sched_setaffinity(r1, 0x8, &(0x7f00000002c0)=0x2) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x2, 0x6, 0x583b, 0x200, 'syz0\x00', 0xffff4e7f}, 0x3, 0x2000004d, 0x200, r1, 0x8, 0x1000, 'syz1\x00', &(0x7f0000000000)=['(\xa8,)--[\\.{\\+\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '$\x00', '/dev/snd/controlC#\x00', '\x00', '/dev/snd/controlC#\x00'], 0x6f}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 13:59:50 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000000000fd00000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 13:59:50 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x3, 0x2000) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 13:59:50 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x3, 0x2000) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x3, 0x2000) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 13:59:50 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000000003fd00000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 13:59:51 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000000003ff00000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 13:59:51 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x3, 0x2000) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 13:59:51 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f00000000c0)={0x6, 0xffffffffffffffff, 0x1}) write$binfmt_script(r1, &(0x7f0000000100)={'#! ', './file0', [{0x20, 'cpu.stat\x00'}], 0xa, "b2e885ffcfd4be880fcbf045bc882b73384cb1b446a583c17eb8c276736550b69936e33e73c973e003a023e2ff7c28e105f2619df53dc38efea4d34d36727de84166d2036fbfc91bc1562c6e7896ee9a289d72548ef4b566375a85e705e93387af463abf51f270a8bb97c3eacfaa5e7310893d2b02f1159f0dbf3bfee26a2c970407"}, 0x97) r2 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0xada66a977c02d739) openat$cgroup_procs(r2, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP(r2, 0xd0009412, &(0x7f00000007c0)) syz_kvm_setup_cpu$x86(r0, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="2e0f3a0f057e440f20c0663501000000440f22c0ba200066b88ca3000066ef0f21493e2ed870f1440f20c0663505000000440f22c00fc75f6666b9800000c00f326635002000000f30de990900b800058ed8", 0x52}], 0x1, 0x0, &(0x7f00000000c0), 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ebd000/0x2000)=nil) madvise(&(0x7f0000f02000/0x2000)=nil, 0x2000, 0x9) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) (async) write$UHID_CREATE2(r0, &(0x7f0000000180)=ANY=[], 0x118) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) (async) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f00000000c0)={0x6, 0xffffffffffffffff, 0x1}) (async) write$binfmt_script(r1, &(0x7f0000000100)={'#! ', './file0', [{0x20, 'cpu.stat\x00'}], 0xa, "b2e885ffcfd4be880fcbf045bc882b73384cb1b446a583c17eb8c276736550b69936e33e73c973e003a023e2ff7c28e105f2619df53dc38efea4d34d36727de84166d2036fbfc91bc1562c6e7896ee9a289d72548ef4b566375a85e705e93387af463abf51f270a8bb97c3eacfaa5e7310893d2b02f1159f0dbf3bfee26a2c970407"}, 0x97) (async) open(&(0x7f0000000300)='./file0\x00', 0x0, 0xada66a977c02d739) (async) openat$cgroup_procs(r2, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) (async) ioctl$BTRFS_IOC_INO_LOOKUP(r2, 0xd0009412, &(0x7f00000007c0)) (async) syz_kvm_setup_cpu$x86(r0, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000000)="2e0f3a0f057e440f20c0663501000000440f22c0ba200066b88ca3000066ef0f21493e2ed870f1440f20c0663505000000440f22c00fc75f6666b9800000c00f326635002000000f30de990900b800058ed8", 0x52}], 0x1, 0x0, &(0x7f00000000c0), 0x0) (async) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) (async) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) (async) mremap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ebd000/0x2000)=nil) (async) madvise(&(0x7f0000f02000/0x2000)=nil, 