out of memory: Killed process 15919 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1722.163070][T16052] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1722.308620][T16038] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1722.322146][T16038] CPU: 1 PID: 16038 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1722.330880][T16038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1722.341021][T16038] Call Trace: [ 1722.344373][T16038] dump_stack+0x11d/0x181 [ 1722.348733][T16038] dump_header+0xaa/0x39c [ 1722.353156][T16038] oom_kill_process.cold+0x10/0x15 [ 1722.358286][T16038] out_of_memory+0x231/0xa60 [ 1722.362896][T16038] mem_cgroup_out_of_memory+0x128/0x150 [ 1722.368448][T16038] try_charge+0xb6c/0xbf0 [ 1722.372809][T16038] ? rcu_note_context_switch+0x720/0x760 [ 1722.378458][T16038] mem_cgroup_try_charge+0xd2/0x260 [ 1722.383709][T16038] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1722.389349][T16038] __handle_mm_fault+0x197f/0x2e00 [ 1722.394526][T16038] handle_mm_fault+0x21b/0x530 [ 1722.399371][T16038] __get_user_pages+0x485/0x1130 [ 1722.404326][T16038] populate_vma_page_range+0xe6/0x100 [ 1722.409704][T16038] __mm_populate+0x168/0x2a0 [ 1722.414341][T16038] __x64_sys_mlockall+0x2e3/0x320 [ 1722.419488][T16038] do_syscall_64+0xcc/0x3a0 [ 1722.423990][T16038] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1722.429919][T16038] RIP: 0033:0x45af49 [ 1722.433861][T16038] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1722.453479][T16038] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1722.461906][T16038] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1722.469923][T16038] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1722.477921][T16038] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1722.485897][T16038] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1722.493907][T16038] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1722.507599][T16038] memory: usage 307200kB, limit 307200kB, failcnt 2321 [ 1722.514573][T16038] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1722.523740][T16038] Memory cgroup stats for /syz4: [ 1722.523942][T16038] anon 310153216 [ 1722.523942][T16038] file 8192 [ 1722.523942][T16038] kernel_stack 368640 [ 1722.523942][T16038] slab 942080 [ 1722.523942][T16038] sock 0 [ 1722.523942][T16038] shmem 0 [ 1722.523942][T16038] file_mapped 0 [ 1722.523942][T16038] file_dirty 0 [ 1722.523942][T16038] file_writeback 0 [ 1722.523942][T16038] anon_thp 274726912 [ 1722.523942][T16038] inactive_anon 262639616 [ 1722.523942][T16038] active_anon 6840320 [ 1722.523942][T16038] inactive_file 0 [ 1722.523942][T16038] active_file 118784 [ 1722.523942][T16038] unevictable 40693760 [ 1722.523942][T16038] slab_reclaimable 135168 [ 1722.523942][T16038] slab_unreclaimable 806912 [ 1722.523942][T16038] pgfault 305712 [ 1722.523942][T16038] pgmajfault 0 [ 1722.523942][T16038] workingset_refault 0 [ 1722.523942][T16038] workingset_activate 0 [ 1722.523942][T16038] workingset_nodereclaim 0 [ 1722.523942][T16038] pgrefill 164 [ 1722.523942][T16038] pgscan 253 [ 1722.523942][T16038] pgsteal 34 [ 1722.621246][T16038] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=15812,uid=0 [ 1722.640337][T16038] Memory cgroup out of memory: Killed process 15812 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 07:53:48 executing program 4: pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:48 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x86a}, 0x28) 07:53:48 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020112020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:48 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x4, r0, 0x3}) openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x8000, 0x0) 07:53:48 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000068000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:48 executing program 2: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) [ 1723.485448][T16178] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1723.533737][T16174] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1723.589411][T16174] CPU: 0 PID: 16174 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1723.598134][T16174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1723.598984][T16178] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1723.608239][T16174] Call Trace: [ 1723.608270][T16174] dump_stack+0x11d/0x181 [ 1723.608368][T16174] dump_header+0xaa/0x39c [ 1723.608436][T16174] oom_kill_process.cold+0x10/0x15 [ 1723.632641][T16174] out_of_memory+0x231/0xa60 [ 1723.637253][T16174] ? __rcu_read_unlock+0x66/0x3d0 [ 1723.642307][T16174] mem_cgroup_out_of_memory+0x128/0x150 [ 1723.647875][T16174] try_charge+0xb6c/0xbf0 [ 1723.652229][T16174] ? rcu_note_context_switch+0x720/0x760 [ 1723.657889][T16174] mem_cgroup_try_charge+0xd2/0x260 [ 1723.663243][T16174] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1723.668909][T16174] __handle_mm_fault+0x197f/0x2e00 [ 1723.674104][T16174] handle_mm_fault+0x21b/0x530 [ 1723.678890][T16174] __get_user_pages+0x485/0x1130 [ 1723.683858][T16174] populate_vma_page_range+0xe6/0x100 [ 1723.689340][T16174] __mm_populate+0x168/0x2a0 [ 1723.694018][T16174] __x64_sys_mlockall+0x2e3/0x320 [ 1723.699077][T16174] do_syscall_64+0xcc/0x3a0 [ 1723.703684][T16174] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1723.703776][T16174] RIP: 0033:0x45af49 [ 1723.703883][T16174] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 07:53:48 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020122020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:48 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x86b}, 0x28) 07:53:48 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x8000, 0x0) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r1, 0x300, 0x70bd26, 0x25dfdbfd, {}, [@L2TP_ATTR_OFFSET={0x6, 0x3, 0x2}, @L2TP_ATTR_OFFSET={0x6, 0x3, 0xfff}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x3}, @L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x41}, 0x0) [ 1723.733167][T16174] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1723.741646][T16174] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1723.749628][T16174] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1723.757605][T16174] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1723.765673][T16174] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1723.773658][T16174] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1723.816041][T16174] memory: usage 307200kB, limit 307200kB, failcnt 2362 [ 1723.826769][T16174] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1723.834282][T16174] Memory cgroup stats for /syz4: [ 1723.834558][T16174] anon 310059008 [ 1723.834558][T16174] file 8192 [ 1723.834558][T16174] kernel_stack 331776 [ 1723.834558][T16174] slab 942080 [ 1723.834558][T16174] sock 0 [ 1723.834558][T16174] shmem 0 [ 1723.834558][T16174] file_mapped 0 [ 1723.834558][T16174] file_dirty 0 [ 1723.834558][T16174] file_writeback 0 [ 1723.834558][T16174] anon_thp 272629760 [ 1723.834558][T16174] inactive_anon 262606848 [ 1723.834558][T16174] active_anon 6881280 [ 1723.834558][T16174] inactive_file 0 [ 1723.834558][T16174] active_file 118784 [ 1723.834558][T16174] unevictable 40615936 [ 1723.834558][T16174] slab_reclaimable 135168 [ 1723.834558][T16174] slab_unreclaimable 806912 [ 1723.834558][T16174] pgfault 307692 [ 1723.834558][T16174] pgmajfault 0 [ 1723.834558][T16174] workingset_refault 0 [ 1723.834558][T16174] workingset_activate 0 07:53:48 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x86c}, 0x28) [ 1723.834558][T16174] workingset_nodereclaim 0 [ 1723.834558][T16174] pgrefill 164 [ 1723.834558][T16174] pgscan 253 [ 1723.834558][T16174] pgsteal 34 [ 1723.945829][T16174] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=16167,uid=0 [ 1723.966604][T16174] Memory cgroup out of memory: Killed process 16167 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1723.998436][T16178] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1724.083793][T16176] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1724.134340][T16176] CPU: 0 PID: 16176 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1724.143177][T16176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1724.153440][T16176] Call Trace: [ 1724.156834][T16176] dump_stack+0x11d/0x181 [ 1724.161220][T16176] dump_header+0xaa/0x39c [ 1724.165611][T16176] oom_kill_process.cold+0x10/0x15 [ 1724.170749][T16176] out_of_memory+0x231/0xa60 [ 1724.175585][T16176] mem_cgroup_out_of_memory+0x128/0x150 [ 1724.181256][T16176] try_charge+0xb6c/0xbf0 [ 1724.185770][T16176] ? rcu_note_context_switch+0x720/0x760 [ 1724.191700][T16176] mem_cgroup_try_charge+0xd2/0x260 [ 1724.196907][T16176] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1724.202675][T16176] __handle_mm_fault+0x197f/0x2e00 [ 1724.207894][T16176] handle_mm_fault+0x21b/0x530 [ 1724.212921][T16176] __get_user_pages+0x485/0x1130 [ 1724.218028][T16176] populate_vma_page_range+0xe6/0x100 [ 1724.223404][T16176] __mm_populate+0x168/0x2a0 [ 1724.228087][T16176] __x64_sys_mlockall+0x2e3/0x320 [ 1724.233160][T16176] do_syscall_64+0xcc/0x3a0 [ 1724.237900][T16176] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1724.243866][T16176] RIP: 0033:0x45af49 [ 1724.247836][T16176] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1724.267973][T16176] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1724.276583][T16176] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 07:53:48 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x86d}, 0x28) [ 1724.284650][T16176] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1724.292755][T16176] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1724.300851][T16176] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1724.308853][T16176] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:53:49 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020132020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1724.449328][T16176] memory: usage 307200kB, limit 307200kB, failcnt 2155 [ 1724.459004][T16176] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1724.466125][T16176] Memory cgroup stats for /syz2: [ 1724.466456][T16176] anon 309129216 [ 1724.466456][T16176] file 106496 [ 1724.466456][T16176] kernel_stack 405504 [ 1724.466456][T16176] slab 1228800 [ 1724.466456][T16176] sock 53248 [ 1724.466456][T16176] shmem 0 [ 1724.466456][T16176] file_mapped 0 [ 1724.466456][T16176] file_dirty 0 [ 1724.466456][T16176] file_writeback 0 [ 1724.466456][T16176] anon_thp 268435456 [ 1724.466456][T16176] inactive_anon 258560000 [ 1724.466456][T16176] active_anon 13725696 [ 1724.466456][T16176] inactive_file 135168 [ 1724.466456][T16176] active_file 135168 [ 1724.466456][T16176] unevictable 37175296 [ 1724.466456][T16176] slab_reclaimable 405504 [ 1724.466456][T16176] slab_unreclaimable 823296 [ 1724.466456][T16176] pgfault 333531 [ 1724.466456][T16176] pgmajfault 0 [ 1724.466456][T16176] workingset_refault 0 [ 1724.466456][T16176] workingset_activate 0 [ 1724.466456][T16176] workingset_nodereclaim 0 [ 1724.466456][T16176] pgrefill 110 [ 1724.466456][T16176] pgscan 141 [ 1724.466456][T16176] pgsteal 35 [ 1724.576558][T16176] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16162,uid=0 [ 1724.593079][T16176] Memory cgroup out of memory: Killed process 16162 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1724.621080][ T1065] oom_reaper: reaped process 16162 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:53:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800006c000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:49 executing program 1: kexec_load(0x0, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0x3}], 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) accept(r0, 0x0, &(0x7f0000000080)) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x4c}) 07:53:49 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x86e}, 0x28) 07:53:49 executing program 4: pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:49 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020142020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1725.272803][T16420] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1725.426516][T16420] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1725.592301][T16420] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1725.694483][T16531] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1725.737036][T16531] CPU: 1 PID: 16531 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1725.745795][T16531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1725.755954][T16531] Call Trace: [ 1725.759308][T16531] dump_stack+0x11d/0x181 [ 1725.763671][T16531] dump_header+0xaa/0x39c [ 1725.768039][T16531] oom_kill_process.cold+0x10/0x15 [ 1725.773560][T16531] out_of_memory+0x231/0xa60 [ 1725.778220][T16531] ? __rcu_read_unlock+0x66/0x3d0 [ 1725.783299][T16531] mem_cgroup_out_of_memory+0x128/0x150 [ 1725.788921][T16531] try_charge+0xb6c/0xbf0 [ 1725.793281][T16531] ? rcu_note_context_switch+0x720/0x760 [ 1725.799018][T16531] mem_cgroup_try_charge+0xd2/0x260 [ 1725.804268][T16531] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1725.809997][T16531] __handle_mm_fault+0x197f/0x2e00 [ 1725.815191][T16531] handle_mm_fault+0x21b/0x530 [ 1725.819987][T16531] __get_user_pages+0x485/0x1130 [ 1725.825083][T16531] populate_vma_page_range+0xe6/0x100 [ 1725.830491][T16531] __mm_populate+0x168/0x2a0 [ 1725.835179][T16531] __x64_sys_mlockall+0x2e3/0x320 [ 1725.840271][T16531] do_syscall_64+0xcc/0x3a0 [ 1725.844902][T16531] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1725.850825][T16531] RIP: 0033:0x45af49 [ 1725.854741][T16531] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1725.875549][T16531] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1725.884029][T16531] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1725.892010][T16531] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1725.900058][T16531] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1725.908129][T16531] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1725.916451][T16531] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1725.940776][T16531] memory: usage 307200kB, limit 307200kB, failcnt 2399 [ 1725.948801][T16531] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1725.959258][T16531] Memory cgroup stats for /syz4: [ 1725.959525][T16531] anon 310059008 [ 1725.959525][T16531] file 8192 [ 1725.959525][T16531] kernel_stack 368640 [ 1725.959525][T16531] slab 942080 [ 1725.959525][T16531] sock 0 [ 1725.959525][T16531] shmem 0 [ 1725.959525][T16531] file_mapped 0 [ 1725.959525][T16531] file_dirty 0 [ 1725.959525][T16531] file_writeback 0 [ 1725.959525][T16531] anon_thp 272629760 [ 1725.959525][T16531] inactive_anon 262516736 [ 1725.959525][T16531] active_anon 6832128 [ 1725.959525][T16531] inactive_file 0 [ 1725.959525][T16531] active_file 118784 [ 1725.959525][T16531] unevictable 40824832 [ 1725.959525][T16531] slab_reclaimable 135168 [ 1725.959525][T16531] slab_unreclaimable 806912 [ 1725.959525][T16531] pgfault 309342 [ 1725.959525][T16531] pgmajfault 0 [ 1725.959525][T16531] workingset_refault 0 [ 1725.959525][T16531] workingset_activate 0 [ 1725.959525][T16531] workingset_nodereclaim 0 [ 1725.959525][T16531] pgrefill 164 [ 1725.959525][T16531] pgscan 253 [ 1725.959525][T16531] pgsteal 34 [ 1726.062177][T16531] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=16407,uid=0 [ 1726.081417][T16531] Memory cgroup out of memory: Killed process 16407 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1726.110727][ T1065] oom_reaper: reaped process 16407 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1726.408774][T16176] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1726.419831][T16176] CPU: 0 PID: 16176 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1726.428506][T16176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1726.438557][T16176] Call Trace: [ 1726.441937][T16176] dump_stack+0x11d/0x181 [ 1726.446397][T16176] dump_header+0xaa/0x39c [ 1726.450760][T16176] oom_kill_process.cold+0x10/0x15 [ 1726.455893][T16176] out_of_memory+0x231/0xa60 [ 1726.460586][T16176] ? __rcu_read_unlock+0x66/0x3d0 [ 1726.465634][T16176] mem_cgroup_out_of_memory+0x128/0x150 [ 1726.471197][T16176] try_charge+0xb6c/0xbf0 [ 1726.475621][T16176] ? rcu_note_context_switch+0x720/0x760 [ 1726.481279][T16176] mem_cgroup_try_charge+0xd2/0x260 [ 1726.486574][T16176] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1726.492224][T16176] __handle_mm_fault+0x197f/0x2e00 [ 1726.497449][T16176] handle_mm_fault+0x21b/0x530 [ 1726.502219][T16176] __get_user_pages+0x485/0x1130 [ 1726.507257][T16176] populate_vma_page_range+0xe6/0x100 [ 1726.512650][T16176] __mm_populate+0x168/0x2a0 [ 1726.517293][T16176] __x64_sys_mremap+0x5df/0x750 [ 1726.522184][T16176] do_syscall_64+0xcc/0x3a0 [ 1726.526729][T16176] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1726.532630][T16176] RIP: 0033:0x45af49 [ 1726.536571][T16176] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1726.556181][T16176] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1726.564604][T16176] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1726.572624][T16176] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1726.580602][T16176] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1726.588924][T16176] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1726.596902][T16176] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1726.630695][T16176] memory: usage 307140kB, limit 307200kB, failcnt 2191 [ 1726.637794][T16176] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1726.645906][T16176] Memory cgroup stats for /syz2: [ 1726.647718][T16176] anon 300654592 [ 1726.647718][T16176] file 106496 [ 1726.647718][T16176] kernel_stack 405504 [ 1726.647718][T16176] slab 1228800 [ 1726.647718][T16176] sock 53248 [ 1726.647718][T16176] shmem 0 [ 1726.647718][T16176] file_mapped 0 [ 1726.647718][T16176] file_dirty 0 [ 1726.647718][T16176] file_writeback 0 [ 1726.647718][T16176] anon_thp 262144000 [ 1726.647718][T16176] inactive_anon 248143872 [ 1726.647718][T16176] active_anon 13725696 [ 1726.647718][T16176] inactive_file 135168 [ 1726.647718][T16176] active_file 135168 [ 1726.647718][T16176] unevictable 38825984 [ 1726.647718][T16176] slab_reclaimable 405504 [ 1726.647718][T16176] slab_unreclaimable 823296 [ 1726.647718][T16176] pgfault 334488 [ 1726.647718][T16176] pgmajfault 0 [ 1726.647718][T16176] workingset_refault 0 [ 1726.647718][T16176] workingset_activate 0 [ 1726.647718][T16176] workingset_nodereclaim 0 [ 1726.647718][T16176] pgrefill 110 [ 1726.647718][T16176] pgscan 141 [ 1726.647718][T16176] pgsteal 35 [ 1726.744502][T16176] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16175,uid=0 [ 1726.763149][T16176] Memory cgroup out of memory: Killed process 16176 (syz-executor.2) total-vm:72708kB, anon-rss:14156kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:188416kB oom_score_adj:1000 [ 1726.788053][ T1065] oom_reaper: reaped process 16176 (syz-executor.2), now anon-rss:14148kB, file-rss:54364kB, shmem-rss:0kB 07:53:52 executing program 2: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:52 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x86f}, 0x28) 07:53:52 executing program 1: kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x76656f) mmap$snddsp_control(&(0x7f0000ffa000/0x4000)=nil, 0x1000, 0x4, 0x2010, r0, 0x83000000) 07:53:52 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020152020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:52 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000074000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:52 executing program 