0x2000, 0x9) (async) 13:59:51 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000000)={0x4, 0x1000, 0xf61, 0x3, '\x00', '\x00', '\x00', 0x0, 0x7, 0x5, 0x4, "84d641649ee37104a525800afcfe0a6a"}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 13:59:51 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000005040)={&(0x7f0000004e80), 0xc, &(0x7f0000005000)={&(0x7f0000004ec0)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) 13:59:51 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000007fff00000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 13:59:51 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000000)={0x4, 0x1000, 0xf61, 0x3, '\x00', '\x00', '\x00', 0x0, 0x7, 0x5, 0x4, "84d641649ee37104a525800afcfe0a6a"}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000000)={0x4, 0x1000, 0xf61, 0x3, '\x00', '\x00', '\x00', 0x0, 0x7, 0x5, 0x4, "84d641649ee37104a525800afcfe0a6a"}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) 13:59:51 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) [ 3017.415797][ T9482] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 13:59:51 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000000)={0x4, 0x1000, 0xf61, 0x3, '\x00', '\x00', '\x00', 0x0, 0x7, 0x5, 0x4, "84d641649ee37104a525800afcfe0a6a"}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000000)={0x4, 0x1000, 0xf61, 0x3, '\x00', '\x00', '\x00', 0x0, 0x7, 0x5, 0x4, "84d641649ee37104a525800afcfe0a6a"}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) [ 3017.536155][ T9482] CPU: 0 PID: 9482 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3017.544827][ T9482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3017.554910][ T9482] Call Trace: [ 3017.558200][ T9482] [ 3017.561137][ T9482] dump_stack_lvl+0x1e7/0x2e0 [ 3017.565838][ T9482] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3017.571139][ T9482] ? __pfx__printk+0x10/0x10 [ 3017.575741][ T9482] ? ___ratelimit+0x4c4/0x670 [ 3017.580438][ T9482] ? __pfx____ratelimit+0x10/0x10 [ 3017.585488][ T9482] dump_header+0xda/0x6a0 [ 3017.589836][ T9482] oom_kill_process+0x3a7/0x930 [ 3017.594695][ T9482] ? trace_contention_end+0x3c/0x100 [ 3017.600003][ T9482] out_of_memory+0xf67/0x1320 [ 3017.604698][ T9482] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3017.610349][ T9482] ? __pfx___mutex_lock+0x10/0x10 [ 3017.615397][ T9482] ? __pfx_out_of_memory+0x10/0x10 [ 3017.620533][ T9482] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3017.626102][ T9482] ? __pfx_lock_release+0x10/0x10 [ 3017.631161][ T9482] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3017.637244][ T9482] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3017.642462][ T9482] ? mem_cgroup_iter+0x422/0x560 [ 3017.647427][ T9482] try_charge_memcg+0xda2/0x18a0 [ 3017.652411][ T9482] ? __pfx_try_charge_memcg+0x10/0x10 [ 3017.657800][ T9482] ? percpu_ref_tryget+0x14/0x180 [ 3017.662856][ T9482] charge_memcg+0xa2/0x160 [ 3017.667295][ T9482] __mem_cgroup_charge+0x27/0x80 [ 3017.672260][ T9482] shmem_alloc_and_add_folio+0x393/0xde0 [ 3017.677917][ T9482] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3017.684085][ T9482] ? filemap_map_pages+0x1248/0x1830 [ 3017.689392][ T9482] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3017.694634][ T9482] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3017.700295][ T9482] shmem_fault+0x254/0x6f0 [ 3017.704730][ T9482] ? __pfx_shmem_fault+0x10/0x10 [ 3017.709856][ T9482] ? __pfx_lock_release+0x10/0x10 [ 3017.714896][ T9482] ? pte_offset_map_nolock+0x137/0x1f0 [ 3017.720391][ T9482] __do_fault+0x135/0x460 [ 3017.724737][ T9482] ? __pfx_filemap_map_pages+0x10/0x10 [ 3017.730209][ T9482] ? __handle_mm_fault+0x31c8/0x72d0 [ 3017.735503][ T9482] __handle_mm_fault+0x49e6/0x72d0 [ 3017.740652][ T9482] ? __pfx___handle_mm_fault+0x10/0x10 [ 3017.746133][ T9482] ? follow_page_pte+0x28e/0x1910 [ 3017.751174][ T9482] ? follow_page_pte+0x760/0x1910 [ 3017.756210][ T9482] ? __pfx_lock_release+0x10/0x10 [ 3017.761252][ T9482] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3017.766481][ T9482] ? follow_page_pte+0x7f2/0x1910 [ 3017.771529][ T9482] ? mt_find+0x62d/0x850 [ 3017.775818][ T9482] handle_mm_fault+0x3c1/0x8a0 [ 3017.780610][ T9482] __get_user_pages+0x6bd/0x1600 [ 3017.785572][ T9482] ? get_dump_page+0xe1/0x2f0 [ 3017.790263][ T9482] ? __pfx___get_user_pages+0x10/0x10 [ 3017.795650][ T9482] ? __kernel_write_iter+0x632/0x8c0 [ 3017.800958][ T9482] get_dump_page+0x154/0x2f0 [ 3017.805559][ T9482] ? __pfx___kernel_write_iter+0x10/0x10 [ 3017.811204][ T9482] ? __pfx_get_dump_page+0x10/0x10 [ 3017.816334][ T9482] ? iov_iter_bvec+0x4e/0x1b0 [ 3017.821032][ T9482] dump_user_range+0x126/0x910 [ 3017.825820][ T9482] ? __pfx_dump_user_range+0x10/0x10 [ 3017.831122][ T9482] ? writenote+0x250/0x3b0 [ 3017.835550][ T9482] ? kmalloc_trace+0x1d6/0x360 [ 3017.840500][ T9482] ? elf_core_dump+0x2e01/0x4630 [ 3017.845448][ T9482] ? dump_emit+0x99/0xd0 [ 3017.849709][ T9482] elf_core_dump+0x3d5d/0x4630 [ 3017.854510][ T9482] ? __pfx_elf_core_dump+0x10/0x10 [ 3017.859639][ T9482] ? mark_lock+0x9a/0x350 [ 3017.863994][ T9482] ? mas_next_slot+0xeb2/0xf90 [ 3017.868778][ T9482] ? __lock_acquire+0x1345/0x1fd0 [ 3017.873864][ T9482] ? rcu_read_lock_any_held+0xb7/0x160 [ 3017.879345][ T9482] ? 0xffffffffff600000 [ 3017.883506][ T9482] ? getname_kernel+0x140/0x2f0 [ 3017.888395][ T9482] do_coredump+0x1baa/0x2b50 [ 3017.893006][ T9482] ? get_signal+0xbe1/0x1850 [ 3017.897652][ T9482] ? __pfx_do_coredump+0x10/0x10 [ 3017.902639][ T9482] ? _raw_spin_unlock_irq+0x23/0x50 [ 3017.907853][ T9482] ? lockdep_hardirqs_on+0x98/0x140 [ 3017.913069][ T9482] get_signal+0x146a/0x1850 [ 3017.917609][ T9482] ? __pfx_get_signal+0x10/0x10 [ 3017.922490][ T9482] ? __pfx_force_sig_fault+0x10/0x10 [ 3017.927800][ T9482] arch_do_signal_or_restart+0x96/0x860 [ 3017.933363][ T9482] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3017.939545][ T9482] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3017.945365][ T9482] irqentry_exit_to_user_mode+0x78/0x280 [ 3017.951010][ T9482] exc_page_fault+0x587/0x870 [ 3017.955701][ T9482] asm_exc_page_fault+0x26/0x30 [ 3017.960567][ T9482] RIP: 0033:0x7f8ab667ddb1 [ 3017.964993][ T9482] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3017.984607][ T9482] RSP: 002b:0000000000000210 EFLAGS: 00010217 [ 3017.990688][ T9482] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3017.998668][ T9482] RDX: 0000000000000000 RSI: 0000000000000210 RDI: 0000000000000000 [ 3018.006675][ T9482] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3018.014828][ T9482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3018.022904][ T9482] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3018.031023][ T9482] 13:59:52 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000088a8ffff00000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3018.177137][ T9482] memory: usage 307200kB, limit 307200kB, failcnt 54991 [ 3018.293510][T11368] __nla_validate_parse: 6 callbacks suppressed [ 3018.293532][T11368] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3018.473887][ T9482] memory+swap: usage 401692kB, limit 9007199254740988kB, failcnt 0 [ 3018.727829][ T9482] kmem: usage 44972kB, limit 9007199254740988kB, failcnt 0 [ 3018.735105][ T9482] Memory cgroup stats for /syz4: [ 3018.735256][ T9482] cache 267595776 [ 3018.908925][ T9482] rss 737280 [ 3018.912196][ T9482] rss_huge 0 [ 3018.915518][ T9482] shmem 267591680 [ 3019.067388][ T9482] mapped_file 104759296 [ 3019.105315][ T9482] dirty 0 [ 3019.174967][ T9482] writeback 0 [ 3019.196449][ T9482] workingset_refault_anon 897 [ 3019.201197][ T9482] workingset_refault_file 0 13:59:53 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x229, 0x0, 0x0, 0x0) 13:59:53 executing program 3: fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000240), 0x2, 0x1) statx(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x100, &(0x7f0000000080)) r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xd2400800000000, 0x10400) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000180)={0x8, 0x5, 0x4, 0x1f, '\x00', 0x1f}) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f00000001c0)={0xa, 0x6, 0xbb, 0x5, 'syz0\x00', 0x5}) 13:59:53 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000dc0), 0x14) 13:59:53 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000005040)={0x0, 0x0, &(0x7f0000005000)={&(0x7f0000004ec0)={0x20, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @val={0xc}}}}, 0x20}}, 0x0) 13:59:53 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000007fffffff00000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3019.334166][ T9482] swap 96759808 13:59:53 executing program 3: fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000240), 0x2, 0x1) statx(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x100, &(0x7f0000000080)) r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xd2400800000000, 0x10400) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000180)={0x8, 0x5, 0x4, 0x1f, '\x00', 0x1f}) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f00000001c0)={0xa, 0x6, 0xbb, 0x5, 'syz0\x00', 0x5}) fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000240), 0x2, 0x1) (async) statx(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x100, &(0x7f0000000080)) (async) syz_open_dev$sndctrl(&(0x7f0000000000), 0xd2400800000000, 0x10400) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000180)={0x8, 0x5, 0x4, 0x1f, '\x00', 0x1f}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f00000001c0)={0xa, 0x6, 0xbb, 0x5, 'syz0\x00', 0x5}) (async) 13:59:53 executing program 0: linkat(0xffffffffffffffff, &(0x7f0000000ec0)='./file1\x00', 0xffffffffffffffff, 0x0, 0x1400) [ 3019.426307][ T9482] swapcached 57344 [ 3019.430098][ T9482] pgpgin 870304 [ 3019.433587][ T9482] pgpgout 804772 [ 3019.458269][T11449] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 13:59:53 executing program 0: syz_usb_connect(0x0, 0x188, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x74, 0x6f, 0x44, 0x10, 0x19d2, 0x1152, 0x2562, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x176, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x1, 0xa, 0xff, 0xff, 0xff, 0x0, [@hid_hid={0x9, 0x21, 0x26b, 0x2, 0x1, {0x22, 0x6ba}}], [{{0x9, 0x5, 0x0, 0x2, 0x18, 0x80, 0x0, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x0, 0xcef4}]}}, {{0x9, 0x5, 0x8, 0x0, 0x0, 0x0, 0x81, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x3, 0x3}]}}, {{0x9, 0x5, 0xd, 0x8, 0x3ff, 0x7, 0x3, 0x4}}, {{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x9, 0xff}}, {{0x9, 0x5, 0x0, 0x0, 0x7bf, 0x0, 0x3, 0x5, [@generic={0x5f, 0x2, "84728b75debda4a84bb8b1b78d38ea80c26e3105bb4d9dc8150c4494624141955e4c2bd07ccd67124406d0d7620e2bd13b2c9b83ba5fce38606b24344c69c716da2a0bd7431ff4ee2c246cc253d01f7367071118fde1445afae0256eb9"}]}}, {{0x9, 0x5, 0x80, 0x0, 0x3ff, 0x0, 0x0, 0x6, [@generic={0x2}]}}, {{0x9, 0x5, 0x0, 0x0, 0x200, 0xfb, 0x3f, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x9}]}}, {{0x9, 0x5, 0x0, 0x10, 0x0, 0x4, 0x6, 0x6}}, {{0x9, 0x5, 0x0, 0x0, 0x8, 0x1f, 0x2, 0x3}}, {{0x9, 0x5, 0xe, 0x0, 0x8, 0x0, 0x4, 0x0, [@generic={0x8b, 0xe, "7805779e84654b9d31c3c0445cb26293d54fc811fdb326d122344b39031b8dc49ed888a72e4ccef55ca6fdbc1a86ccb5ba61b5e30a30324226c8c779ece66c7b0c6961d1d1d7f85f8ddb0cadabe965f28d207401795ecb305d055ba28a068d840fd5f83bc7417a0e4670b7b58e1e353fdc6c6a645de09bce4bd33d8d2954e46a883b84d89b858c120d"}]}}]}}]}}]}}, &(0x7f0000000740)={0xa, &(0x7f0000000500)={0xa, 0x6, 0x300, 0x9, 0xf9, 0x8, 0x20, 0xe5}, 0x30, &(0x7f0000000540)={0x5, 0xf, 0x30, 0x5, [@ptm_cap={0x3}, @ssp_cap={0x14, 0x10, 0xa, 0x6, 0x2, 0x9, 0xf000, 0x0, [0x3f0f, 0x0]}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x0, 0x0, 0x400}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x0, 0x7f}, @ptm_cap={0x3}]}, 0x2, [{0xff, &(0x7f0000000580)=@string={0xff, 0x3, "37ec7bfd7a21a285f35470c28f436bf298b1e2109cf67853ac5598a9f276886bf41173d62e30289c7ab0264a833a44e3e469d62a4efce3cde76e1ebcaf9f441650f967fb289f28d399b562ab4c849122a9eb6c812efe37de7d2327bc4f7741ceb200bb09052fc046993ea816bde3edaf2a04fefa08d7bc68601594b1bf2f834c480eae61d4ea8fb02a9c1effda63e02315aba71703802e42e171733a4cb51fd87bb2a145f1b364d921a6c53f7cba331b6247889a19fca340339981263dcb7e8bb64098fed7b02c680e3bd9fdaf0605c861f282e59e482e0930e7ce31dfd13ac2ee955bf2e1b4e67b8b7e2596913118a05d0400386d0bc8f0b47c32c204"}}, {0x0, 0x0}]}) [ 3019.552149][ T9482] pgfault 981598 13:59:53 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000e4ffffff00000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3019.630860][ T9482] pgmajfault 547 13:59:53 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xa, 0x0, 0x0, 0x0, 0x822}, 0x48) 13:59:53 executing program 3: fsetxattr$trusted_overlay_opaque(0xffffffffffffffff, &(0x7f0000000200), &(0x7f0000000240), 0x2, 0x1) (async) statx(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0, 0x100, &(0x7f0000000080)) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xd2400800000000, 0x10400) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000180)={0x8, 0x5, 0x4, 0x1f, '\x00', 0x1f}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f00000001c0)={0xa, 0x6, 0xbb, 0x5, 'syz0\x00', 0x5}) [ 3019.760788][ T9482] inactive_anon 21803008 [ 3019.798851][T11562] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3019.882490][ T9482] active_anon 246562816 [ 3019.906205][ T6434] usb 1-1: new high-speed USB device number 58 using dummy_hcd 13:59:54 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000f0ffffff00000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3019.946815][ T9482] inactive_file 0 13:59:54 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000580)={0x0}) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f0000000780)={r1, 0x4}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500)={0x0}, &(0x7f0000001780)=0xc) fcntl$lock(r0, 0x5, &(0x7f00000017c0)={0x2, 0x4, 0x0, 0xb4e, r2}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x6, 0x9, 0x4, 0x9, 'syz0\x00', 0x3a5}, 0x0, [0x2, 0x5, 0x7, 0x100, 0x3cc2, 0x100000001, 0x8, 0x400, 0x6, 0x101, 0x0, 0x0, 0x3, 0x7fb2, 0x2, 0x7f, 0xfffffffffffffffd, 0x5f, 0x3b4c, 0x80000000, 0x2, 0x6, 0x1, 0x4, 0x0, 0xffffffff, 0x3f, 0x4, 0xfffffffffffffbff, 0x7, 0x80000001, 0x5b, 0x9, 0x4, 0x12, 0x8, 0x89, 0xfffffffffffffffe, 0x1, 0x1, 0x1, 0x0, 0x5, 0x6, 0x8, 0x2, 0xee0a, 0x7, 0x6, 0x6, 0x5, 0x12, 0x80, 0x6, 0x2, 0xfff, 0x8, 0x200, 0x8000000000000000, 0x8, 0x8, 0x654, 0x0, 0x6, 0x400000000000000, 0x33d5, 0x20, 0x0, 0x1, 0x80, 0x800, 0x9, 0x1, 0x7fff, 0x9, 0x6, 0x1, 0xe0ed, 0x9, 0x59, 0x8, 0x9, 0x3, 0x7, 0x6, 0x80, 0x100000000, 0x16a8, 0x3, 0x7, 0x871b, 0x77a5, 0x7, 0x2, 0xd431, 0x1, 0x5, 0xcbeb, 0x6, 0x6, 0x7, 0x0, 0x2, 0x8000000000000000, 0xfff, 0x2, 0x5, 0x3, 0x7, 0xc086, 0x6bd, 0x8832, 0x8000, 0xfffffffffffff11f, 0xfffff00000000000, 0xfff, 0x6, 0x59a5, 0x81, 0xbb, 0xfffffffffffffff8, 0x3fb, 0x8, 0x4343, 0x2, 0xc00000, 0xc4, 0x9]}) [ 3020.014064][ T9482] active_file 0 [ 3020.063572][T11670] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3020.082630][ T9482] unevictable 0 13:59:54 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000002c0)={0x1, &(0x7f0000000280)=[{0x45}]}) [ 3020.137552][ T9482] hierarchical_memory_limit 314572800 [ 3020.146165][ T6434] usb 1-1: Using ep0 maxpacket: 16 13:59:54 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000580)={0x0}) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f0000000780)={r1, 0x4}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500)={0x0}, &(0x7f0000001780)=0xc) fcntl$lock(r0, 0x5, &(0x7f00000017c0)={0x2, 0x4, 0x0, 0xb4e, r2}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x6, 0x9, 0x4, 0x9, 'syz0\x00', 0x3a5}, 0x0, [0x2, 0x5, 0x7, 0x100, 0x3cc2, 0x100000001, 0x8, 0x400, 0x6, 0x101, 0x0, 0x0, 0x3, 0x7fb2, 0x2, 0x7f, 0xfffffffffffffffd, 0x5f, 0x3b4c, 0x80000000, 0x2, 0x6, 0x1, 0x4, 0x0, 0xffffffff, 0x3f, 0x4, 0xfffffffffffffbff, 0x7, 0x80000001, 0x5b, 0x9, 0x4, 0x12, 0x8, 0x89, 0xfffffffffffffffe, 0x1, 0x1, 0x1, 0x0, 0x5, 0x6, 0x8, 0x2, 0xee0a, 0x7, 0x6, 0x6, 0x5, 0x12, 0x80, 0x6, 0x2, 0xfff, 0x8, 0x200, 0x8000000000000000, 0x8, 0x8, 0x654, 0x0, 0x6, 0x400000000000000, 0x33d5, 0x20, 0x0, 0x1, 0x80, 0x800, 0x9, 0x1, 0x7fff, 0x9, 0x6, 0x1, 0xe0ed, 0x9, 0x59, 0x8, 0x9, 0x3, 0x7, 0x6, 0x80, 0x100000000, 0x16a8, 0x3, 0x7, 0x871b, 0x77a5, 0x7, 0x2, 0xd431, 0x1, 0x5, 0xcbeb, 0x6, 0x6, 0x7, 0x0, 0x2, 0x8000000000000000, 0xfff, 0x2, 0x5, 0x3, 0x7, 0xc086, 0x6bd, 0x8832, 0x8000, 0xfffffffffffff11f, 0xfffff00000000000, 0xfff, 0x6, 0x59a5, 0x81, 0xbb, 0xfffffffffffffff8, 0x3fb, 0x8, 0x4343, 0x2, 0xc00000, 0xc4, 0x9]}) 13:59:54 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000002000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3020.313297][ T9482] hierarchical_memsw_limit 9223372036854771712 [ 3020.361178][T11710] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3020.370737][ T6434] usb 1-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 3020.386864][ T6434] usb 1-1: config 0 interface 0 altsetting 1 has an invalid endpoint with address 0x0, skipping 13:59:54 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000580)={0x0}) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f0000000780)={r1, 0x4}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500)={0x0}, &(0x7f0000001780)=0xc) fcntl$lock(r0, 0x5, &(0x7f00000017c0)={0x2, 0x4, 0x0, 0xb4e, r2}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x6, 0x9, 0x4, 0x9, 'syz0\x00', 0x3a5}, 0x0, [0x2, 0x5, 0x7, 0x100, 0x3cc2, 0x100000001, 0x8, 0x400, 0x6, 0x101, 0x0, 0x0, 0x3, 0x7fb2, 0x2, 0x7f, 0xfffffffffffffffd, 0x5f, 0x3b4c, 0x80000000, 0x2, 0x6, 0x1, 0x4, 0x0, 0xffffffff, 0x3f, 0x4, 0xfffffffffffffbff, 0x7, 0x80000001, 0x5b, 0x9, 0x4, 0x12, 0x8, 0x89, 0xfffffffffffffffe, 0x1, 0x1, 0x1, 0x0, 0x5, 0x6, 0x8, 0x2, 0xee0a, 0x7, 0x6, 0x6, 0x5, 0x12, 0x80, 0x6, 0x2, 0xfff, 0x8, 0x200, 0x8000000000000000, 0x8, 0x8, 0x654, 0x0, 0x6, 0x400000000000000, 0x33d5, 0x20, 0x0, 0x1, 0x80, 0x800, 0x9, 0x1, 0x7fff, 0x9, 0x6, 0x1, 0xe0ed, 0x9, 0x59, 0x8, 0x9, 0x3, 0x7, 0x6, 0x80, 0x100000000, 0x16a8, 0x3, 0x7, 0x871b, 0x77a5, 0x7, 0x2, 0xd431, 0x1, 0x5, 0xcbeb, 0x6, 0x6, 0x7, 0x0, 0x2, 0x8000000000000000, 0xfff, 0x2, 0x5, 0x3, 0x7, 0xc086, 0x6bd, 0x8832, 0x8000, 0xfffffffffffff11f, 0xfffff00000000000, 0xfff, 0x6, 0x59a5, 0x81, 0xbb, 0xfffffffffffffff8, 0x3fb, 0x8, 0x4343, 0x2, 0xc00000, 0xc4, 0x9]}) syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000000580)) (async) ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f0000000780)={r1, 0x4}) (async) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000001780)=0xc) (async) fcntl$lock(r0, 0x5, &(0x7f00000017c0)={0x2, 0x4, 0x0, 