4: pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:52 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020162020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:52 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x870}, 0x28) [ 1727.778100][T16556] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1727.887717][T16556] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1727.936707][T16557] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1727.951464][T16557] CPU: 1 PID: 16557 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1727.960184][T16557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1727.970265][T16557] Call Trace: [ 1727.973565][T16557] dump_stack+0x11d/0x181 [ 1727.977898][T16557] dump_header+0xaa/0x39c [ 1727.982234][T16557] oom_kill_process.cold+0x10/0x15 [ 1727.987348][T16557] out_of_memory+0x231/0xa60 [ 1727.991937][T16557] ? __rcu_read_unlock+0x66/0x3d0 [ 1727.996971][T16557] mem_cgroup_out_of_memory+0x128/0x150 [ 1728.002605][T16557] try_charge+0xb6c/0xbf0 [ 1728.006946][T16557] ? rcu_note_context_switch+0x720/0x760 [ 1728.012737][T16557] mem_cgroup_try_charge+0xd2/0x260 [ 1728.017952][T16557] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1728.023585][T16557] __handle_mm_fault+0x197f/0x2e00 [ 1728.028738][T16557] handle_mm_fault+0x21b/0x530 [ 1728.033524][T16557] __get_user_pages+0x485/0x1130 [ 1728.038537][T16557] populate_vma_page_range+0xe6/0x100 [ 1728.043911][T16557] __mm_populate+0x168/0x2a0 [ 1728.048601][T16557] __x64_sys_mlockall+0x2e3/0x320 [ 1728.053687][T16557] do_syscall_64+0xcc/0x3a0 [ 1728.058196][T16557] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1728.064154][T16557] RIP: 0033:0x45af49 [ 1728.068050][T16557] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1728.087656][T16557] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1728.096062][T16557] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1728.104046][T16557] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1728.112213][T16557] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1728.120179][T16557] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1728.128234][T16557] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:53:52 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x871}, 0x28) 07:53:52 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020172020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1728.183153][T16556] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:53:52 executing program 1: kexec_load(0x1000, 0x1, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r0 = socket$bt_cmtp(0x1f, 0x3, 0x5) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000000)=""/198, &(0x7f0000000100)=0xc6) 07:53:52 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800007a000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1728.328855][T16557] memory: usage 307200kB, limit 307200kB, failcnt 2419 [ 1728.337680][T16557] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1728.443140][T16557] Memory cgroup stats for /syz4: [ 1728.443418][T16557] anon 310149120 [ 1728.443418][T16557] file 8192 [ 1728.443418][T16557] kernel_stack 331776 [ 1728.443418][T16557] slab 942080 [ 1728.443418][T16557] sock 0 [ 1728.443418][T16557] shmem 0 [ 1728.443418][T16557] file_mapped 0 [ 1728.443418][T16557] file_dirty 0 [ 1728.443418][T16557] file_writeback 0 [ 1728.443418][T16557] anon_thp 272629760 [ 1728.443418][T16557] inactive_anon 262701056 [ 1728.443418][T16557] active_anon 6799360 [ 1728.443418][T16557] inactive_file 0 [ 1728.443418][T16557] active_file 118784 [ 1728.443418][T16557] unevictable 40824832 [ 1728.443418][T16557] slab_reclaimable 135168 [ 1728.443418][T16557] slab_unreclaimable 806912 [ 1728.443418][T16557] pgfault 310860 [ 1728.443418][T16557] pgmajfault 0 [ 1728.443418][T16557] workingset_refault 0 [ 1728.443418][T16557] workingset_activate 0 [ 1728.443418][T16557] workingset_nodereclaim 0 [ 1728.443418][T16557] pgrefill 164 [ 1728.443418][T16557] pgscan 253 [ 1728.443418][T16557] pgsteal 34 [ 1728.457483][T16680] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1728.544314][T16557] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=16538,uid=0 [ 1728.680676][T16557] Memory cgroup out of memory: Killed process 16538 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1728.708994][T16680] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1728.798366][T16680] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1729.280127][T16554] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1729.290994][T16554] CPU: 0 PID: 16554 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1729.299672][T16554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1729.309739][T16554] Call Trace: [ 1729.313096][T16554] dump_stack+0x11d/0x181 [ 1729.317446][T16554] dump_header+0xaa/0x39c [ 1729.321795][T16554] oom_kill_process.cold+0x10/0x15 [ 1729.326928][T16554] out_of_memory+0x231/0xa60 [ 1729.331580][T16554] ? __rcu_read_unlock+0x66/0x3d0 [ 1729.336697][T16554] mem_cgroup_out_of_memory+0x128/0x150 [ 1729.342260][T16554] try_charge+0xb6c/0xbf0 [ 1729.346628][T16554] ? rcu_note_context_switch+0x720/0x760 [ 1729.352290][T16554] mem_cgroup_try_charge+0xd2/0x260 [ 1729.357503][T16554] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1729.363184][T16554] __handle_mm_fault+0x197f/0x2e00 [ 1729.368337][T16554] handle_mm_fault+0x21b/0x530 [ 1729.373149][T16554] __get_user_pages+0x485/0x1130 [ 1729.378125][T16554] populate_vma_page_range+0xe6/0x100 [ 1729.383563][T16554] __mm_populate+0x168/0x2a0 [ 1729.388244][T16554] __x64_sys_mremap+0x5df/0x750 [ 1729.393278][T16554] do_syscall_64+0xcc/0x3a0 [ 1729.397930][T16554] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1729.403832][T16554] RIP: 0033:0x45af49 [ 1729.407779][T16554] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1729.427402][T16554] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1729.436085][T16554] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1729.444129][T16554] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1729.452218][T16554] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1729.460278][T16554] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1729.468267][T16554] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1729.494261][T16554] memory: usage 307200kB, limit 307200kB, failcnt 2222 [ 1729.501458][T16554] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1729.514521][T16554] Memory cgroup stats for /syz2: [ 1729.515950][T16554] anon 308989952 [ 1729.515950][T16554] file 106496 [ 1729.515950][T16554] kernel_stack 442368 [ 1729.515950][T16554] slab 1228800 [ 1729.515950][T16554] sock 53248 [ 1729.515950][T16554] shmem 0 [ 1729.515950][T16554] file_mapped 0 [ 1729.515950][T16554] file_dirty 0 [ 1729.515950][T16554] file_writeback 0 [ 1729.515950][T16554] anon_thp 270532608 [ 1729.515950][T16554] inactive_anon 254492672 [ 1729.515950][T16554] active_anon 13713408 [ 1729.515950][T16554] inactive_file 135168 [ 1729.515950][T16554] active_file 135168 [ 1729.515950][T16554] unevictable 41046016 [ 1729.515950][T16554] slab_reclaimable 405504 [ 1729.515950][T16554] slab_unreclaimable 823296 [ 1729.515950][T16554] pgfault 335874 [ 1729.515950][T16554] pgmajfault 0 [ 1729.515950][T16554] workingset_refault 0 [ 1729.515950][T16554] workingset_activate 0 [ 1729.515950][T16554] workingset_nodereclaim 0 [ 1729.515950][T16554] pgrefill 110 [ 1729.515950][T16554] pgscan 141 [ 1729.515950][T16554] pgsteal 35 [ 1729.613451][T16554] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16552,uid=0 [ 1729.631092][T16554] Memory cgroup out of memory: Killed process 16552 (syz-executor.2) total-vm:72708kB, anon-rss:14156kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:188416kB oom_score_adj:1000 [ 1729.657799][ T1065] oom_reaper: reaped process 16552 (syz-executor.2), now anon-rss:14148kB, file-rss:54364kB, shmem-rss:0kB 07:53:55 executing program 2: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:55 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x872}, 0x28) 07:53:55 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020182020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:55 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x0, 0x1, 0xffffff81, 0x0, 0x7}}) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) 07:53:55 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800fe80000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:53:55 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1730.565899][T16797] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1730.621390][T16797] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:53:55 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x873}, 0x28) 07:53:55 executing program 1: kexec_load(0xfffffffffffffffe, 0x232, &(0x7f0000000040), 0x0) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f00000001c0)={0x5, 0x102, 0x2, {0x3, 0xffffffc1, 0x4, 0x1}}) syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x2, 0xc2200) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000040)={{{@in=@loopback, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}}}, &(0x7f0000000140)=0xe8) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/am_droprate\x00', 0x2, 0x0) setsockopt$inet6_IPV6_PKTINFO(r2, 0x29, 0x32, &(0x7f0000000180)={@mcast2, r1}, 0xfffffffffffffcfd) [ 1730.734613][T16797] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1730.741086][T16904] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1730.761074][T16904] CPU: 0 PID: 16904 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1730.769820][T16904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1730.779890][T16904] Call Trace: 07:53:55 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020192020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1730.783206][T16904] dump_stack+0x11d/0x181 [ 1730.787571][T16904] dump_header+0xaa/0x39c [ 1730.791936][T16904] oom_kill_process.cold+0x10/0x15 [ 1730.797166][T16904] out_of_memory+0x231/0xa60 [ 1730.801788][T16904] ? __rcu_read_unlock+0x66/0x3d0 [ 1730.806848][T16904] mem_cgroup_out_of_memory+0x128/0x150 [ 1730.812419][T16904] try_charge+0xb6c/0xbf0 [ 1730.816846][T16904] ? rcu_note_context_switch+0x720/0x760 [ 1730.822524][T16904] mem_cgroup_try_charge+0xd2/0x260 [ 1730.827959][T16904] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1730.833622][T16904] __handle_mm_fault+0x197f/0x2e00 [ 1730.838970][T16904] handle_mm_fault+0x21b/0x530 [ 1730.843839][T16904] __get_user_pages+0x485/0x1130 [ 1730.848823][T16904] populate_vma_page_range+0xe6/0x100 [ 1730.854207][T16904] __mm_populate+0x168/0x2a0 [ 1730.858817][T16904] __x64_sys_mlockall+0x2e3/0x320 [ 1730.863855][T16904] do_syscall_64+0xcc/0x3a0 [ 1730.868406][T16904] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1730.874303][T16904] RIP: 0033:0x45af49 [ 1730.878208][T16904] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1730.897891][T16904] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1730.906441][T16904] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1730.914406][T16904] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1730.922421][T16904] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 07:53:55 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000081000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1730.930387][T16904] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1730.938351][T16904] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1730.956566][T16904] memory: usage 307200kB, limit 307200kB, failcnt 2246 [ 1730.964486][T16904] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1730.991046][T16904] Memory cgroup stats for /syz2: [ 1730.991335][T16904] anon 309137408 [ 1730.991335][T16904] file 106496 [ 1730.991335][T16904] kernel_stack 405504 [ 1730.991335][T16904] slab 1228800 [ 1730.991335][T16904] sock 53248 [ 1730.991335][T16904] shmem 0 [ 1730.991335][T16904] file_mapped 0 [ 1730.991335][T16904] file_dirty 0 [ 1730.991335][T16904] file_writeback 0 [ 1730.991335][T16904] anon_thp 270532608 [ 1730.991335][T16904] inactive_anon 258498560 [ 1730.991335][T16904] active_anon 13717504 [ 1730.991335][T16904] inactive_file 135168 [ 1730.991335][T16904] active_file 135168 [ 1730.991335][T16904] unevictable 37306368 [ 1730.991335][T16904] slab_reclaimable 405504 [ 1730.991335][T16904] slab_unreclaimable 823296 [ 1730.991335][T16904] pgfault 336831 [ 1730.991335][T16904] pgmajfault 0 [ 1730.991335][T16904] workingset_refault 0 [ 1730.991335][T16904] workingset_activate 0 [ 1730.991335][T16904] workingset_nodereclaim 0 [ 1730.991335][T16904] pgrefill 110 [ 1730.991335][T16904] pgscan 141 [ 1730.991335][T16904] pgsteal 35 [ 1731.091654][T16904] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=16679,uid=0 [ 1731.148668][T16904] Memory cgroup out of memory: Killed process 16679 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1731.200315][T17017] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1731.224516][T17017] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1731.242559][T16902] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 07:53:55 executing program 1: r0 = syz_open_dev$sndtimer(&(0x7f0000000280)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000000)={{0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000140)={0x0, 0x0, 0x4}) fcntl$setstatus(r0, 0x4, 0x4c00) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) [ 1731.280067][T17017] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1731.297724][T16902] CPU: 1 PID: 16902 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1731.306443][T16902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1731.316502][T16902] Call Trace: [ 1731.320094][T16902] dump_stack+0x11d/0x181 [ 1731.324530][T16902] dump_header+0xaa/0x39c [ 1731.329078][T16902] oom_kill_process.cold+0x10/0x15 [ 1731.334203][T16902] out_of_memory+0x231/0xa60 [ 1731.338817][T16902] mem_cgroup_out_of_memory+0x128/0x150 [ 1731.344404][T16902] try_charge+0xb6c/0xbf0 [ 1731.348759][T16902] ? rcu_note_context_switch+0x720/0x760 [ 1731.354769][T16902] mem_cgroup_try_charge+0xd2/0x260 [ 1731.359987][T16902] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1731.365630][T16902] __handle_mm_fault+0x197f/0x2e00 [ 1731.370828][T16902] handle_mm_fault+0x21b/0x530 [ 1731.375596][T16902] __get_user_pages+0x485/0x1130 [ 1731.380551][T16902] populate_vma_page_range+0xe6/0x100 [ 1731.385992][T16902] __mm_populate+0x168/0x2a0 [ 1731.390607][T16902] __x64_sys_mlockall+0x2e3/0x320 [ 1731.395691][T16902] do_syscall_64+0xcc/0x3a0 [ 1731.400243][T16902] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1731.406132][T16902] RIP: 0033:0x45af49 [ 1731.410045][T16902] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 07:53:56 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800fec0000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1731.429659][T16902] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1731.438099][T16902] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1731.446281][T16902] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1731.454334][T16902] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1731.462643][T16902] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1731.470689][T16902] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1731.643418][T17040] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1731.729008][T17040] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1731.763228][T16902] memory: usage 307200kB, limit 307200kB, failcnt 2454 [ 1731.770128][T16902] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1731.833531][T17040] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1731.868001][T16902] Memory cgroup stats for /syz4: [ 1731.868248][T16902] anon 310001664 [ 1731.868248][T16902] file 8192 [ 1731.868248][T16902] kernel_stack 331776 [ 1731.868248][T16902] slab 942080 [ 1731.868248][T16902] sock 0 [ 1731.868248][T16902] shmem 0 [ 1731.868248][T16902] file_mapped 0 [ 1731.868248][T16902] file_dirty 0 [ 1731.868248][T16902] file_writeback 0 [ 1731.868248][T16902] anon_thp 272629760 [ 1731.868248][T16902] inactive_anon 262533120 [ 1731.868248][T16902] active_anon 6791168 [ 1731.868248][T16902] inactive_file 0 [ 1731.868248][T16902] active_file 118784 [ 1731.868248][T16902] unevictable 40824832 [ 1731.868248][T16902] slab_reclaimable 135168 [ 1731.868248][T16902] slab_unreclaimable 806912 [ 1731.868248][T16902] pgfault 312411 [ 1731.868248][T16902] pgmajfault 0 [ 1731.868248][T16902] workingset_refault 0 [ 1731.868248][T16902] workingset_activate 0 [ 1731.868248][T16902] workingset_nodereclaim 0 [ 1731.868248][T16902] pgrefill 164 [ 1731.868248][T16902] pgscan 253 [ 1731.868248][T16902] pgsteal 34 [ 1731.970490][T16902] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=16785,uid=0 [ 1731.987039][T16902] Memory cgroup out of memory: Killed process 16785 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1732.021747][ T1065] oom_reaper: reaped process 16785 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:53:56 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:53:56 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020202020201a2020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:53:56 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x874}, 0x28) 07:53:56 executing program 1: r0 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000180)={0xa20000, 0xca, 0x8, 0xffffffffffffffff, 0x0, &(0x7f0000000140)={0x9a0921, 0xce4c, [], @p_u8=&(0x7f0000000100)=0xff}}) getsockopt$inet6_dccp_int(r1, 0x21, 0xf38c5724b7584a8f, &(0x7f00000001c0), &(0x7f0000000200)=0x4) kexec_load(0x0, 0x10, &(0x7f00000005c0)=[{0x0, 0x0, 0x9165a000}], 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_submit(0x0, 0x732, &(0x7f0000000540)=[&(0x7f00000000c0)={0x900000000000010, 0xc00000000100000, 0x80000000000016, 0x1, 0x0, r2, &(0x7f0000000000), 0x377140be6b5ef4c7}]) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x0}, {}, {}]}) ioctl$DRM_IOCTL_LOCK(r2, 0x4008642a, &(0x7f0000000080)={r3, 0x2c45ae610fcc6051}) 07:53:56 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100001080018d9000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1732.412887][T17142] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1732.629123][T17142] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:53:57 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:53:57 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x875}, 0x28) 07:53:57 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020202020201b2020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1732.751382][T17142] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1732.794269][T17217] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1732.804638][T17217] CPU: 0 PID: 17217 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1732.813484][T17217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1732.823545][T17217] Call Trace: [ 1732.826950][T17217] dump_stack+0x11d/0x181 [ 1732.831338][T17217] dump_header+0xaa/0x39c [ 1732.835736][T17217] oom_kill_process.cold+0x10/0x15 [ 1732.840891][T17217] out_of_memory+0x231/0xa60 [ 1732.846029][T17217] ? __rcu_read_unlock+0x66/0x3d0 [ 1732.851088][T17217] mem_cgroup_out_of_memory+0x128/0x150 [ 1732.856668][T17217] try_charge+0xb6c/0xbf0 [ 1732.861033][T17217] ? rcu_note_context_switch+0x720/0x760 [ 1732.866706][T17217] mem_cgroup_try_charge+0xd2/0x260 [ 1732.871958][T17217] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1732.877610][T17217] __handle_mm_fault+0x197f/0x2e00 [ 1732.882825][T17217] handle_mm_fault+0x21b/0x530 [ 1732.887875][T17217] __get_user_pages+0x485/0x1130 [ 1732.893116][T17217] populate_vma_page_range+0xe6/0x100 [ 1732.898508][T17217] __mm_populate+0x168/0x2a0 [ 1732.903126][T17217] __x64_sys_mlockall+0x2e3/0x320 [ 1732.908222][T17217] do_syscall_64+0xcc/0x3a0 [ 1732.912744][T17217] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1732.918632][T17217] RIP: 0033:0x45af49 [ 1732.922572][T17217] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 07:53:57 executing program 1: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) [ 1732.942264][T17217] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1732.950676][T17217] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1732.958662][T17217] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1732.966627][T17217] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1732.974591][T17217] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1732.982556][T17217] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1733.100676][T17217] memory: usage 307200kB, limit 307200kB, failcnt 2275 07:53:57 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100001080000fc000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1733.162421][T17217] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1733.187281][T17217] Memory cgroup stats for /syz2: [ 1733.187495][T17217] anon 309088256 [ 1733.187495][T17217] file 106496 [ 1733.187495][T17217] kernel_stack 405504 [ 1733.187495][T17217] slab 1228800 [ 1733.187495][T17217] sock 53248 [ 1733.187495][T17217] shmem 0 [ 1733.187495][T17217] file_mapped 0 [ 1733.187495][T17217] file_dirty 0 [ 1733.187495][T17217] file_writeback 0 [ 1733.187495][T17217] anon_thp 268435456 [ 1733.187495][T17217] inactive_anon 258338816 [ 1733.187495][T17217] active_anon 13766656 [ 1733.187495][T17217] inactive_file 135168 [ 1733.187495][T17217] active_file 135168 [ 1733.187495][T17217] unevictable 37044224 [ 1733.187495][T17217] slab_reclaimable 405504 [ 1733.187495][T17217] slab_unreclaimable 823296 [ 1733.187495][T17217] pgfault 338283 [ 1733.187495][T17217] pgmajfault 0 [ 1733.187495][T17217] workingset_refault 0 [ 1733.187495][T17217] workingset_activate 0 [ 1733.187495][T17217] workingset_nodereclaim 0 [ 1733.187495][T17217] pgrefill 110 [ 1733.187495][T17217] pgscan 141 [ 1733.187495][T17217] pgsteal 35 [ 1733.310742][T17266] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1733.330552][T17266] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1733.342070][T17217] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17020,uid=0 07:53:57 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020202020201c2020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1733.358949][T17217] Memory cgroup out of memory: Killed process 17020 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1733.387859][T17263] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1733.395997][ T1065] oom_reaper: reaped process 17020 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1733.403746][T17263] CPU: 0 PID: 17263 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1733.417833][T17263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1733.427891][T17263] Call Trace: [ 1733.431205][T17263] dump_stack+0x11d/0x181 [ 1733.435545][T17263] dump_header+0xaa/0x39c [ 1733.439895][T17263] oom_kill_process.cold+0x10/0x15 [ 1733.445080][T17263] out_of_memory+0x231/0xa60 [ 1733.449758][T17263] mem_cgroup_out_of_memory+0x128/0x150 [ 1733.455397][T17263] try_charge+0xb6c/0xbf0 [ 1733.459753][T17263] ? rcu_note_context_switch+0x720/0x760 [ 1733.465403][T17263] mem_cgroup_try_charge+0xd2/0x260 [ 1733.470606][T17263] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1733.476639][T17263] __handle_mm_fault+0x197f/0x2e00 [ 1733.481987][T17263] handle_mm_fault+0x21b/0x530 [ 1733.486814][T17263] __get_user_pages+0x485/0x1130 [ 1733.491795][T17263] populate_vma_page_range+0xe6/0x100 [ 1733.497174][T17263] __mm_populate+0x168/0x2a0 [ 1733.501798][T17263] __x64_sys_mlockall+0x2e3/0x320 [ 1733.506851][T17263] do_syscall_64+0xcc/0x3a0 [ 1733.511376][T17263] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1733.517355][T17263] RIP: 0033:0x45af49 [ 1733.521286][T17263] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1733.540994][T17263] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1733.549426][T17263] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 07:53:58 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x876}, 0x28) [ 1733.557396][T17263] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1733.565431][T17263] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1733.573399][T17263] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1733.581469][T17263] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1733.590110][T17266] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1733.762322][T17263] memory: usage 307200kB, limit 307200kB, failcnt 2466 [ 1733.772851][T17263] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1733.828670][T17263] Memory cgroup stats for /syz4: [ 1733.828885][T17263] anon 310099968 [ 1733.828885][T17263] file 8192 [ 1733.828885][T17263] kernel_stack 331776 [ 1733.828885][T17263] slab 942080 [ 1733.828885][T17263] sock 0 [ 1733.828885][T17263] shmem 0 [ 1733.828885][T17263] file_mapped 0 [ 1733.828885][T17263] file_dirty 0 [ 1733.828885][T17263] file_writeback 0 [ 1733.828885][T17263] anon_thp 272629760 [ 1733.828885][T17263] inactive_anon 262787072 [ 1733.828885][T17263] active_anon 6828032 [ 1733.828885][T17263] inactive_file 0 [ 1733.828885][T17263] active_file 118784 [ 1733.828885][T17263] unevictable 40693760 [ 1733.828885][T17263] slab_reclaimable 135168 [ 1733.828885][T17263] slab_unreclaimable 806912 [ 1733.828885][T17263] pgfault 314061 [ 1733.828885][T17263] pgmajfault 0 [ 1733.828885][T17263] workingset_refault 0 [ 1733.828885][T17263] workingset_activate 0 [ 1733.828885][T17263] workingset_nodereclaim 0 [ 1733.828885][T17263] pgrefill 164 [ 1733.828885][T17263] pgscan 253 [ 1733.828885][T17263] pgsteal 34 [ 1733.965938][T17263] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17133,uid=0 [ 1733.984650][T17263] Memory cgroup out of memory: Killed process 17133 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1734.029099][ T1065] oom_reaper: reaped process 17133 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1734.862917][T17217] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1734.877428][T17217] CPU: 1 PID: 17217 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1734.886159][T17217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1734.896598][T17217] Call Trace: [ 1734.899892][T17217] dump_stack+0x11d/0x181 [ 1734.904217][T17217] dump_header+0xaa/0x39c [ 1734.908709][T17217] oom_kill_process.cold+0x10/0x15 [ 1734.913839][T17217] out_of_memory+0x231/0xa60 [ 1734.918427][T17217] mem_cgroup_out_of_memory+0x128/0x150 [ 1734.924032][T17217] try_charge+0xb6c/0xbf0 [ 1734.928466][T17217] ? rcu_note_context_switch+0x720/0x760 [ 1734.934099][T17217] mem_cgroup_try_charge+0xd2/0x260 [ 1734.939400][T17217] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1734.945030][T17217] __handle_mm_fault+0x197f/0x2e00 [ 1734.950173][T17217] handle_mm_fault+0x21b/0x530 [ 1734.954931][T17217] __get_user_pages+0x485/0x1130 [ 1734.959919][T17217] populate_vma_page_range+0xe6/0x100 [ 1734.965452][T17217] __mm_populate+0x168/0x2a0 [ 1734.970519][T17217] __x64_sys_mremap+0x5df/0x750 [ 1734.975370][T17217] do_syscall_64+0xcc/0x3a0 [ 1734.979866][T17217] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1734.985740][T17217] RIP: 0033:0x45af49 [ 1734.989703][T17217] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1735.009317][T17217] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1735.017715][T17217] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1735.025671][T17217] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1735.033701][T17217] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1735.041657][T17217] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1735.049702][T17217] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1735.060812][T17217] memory: usage 307200kB, limit 307200kB, failcnt 2322 [ 1735.067901][T17217] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1735.075351][T17217] Memory cgroup stats for /syz2: [ 1735.076963][T17217] anon 309108736 [ 1735.076963][T17217] file 106496 [ 1735.076963][T17217] kernel_stack 405504 [ 1735.076963][T17217] slab 1228800 [ 1735.076963][T17217] sock 53248 [ 1735.076963][T17217] shmem 0 [ 1735.076963][T17217] file_mapped 0 [ 1735.076963][T17217] file_dirty 0 [ 1735.076963][T17217] file_writeback 0 [ 1735.076963][T17217] anon_thp 268435456 [ 1735.076963][T17217] inactive_anon 254377984 [ 1735.076963][T17217] active_anon 13766656 [ 1735.076963][T17217] inactive_file 135168 [ 1735.076963][T17217] active_file 135168 [ 1735.076963][T17217] unevictable 41046016 [ 1735.076963][T17217] slab_reclaimable 405504 [ 1735.076963][T17217] slab_unreclaimable 823296 [ 1735.076963][T17217] pgfault 339207 [ 1735.076963][T17217] pgmajfault 0 [ 1735.076963][T17217] workingset_refault 0 [ 1735.076963][T17217] workingset_activate 0 [ 1735.076963][T17217] workingset_nodereclaim 0 [ 1735.076963][T17217] pgrefill 110 [ 1735.076963][T17217] pgscan 141 [ 1735.076963][T17217] pgsteal 35 [ 1735.173178][T17217] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17147,uid=0 [ 1735.190477][T17217] Memory cgroup out of memory: Killed process 17147 (syz-executor.2) total-vm:72708kB, anon-rss:14156kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:188416kB oom_score_adj:1000 [ 1735.214039][ T1065] oom_reaper: reaped process 17147 (syz-executor.2), now anon-rss:14148kB, file-rss:54364kB, shmem-rss:0kB 07:54:00 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100001080080fe000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:00 executing program 1: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:00 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x877}, 0x28) 07:54:00 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020202020201d2020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:00 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1735.990571][T17391] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1736.025732][T17391] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1736.119002][T17391] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1736.140130][T17394] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1736.184369][T17394] CPU: 1 PID: 17394 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1736.193107][T17394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1736.203214][T17394] Call Trace: [ 1736.206637][T17394] dump_stack+0x11d/0x181 [ 1736.211009][T17394] dump_header+0xaa/0x39c [ 1736.215358][T17394] oom_kill_process.cold+0x10/0x15 [ 1736.220496][T17394] out_of_memory+0x231/0xa60 [ 1736.225174][T17394] ? __rcu_read_unlock+0x66/0x3d0 [ 1736.230344][T17394] mem_cgroup_out_of_memory+0x128/0x150 [ 1736.235968][T17394] try_charge+0xb6c/0xbf0 [ 1736.240367][T17394] ? rcu_note_context_switch+0x720/0x760 [ 1736.246101][T17394] mem_cgroup_try_charge+0xd2/0x260 [ 1736.251311][T17394] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1736.256952][T17394] __handle_mm_fault+0x197f/0x2e00 [ 1736.262100][T17394] handle_mm_fault+0x21b/0x530 [ 1736.266927][T17394] __get_user_pages+0x485/0x1130 [ 1736.271884][T17394] populate_vma_page_range+0xe6/0x100 [ 1736.277341][T17394] __mm_populate+0x168/0x2a0 [ 1736.282592][T17394] __x64_sys_mlockall+0x2e3/0x320 [ 1736.287645][T17394] do_syscall_64+0xcc/0x3a0 [ 1736.292251][T17394] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1736.298163][T17394] RIP: 0033:0x45af49 [ 1736.302127][T17394] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1736.321732][T17394] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 07:54:00 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x878}, 0x28) [ 1736.330152][T17394] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1736.338203][T17394] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1736.346260][T17394] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1736.354267][T17394] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1736.362244][T17394] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1736.391354][T17394] memory: usage 307200kB, limit 307200kB, failcnt 2478 [ 1736.405677][T17394] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 07:54:00 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020202020201e2020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1736.443963][T17394] Memory cgroup stats for /syz4: [ 1736.444793][T17394] anon 310157312 [ 1736.444793][T17394] file 8192 [ 1736.444793][T17394] kernel_stack 331776 [ 1736.444793][T17394] slab 942080 [ 1736.444793][T17394] sock 0 [ 1736.444793][T17394] shmem 0 [ 1736.444793][T17394] file_mapped 0 [ 1736.444793][T17394] file_dirty 0 [ 1736.444793][T17394] file_writeback 0 [ 1736.444793][T17394] anon_thp 272629760 [ 1736.444793][T17394] inactive_anon 262701056 [ 1736.444793][T17394] active_anon 6836224 [ 1736.444793][T17394] inactive_file 0 07:54:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800c0fe000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1736.444793][T17394] active_file 118784 [ 1736.444793][T17394] unevictable 40824832 [ 1736.444793][T17394] slab_reclaimable 135168 [ 1736.444793][T17394] slab_unreclaimable 806912 [ 1736.444793][T17394] pgfault 315843 [ 1736.444793][T17394] pgmajfault 0 [ 1736.444793][T17394] workingset_refault 0 [ 1736.444793][T17394] workingset_activate 0 [ 1736.444793][T17394] workingset_nodereclaim 0 [ 1736.444793][T17394] pgrefill 164 [ 1736.444793][T17394] pgscan 253 [ 1736.444793][T17394] pgsteal 34 [ 1736.586553][T17408] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1736.607662][T17408] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1736.621773][T17394] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17383,uid=0 [ 1736.641537][T17394] Memory cgroup out of memory: Killed process 17383 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1736.663823][T17408] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1736.712080][ T1065] oom_reaper: reaped process 17383 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 07:54:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100001080000ff000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:01 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x879}, 0x28) 07:54:01 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020252020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1737.117115][T17519] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1737.196400][T17519] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1737.308884][T17519] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1737.646319][T17521] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1737.656749][T17521] CPU: 1 PID: 17521 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1737.665556][T17521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1737.675617][T17521] Call Trace: [ 1737.678924][T17521] dump_stack+0x11d/0x181 [ 1737.683274][T17521] dump_header+0xaa/0x39c [ 1737.687621][T17521] oom_kill_process.cold+0x10/0x15 [ 1737.692744][T17521] out_of_memory+0x231/0xa60 [ 1737.697427][T17521] ? __rcu_read_unlock+0x66/0x3d0 [ 1737.702475][T17521] mem_cgroup_out_of_memory+0x128/0x150 [ 1737.708093][T17521] try_charge+0xb6c/0xbf0 [ 1737.712541][T17521] ? rcu_note_context_switch+0x720/0x760 [ 1737.718197][T17521] mem_cgroup_try_charge+0xd2/0x260 [ 1737.723481][T17521] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1737.729122][T17521] __handle_mm_fault+0x197f/0x2e00 [ 1737.734300][T17521] handle_mm_fault+0x21b/0x530 [ 1737.739128][T17521] __get_user_pages+0x485/0x1130 [ 1737.744186][T17521] populate_vma_page_range+0xe6/0x100 [ 1737.749564][T17521] __mm_populate+0x168/0x2a0 [ 1737.754211][T17521] __x64_sys_mremap+0x5df/0x750 [ 1737.759112][T17521] do_syscall_64+0xcc/0x3a0 [ 1737.763695][T17521] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1737.769598][T17521] RIP: 0033:0x45af49 [ 1737.773605][T17521] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1737.793513][T17521] RSP: 002b:00007fe49bdf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1737.802053][T17521] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1737.810076][T17521] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1737.818056][T17521] RBP: 000000000075bfc8 R08: 0000000020130000 R09: 0000000000000000 [ 1737.826124][T17521] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe49bdf36d4 [ 1737.834177][T17521] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1737.871591][T17521] memory: usage 307168kB, limit 307200kB, failcnt 2532 [ 1737.882246][T17521] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1737.898318][T17521] Memory cgroup stats for /syz4: [ 1737.898498][T17521] anon 309993472 [ 1737.898498][T17521] file 8192 [ 1737.898498][T17521] kernel_stack 331776 [ 1737.898498][T17521] slab 942080 [ 1737.898498][T17521] sock 0 [ 1737.898498][T17521] shmem 0 [ 1737.898498][T17521] file_mapped 0 [ 1737.898498][T17521] file_dirty 0 [ 1737.898498][T17521] file_writeback 0 [ 1737.898498][T17521] anon_thp 270532608 [ 1737.898498][T17521] inactive_anon 258723840 [ 1737.898498][T17521] active_anon 6836224 [ 1737.898498][T17521] inactive_file 0 [ 1737.898498][T17521] active_file 118784 [ 1737.898498][T17521] unevictable 44609536 [ 1737.898498][T17521] slab_reclaimable 135168 [ 1737.898498][T17521] slab_unreclaimable 806912 [ 1737.898498][T17521] pgfault 317262 [ 1737.898498][T17521] pgmajfault 0 [ 1737.898498][T17521] workingset_refault 0 [ 1737.898498][T17521] workingset_activate 0 [ 1737.898498][T17521] workingset_nodereclaim 0 [ 1737.898498][T17521] pgrefill 164 [ 1737.898498][T17521] pgscan 253 [ 1737.898498][T17521] pgsteal 34 [ 1737.992857][T17521] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17390,uid=0 [ 1738.008919][T17521] Memory cgroup out of memory: Killed process 17521 (syz-executor.4) total-vm:72708kB, anon-rss:13432kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1738.030224][ T1065] oom_reaper: reaped process 17521 (syz-executor.4), now anon-rss:13676kB, file-rss:54364kB, shmem-rss:0kB [ 1738.032109][T17401] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1738.056100][T17401] CPU: 1 PID: 17401 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1738.065432][T17401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1738.075484][T17401] Call Trace: [ 1738.078809][T17401] dump_stack+0x11d/0x181 [ 1738.083250][T17401] dump_header+0xaa/0x39c [ 1738.087631][T17401] oom_kill_process.cold+0x10/0x15 [ 1738.092934][T17401] out_of_memory+0x231/0xa60 [ 1738.097684][T17401] mem_cgroup_out_of_memory+0x128/0x150 [ 1738.103256][T17401] try_charge+0xb6c/0xbf0 [ 1738.107714][T17401] ? rcu_note_context_switch+0x720/0x760 [ 1738.114251][T17401] mem_cgroup_try_charge+0xd2/0x260 [ 1738.119513][T17401] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1738.125328][T17401] __handle_mm_fault+0x197f/0x2e00 [ 1738.130505][T17401] handle_mm_fault+0x21b/0x530 [ 1738.135284][T17401] __get_user_pages+0x485/0x1130 [ 1738.140267][T17401] populate_vma_page_range+0xe6/0x100 [ 1738.145737][T17401] __mm_populate+0x168/0x2a0 [ 1738.150346][T17401] __x64_sys_mremap+0x5df/0x750 [ 1738.155386][T17401] do_syscall_64+0xcc/0x3a0 [ 1738.159950][T17401] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1738.165940][T17401] RIP: 0033:0x45af49 [ 1738.170149][T17401] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1738.189979][T17401] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1738.198417][T17401] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1738.206398][T17401] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1738.214503][T17401] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1738.222550][T17401] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1738.230642][T17401] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1738.243882][T17401] memory: usage 307200kB, limit 307200kB, failcnt 2348 [ 1738.251885][T17401] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1738.260195][T17401] Memory cgroup stats for /syz2: [ 1738.262751][T17401] anon 309104640 [ 1738.262751][T17401] file 106496 [ 1738.262751][T17401] kernel_stack 442368 [ 1738.262751][T17401] slab 1228800 [ 1738.262751][T17401] sock 53248 [ 1738.262751][T17401] shmem 0 [ 1738.262751][T17401] file_mapped 0 [ 1738.262751][T17401] file_dirty 0 [ 1738.262751][T17401] file_writeback 0 [ 1738.262751][T17401] anon_thp 270532608 [ 1738.262751][T17401] inactive_anon 254496768 [ 1738.262751][T17401] active_anon 13754368 [ 1738.262751][T17401] inactive_file 135168 [ 1738.262751][T17401] active_file 135168 [ 1738.262751][T17401] unevictable 40923136 [ 1738.262751][T17401] slab_reclaimable 405504 [ 1738.262751][T17401] slab_unreclaimable 823296 [ 1738.262751][T17401] pgfault 340593 [ 1738.262751][T17401] pgmajfault 0 [ 1738.262751][T17401] workingset_refault 0 [ 1738.262751][T17401] workingset_activate 0 [ 1738.262751][T17401] workingset_nodereclaim 0 [ 1738.262751][T17401] pgrefill 110 [ 1738.262751][T17401] pgscan 141 [ 1738.262751][T17401] pgsteal 35 [ 1738.364547][T17401] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17400,uid=0 [ 1738.381319][T17401] Memory cgroup out of memory: Killed process 17400 (syz-executor.2) total-vm:72708kB, anon-rss:14156kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:188416kB oom_score_adj:1000 [ 1738.404327][ T1065] oom_reaper: reaped process 17400 (syz-executor.2), now anon-rss:14148kB, file-rss:54364kB, shmem-rss:0kB 07:54:03 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000000100001080004ff000000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:03 executing program 1: pipe(&(0x7f0000000000)) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:03 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x87a}, 0x28) 07:54:03 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020302020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:03 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1739.300721][T17543] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:54:03 executing program 1: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1739.421273][T17543] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1739.467699][T17543] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:54:04 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x87b}, 0x28) 07:54:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:04 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e555820202020202020202020202020202020202020205c2020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1739.806443][T17662] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:54:04 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x87c}, 0x28) 07:54:04 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1739.864655][T17662] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1739.921096][T17662] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1740.640630][T17650] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1740.651248][T17650] CPU: 0 PID: 17650 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1740.659923][T17650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1740.670046][T17650] Call Trace: [ 1740.673397][T17650] dump_stack+0x11d/0x181 [ 1740.677744][T17650] dump_header+0xaa/0x39c [ 1740.682147][T17650] oom_kill_process.cold+0x10/0x15 [ 1740.687296][T17650] out_of_memory+0x231/0xa60 [ 1740.691908][T17650] ? __rcu_read_unlock+0x66/0x3d0 [ 1740.696938][T17650] mem_cgroup_out_of_memory+0x128/0x150 [ 1740.702490][T17650] try_charge+0xb6c/0xbf0 [ 1740.706810][T17650] ? rcu_note_context_switch+0x720/0x760 [ 1740.712502][T17650] mem_cgroup_try_charge+0xd2/0x260 [ 1740.717716][T17650] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1740.723356][T17650] __handle_mm_fault+0x197f/0x2e00 [ 1740.729000][T17650] handle_mm_fault+0x21b/0x530 [ 1740.733759][T17650] __get_user_pages+0x485/0x1130 [ 1740.738720][T17650] populate_vma_page_range+0xe6/0x100 [ 1740.744091][T17650] __mm_populate+0x168/0x2a0 [ 1740.748690][T17650] __x64_sys_mremap+0x5df/0x750 [ 1740.753545][T17650] do_syscall_64+0xcc/0x3a0 [ 1740.758182][T17650] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1740.764116][T17650] RIP: 0033:0x45af49 [ 1740.768005][T17650] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1740.787973][T17650] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1740.796398][T17650] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1740.804363][T17650] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1740.812343][T17650] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1740.820462][T17650] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1740.828489][T17650] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1740.841513][T17650] memory: usage 307200kB, limit 307200kB, failcnt 2393 [ 1740.849076][T17650] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1740.855995][T17650] Memory cgroup stats for /syz2: [ 1740.857423][T17650] anon 309010432 [ 1740.857423][T17650] file 106496 [ 1740.857423][T17650] kernel_stack 442368 [ 1740.857423][T17650] slab 1228800 [ 1740.857423][T17650] sock 53248 [ 1740.857423][T17650] shmem 0 [ 1740.857423][T17650] file_mapped 0 [ 1740.857423][T17650] file_dirty 0 [ 1740.857423][T17650] file_writeback 0 [ 1740.857423][T17650] anon_thp 270532608 [ 1740.857423][T17650] inactive_anon 254423040 [ 1740.857423][T17650] active_anon 13692928 [ 1740.857423][T17650] inactive_file 135168 [ 1740.857423][T17650] active_file 135168 [ 1740.857423][T17650] unevictable 40964096 [ 1740.857423][T17650] slab_reclaimable 405504 [ 1740.857423][T17650] slab_unreclaimable 823296 [ 1740.857423][T17650] pgfault 341979 [ 1740.857423][T17650] pgmajfault 0 [ 1740.857423][T17650] workingset_refault 0 [ 1740.857423][T17650] workingset_activate 0 [ 1740.857423][T17650] workingset_nodereclaim 0 [ 1740.857423][T17650] pgrefill 110 [ 1740.857423][T17650] pgscan 141 [ 1740.857423][T17650] pgsteal 35 [ 1740.955808][T17650] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17558,uid=0 [ 1740.974257][T17650] Memory cgroup out of memory: Killed process 17558 (syz-executor.2) total-vm:72708kB, anon-rss:14156kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:188416kB oom_score_adj:1000 [ 1740.996168][ T1065] oom_reaper: reaped process 17558 (syz-executor.2), now anon-rss:14148kB, file-rss:54364kB, shmem-rss:0kB 07:54:06 executing program 2: pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:06 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x87d}, 0x28) 07:54:06 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200220202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000200000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:06 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:54:06 executing program 1: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1741.851929][T17792] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:54:06 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x87e}, 0x28) [ 1741.931434][T17792] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1742.028087][T17792] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:54:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000300000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:06 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1742.120903][T17795] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1742.168311][T17795] CPU: 0 PID: 17795 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1742.177032][T17795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1742.187216][T17795] Call Trace: [ 1742.190599][T17795] dump_stack+0x11d/0x181 [ 1742.194966][T17795] dump_header+0xaa/0x39c [ 1742.199380][T17795] oom_kill_process.cold+0x10/0x15 [ 1742.204517][T17795] out_of_memory+0x231/0xa60 [ 1742.209118][T17795] ? __rcu_read_unlock+0x66/0x3d0 [ 1742.214170][T17795] mem_cgroup_out_of_memory+0x128/0x150 [ 1742.219839][T17795] try_charge+0xb6c/0xbf0 [ 1742.224326][T17795] ? rcu_note_context_switch+0x720/0x760 [ 1742.231028][T17795] mem_cgroup_try_charge+0xd2/0x260 [ 1742.236315][T17795] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1742.242033][T17795] __handle_mm_fault+0x197f/0x2e00 [ 1742.247184][T17795] handle_mm_fault+0x21b/0x530 [ 1742.251983][T17795] __get_user_pages+0x485/0x1130 [ 1742.256984][T17795] populate_vma_page_range+0xe6/0x100 [ 1742.263155][T17795] __mm_populate+0x168/0x2a0 [ 1742.267776][T17795] __x64_sys_mlockall+0x2e3/0x320 [ 1742.272871][T17795] do_syscall_64+0xcc/0x3a0 [ 1742.277506][T17795] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1742.283503][T17795] RIP: 0033:0x45af49 [ 1742.287416][T17795] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1742.307147][T17795] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 07:54:06 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x87f}, 0x28) 07:54:06 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200320202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1742.315602][T17795] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1742.323617][T17795] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1742.331596][T17795] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1742.339608][T17795] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1742.347591][T17795] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1742.393301][T17810] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1742.431087][T17810] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1742.501971][T17810] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:54:07 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x880}, 0x28) [ 1742.612329][T17795] memory: usage 307200kB, limit 307200kB, failcnt 2421 [ 1742.619492][T17795] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1742.631204][T17795] Memory cgroup stats for /syz2: [ 1742.631492][T17795] anon 309039104 [ 1742.631492][T17795] file 106496 [ 1742.631492][T17795] kernel_stack 442368 [ 1742.631492][T17795] slab 1228800 [ 1742.631492][T17795] sock 53248 [ 1742.631492][T17795] shmem 0 [ 1742.631492][T17795] file_mapped 0 [ 1742.631492][T17795] file_dirty 0 [ 1742.631492][T17795] file_writeback 0 [ 1742.631492][T17795] anon_thp 270532608 [ 1742.631492][T17795] inactive_anon 258506752 [ 1742.631492][T17795] active_anon 13758464 [ 1742.631492][T17795] inactive_file 135168 [ 1742.631492][T17795] active_file 0 [ 1742.631492][T17795] unevictable 37138432 [ 1742.631492][T17795] slab_reclaimable 405504 [ 1742.631492][T17795] slab_unreclaimable 823296 [ 1742.631492][T17795] pgfault 342969 [ 1742.631492][T17795] pgmajfault 0 [ 1742.631492][T17795] workingset_refault 0 [ 1742.631492][T17795] workingset_activate 0 [ 1742.631492][T17795] workingset_nodereclaim 0 [ 1742.631492][T17795] pgrefill 110 [ 1742.631492][T17795] pgscan 141 [ 1742.631492][T17795] pgsteal 35 [ 1742.734631][T17795] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=17776,uid=0 [ 1742.750647][T17795] Memory cgroup out of memory: Killed process 17776 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1742.873489][T17833] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1742.893216][T17833] CPU: 0 PID: 17833 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1742.901965][T17833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1742.912125][T17833] Call Trace: [ 1742.915478][T17833] dump_stack+0x11d/0x181 [ 1742.919833][T17833] dump_header+0xaa/0x39c [ 1742.924237][T17833] oom_kill_process.cold+0x10/0x15 [ 1742.929416][T17833] out_of_memory+0x231/0xa60 [ 1742.934029][T17833] mem_cgroup_out_of_memory+0x128/0x150 [ 1742.939589][T17833] try_charge+0xb6c/0xbf0 [ 1742.943930][T17833] ? rcu_note_context_switch+0x720/0x760 [ 1742.949767][T17833] mem_cgroup_try_charge+0xd2/0x260 [ 1742.954975][T17833] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1742.960638][T17833] __handle_mm_fault+0x197f/0x2e00 [ 1742.965893][T17833] handle_mm_fault+0x21b/0x530 [ 1742.970709][T17833] __get_user_pages+0x485/0x1130 [ 1742.975747][T17833] populate_vma_page_range+0xe6/0x100 [ 1742.981177][T17833] __mm_populate+0x168/0x2a0 [ 1742.985924][T17833] __x64_sys_mlockall+0x2e3/0x320 [ 1742.990955][T17833] do_syscall_64+0xcc/0x3a0 [ 1742.995447][T17833] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1743.001412][T17833] RIP: 0033:0x45af49 [ 1743.005298][T17833] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1743.025165][T17833] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1743.033633][T17833] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1743.041609][T17833] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1743.049622][T17833] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1743.057641][T17833] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1743.065635][T17833] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1743.086881][T17833] memory: usage 307200kB, limit 307200kB, failcnt 2585 [ 1743.094789][T17833] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1743.102170][T17833] Memory cgroup stats for /syz4: [ 1743.102448][T17833] anon 309760000 [ 1743.102448][T17833] file 8192 [ 1743.102448][T17833] kernel_stack 405504 [ 1743.102448][T17833] slab 942080 [ 1743.102448][T17833] sock 0 [ 1743.102448][T17833] shmem 0 [ 1743.102448][T17833] file_mapped 0 [ 1743.102448][T17833] file_dirty 0 [ 1743.102448][T17833] file_writeback 0 [ 1743.102448][T17833] anon_thp 274726912 [ 1743.102448][T17833] inactive_anon 262627328 [ 1743.102448][T17833] active_anon 11411456 [ 1743.102448][T17833] inactive_file 0 [ 1743.102448][T17833] active_file 118784 [ 1743.102448][T17833] unevictable 35782656 [ 1743.102448][T17833] slab_reclaimable 135168 [ 1743.102448][T17833] slab_unreclaimable 806912 [ 1743.102448][T17833] pgfault 317658 [ 1743.102448][T17833] pgmajfault 0 [ 1743.102448][T17833] workingset_refault 0 [ 1743.102448][T17833] workingset_activate 0 [ 1743.102448][T17833] workingset_nodereclaim 0 [ 1743.102448][T17833] pgrefill 197 [ 1743.102448][T17833] pgscan 286 [ 1743.102448][T17833] pgsteal 34 [ 1743.198677][T17833] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17525,uid=0 [ 1743.214913][T17833] Memory cgroup out of memory: Killed process 17525 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1743.482872][T17833] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1743.503271][T17833] CPU: 0 PID: 17833 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1743.511997][T17833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1743.522054][T17833] Call Trace: [ 1743.525361][T17833] dump_stack+0x11d/0x181 [ 1743.529708][T17833] dump_header+0xaa/0x39c [ 1743.534060][T17833] oom_kill_process.cold+0x10/0x15 [ 1743.539288][T17833] out_of_memory+0x231/0xa60 [ 1743.543930][T17833] ? __rcu_read_unlock+0x66/0x3d0 [ 1743.549005][T17833] mem_cgroup_out_of_memory+0x128/0x150 [ 1743.554566][T17833] try_charge+0xb6c/0xbf0 [ 1743.558909][T17833] ? rcu_note_context_switch+0x720/0x760 [ 1743.564656][T17833] mem_cgroup_try_charge+0xd2/0x260 [ 1743.569911][T17833] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1743.575564][T17833] __handle_mm_fault+0x197f/0x2e00 [ 1743.580755][T17833] handle_mm_fault+0x21b/0x530 [ 1743.585530][T17833] __get_user_pages+0x485/0x1130 [ 1743.590752][T17833] populate_vma_page_range+0xe6/0x100 [ 1743.596272][T17833] __mm_populate+0x168/0x2a0 [ 1743.600886][T17833] __x64_sys_mremap+0x5df/0x750 [ 1743.605813][T17833] do_syscall_64+0xcc/0x3a0 [ 1743.610334][T17833] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1743.616250][T17833] RIP: 0033:0x45af49 [ 1743.620162][T17833] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1743.639781][T17833] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1743.648240][T17833] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1743.656415][T17833] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1743.664520][T17833] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1743.672508][T17833] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1743.680512][T17833] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1743.695813][T17833] memory: usage 307200kB, limit 307200kB, failcnt 2623 [ 1743.703022][T17833] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1743.710027][T17833] Memory cgroup stats for /syz4: [ 1743.710339][T17833] anon 309620736 [ 1743.710339][T17833] file 8192 [ 1743.710339][T17833] kernel_stack 405504 [ 1743.710339][T17833] slab 942080 [ 1743.710339][T17833] sock 0 [ 1743.710339][T17833] shmem 0 [ 1743.710339][T17833] file_mapped 0 [ 1743.710339][T17833] file_dirty 0 [ 1743.710339][T17833] file_writeback 0 [ 1743.710339][T17833] anon_thp 274726912 [ 1743.710339][T17833] inactive_anon 259510272 [ 1743.710339][T17833] active_anon 11411456 [ 1743.710339][T17833] inactive_file 0 [ 1743.710339][T17833] active_file 118784 [ 1743.710339][T17833] unevictable 38756352 [ 1743.710339][T17833] slab_reclaimable 135168 [ 1743.710339][T17833] slab_unreclaimable 806912 [ 1743.710339][T17833] pgfault 318912 [ 1743.710339][T17833] pgmajfault 0 [ 1743.710339][T17833] workingset_refault 0 [ 1743.710339][T17833] workingset_activate 0 [ 1743.710339][T17833] workingset_nodereclaim 0 [ 1743.710339][T17833] pgrefill 197 [ 1743.710339][T17833] pgscan 286 [ 1743.710339][T17833] pgsteal 34 [ 1743.810124][T17833] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17832,uid=0 [ 1743.826476][T17833] Memory cgroup out of memory: Killed process 17832 (syz-executor.4) total-vm:72708kB, anon-rss:10004kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:184320kB oom_score_adj:1000 [ 1743.845872][ T1065] oom_reaper: reaped process 17832 (syz-executor.4), now anon-rss:9996kB, file-rss:54364kB, shmem-rss:0kB 07:54:09 executing program 2: pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:09 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200420202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000400000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:09 executing program 1: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:54:09 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x881}, 0x28) 07:54:09 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1744.659003][T17940] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1744.690147][T17942] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1744.699877][T17940] CPU: 0 PID: 17940 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1744.708624][T17940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1744.718937][T17940] Call Trace: [ 1744.722258][T17940] dump_stack+0x11d/0x181 [ 1744.726617][T17940] dump_header+0xaa/0x39c [ 1744.726722][T17942] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1744.730966][T17940] oom_kill_process.cold+0x10/0x15 [ 1744.731053][T17940] out_of_memory+0x231/0xa60 [ 1744.731132][T17940] ? __rcu_read_unlock+0x66/0x3d0 [ 1744.731162][T17940] mem_cgroup_out_of_memory+0x128/0x150 [ 1744.731256][T17940] try_charge+0xb6c/0xbf0 [ 1744.765157][T17940] ? rcu_note_context_switch+0x720/0x760 [ 1744.771325][T17940] mem_cgroup_try_charge+0xd2/0x260 [ 1744.771350][T17940] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1744.771379][T17940] __handle_mm_fault+0x197f/0x2e00 [ 1744.787332][T17940] handle_mm_fault+0x21b/0x530 [ 1744.792198][T17940] __get_user_pages+0x485/0x1130 [ 1744.797597][T17940] populate_vma_page_range+0xe6/0x100 [ 1744.802988][T17940] __mm_populate+0x168/0x2a0 [ 1744.807622][T17940] __x64_sys_mlockall+0x2e3/0x320 [ 1744.807658][T17940] do_syscall_64+0xcc/0x3a0 [ 1744.817171][T17940] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1744.823071][T17940] RIP: 0033:0x45af49 [ 1744.827000][T17940] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1744.846618][T17940] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 07:54:09 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x882}, 0x28) [ 1744.855141][T17940] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1744.863140][T17940] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1744.871125][T17940] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1744.879116][T17940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1744.887144][T17940] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff 07:54:09 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x883}, 0x28) [ 1744.922201][T17940] memory: usage 307200kB, limit 307200kB, failcnt 2659 [ 1744.932359][T17942] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1744.993400][T17940] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1745.014996][T17940] Memory cgroup stats for /syz4: [ 1745.015963][T17940] anon 309755904 [ 1745.015963][T17940] file 8192 [ 1745.015963][T17940] kernel_stack 405504 [ 1745.015963][T17940] slab 942080 [ 1745.015963][T17940] sock 0 [ 1745.015963][T17940] shmem 0 [ 1745.015963][T17940] file_mapped 0 [ 1745.015963][T17940] file_dirty 0 [ 1745.015963][T17940] file_writeback 0 [ 1745.015963][T17940] anon_thp 274726912 [ 1745.015963][T17940] inactive_anon 264613888 [ 1745.015963][T17940] active_anon 11411456 [ 1745.015963][T17940] inactive_file 0 [ 1745.015963][T17940] active_file 118784 [ 1745.015963][T17940] unevictable 33685504 [ 1745.015963][T17940] slab_reclaimable 135168 [ 1745.015963][T17940] slab_unreclaimable 806912 [ 1745.015963][T17940] pgfault 319011 [ 1745.015963][T17940] pgmajfault 0 [ 1745.015963][T17940] workingset_refault 0 [ 1745.015963][T17940] workingset_activate 0 [ 1745.015963][T17940] workingset_nodereclaim 0 [ 1745.015963][T17940] pgrefill 197 [ 1745.015963][T17940] pgscan 286 [ 1745.015963][T17940] pgsteal 34 07:54:09 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x884}, 0x28) 07:54:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000500000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:09 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200520202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:09 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x885}, 0x28) [ 1745.348098][T17960] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1745.349063][T17940] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17931,uid=0 [ 1745.399972][T17960] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1745.416248][T17940] Memory cgroup out of memory: Killed process 17931 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1745.486760][T17960] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1745.599380][T17945] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1745.621699][T17945] CPU: 1 PID: 17945 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1745.630562][T17945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1745.640693][T17945] Call Trace: [ 1745.644237][T17945] dump_stack+0x11d/0x181 [ 1745.648758][T17945] dump_header+0xaa/0x39c [ 1745.653411][T17945] oom_kill_process.cold+0x10/0x15 [ 1745.658651][T17945] out_of_memory+0x231/0xa60 [ 1745.663367][T17945] mem_cgroup_out_of_memory+0x128/0x150 [ 1745.668937][T17945] try_charge+0xb6c/0xbf0 [ 1745.673369][T17945] ? rcu_note_context_switch+0x720/0x760 [ 1745.688932][T17945] mem_cgroup_try_charge+0xd2/0x260 [ 1745.694205][T17945] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1745.699872][T17945] __handle_mm_fault+0x197f/0x2e00 [ 1745.705391][T17945] handle_mm_fault+0x21b/0x530 [ 1745.710176][T17945] __get_user_pages+0x485/0x1130 [ 1745.715265][T17945] populate_vma_page_range+0xe6/0x100 [ 1745.720678][T17945] __mm_populate+0x168/0x2a0 [ 1745.725392][T17945] __x64_sys_mlockall+0x2e3/0x320 [ 1745.731521][T17945] do_syscall_64+0xcc/0x3a0 [ 1745.736045][T17945] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1745.741945][T17945] RIP: 0033:0x45af49 [ 1745.745869][T17945] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1745.765498][T17945] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1745.774218][T17945] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1745.783124][T17945] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1745.791190][T17945] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1745.799181][T17945] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1745.807156][T17945] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1745.821043][T17945] memory: usage 307200kB, limit 307200kB, failcnt 2480 [ 1745.828085][T17945] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1745.837843][T17945] Memory cgroup stats for /syz2: [ 1745.838077][T17945] anon 309215232 [ 1745.838077][T17945] file 106496 [ 1745.838077][T17945] kernel_stack 442368 [ 1745.838077][T17945] slab 1228800 [ 1745.838077][T17945] sock 53248 [ 1745.838077][T17945] shmem 0 [ 1745.838077][T17945] file_mapped 0 [ 1745.838077][T17945] file_dirty 0 [ 1745.838077][T17945] file_writeback 0 [ 1745.838077][T17945] anon_thp 264241152 [ 1745.838077][T17945] inactive_anon 252071936 [ 1745.838077][T17945] active_anon 13725696 [ 1745.838077][T17945] inactive_file 135168 [ 1745.838077][T17945] active_file 0 [ 1745.838077][T17945] unevictable 43663360 [ 1745.838077][T17945] slab_reclaimable 405504 [ 1745.838077][T17945] slab_unreclaimable 823296 [ 1745.838077][T17945] pgfault 345048 [ 1745.838077][T17945] pgmajfault 0 [ 1745.838077][T17945] workingset_refault 0 [ 1745.838077][T17945] workingset_activate 0 [ 1745.838077][T17945] workingset_nodereclaim 0 [ 1745.838077][T17945] pgrefill 110 [ 1745.838077][T17945] pgscan 141 [ 1745.838077][T17945] pgsteal 35 [ 1745.944248][T17945] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=5893,uid=0 [ 1745.976483][T17945] Memory cgroup out of memory: Killed process 5893 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1746.001505][T18067] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1746.014074][ T1065] oom_reaper: reaped process 5893 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1746.035077][T18067] CPU: 0 PID: 18067 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1746.043798][T18067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1746.053866][T18067] Call Trace: [ 1746.057170][T18067] dump_stack+0x11d/0x181 [ 1746.061569][T18067] dump_header+0xaa/0x39c [ 1746.065936][T18067] oom_kill_process.cold+0x10/0x15 [ 1746.071123][T18067] out_of_memory+0x231/0xa60 [ 1746.075760][T18067] mem_cgroup_out_of_memory+0x128/0x150 [ 1746.081321][T18067] try_charge+0xb6c/0xbf0 [ 1746.085695][T18067] ? __rcu_read_unlock+0x66/0x3d0 [ 1746.090920][T18067] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1746.096392][T18067] __memcg_kmem_charge+0xcf/0x1b0 [ 1746.101497][T18067] __alloc_pages_nodemask+0x26c/0x310 [ 1746.106956][T18067] alloc_pages_current+0xd1/0x170 [ 1746.111993][T18067] pte_alloc_one+0x18/0x50 [ 1746.116416][T18067] __pte_alloc+0x2d/0x220 [ 1746.120786][T18067] copy_page_range+0x135a/0x19b0 [ 1746.125736][T18067] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1746.132262][T18067] ? __vma_link_rb+0x3f4/0x440 [ 1746.137142][T18067] dup_mm+0x74a/0xba0 [ 1746.141242][T18067] copy_process+0x3138/0x3c40 [ 1746.145985][T18067] _do_fork+0xfe/0x7a0 [ 1746.150119][T18067] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1746.156466][T18067] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1746.162371][T18067] ? __read_once_size+0x5a/0xe0 [ 1746.167469][T18067] __x64_sys_clone+0x130/0x170 [ 1746.172277][T18067] do_syscall_64+0xcc/0x3a0 [ 1746.176920][T18067] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1746.182819][T18067] RIP: 0033:0x45af49 [ 1746.186743][T18067] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1746.206798][T18067] RSP: 002b:00007fe49bdf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1746.215323][T18067] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1746.223408][T18067] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1746.231463][T18067] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 1746.239475][T18067] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49bdf36d4 [ 1746.247460][T18067] R13: 00000000004c1701 R14: 00000000004d68e0 R15: 00000000ffffffff [ 1746.263556][T18067] memory: usage 307056kB, limit 307200kB, failcnt 2684 [ 1746.270507][T18067] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1746.281014][T18067] Memory cgroup stats for /syz4: [ 1746.281393][T18067] anon 309395456 [ 1746.281393][T18067] file 8192 [ 1746.281393][T18067] kernel_stack 442368 [ 1746.281393][T18067] slab 942080 [ 1746.281393][T18067] sock 0 [ 1746.281393][T18067] shmem 0 [ 1746.281393][T18067] file_mapped 0 [ 1746.281393][T18067] file_dirty 0 [ 1746.281393][T18067] file_writeback 0 [ 1746.281393][T18067] anon_thp 274726912 [ 1746.281393][T18067] inactive_anon 246108160 [ 1746.281393][T18067] active_anon 11411456 [ 1746.281393][T18067] inactive_file 0 [ 1746.281393][T18067] active_file 118784 [ 1746.281393][T18067] unevictable 52060160 [ 1746.281393][T18067] slab_reclaimable 135168 [ 1746.281393][T18067] slab_unreclaimable 806912 [ 1746.281393][T18067] pgfault 320232 [ 1746.281393][T18067] pgmajfault 0 [ 1746.281393][T18067] workingset_refault 0 [ 1746.281393][T18067] workingset_activate 0 [ 1746.281393][T18067] workingset_nodereclaim 0 [ 1746.281393][T18067] pgrefill 197 [ 1746.281393][T18067] pgscan 286 [ 1746.281393][T18067] pgsteal 34 [ 1746.381602][T18067] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17935,uid=0 [ 1746.400182][T18067] Memory cgroup out of memory: Killed process 17935 (syz-executor.4) total-vm:72716kB, anon-rss:17952kB, file-rss:53464kB, shmem-rss:0kB, UID:0 pgtables:196608kB oom_score_adj:1000 [ 1746.421994][ T1065] oom_reaper: reaped process 17935 (syz-executor.4), now anon-rss:18148kB, file-rss:53464kB, shmem-rss:0kB 07:54:11 executing program 2: pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000600000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:11 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x886}, 0x28) 07:54:11 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200620202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:11 executing program 1: pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:11 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1746.879392][T18088] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:54:11 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200720202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1747.022356][T18088] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1747.052842][T18091] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1747.063661][T18091] CPU: 0 PID: 18091 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 07:54:11 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x887}, 0x28) [ 1747.072495][T18091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1747.082735][T18091] Call Trace: [ 1747.086095][T18091] dump_stack+0x11d/0x181 [ 1747.090646][T18091] dump_header+0xaa/0x39c [ 1747.095029][T18091] oom_kill_process.cold+0x10/0x15 [ 1747.100254][T18091] out_of_memory+0x231/0xa60 [ 1747.104905][T18091] ? __rcu_read_unlock+0x66/0x3d0 [ 1747.109955][T18091] mem_cgroup_out_of_memory+0x128/0x150 [ 1747.109981][T18091] try_charge+0xb6c/0xbf0 [ 1747.119861][T18091] ? rcu_note_context_switch+0x720/0x760 [ 1747.125591][T18091] mem_cgroup_try_charge+0xd2/0x260 [ 1747.130865][T18091] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1747.136507][T18091] __handle_mm_fault+0x197f/0x2e00 [ 1747.136541][T18091] handle_mm_fault+0x21b/0x530 [ 1747.146419][T18091] __get_user_pages+0x485/0x1130 [ 1747.151416][T18091] populate_vma_page_range+0xe6/0x100 [ 1747.156806][T18091] __mm_populate+0x168/0x2a0 [ 1747.161513][T18091] __x64_sys_mlockall+0x2e3/0x320 [ 1747.166555][T18091] do_syscall_64+0xcc/0x3a0 [ 1747.171079][T18091] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1747.176984][T18091] RIP: 0033:0x45af49 [ 1747.180895][T18091] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1747.200506][T18091] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1747.208997][T18091] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1747.217014][T18091] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1747.224993][T18091] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1747.233197][T18091] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1747.241170][T18091] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1747.296408][T18088] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:54:11 executing program 1: pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) [ 1747.351631][T18091] memory: usage 307200kB, limit 307200kB, failcnt 2505 [ 1747.360935][T18091] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1747.368207][T18091] Memory cgroup stats for /syz2: [ 1747.368433][T18091] anon 309202944 [ 1747.368433][T18091] file 106496 [ 1747.368433][T18091] kernel_stack 442368 [ 1747.368433][T18091] slab 1228800 [ 1747.368433][T18091] sock 53248 [ 1747.368433][T18091] shmem 0 [ 1747.368433][T18091] file_mapped 0 [ 1747.368433][T18091] file_dirty 0 [ 1747.368433][T18091] file_writeback 0 [ 1747.368433][T18091] anon_thp 260046848 [ 1747.368433][T18091] inactive_anon 251936768 [ 1747.368433][T18091] active_anon 13709312 [ 1747.368433][T18091] inactive_file 135168 [ 1747.368433][T18091] active_file 0 [ 1747.368433][T18091] unevictable 43499520 [ 1747.368433][T18091] slab_reclaimable 405504 [ 1747.368433][T18091] slab_unreclaimable 823296 [ 1747.368433][T18091] pgfault 347094 [ 1747.368433][T18091] pgmajfault 0 [ 1747.368433][T18091] workingset_refault 0 [ 1747.368433][T18091] workingset_activate 0 07:54:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000700000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1747.368433][T18091] workingset_nodereclaim 0 [ 1747.368433][T18091] pgrefill 110 [ 1747.368433][T18091] pgscan 141 [ 1747.368433][T18091] pgsteal 35 [ 1747.490007][T18091] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18072,uid=0 [ 1747.505924][T18091] Memory cgroup out of memory: Killed process 18072 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1747.637799][T18206] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1747.656089][T18080] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1747.665735][T18206] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1747.675457][T18080] CPU: 0 PID: 18080 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 07:54:12 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x888}, 0x28) [ 1747.684196][T18080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1747.694340][T18080] Call Trace: [ 1747.697675][T18080] dump_stack+0x11d/0x181 [ 1747.702055][T18080] dump_header+0xaa/0x39c [ 1747.706399][T18080] oom_kill_process.cold+0x10/0x15 [ 1747.711620][T18080] out_of_memory+0x231/0xa60 [ 1747.716242][T18080] mem_cgroup_out_of_memory+0x128/0x150 [ 1747.721815][T18080] try_charge+0xb6c/0xbf0 [ 1747.726166][T18080] ? rcu_note_context_switch+0x720/0x760 [ 1747.731812][T18080] mem_cgroup_try_charge+0xd2/0x260 [ 1747.737093][T18080] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1747.742746][T18080] __handle_mm_fault+0x197f/0x2e00 [ 1747.747958][T18080] handle_mm_fault+0x21b/0x530 [ 1747.752738][T18080] __get_user_pages+0x485/0x1130 [ 1747.757772][T18080] populate_vma_page_range+0xe6/0x100 [ 1747.763236][T18080] __mm_populate+0x168/0x2a0 [ 1747.768020][T18080] __x64_sys_mremap+0x5df/0x750 [ 1747.773289][T18080] do_syscall_64+0xcc/0x3a0 [ 1747.777844][T18080] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1747.783747][T18080] RIP: 0033:0x45af49 [ 1747.787878][T18080] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1747.807505][T18080] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1747.807522][T18080] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1747.807533][T18080] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1747.807542][T18080] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1747.807553][T18080] R10: 0000000000000003 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1747.807643][T18080] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1747.834013][ T1065] oom_reaper: reaped process 18072 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1747.842242][T18080] memory: usage 307200kB, limit 307200kB, failcnt 2720 [ 1747.874089][T18080] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1747.881249][T18080] Memory cgroup stats for /syz4: 07:54:12 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200820202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1747.881408][T18080] anon 309661696 [ 1747.881408][T18080] file 8192 [ 1747.881408][T18080] kernel_stack 405504 [ 1747.881408][T18080] slab 942080 [ 1747.881408][T18080] sock 0 [ 1747.881408][T18080] shmem 0 [ 1747.881408][T18080] file_mapped 0 [ 1747.881408][T18080] file_dirty 0 [ 1747.881408][T18080] file_writeback 0 [ 1747.881408][T18080] anon_thp 276824064 [ 1747.881408][T18080] inactive_anon 260747264 [ 1747.881408][T18080] active_anon 11350016 [ 1747.881408][T18080] inactive_file 0 [ 1747.881408][T18080] active_file 118784 [ 1747.881408][T18080] unevictable 37511168 [ 1747.881408][T18080] slab_reclaimable 135168 [ 1747.881408][T18080] slab_unreclaimable 806912 [ 1747.881408][T18080] pgfault 321090 [ 1747.881408][T18080] pgmajfault 0 [ 1747.881408][T18080] workingset_refault 0 [ 1747.881408][T18080] workingset_activate 0 [ 1747.881408][T18080] workingset_nodereclaim 0 [ 1747.881408][T18080] pgrefill 197 [ 1747.881408][T18080] pgscan 286 [ 1747.881408][T18080] pgsteal 34 [ 1747.976102][T18080] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18077,uid=0 [ 1747.991975][T18080] Memory cgroup out of memory: Killed process 18077 (syz-executor.4) total-vm:72708kB, anon-rss:10004kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:184320kB oom_score_adj:1000 [ 1748.011789][ T1065] oom_reaper: reaped process 18077 (syz-executor.4), now anon-rss:10008kB, file-rss:54364kB, shmem-rss:0kB [ 1748.089192][T18206] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:54:13 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:13 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200920202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:13 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x889}, 0x28) 07:54:13 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:13 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:54:13 executing program 1: pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:13 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200a20202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1748.921743][T18336] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1748.972973][T18335] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1748.993723][T18335] CPU: 0 PID: 18335 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1749.002437][T18335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1749.012580][T18335] Call Trace: [ 1749.015919][T18335] dump_stack+0x11d/0x181 [ 1749.020378][T18335] dump_header+0xaa/0x39c [ 1749.024888][T18335] oom_kill_process.cold+0x10/0x15 [ 1749.030247][T18335] out_of_memory+0x231/0xa60 [ 1749.034841][T18335] ? __rcu_read_unlock+0x66/0x3d0 [ 1749.039946][T18335] mem_cgroup_out_of_memory+0x128/0x150 [ 1749.045574][T18335] try_charge+0xb6c/0xbf0 [ 1749.049973][T18335] ? rcu_note_context_switch+0x720/0x760 [ 1749.055629][T18335] mem_cgroup_try_charge+0xd2/0x260 [ 1749.060845][T18335] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1749.066552][T18335] __handle_mm_fault+0x197f/0x2e00 [ 1749.071672][T18335] handle_mm_fault+0x21b/0x530 [ 1749.076523][T18335] __get_user_pages+0x485/0x1130 [ 1749.081473][T18335] populate_vma_page_range+0xe6/0x100 [ 1749.086843][T18335] __mm_populate+0x168/0x2a0 [ 1749.091437][T18335] __x64_sys_mlockall+0x2e3/0x320 [ 1749.096482][T18335] do_syscall_64+0xcc/0x3a0 [ 1749.100991][T18335] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1749.107398][T18335] RIP: 0033:0x45af49 [ 1749.111357][T18335] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1749.131910][T18335] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1749.140343][T18335] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1749.148326][T18335] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1749.156301][T18335] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1749.164283][T18335] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1749.172246][T18335] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1749.181488][T18335] memory: usage 307200kB, limit 307200kB, failcnt 2515 [ 1749.189382][T18335] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1749.196466][T18335] Memory cgroup stats for /syz2: [ 1749.196923][T18335] anon 309190656 [ 1749.196923][T18335] file 106496 [ 1749.196923][T18335] kernel_stack 405504 [ 1749.196923][T18335] slab 1228800 [ 1749.196923][T18335] sock 53248 [ 1749.196923][T18335] shmem 0 [ 1749.196923][T18335] file_mapped 0 [ 1749.196923][T18335] file_dirty 0 [ 1749.196923][T18335] file_writeback 0 [ 1749.196923][T18335] anon_thp 264241152 [ 1749.196923][T18335] inactive_anon 252035072 [ 1749.196923][T18335] active_anon 13717504 [ 1749.196923][T18335] inactive_file 135168 [ 1749.196923][T18335] active_file 0 [ 1749.196923][T18335] unevictable 43466752 [ 1749.196923][T18335] slab_reclaimable 405504 [ 1749.196923][T18335] slab_unreclaimable 823296 [ 1749.196923][T18335] pgfault 348678 [ 1749.196923][T18335] pgmajfault 0 [ 1749.196923][T18335] workingset_refault 0 [ 1749.196923][T18335] workingset_activate 0 [ 1749.196923][T18335] workingset_nodereclaim 0 [ 1749.196923][T18335] pgrefill 110 [ 1749.196923][T18335] pgscan 141 [ 1749.196923][T18335] pgsteal 35 [ 1749.218378][T18336] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1749.293587][T18335] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18215,uid=0 [ 1749.317796][T18335] Memory cgroup out of memory: Killed process 18215 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 07:54:13 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200b20202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1749.379168][T18338] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1749.394350][T18338] CPU: 1 PID: 18338 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1749.403134][T18338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1749.413365][T18338] Call Trace: [ 1749.416686][T18338] dump_stack+0x11d/0x181 [ 1749.421038][T18338] dump_header+0xaa/0x39c [ 1749.425385][T18338] oom_kill_process.cold+0x10/0x15 [ 1749.432490][T18338] out_of_memory+0x231/0xa60 [ 1749.437139][T18338] mem_cgroup_out_of_memory+0x128/0x150 [ 1749.442778][T18338] try_charge+0xb6c/0xbf0 [ 1749.447125][T18338] ? rcu_note_context_switch+0x720/0x760 [ 1749.452772][T18338] mem_cgroup_try_charge+0xd2/0x260 [ 1749.457985][T18338] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1749.463720][T18338] __handle_mm_fault+0x197f/0x2e00 [ 1749.468934][T18338] handle_mm_fault+0x21b/0x530 [ 1749.473710][T18338] __get_user_pages+0x485/0x1130 [ 1749.478738][T18338] populate_vma_page_range+0xe6/0x100 [ 1749.484119][T18338] __mm_populate+0x168/0x2a0 [ 1749.488857][T18338] __x64_sys_mlockall+0x2e3/0x320 [ 1749.494025][T18338] do_syscall_64+0xcc/0x3a0 [ 1749.498540][T18338] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1749.504496][T18338] RIP: 0033:0x45af49 [ 1749.508458][T18338] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1749.528113][T18338] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1749.536614][T18338] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1749.544607][T18338] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1749.552655][T18338] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1749.560646][T18338] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1749.568637][T18338] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1749.641382][T18336] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:54:14 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x88a}, 0x28) 07:54:14 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000c00000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:14 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200c20202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:14 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x88b}, 0x28) [ 1749.953806][T18338] memory: usage 307200kB, limit 307200kB, failcnt 2734 [ 1749.960792][T18338] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1749.980307][T18338] Memory cgroup stats for /syz4: [ 1749.980612][T18338] anon 309624832 [ 1749.980612][T18338] file 8192 [ 1749.980612][T18338] kernel_stack 405504 [ 1749.980612][T18338] slab 942080 [ 1749.980612][T18338] sock 0 [ 1749.980612][T18338] shmem 0 [ 1749.980612][T18338] file_mapped 0 [ 1749.980612][T18338] file_dirty 0 [ 1749.980612][T18338] file_writeback 0 [ 1749.980612][T18338] anon_thp 276824064 [ 1749.980612][T18338] inactive_anon 264728576 [ 1749.980612][T18338] active_anon 11350016 [ 1749.980612][T18338] inactive_file 0 [ 1749.980612][T18338] active_file 118784 [ 1749.980612][T18338] unevictable 33681408 [ 1749.980612][T18338] slab_reclaimable 135168 [ 1749.980612][T18338] slab_unreclaimable 806912 [ 1749.980612][T18338] pgfault 321189 [ 1749.980612][T18338] pgmajfault 0 [ 1749.980612][T18338] workingset_refault 0 [ 1749.980612][T18338] workingset_activate 0 [ 1749.980612][T18338] workingset_nodereclaim 0 [ 1749.980612][T18338] pgrefill 197 [ 1749.980612][T18338] pgscan 286 [ 1749.980612][T18338] pgsteal 34 [ 1750.060477][T18458] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1750.115227][T18338] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18193,uid=0 [ 1750.133373][T18338] Memory cgroup out of memory: Killed process 18193 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1750.294158][T18458] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1750.418152][T18458] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1750.614916][T18326] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1750.664319][T18326] CPU: 0 PID: 18326 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1750.673044][T18326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1750.683106][T18326] Call Trace: [ 1750.686410][T18326] dump_stack+0x11d/0x181 [ 1750.690775][T18326] dump_header+0xaa/0x39c [ 1750.695173][T18326] oom_kill_process.cold+0x10/0x15 [ 1750.700410][T18326] out_of_memory+0x231/0xa60 [ 1750.705064][T18326] ? __rcu_read_unlock+0x66/0x3d0 [ 1750.710175][T18326] mem_cgroup_out_of_memory+0x128/0x150 [ 1750.715764][T18326] try_charge+0xb6c/0xbf0 [ 1750.720106][T18326] ? rcu_note_context_switch+0x720/0x760 [ 1750.725841][T18326] mem_cgroup_try_charge+0xd2/0x260 [ 1750.731053][T18326] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1750.736693][T18326] wp_page_copy+0x322/0x1040 [ 1750.741303][T18326] ? __read_once_size+0x41/0xe0 [ 1750.746166][T18326] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1750.752097][T18326] do_wp_page+0x192/0xeb0 [ 1750.756562][T18326] __handle_mm_fault+0x1d16/0x2e00 [ 1750.761778][T18326] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1750.767864][T18326] handle_mm_fault+0x21b/0x530 [ 1750.772644][T18326] __do_page_fault+0x456/0x8d0 [ 1750.777527][T18326] do_page_fault+0x38/0x194 [ 1750.782049][T18326] page_fault+0x34/0x40 [ 1750.786218][T18326] RIP: 0033:0x400644 [ 1750.790152][T18326] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 21 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 1750.809775][T18326] RSP: 002b:00007ffc16e27910 EFLAGS: 00010202 [ 1750.815949][T18326] RAX: 0000000000000001 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 1750.824220][T18326] RDX: 0000000000000000 RSI: 000000002001d000 RDI: 0000000000000001 [ 1750.832199][T18326] RBP: 0000000000760a68 R08: 0000000000000000 R09: 0000000000000000 [ 1750.840173][T18326] R10: 00007ffc16e27a20 R11: 0000000000000246 R12: 000000000075bf20 [ 1750.848172][T18326] R13: 00000000001a97ae R14: 0000000000760a70 R15: 000000000075bf2c [ 1750.862271][T18326] memory: usage 307200kB, limit 307200kB, failcnt 2754 [ 1750.869444][T18326] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1750.877291][T18326] Memory cgroup stats for /syz4: [ 1750.877486][T18326] anon 309440512 [ 1750.877486][T18326] file 8192 [ 1750.877486][T18326] kernel_stack 368640 [ 1750.877486][T18326] slab 942080 [ 1750.877486][T18326] sock 0 [ 1750.877486][T18326] shmem 0 [ 1750.877486][T18326] file_mapped 0 [ 1750.877486][T18326] file_dirty 0 [ 1750.877486][T18326] file_writeback 0 [ 1750.877486][T18326] anon_thp 274726912 [ 1750.877486][T18326] inactive_anon 246136832 [ 1750.877486][T18326] active_anon 11350016 [ 1750.877486][T18326] inactive_file 0 [ 1750.877486][T18326] active_file 118784 [ 1750.877486][T18326] unevictable 52129792 [ 1750.877486][T18326] slab_reclaimable 135168 [ 1750.877486][T18326] slab_unreclaimable 806912 [ 1750.877486][T18326] pgfault 322443 [ 1750.877486][T18326] pgmajfault 0 [ 1750.877486][T18326] workingset_refault 0 [ 1750.877486][T18326] workingset_activate 0 [ 1750.877486][T18326] workingset_nodereclaim 0 [ 1750.877486][T18326] pgrefill 197 [ 1750.877486][T18326] pgscan 286 [ 1750.877486][T18326] pgsteal 34 [ 1751.042987][T18326] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18326,uid=0 [ 1751.062067][T18326] Memory cgroup out of memory: Killed process 18326 (syz-executor.4) total-vm:72716kB, anon-rss:18004kB, file-rss:54364kB, shmem-rss:0kB, UID:0 pgtables:196608kB oom_score_adj:1000 [ 1751.084117][ T1065] oom_reaper: reaped process 18326 (syz-executor.4), now anon-rss:18200kB, file-rss:54364kB, shmem-rss:0kB 07:54:15 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000e00000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:15 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200d20202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:15 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x88c}, 0x28) [ 1751.214899][T18476] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1751.267861][T18476] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1751.335330][T18476] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:54:15 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:54:15 executing program 1: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:54:15 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x88d}, 0x28) 07:54:15 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200e20202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000000f00000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1751.563142][T18492] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1751.600912][T18492] CPU: 0 PID: 18492 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1751.609643][T18492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1751.619705][T18492] Call Trace: [ 1751.623019][T18492] dump_stack+0x11d/0x181 [ 1751.627730][T18492] dump_header+0xaa/0x39c [ 1751.632290][T18492] oom_kill_process.cold+0x10/0x15 [ 1751.637486][T18492] out_of_memory+0x231/0xa60 [ 1751.642788][T18492] ? __rcu_read_unlock+0x66/0x3d0 [ 1751.647833][T18492] mem_cgroup_out_of_memory+0x128/0x150 [ 1751.653413][T18492] try_charge+0xb6c/0xbf0 [ 1751.657755][T18492] ? rcu_note_context_switch+0x720/0x760 [ 1751.663428][T18492] mem_cgroup_try_charge+0xd2/0x260 [ 1751.668709][T18492] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1751.674439][T18492] __handle_mm_fault+0x197f/0x2e00 [ 1751.679567][T18492] handle_mm_fault+0x21b/0x530 [ 1751.684334][T18492] __get_user_pages+0x485/0x1130 [ 1751.689365][T18492] populate_vma_page_range+0xe6/0x100 [ 1751.694800][T18492] __mm_populate+0x168/0x2a0 [ 1751.699401][T18492] __x64_sys_mlockall+0x2e3/0x320 [ 1751.704440][T18492] do_syscall_64+0xcc/0x3a0 [ 1751.709039][T18492] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1751.715073][T18492] RIP: 0033:0x45af49 [ 1751.719047][T18492] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1751.738684][T18492] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1751.747198][T18492] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1751.755365][T18492] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1751.763680][T18492] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1751.771840][T18492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1751.779846][T18492] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1751.792776][T18492] memory: usage 307200kB, limit 307200kB, failcnt 2792 [ 1751.799949][T18492] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1751.807060][T18492] Memory cgroup stats for /syz4: [ 1751.807320][T18492] anon 309575680 [ 1751.807320][T18492] file 8192 [ 1751.807320][T18492] kernel_stack 368640 [ 1751.807320][T18492] slab 942080 [ 1751.807320][T18492] sock 0 [ 1751.807320][T18492] shmem 0 [ 1751.807320][T18492] file_mapped 0 [ 1751.807320][T18492] file_dirty 0 [ 1751.807320][T18492] file_writeback 0 [ 1751.807320][T18492] anon_thp 274726912 [ 1751.807320][T18492] inactive_anon 264638464 [ 1751.807320][T18492] active_anon 11350016 [ 1751.807320][T18492] inactive_file 0 [ 1751.807320][T18492] active_file 118784 [ 1751.807320][T18492] unevictable 33689600 [ 1751.807320][T18492] slab_reclaimable 135168 [ 1751.807320][T18492] slab_unreclaimable 806912 [ 1751.807320][T18492] pgfault 322509 [ 1751.807320][T18492] pgmajfault 0 [ 1751.807320][T18492] workingset_refault 0 [ 1751.807320][T18492] workingset_activate 0 [ 1751.807320][T18492] workingset_nodereclaim 0 [ 1751.807320][T18492] pgrefill 197 [ 1751.807320][T18492] pgscan 286 [ 1751.807320][T18492] pgsteal 34 07:54:16 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x88e}, 0x28) [ 1751.927278][T18500] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1751.953342][T18492] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18464,uid=0 [ 1752.031320][T18500] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1752.053594][T18492] Memory cgroup out of memory: Killed process 18464 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 07:54:16 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:16 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020200f20202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1752.132147][T18500] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:54:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000001000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1752.362890][T18616] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1752.396059][T18616] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:54:16 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020201020202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1752.467056][T18616] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:54:16 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020201120202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:16 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x88f}, 0x28) [ 1752.952192][T18489] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1752.962611][T18489] CPU: 0 PID: 18489 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1752.971334][T18489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1752.981450][T18489] Call Trace: [ 1752.984743][T18489] dump_stack+0x11d/0x181 [ 1752.989508][T18489] dump_header+0xaa/0x39c [ 1752.993848][T18489] oom_kill_process.cold+0x10/0x15 [ 1752.998960][T18489] out_of_memory+0x231/0xa60 [ 1753.003680][T18489] ? __rcu_read_unlock+0x66/0x3d0 [ 1753.008728][T18489] mem_cgroup_out_of_memory+0x128/0x150 [ 1753.014286][T18489] try_charge+0xb6c/0xbf0 [ 1753.018637][T18489] ? rcu_note_context_switch+0x720/0x760 [ 1753.024302][T18489] mem_cgroup_try_charge+0xd2/0x260 [ 1753.029693][T18489] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1753.035598][T18489] wp_page_copy+0x322/0x1040 [ 1753.040239][T18489] ? __read_once_size+0x41/0xe0 [ 1753.045184][T18489] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1753.051073][T18489] do_wp_page+0x192/0xeb0 [ 1753.055547][T18489] __handle_mm_fault+0x1d16/0x2e00 [ 1753.061073][T18489] ? _raw_spin_unlock_irqrestore+0x70/0x80 [ 1753.066889][T18489] handle_mm_fault+0x21b/0x530 [ 1753.071689][T18489] __do_page_fault+0x456/0x8d0 [ 1753.076477][T18489] do_page_fault+0x38/0x194 [ 1753.081007][T18489] page_fault+0x34/0x40 [ 1753.085235][T18489] RIP: 0033:0x400644 [ 1753.089149][T18489] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 21 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 1753.108760][T18489] RSP: 002b:00007ffc16e27910 EFLAGS: 00010202 [ 1753.114829][T18489] RAX: 0000000000000001 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 1753.122798][T18489] RDX: 0000000000000000 RSI: 000000002001d000 RDI: 0000000000000001 [ 1753.130787][T18489] RBP: 0000000000760a68 R08: 0000000000000000 R09: 0000000000000000 [ 1753.138786][T18489] R10: 00007ffc16e27a20 R11: 0000000000000246 R12: 000000000075bf20 [ 1753.146766][T18489] R13: 00000000001aa0c3 R14: 0000000000760a70 R15: 000000000075bf2c [ 1753.157707][T18489] memory: usage 307200kB, limit 307200kB, failcnt 2803 [ 1753.164643][T18489] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1753.171632][T18489] Memory cgroup stats for /syz4: [ 1753.171826][T18489] anon 309395456 [ 1753.171826][T18489] file 8192 [ 1753.171826][T18489] kernel_stack 405504 [ 1753.171826][T18489] slab 942080 [ 1753.171826][T18489] sock 0 [ 1753.171826][T18489] shmem 0 [ 1753.171826][T18489] file_mapped 0 [ 1753.171826][T18489] file_dirty 0 [ 1753.171826][T18489] file_writeback 0 [ 1753.171826][T18489] anon_thp 274726912 [ 1753.171826][T18489] inactive_anon 246063104 [ 1753.171826][T18489] active_anon 11350016 [ 1753.171826][T18489] inactive_file 0 [ 1753.171826][T18489] active_file 118784 [ 1753.171826][T18489] unevictable 52060160 [ 1753.171826][T18489] slab_reclaimable 135168 [ 1753.171826][T18489] slab_unreclaimable 806912 [ 1753.171826][T18489] pgfault 323730 [ 1753.171826][T18489] pgmajfault 0 [ 1753.171826][T18489] workingset_refault 0 [ 1753.171826][T18489] workingset_activate 0 [ 1753.171826][T18489] workingset_nodereclaim 0 [ 1753.171826][T18489] pgrefill 197 [ 1753.171826][T18489] pgscan 286 [ 1753.171826][T18489] pgsteal 34 [ 1753.265968][T18489] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18489,uid=0 [ 1753.281826][T18489] Memory cgroup out of memory: Killed process 18489 (syz-executor.4) total-vm:72716kB, anon-rss:18004kB, file-rss:54364kB, shmem-rss:0kB, UID:0 pgtables:196608kB oom_score_adj:1000 07:54:17 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:54:17 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:17 executing program 1: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:54:17 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000002000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:17 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x890}, 0x28) 07:54:17 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020201220202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1753.502727][T18648] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1753.565728][T18648] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1753.636752][T18648] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1753.691428][T18656] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1753.701919][T18656] CPU: 