0xb4e, r2}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x6, 0x9, 0x4, 0x9, 'syz0\x00', 0x3a5}, 0x0, [0x2, 0x5, 0x7, 0x100, 0x3cc2, 0x100000001, 0x8, 0x400, 0x6, 0x101, 0x0, 0x0, 0x3, 0x7fb2, 0x2, 0x7f, 0xfffffffffffffffd, 0x5f, 0x3b4c, 0x80000000, 0x2, 0x6, 0x1, 0x4, 0x0, 0xffffffff, 0x3f, 0x4, 0xfffffffffffffbff, 0x7, 0x80000001, 0x5b, 0x9, 0x4, 0x12, 0x8, 0x89, 0xfffffffffffffffe, 0x1, 0x1, 0x1, 0x0, 0x5, 0x6, 0x8, 0x2, 0xee0a, 0x7, 0x6, 0x6, 0x5, 0x12, 0x80, 0x6, 0x2, 0xfff, 0x8, 0x200, 0x8000000000000000, 0x8, 0x8, 0x654, 0x0, 0x6, 0x400000000000000, 0x33d5, 0x20, 0x0, 0x1, 0x80, 0x800, 0x9, 0x1, 0x7fff, 0x9, 0x6, 0x1, 0xe0ed, 0x9, 0x59, 0x8, 0x9, 0x3, 0x7, 0x6, 0x80, 0x100000000, 0x16a8, 0x3, 0x7, 0x871b, 0x77a5, 0x7, 0x2, 0xd431, 0x1, 0x5, 0xcbeb, 0x6, 0x6, 0x7, 0x0, 0x2, 0x8000000000000000, 0xfff, 0x2, 0x5, 0x3, 0x7, 0xc086, 0x6bd, 0x8832, 0x8000, 0xfffffffffffff11f, 0xfffff00000000000, 0xfff, 0x6, 0x59a5, 0x81, 0xbb, 0xfffffffffffffff8, 0x3fb, 0x8, 0x4343, 0x2, 0xc00000, 0xc4, 0x9]}) (async) 13:59:54 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000240)={'sit0\x00', &(0x7f0000000180)={'tunl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x25, 0x4, 0x0, 0x0, 0x94, 0x0, 0x0, 0x7, 0x0, 0x0, @dev, @remote, {[@rr={0x7, 0x13, 0x0, [@empty, @remote, @broadcast, @empty]}, @timestamp_prespec={0x44, 0x4c, 0x0, 0x3, 0x0, [{@loopback}, {}, {@multicast2}, {@private}, {@broadcast}, {}, {@local}, {@loopback}, {@broadcast}]}, @ra={0x94, 0x4}, @lsrr={0x83, 0x1b, 0x0, [@remote, @rand_addr, @multicast2, @multicast1, @empty, @multicast2]}]}}}}}) [ 3020.408900][ T6434] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0 [ 3020.436479][ T9482] total_cache 267595776 [ 3020.447786][ T6434] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 3020.492662][ T6434] usb 1-1: config 0 interface 0 altsetting 1 has an invalid endpoint with address 0x0, skipping [ 3020.536607][ T6434] usb 1-1: config 0 interface 0 altsetting 1 has an invalid endpoint with address 0x0, skipping [ 3020.545562][ T9482] total_rss 737280 [ 3020.571025][ T6434] usb 1-1: config 0 interface 0 altsetting 1 has an invalid endpoint with address 0x80, skipping 13:59:54 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000003000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3020.591279][ T6434] usb 1-1: config 0 interface 0 altsetting 1 has an invalid endpoint with address 0x0, skipping [ 3020.609213][ T6434] usb 1-1: config 0 interface 0 altsetting 1 has an invalid endpoint with address 0x0, skipping [ 3020.630743][ T9482] total_rss_huge 0 [ 3020.638151][ T6434] usb 1-1: config 0 interface 0 altsetting 1 has an invalid endpoint with address 0x0, skipping 13:59:54 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x237, 0x0, 0x0, 0x0) [ 3020.682515][ T6434] usb 1-1: config 0 interface 0 has no altsetting 0 [ 3020.704960][ T9482] total_shmem 267591680 [ 3020.734218][T11868] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 13:59:55 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000040)=0x7fffffffffffffff) pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff}, 0x80) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x200000a, 0x8811, r1, 0x8000) write$binfmt_aout(r1, &(0x7f0000000c40)=ANY=[@ANYBLOB="080109040b0000003901000000100000ac02000009000000000000000000000007ca75352662f79338476647af1dbf6a5107d63707da3bfe8519971c0cf61af899b3d26334b9d5464106582dd599a9f8355a8c72d3206ef00cf202c6f9f67ff8599e15664497f0ab4532b90fdcf61043e3501791076b5b56b90e94a54afe8567348e0d76d7e144fdc3576d328d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac75df4971dc90ebe2"], 0x68d) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r2, 0xc0a85320, &(0x7f0000000140)={{0x80}, 'port0\x00', 0x0, 