0 PID: 18656 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1753.710610][T18656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1753.720712][T18656] Call Trace: [ 1753.724011][T18656] dump_stack+0x11d/0x181 [ 1753.728365][T18656] dump_header+0xaa/0x39c [ 1753.732753][T18656] oom_kill_process.cold+0x10/0x15 [ 1753.737880][T18656] out_of_memory+0x231/0xa60 [ 1753.742582][T18656] ? __rcu_read_unlock+0x66/0x3d0 [ 1753.747678][T18656] mem_cgroup_out_of_memory+0x128/0x150 [ 1753.753275][T18656] try_charge+0xb6c/0xbf0 [ 1753.757681][T18656] ? rcu_note_context_switch+0x720/0x760 [ 1753.763357][T18656] mem_cgroup_try_charge+0xd2/0x260 [ 1753.768647][T18656] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1753.774372][T18656] __handle_mm_fault+0x197f/0x2e00 [ 1753.779584][T18656] handle_mm_fault+0x21b/0x530 [ 1753.784479][T18656] __get_user_pages+0x485/0x1130 [ 1753.789466][T18656] populate_vma_page_range+0xe6/0x100 [ 1753.794984][T18656] __mm_populate+0x168/0x2a0 [ 1753.799951][T18656] __x64_sys_mlockall+0x2e3/0x320 [ 1753.805000][T18656] do_syscall_64+0xcc/0x3a0 [ 1753.809609][T18656] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1753.815575][T18656] RIP: 0033:0x45af49 [ 1753.819505][T18656] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 07:54:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000003f00000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:18 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020201320202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:18 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x891}, 0x28) [ 1753.839121][T18656] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1753.847608][T18656] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1753.855600][T18656] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1753.863590][T18656] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1753.871577][T18656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1753.879619][T18656] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1753.916054][T18656] memory: usage 307200kB, limit 307200kB, failcnt 2826 07:54:18 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020201420202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1753.962455][T18656] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1753.974567][T18659] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1754.004169][T18656] Memory cgroup stats for /syz4: [ 1754.004372][T18656] anon 309665792 [ 1754.004372][T18656] file 8192 [ 1754.004372][T18656] kernel_stack 405504 [ 1754.004372][T18656] slab 942080 [ 1754.004372][T18656] sock 0 [ 1754.004372][T18656] shmem 0 [ 1754.004372][T18656] file_mapped 0 [ 1754.004372][T18656] file_dirty 0 [ 1754.004372][T18656] file_writeback 0 [ 1754.004372][T18656] anon_thp 274726912 [ 1754.004372][T18656] inactive_anon 264507392 [ 1754.004372][T18656] active_anon 11350016 [ 1754.004372][T18656] inactive_file 0 [ 1754.004372][T18656] active_file 118784 [ 1754.004372][T18656] unevictable 33554432 [ 1754.004372][T18656] slab_reclaimable 135168 [ 1754.004372][T18656] slab_unreclaimable 806912 [ 1754.004372][T18656] pgfault 323829 [ 1754.004372][T18656] pgmajfault 0 [ 1754.004372][T18656] workingset_refault 0 [ 1754.004372][T18656] workingset_activate 0 [ 1754.004372][T18656] workingset_nodereclaim 0 [ 1754.004372][T18656] pgrefill 197 [ 1754.004372][T18656] pgscan 286 [ 1754.004372][T18656] pgsteal 34 07:54:18 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) [ 1754.151326][T18659] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1754.240250][T18659] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:54:18 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020201520202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1754.379199][T18656] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18638,uid=0 [ 1754.395019][T18656] Memory cgroup out of memory: Killed process 18638 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1754.450535][T18672] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1754.487339][T18672] CPU: 1 PID: 18672 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1754.496063][T18672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1754.506842][T18672] Call Trace: [ 1754.510205][T18672] dump_stack+0x11d/0x181 [ 1754.514561][T18672] dump_header+0xaa/0x39c [ 1754.518923][T18672] oom_kill_process.cold+0x10/0x15 [ 1754.524093][T18672] out_of_memory+0x231/0xa60 [ 1754.528714][T18672] mem_cgroup_out_of_memory+0x128/0x150 [ 1754.534411][T18672] try_charge+0xb6c/0xbf0 [ 1754.538764][T18672] ? rcu_note_context_switch+0x720/0x760 [ 1754.544430][T18672] mem_cgroup_try_charge+0xd2/0x260 [ 1754.549691][T18672] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1754.555431][T18672] __handle_mm_fault+0x197f/0x2e00 [ 1754.560575][T18672] handle_mm_fault+0x21b/0x530 [ 1754.565394][T18672] __get_user_pages+0x485/0x1130 [ 1754.570360][T18672] populate_vma_page_range+0xe6/0x100 [ 1754.575829][T18672] __mm_populate+0x168/0x2a0 [ 1754.580443][T18672] __x64_sys_mlockall+0x2e3/0x320 [ 1754.585482][T18672] do_syscall_64+0xcc/0x3a0 [ 1754.590068][T18672] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1754.595966][T18672] RIP: 0033:0x45af49 [ 1754.599888][T18672] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1754.620397][T18672] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1754.628961][T18672] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1754.636957][T18672] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1754.645004][T18672] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1754.653185][T18672] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1754.661178][T18672] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1754.852358][T18672] memory: usage 307200kB, limit 307200kB, failcnt 2561 [ 1754.859657][T18672] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1754.867042][T18672] Memory cgroup stats for /syz2: [ 1754.867249][T18672] anon 308715520 [ 1754.867249][T18672] file 106496 [ 1754.867249][T18672] kernel_stack 442368 [ 1754.867249][T18672] slab 1228800 [ 1754.867249][T18672] sock 53248 [ 1754.867249][T18672] shmem 0 [ 1754.867249][T18672] file_mapped 0 [ 1754.867249][T18672] file_dirty 0 [ 1754.867249][T18672] file_writeback 0 [ 1754.867249][T18672] anon_thp 264241152 [ 1754.867249][T18672] inactive_anon 252047360 [ 1754.867249][T18672] active_anon 20344832 [ 1754.867249][T18672] inactive_file 135168 [ 1754.867249][T18672] active_file 0 [ 1754.867249][T18672] unevictable 36335616 [ 1754.867249][T18672] slab_reclaimable 405504 [ 1754.867249][T18672] slab_unreclaimable 823296 [ 1754.867249][T18672] pgfault 350658 [ 1754.867249][T18672] pgmajfault 0 [ 1754.867249][T18672] workingset_refault 0 [ 1754.867249][T18672] workingset_activate 0 [ 1754.867249][T18672] workingset_nodereclaim 0 [ 1754.867249][T18672] pgrefill 143 [ 1754.867249][T18672] pgscan 174 [ 1754.867249][T18672] pgsteal 35 [ 1754.964574][T18672] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18448,uid=0 [ 1754.980496][T18672] Memory cgroup out of memory: Killed process 18448 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1755.003323][ T1065] oom_reaper: reaped process 18448 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1755.014603][T18784] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1755.032926][T18784] CPU: 0 PID: 18784 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1755.041719][T18784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1755.051778][T18784] Call Trace: [ 1755.055084][T18784] dump_stack+0x11d/0x181 [ 1755.059489][T18784] dump_header+0xaa/0x39c [ 1755.063827][T18784] oom_kill_process.cold+0x10/0x15 [ 1755.068998][T18784] out_of_memory+0x231/0xa60 [ 1755.073613][T18784] mem_cgroup_out_of_memory+0x128/0x150 [ 1755.079199][T18784] try_charge+0xb6c/0xbf0 [ 1755.083554][T18784] ? __rcu_read_unlock+0x66/0x3d0 [ 1755.088638][T18784] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1755.094464][T18784] __memcg_kmem_charge+0xcf/0x1b0 [ 1755.099632][T18784] __alloc_pages_nodemask+0x26c/0x310 [ 1755.105056][T18784] alloc_pages_current+0xd1/0x170 [ 1755.110108][T18784] pte_alloc_one+0x18/0x50 [ 1755.114556][T18784] __pte_alloc+0x2d/0x220 [ 1755.118897][T18784] copy_page_range+0x135a/0x19b0 [ 1755.123865][T18784] ? __vma_link_rb+0x3f4/0x440 [ 1755.128671][T18784] dup_mm+0x74a/0xba0 [ 1755.132708][T18784] copy_process+0x3138/0x3c40 [ 1755.137498][T18784] _do_fork+0xfe/0x7a0 [ 1755.141581][T18784] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1755.147833][T18784] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1755.153788][T18784] ? __read_once_size+0x5a/0xe0 [ 1755.158847][T18784] __x64_sys_clone+0x130/0x170 [ 1755.163751][T18784] do_syscall_64+0xcc/0x3a0 [ 1755.168285][T18784] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1755.174371][T18784] RIP: 0033:0x45af49 [ 1755.178351][T18784] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1755.198096][T18784] RSP: 002b:00007fe49bdf2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1755.206577][T18784] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1755.214560][T18784] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1755.222548][T18784] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 1755.230530][T18784] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49bdf36d4 [ 1755.238566][T18784] R13: 00000000004c1701 R14: 00000000004d68e0 R15: 00000000ffffffff [ 1755.249174][T18784] memory: usage 307092kB, limit 307200kB, failcnt 2853 [ 1755.261400][T18784] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1755.268417][T18784] Memory cgroup stats for /syz4: [ 1755.268730][T18784] anon 309387264 [ 1755.268730][T18784] file 8192 [ 1755.268730][T18784] kernel_stack 405504 [ 1755.268730][T18784] slab 942080 [ 1755.268730][T18784] sock 0 [ 1755.268730][T18784] shmem 0 [ 1755.268730][T18784] file_mapped 0 [ 1755.268730][T18784] file_dirty 0 [ 1755.268730][T18784] file_writeback 0 [ 1755.268730][T18784] anon_thp 274726912 [ 1755.268730][T18784] inactive_anon 246054912 [ 1755.268730][T18784] active_anon 11350016 [ 1755.268730][T18784] inactive_file 0 [ 1755.268730][T18784] active_file 118784 [ 1755.268730][T18784] unevictable 52064256 [ 1755.268730][T18784] slab_reclaimable 135168 [ 1755.268730][T18784] slab_unreclaimable 806912 [ 1755.268730][T18784] pgfault 325050 [ 1755.268730][T18784] pgmajfault 0 [ 1755.268730][T18784] workingset_refault 0 [ 1755.268730][T18784] workingset_activate 0 [ 1755.268730][T18784] workingset_nodereclaim 0 [ 1755.268730][T18784] pgrefill 197 [ 1755.268730][T18784] pgscan 286 [ 1755.268730][T18784] pgsteal 34 [ 1755.366695][T18784] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18654,uid=0 [ 1755.382585][T18784] Memory cgroup out of memory: Killed process 18654 (syz-executor.4) total-vm:72716kB, anon-rss:17952kB, file-rss:53464kB, shmem-rss:0kB, UID:0 pgtables:196608kB oom_score_adj:1000 [ 1755.402570][ T1065] oom_reaper: reaped process 18654 (syz-executor.4), now anon-rss:18200kB, file-rss:54364kB, shmem-rss:0kB 07:54:19 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:54:19 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000004000000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:19 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x892}, 0x28) 07:54:19 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020201620202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:19 executing program 1: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1755.614959][T18792] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready 07:54:20 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) [ 1755.786575][T18792] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1755.872698][T18806] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1755.883150][T18806] CPU: 0 PID: 18806 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1755.892002][T18806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1755.902064][T18806] Call Trace: [ 1755.905380][T18806] dump_stack+0x11d/0x181 [ 1755.909735][T18806] dump_header+0xaa/0x39c [ 1755.914076][T18806] oom_kill_process.cold+0x10/0x15 [ 1755.914100][T18806] out_of_memory+0x231/0xa60 [ 1755.914157][T18806] mem_cgroup_out_of_memory+0x128/0x150 [ 1755.929447][T18806] try_charge+0xb6c/0xbf0 [ 1755.929480][T18806] ? rcu_note_context_switch+0x720/0x760 [ 1755.939474][T18806] mem_cgroup_try_charge+0xd2/0x260 [ 1755.944695][T18806] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1755.950342][T18806] __handle_mm_fault+0x197f/0x2e00 [ 1755.955584][T18806] handle_mm_fault+0x21b/0x530 [ 1755.960522][T18806] __get_user_pages+0x485/0x1130 [ 1755.965570][T18806] populate_vma_page_range+0xe6/0x100 [ 1755.971022][T18806] __mm_populate+0x168/0x2a0 [ 1755.975682][T18806] __x64_sys_mlockall+0x2e3/0x320 [ 1755.980724][T18806] do_syscall_64+0xcc/0x3a0 [ 1755.985304][T18806] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1755.991202][T18806] RIP: 0033:0x45af49 [ 1755.995111][T18806] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1756.014820][T18806] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 07:54:20 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x893}, 0x28) 07:54:20 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020201720202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1756.023286][T18806] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1756.031278][T18806] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1756.039378][T18806] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1756.047364][T18806] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1756.055381][T18806] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1756.074675][T18806] memory: usage 307200kB, limit 307200kB, failcnt 2640 [ 1756.090899][T18806] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1756.108090][T18792] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1756.128420][T18806] Memory cgroup stats for /syz2: [ 1756.128940][T18806] anon 308736000 [ 1756.128940][T18806] file 106496 [ 1756.128940][T18806] kernel_stack 479232 [ 1756.128940][T18806] slab 1228800 [ 1756.128940][T18806] sock 53248 [ 1756.128940][T18806] shmem 0 [ 1756.128940][T18806] file_mapped 0 [ 1756.128940][T18806] file_dirty 0 [ 1756.128940][T18806] file_writeback 0 [ 1756.128940][T18806] anon_thp 264241152 [ 1756.128940][T18806] inactive_anon 252076032 [ 1756.128940][T18806] active_anon 20361216 [ 1756.128940][T18806] inactive_file 135168 07:54:20 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000004800000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) [ 1756.128940][T18806] active_file 0 [ 1756.128940][T18806] unevictable 36495360 [ 1756.128940][T18806] slab_reclaimable 405504 [ 1756.128940][T18806] slab_unreclaimable 823296 [ 1756.128940][T18806] pgfault 352902 [ 1756.128940][T18806] pgmajfault 0 [ 1756.128940][T18806] workingset_refault 0 [ 1756.128940][T18806] workingset_activate 0 [ 1756.128940][T18806] workingset_nodereclaim 0 [ 1756.128940][T18806] pgrefill 143 [ 1756.128940][T18806] pgscan 174 [ 1756.128940][T18806] pgsteal 35 07:54:20 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x894}, 0x28) [ 1756.270068][T18815] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1756.328123][T18815] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:54:20 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x895}, 0x28) [ 1756.438004][T18815] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 07:54:20 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020201820202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1756.546964][T18806] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18788,uid=0 [ 1756.618431][T18806] Memory cgroup out of memory: Killed process 18788 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1756.682673][T18801] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1756.698754][T18801] CPU: 1 PID: 18801 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1756.707473][T18801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1756.717556][T18801] Call Trace: [ 1756.721033][T18801] dump_stack+0x11d/0x181 [ 1756.725561][T18801] dump_header+0xaa/0x39c [ 1756.730098][T18801] oom_kill_process.cold+0x10/0x15 [ 1756.735242][T18801] out_of_memory+0x231/0xa60 [ 1756.739867][T18801] mem_cgroup_out_of_memory+0x128/0x150 [ 1756.745432][T18801] try_charge+0xb6c/0xbf0 [ 1756.749821][T18801] ? rcu_note_context_switch+0x720/0x760 [ 1756.755479][T18801] mem_cgroup_try_charge+0xd2/0x260 [ 1756.760701][T18801] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1756.766450][T18801] wp_page_copy+0x322/0x1040 [ 1756.771155][T18801] ? __read_once_size+0x41/0xe0 [ 1756.776021][T18801] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1756.782021][T18801] do_wp_page+0x192/0xeb0 [ 1756.786375][T18801] ? record_times+0x16/0x90 [ 1756.790936][T18801] __handle_mm_fault+0x1d16/0x2e00 [ 1756.796279][T18801] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1756.802422][T18801] handle_mm_fault+0x21b/0x530 [ 1756.807201][T18801] __do_page_fault+0x456/0x8d0 [ 1756.812078][T18801] do_page_fault+0x38/0x194 [ 1756.816613][T18801] page_fault+0x34/0x40 [ 1756.820772][T18801] RIP: 0033:0x400644 [ 1756.824695][T18801] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 21 55 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 1756.844402][T18801] RSP: 002b:00007ffc16e27910 EFLAGS: 00010202 [ 1756.850472][T18801] RAX: 0000000000000001 RBX: 000000000075c9a0 RCX: 0000000000000000 [ 1756.858476][T18801] RDX: 0000000000000000 RSI: 000000002001d000 RDI: 0000000000000001 [ 1756.866464][T18801] RBP: 0000000000760a68 R08: 0000000000000000 R09: 0000000000000000 [ 1756.874453][T18801] R10: 00007ffc16e27a20 R11: 0000000000000246 R12: 000000000075bf20 [ 1756.882465][T18801] R13: 00000000001aadd0 R14: 0000000000760a70 R15: 000000000075bf2c [ 1756.897320][T18801] memory: usage 307200kB, limit 307200kB, failcnt 2874 [ 1756.904668][T18801] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1756.914546][T18801] Memory cgroup stats for /syz4: [ 1756.914743][T18801] anon 309473280 [ 1756.914743][T18801] file 8192 [ 1756.914743][T18801] kernel_stack 368640 [ 1756.914743][T18801] slab 942080 [ 1756.914743][T18801] sock 0 [ 1756.914743][T18801] shmem 0 [ 1756.914743][T18801] file_mapped 0 [ 1756.914743][T18801] file_dirty 0 [ 1756.914743][T18801] file_writeback 0 [ 1756.914743][T18801] anon_thp 276824064 [ 1756.914743][T18801] inactive_anon 248074240 [ 1756.914743][T18801] active_anon 11354112 [ 1756.914743][T18801] inactive_file 0 [ 1756.914743][T18801] active_file 118784 [ 1756.914743][T18801] unevictable 50094080 [ 1756.914743][T18801] slab_reclaimable 135168 [ 1756.914743][T18801] slab_unreclaimable 806912 [ 1756.914743][T18801] pgfault 325875 [ 1756.914743][T18801] pgmajfault 0 [ 1756.914743][T18801] workingset_refault 0 [ 1756.914743][T18801] workingset_activate 0 [ 1756.914743][T18801] workingset_nodereclaim 0 [ 1756.914743][T18801] pgrefill 197 [ 1756.914743][T18801] pgscan 286 [ 1756.914743][T18801] pgsteal 34 [ 1757.040261][T18801] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18801,uid=0 [ 1757.056400][T18801] Memory cgroup out of memory: Killed process 18801 (syz-executor.4) total-vm:72716kB, anon-rss:18200kB, file-rss:54364kB, shmem-rss:0kB, UID:0 pgtables:196608kB oom_score_adj:1000 [ 1757.075474][ T1065] oom_reaper: reaped process 18801 (syz-executor.4), now anon-rss:18200kB, file-rss:54364kB, shmem-rss:0kB [ 1757.087292][T18806] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1757.097709][T18806] CPU: 1 PID: 18806 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1757.106402][T18806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1757.116456][T18806] Call Trace: [ 1757.119800][T18806] dump_stack+0x11d/0x181 [ 1757.124163][T18806] dump_header+0xaa/0x39c [ 1757.128639][T18806] oom_kill_process.cold+0x10/0x15 [ 1757.133782][T18806] out_of_memory+0x231/0xa60 [ 1757.138397][T18806] mem_cgroup_out_of_memory+0x128/0x150 [ 1757.143962][T18806] try_charge+0xb6c/0xbf0 [ 1757.148352][T18806] ? rcu_note_context_switch+0x720/0x760 [ 1757.154007][T18806] mem_cgroup_try_charge+0xd2/0x260 [ 1757.159276][T18806] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1757.164924][T18806] __handle_mm_fault+0x197f/0x2e00 [ 1757.170054][T18806] handle_mm_fault+0x21b/0x530 [ 1757.174847][T18806] __get_user_pages+0x485/0x1130 [ 1757.179813][T18806] populate_vma_page_range+0xe6/0x100 [ 1757.185192][T18806] __mm_populate+0x168/0x2a0 [ 1757.189915][T18806] __x64_sys_mremap+0x5df/0x750 [ 1757.194828][T18806] do_syscall_64+0xcc/0x3a0 [ 1757.199341][T18806] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1757.205235][T18806] RIP: 0033:0x45af49 [ 1757.209132][T18806] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1757.228862][T18806] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 1757.237314][T18806] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045af49 [ 1757.245303][T18806] RDX: 0000000000800000 RSI: 0000000000002000 RDI: 0000000020a94000 [ 1757.253285][T18806] RBP: 000000000075bf20 R08: 0000000020130000 R09: 0000000000000000 [ 1757.261280][T18806] R10: 0000000000000003 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1757.269254][T18806] R13: 00000000004c85db R14: 00000000004e0ba0 R15: 00000000ffffffff [ 1757.304610][T18806] memory: usage 307200kB, limit 307200kB, failcnt 2670 [ 1757.313038][T18806] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1757.320641][T18806] Memory cgroup stats for /syz2: [ 1757.320990][T18806] anon 308588544 [ 1757.320990][T18806] file 106496 [ 1757.320990][T18806] kernel_stack 516096 [ 1757.320990][T18806] slab 1228800 [ 1757.320990][T18806] sock 53248 [ 1757.320990][T18806] shmem 0 [ 1757.320990][T18806] file_mapped 0 [ 1757.320990][T18806] file_dirty 0 [ 1757.320990][T18806] file_writeback 0 [ 1757.320990][T18806] anon_thp 262144000 [ 1757.320990][T18806] inactive_anon 248123392 [ 1757.320990][T18806] active_anon 20361216 [ 1757.320990][T18806] inactive_file 135168 [ 1757.320990][T18806] active_file 0 [ 1757.320990][T18806] unevictable 40173568 [ 1757.320990][T18806] slab_reclaimable 405504 [ 1757.320990][T18806] slab_unreclaimable 823296 [ 1757.320990][T18806] pgfault 354321 [ 1757.320990][T18806] pgmajfault 0 [ 1757.320990][T18806] workingset_refault 0 [ 1757.320990][T18806] workingset_activate 0 07:54:21 executing program 4: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:54:21 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x896}, 0x28) 07:54:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000004c00000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:21 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x894}, 0x28) 07:54:21 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020201920202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) [ 1757.320990][T18806] workingset_nodereclaim 0 [ 1757.320990][T18806] pgrefill 143 [ 1757.320990][T18806] pgscan 174 [ 1757.320990][T18806] pgsteal 35 [ 1757.437685][T18938] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1757.456287][T18938] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1757.467776][T18806] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18804,uid=0 [ 1757.484362][T18806] Memory cgroup out of memory: Killed process 18804 (syz-executor.2) total-vm:72708kB, anon-rss:15476kB, file-rss:54368kB, shmem-rss:0kB, UID:0 pgtables:192512kB oom_score_adj:1000 [ 1757.524159][ T1065] oom_reaper: reaped process 18804 (syz-executor.2), now anon-rss:15544kB, file-rss:54364kB, shmem-rss:0kB [ 1757.558070][T18938] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1757.696173][T18950] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1757.728665][T18950] CPU: 0 PID: 18950 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1757.737389][T18950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1757.747453][T18950] Call Trace: [ 1757.750840][T18950] dump_stack+0x11d/0x181 [ 1757.755250][T18950] dump_header+0xaa/0x39c [ 1757.759681][T18950] oom_kill_process.cold+0x10/0x15 [ 1757.765147][T18950] out_of_memory+0x231/0xa60 [ 1757.769792][T18950] ? __rcu_read_unlock+0x66/0x3d0 [ 1757.774893][T18950] mem_cgroup_out_of_memory+0x128/0x150 [ 1757.780465][T18950] try_charge+0xb6c/0xbf0 [ 1757.784879][T18950] ? rcu_note_context_switch+0x720/0x760 [ 1757.790591][T18950] mem_cgroup_try_charge+0xd2/0x260 [ 1757.795810][T18950] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1757.801488][T18950] __handle_mm_fault+0x197f/0x2e00 [ 1757.806698][T18950] handle_mm_fault+0x21b/0x530 [ 1757.811482][T18950] __get_user_pages+0x485/0x1130 [ 1757.816451][T18950] populate_vma_page_range+0xe6/0x100 [ 1757.822004][T18950] __mm_populate+0x168/0x2a0 [ 1757.826784][T18950] __x64_sys_mlockall+0x2e3/0x320 [ 1757.831976][T18950] do_syscall_64+0xcc/0x3a0 [ 1757.836495][T18950] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1757.842396][T18950] RIP: 0033:0x45af49 [ 1757.846300][T18950] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1757.866866][T18950] RSP: 002b:00007fe49be13c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1757.875315][T18950] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1757.883340][T18950] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1757.891331][T18950] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1757.899344][T18950] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49be146d4 [ 1757.907340][T18950] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1757.933904][T18950] memory: usage 307200kB, limit 307200kB, failcnt 2909 [ 1757.940854][T18950] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1757.947693][T18950] Memory cgroup stats for /syz4: [ 1757.947897][T18950] anon 309608448 [ 1757.947897][T18950] file 8192 [ 1757.947897][T18950] kernel_stack 368640 [ 1757.947897][T18950] slab 942080 [ 1757.947897][T18950] sock 0 [ 1757.947897][T18950] shmem 0 [ 1757.947897][T18950] file_mapped 0 [ 1757.947897][T18950] file_dirty 0 [ 1757.947897][T18950] file_writeback 0 [ 1757.947897][T18950] anon_thp 276824064 [ 1757.947897][T18950] inactive_anon 264499200 [ 1757.947897][T18950] active_anon 11354112 [ 1757.947897][T18950] inactive_file 0 07:54:22 executing program 2: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) close(r0) 07:54:22 executing program 1: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) 07:54:22 executing program 0: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000140)="01434430303101004c494e55582020202020202020202020202020202020202020201a20202020204344524f4d2020f620202020202020202020202020202020202020202020202000000000000000004f0200000000024f000000000000000000000000000000000000000000000000000000000000000001000001010000010008", 0x82, 0x8000}, {&(0x7f0000000380)="00000000a87e3114ecd5f7c02c08993abe363f8ccf6e7b6604d7", 0x1a}, {0x0, 0x0, 0xdb98d97}], 0x0, 0x0) 07:54:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000010000108000000165b00000000000000", @ANYRES32=0x0, @ANYBLOB="c3ffffff0000000008001b00000000006539ff79c1f6ef50f6ad40678abbae0dd2a29605db7dbff21dd69e2b853f843f18c81f6b6894b6ae427bd0a8f329e49930ae9878aa6c00000000"], 0x28}}, 0x0) 07:54:22 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x897}, 0x28) [ 1757.947897][T18950] active_file 118784 [ 1757.947897][T18950] unevictable 33685504 [ 1757.947897][T18950] slab_reclaimable 135168 [ 1757.947897][T18950] slab_unreclaimable 806912 [ 1757.947897][T18950] pgfault 325974 [ 1757.947897][T18950] pgmajfault 0 [ 1757.947897][T18950] workingset_refault 0 [ 1757.947897][T18950] workingset_activate 0 [ 1757.947897][T18950] workingset_nodereclaim 0 [ 1757.947897][T18950] pgrefill 197 [ 1757.947897][T18950] pgscan 286 [ 1757.947897][T18950] pgsteal 34 [ 1758.042260][T18950] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=18816,uid=0 [ 1758.058428][T18950] Memory cgroup out of memory: Killed process 18816 (syz-executor.4) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:155648kB oom_score_adj:1000 [ 1758.109794][T18957] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 1758.240440][T18957] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:54:22 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff71a4f0ff00000000b7060000000000811e6403000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x13}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe80, 0x0, &(0x7f00000001c0)="a6f3baff4858cd7574a73bfe4c4e", 0x0, 0x898}, 0x28) 07:54:22 executing program 1: pipe(&(0x7f0000000000)) socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000000)) r0 = socket$inet_udp(0x2, 0x2, 0x0) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x200000000000df8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r3 = syz_open_procfs(0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000002640)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="095a00000000000000000100000000000000014100000000001700000008000000003a000000"], 0x30}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xdf3f495a2c78c2d8}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r4, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x10) getsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r5 = socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x6, 0x1, 0x4, 0x80, 0x0, 0x7f, 0x10, 0x6, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x89e0d61abcb075f3, @perf_bp={&(0x7f0000000280), 0x1}, 0x2000, 0x3, 0x6, 0x7, 0xffff, 0xff, 0x8}, 0xffffffffffffffff, 0x0, r1, 0x3) sendmsg$NBD_CMD_DISCONNECT(r5, 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) fchdir(r6) ioctl$SNDCTL_DSP_NONBLOCK(r6, 0x500e, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x0, 0x802, 0x0) write(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) gettid() close(r0) [ 1758.313507][T18957] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1758.370556][T19067] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1758.398450][T19067] CPU: 0 PID: 19067 Comm: syz-executor.2 Not tainted 5.5.0-rc1-syzkaller #0 [ 1758.407179][T19067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1758.417254][T19067] Call Trace: [ 1758.420587][T19067] dump_stack+0x11d/0x181 [ 1758.424954][T19067] dump_header+0xaa/0x39c [ 1758.429478][T19067] oom_kill_process.cold+0x10/0x15 [ 1758.434613][T19067] out_of_memory+0x231/0xa60 [ 1758.439492][T19067] ? __rcu_read_unlock+0x66/0x3d0 [ 1758.444657][T19067] mem_cgroup_out_of_memory+0x128/0x150 [ 1758.450270][T19067] try_charge+0xb6c/0xbf0 [ 1758.454676][T19067] ? rcu_note_context_switch+0x720/0x760 [ 1758.460331][T19067] mem_cgroup_try_charge+0xd2/0x260 [ 1758.465553][T19067] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1758.471237][T19067] __handle_mm_fault+0x197f/0x2e00 [ 1758.476384][T19067] handle_mm_fault+0x21b/0x530 [ 1758.481162][T19067] __get_user_pages+0x485/0x1130 [ 1758.486140][T19067] populate_vma_page_range+0xe6/0x100 [ 1758.491678][T19067] __mm_populate+0x168/0x2a0 [ 1758.496357][T19067] __x64_sys_mlockall+0x2e3/0x320 [ 1758.501597][T19067] do_syscall_64+0xcc/0x3a0 [ 1758.506267][T19067] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1758.512171][T19067] RIP: 0033:0x45af49 [ 1758.516094][T19067] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1758.535718][T19067] RSP: 002b:00007f8d038b0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 1758.544149][T19067] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 000000000045af49 [ 1758.552132][T19067] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1758.560206][T19067] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1758.568216][T19067] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8d038b16d4 [ 1758.576202][T19067] R13: 00000000004c83c5 R14: 00000000004e07c8 R15: 00000000ffffffff [ 1758.739848][T18946] ================================================================== [ 1758.748027][T18946] BUG: KCSAN: data-race in do_try_to_free_pages / shrink_node [ 1758.755478][T18946] [ 1758.757817][T18946] read to 0xffff8882183a4078 of 8 bytes by task 19076 on cpu 1: [ 1758.765465][T18946] shrink_node+0x9c5/0xfe0 [ 1758.769903][T18946] do_try_to_free_pages+0x245/0xb60 [ 1758.775117][T18946] try_to_free_mem_cgroup_pages+0x205/0x4d0 [ 1758.776880][T19067] memory: usage 307200kB, limit 307200kB, failcnt 2706 [ 1758.781033][T18946] try_charge+0x479/0xbf0 [ 1758.781049][T18946] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1758.781064][T18946] __memcg_kmem_charge+0xcf/0x1b0 [ 1758.781084][T18946] __alloc_pages_nodemask+0x26c/0x310 [ 1758.781101][T18946] alloc_pages_current+0xd1/0x170 [ 1758.781126][T18946] pte_alloc_one+0x18/0x50 [ 1758.781152][T18946] __handle_mm_fault+0x2be6/0x2e00 [ 1758.813221][T19067] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1758.813332][T18946] handle_mm_fault+0x21b/0x530 [ 1758.823369][T19067] Memory cgroup stats for /syz2: [ 1758.823573][T19067] anon 308695040 [ 1758.823573][T19067] file 106496 [ 1758.823573][T19067] kernel_stack 442368 [ 1758.823573][T19067] slab 1228800 [ 1758.823573][T19067] sock 53248 [ 1758.823573][T19067] shmem 0 [ 1758.823573][T19067] file_mapped 0 [ 1758.823573][T19067] file_dirty 0 [ 1758.823573][T19067] file_writeback 0 [ 1758.823573][T19067] anon_thp 264241152 [ 1758.823573][T19067] inactive_anon 252051456 [ 1758.823573][T19067] active_anon 20361216 [ 1758.823573][T19067] inactive_file 135168 [ 1758.823573][T19067] active_file 0 [ 1758.823573][T19067] unevictable 36327424 [ 1758.823573][T19067] slab_reclaimable 405504 [ 1758.823573][T19067] slab_unreclaimable 823296 [ 1758.823573][T19067] pgfault 355113 [ 1758.823573][T19067] pgmajfault 0 [ 1758.823573][T19067] workingset_refault 0 [ 1758.823573][T19067] workingset_activate 0 [ 1758.823573][T19067] workingset_nodereclaim 0 [ 1758.823573][T19067] pgrefill 143 [ 1758.823573][T19067] pgscan 174 [ 1758.823573][T19067] pgsteal 35 [ 1758.829693][T18946] __do_page_fault+0x456/0x8d0 [ 1758.829708][T18946] do_page_fault+0x38/0x194 [ 1758.829728][T18946] page_fault+0x34/0x40 [ 1758.829731][T18946] [ 1758.829748][T18946] write to 0xffff8882183a4078 of 8 bytes by task 18946 on cpu 0: [ 1758.829770][T18946] do_try_to_free_pages+0x75f/0xb60 [ 1758.829789][T18946] try_to_free_mem_cgroup_pages+0x205/0x4d0 [ 1758.829814][T18946] try_charge+0x479/0xbf0 [ 1758.849258][T19067] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=18922,uid=0 [ 1758.928734][T18946] mem_cgroup_try_charge+0xd2/0x260 [ 1758.928750][T18946] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1758.928766][T18946] wp_page_copy+0x322/0x1040 [ 1758.928779][T18946] do_wp_page+0x192/0xeb0 [ 1758.928794][T18946] __handle_mm_fault+0x1d16/0x2e00 [ 1758.928807][T18946] handle_mm_fault+0x21b/0x530 [ 1758.928823][T18946] __do_page_fault+0x456/0x8d0 [ 1758.928839][T18946] do_page_fault+0x38/0x194 [ 1758.928858][T18946] page_fault+0x34/0x40 [ 1758.928862][T18946] [ 1758.928866][T18946] Reported by Kernel Concurrency Sanitizer on: [ 1758.928886][T18946] CPU: 0 PID: 18946 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1758.928896][T18946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1758.928902][T18946] ================================================================== [ 1758.928910][T18946] Kernel panic - not syncing: panic_on_warn set ... [ 1758.928925][T18946] CPU: 0 PID: 18946 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1758.928933][T18946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1758.928937][T18946] Call Trace: [ 1758.928961][T18946] dump_stack+0x11d/0x181 [ 1758.928984][T18946] panic+0x210/0x640 [ 1758.929014][T18946] ? vprintk_func+0x8d/0x140 [ 1758.955789][T19067] Memory cgroup out of memory: Killed process 18922 (syz-executor.2) total-vm:72716kB, anon-rss:18208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:151552kB oom_score_adj:1000 [ 1758.958169][T18946] kcsan_report.cold+0xc/0xd [ 1758.958197][T18946] kcsan_setup_watchpoint+0x3fe/0x460 [ 1758.965138][T19076] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1758.968432][T18946] __tsan_unaligned_write8+0xc7/0x110 [ 1758.968506][T18946] do_try_to_free_pages+0x75f/0xb60 [ 1759.096315][ T1065] oom_reaper: reaped process 18922 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1759.100092][T18946] try_to_free_mem_cgroup_pages+0x205/0x4d0 [ 1759.100122][T18946] ? cgroup_file_notify+0xff/0x130 [ 1759.100149][T18946] try_charge+0x479/0xbf0 [ 1759.181596][T18946] ? rcu_note_context_switch+0x721/0x760 [ 1759.187244][T18946] mem_cgroup_try_charge+0xd2/0x260 [ 1759.192459][T18946] mem_cgroup_try_charge_delay+0x3a/0x80 [ 1759.198111][T18946] wp_page_copy+0x322/0x1040 [ 1759.202715][T18946] ? __read_once_size+0x41/0xe0 [ 1759.207571][T18946] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1759.213479][T18946] do_wp_page+0x192/0xeb0 [ 1759.217826][T18946] __handle_mm_fault+0x1d16/0x2e00 [ 1759.222947][T18946] ? try_to_free_mem_cgroup_pages+0x258/0x4d0 [ 1759.229047][T18946] handle_mm_fault+0x21b/0x530 [ 1759.233911][T18946] __do_page_fault+0x456/0x8d0 [ 1759.238701][T18946] do_page_fault+0x38/0x194 [ 1759.243210][T18946] page_fault+0x34/0x40 [ 1759.247368][T18946] RIP: 0033:0x40d948 [ 1759.251268][T18946] Code: d9 48 8b 47 78 48 83 f8 ff 0f 84 0b 01 00 00 48 8b 73 18 48 83 fe ff 74 29 48 81 fe e7 03 00 00 0f 87 67 01 00 00 48 c1 e6 04 86 80 80 75 00 01 48 89 86 88 80 75 00 66 2e 0f 1f 84 00 00 00 [ 1759.270874][T18946] RSP: 002b:00007ffc16e27920 EFLAGS: 00010202 [ 1759.276954][T18946] RAX: 0000000000000009 RBX: 000000000075bf20 RCX: 0000000000000001 [ 1759.284929][T18946] RDX: 0000000000000001 RSI: 0000000000000010 RDI: 000000000075bf20 [ 1759.292898][T18946] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 1759.300878][T18946] R10: 00007ffc16e27a20 R11: 0000000000000246 R12: 000000000075bf20 [ 1759.308846][T18946] R13: 00000000001ab728 R14: 00000000001ab755 R15: 000000000075bf2c [ 1759.316873][T19076] CPU: 1 PID: 19076 Comm: syz-executor.4 Not tainted 5.5.0-rc1-syzkaller #0 [ 1759.325568][T19076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1759.335690][T19076] Call Trace: [ 1759.339009][T19076] dump_stack+0x11d/0x181 [ 1759.343417][T19076] dump_header+0xaa/0x39c [ 1759.347747][T19076] oom_kill_process.cold+0x10/0x15 [ 1759.352959][T19076] out_of_memory+0x231/0xa60 [ 1759.357579][T19076] mem_cgroup_out_of_memory+0x128/0x150 [ 1759.363129][T19076] try_charge+0xb6c/0xbf0 [ 1759.367468][T19076] ? __rcu_read_unlock+0x66/0x3d0 [ 1759.372553][T19076] __memcg_kmem_charge_memcg+0x4a/0xe0 [ 1759.378039][T19076] __memcg_kmem_charge+0xcf/0x1b0 [ 1759.383152][T19076] __alloc_pages_nodemask+0x26c/0x310 [ 1759.388588][T19076] alloc_pages_current+0xd1/0x170 [ 1759.393632][T19076] pte_alloc_one+0x18/0x50 [ 1759.398058][T19076] __handle_mm_fault+0x2be6/0x2e00 [ 1759.403618][T19076] handle_mm_fault+0x21b/0x530 [ 1759.408396][T19076] __do_page_fault+0x456/0x8d0 [ 1759.413160][T19076] do_page_fault+0x38/0x194 [ 1759.417723][T19076] page_fault+0x34/0x40 [ 1759.421939][T19076] RIP: 0033:0x45af49 [ 1759.425860][T19076] Code: Bad RIP value. [ 1759.429926][T19076] RSP: 002b:00007fe49bdf2c78 EFLAGS: 00010246 [ 1759.436070][T19076] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 000000000045af49 [ 1759.444043][T19076] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1759.452025][T19076] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 1759.460009][T19076] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe49bdf36d4 [ 1759.468046][T19076] R13: 00000000004c1701 R14: 00000000004d68e0 R15: 00000000ffffffff [ 1759.477571][T18946] Kernel Offset: disabled [ 1759.481908][T18946] Rebooting in 86400 seconds..