0x10100e}) pidfd_getfd(r0, r2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x2) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000300)={{0x6, 0xaa}, 'port0\x00', 0x10, 0x20008, 0x8001, 0x18b5, 0x4, 0xffffffff, 0xffff, 0x0, 0x2, 0x7}) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r3, 0x8982, &(0x7f0000000000)={0x1, 'vlan1\x00', {}, 0xfe01}) ioctl$sock_SIOCOUTQNSD(r3, 0x894b, &(0x7f00000000c0)) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000780)={0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000001800)={0x0, r4, "02b66c11beed7c64705a2327ec95767e4393a580b2c3043a2fcfb08839b8897467f4a525091f0f7d2480b2fbdcfd2a3924b674e8aed38628fb035a463934e151ef7c0289d4fd7b308135026f77657ca78a849330727be579703bef5f51cf16a7198f8eb8e962cc55e47a88645dc99b6e4dfd15399b64e979124ef3a9120208d05d9de3ff1ce9cc9e6353b97b13c914e3530a6ec5b967674f3cbc69538c66356f6777af618dd96e1730048727e164fcc8139776c1e5061154ffe7838008ce90ccbf0827c03a28016d5f3bdabbc98bee9c405509e3e094ba1677d6b347061c346722828810ba1b68424c585770f6527f3856630aedb97f2ee0742e013d5d412046", "e26481ed1e7c639b5947fa03672a9556f2d9c88f35f8f8b62d6b01c1aef3d08f4ee43881217f959db47d280e8448925694f755ec0256840e58a31c14f0d78d223c58da8e0bd812fb893403e655823624c9e0581484207a6d914ad9befaa148971274f98aa0b753b38761ffcd20135aa09bee95ffc38cfb410de6eb0b1c0eaf69af8375bb982d21281acaa2966378f31ed037b8789d3bf55cda6f1fdefac7c7d4eec101525b850f72c5d3515de41ea6c4cc0a1d4c9d0e83fe98d8baa6325482d6270833cf890aba6768abf6a6ac45c0268bac824f692a521bf8500ce437d7bd4ecafbf918c063d8af3d110e24ddc569f535794d4c8c4ab3897b27310c8d39efca731b7a22caf0ec5f2df04ce6b496582e72b5cbb10480d59c191cd3eca3d3a973fe653216cd08c8de4098133f85da499af2f6a6c7513755f40d13810388f5476a67bb722dc832e4af4c76fda32aa9699c8191a644df90df4b2b2e7993e90bee48e3b65cbc84de44a15926c157018e46c849d57933b96f67dcec40eb733515b880aabbfd1324433ef61e0a112430d3829717820a9eb79c8767614facf386e07a7df2ceb2e9f9d33d65d33fecc7697f5bf74769a67ac297756ec495eaf87674ad5fae2fd772301896e85c617328f32f69bb718bf1ade1d8fd637a6bb4c7044929bf43757821b2bde4ce2ec164ef3841458207326249547ccd2c3ca3467e8c5474cb820ee8647c90d2da6af054fa1f25afb1b0792dcf21b2736c67fc8119a6bdbe19689bb639113f5b9165a50b6f2df8dd8c549220488da3bb10e45dcc7a6207635a550e5ee913aa8ec6ea5f92ba59eb003424e6ea472df633220c8e9644d5bf2f4b01027fc5c0422c39932531e1be7e62e021ac4592b57d95720d5ae86f4bd11d95ad82569ab24e0d1b5a144e6fbcc76c4d7800a70069a852979a3a1f02fcbef6bfeff2101576c998109c65350175bd05435d4be236097340cfafadfde768b1176e6c40f34731164afcd0c3620a0cd015494e432e9aff2c59a4cf476d9037a398183fe74789da0300172e1c02173ff867faf6fbed165ca819be3e4ea05fb6ff1633430984bece64ef93ff8d012b9c321941d59f5b8572008f6bb22597864ea1fbd6b9e349b6d9dc1adc185ea32d5e67e44ac5ebea2063635a53e1718a4246ea47a8874daae0ac6653f821f381a940cbfc98d4a25aea33c63309ee1c6c20f349b673509f09b5381956611359754bdb2eeda100ccb4834596de45556611d5b568f2604653c2129a7d5bd50a209a6d4a956c108b5349a8d208431a2edb17d7650332d308ea2e6f324e589f0e98de49ab655a77509637f0a65614c33f16f91e0d6305e8f9ba0766154e1599f67005ff75af7a6143e574acb799f2363dbb37971fc451c0054b5753de3e2278afe06b9e64b93ab09b4985fe26626a6266da1088f7b9755ac8a9e4e6e99a0dedfe2b1509de12f75d9dea83475543d2b328e986779f4992c870ad128b9d09e8ebcc264e8bb5b85d6d62ab902b8ed7409448cc26a777882627bf3e0c9cdd473289154560c2838c6d4fdaea97ff5d7992909c67710dfeb4977ea7bc06d77b06a19efa42178c46a3fa66ed7d6e2b67ab86be5d94721b099947563db706c5c3a12744ea61d63fce93f546f2669c50b6568e3f32d79bfc75adefc21ee93c5c5360cf2e7ac19571c3663857baf3325b666570642da4dcb309dab05b7ad05bf832d28fa8e871f7b89d6f4327953f4dbde3aac022f4dfe050d0924427e39a8027fbc4b54c4a8c2bf35f8c11c9c0ac4bc1fc31d6bdb2cee2675c5a782aa3ab5ffcc7be7207c89cdb8546fcfdd3a5aadfee5a296abd9afc127ebbf580649e9132b55d9f40a3778af49248b593e00c9f4812b8f7adb7323ab7852e4ed09c55aa356b2e8fee6eb14be3659fdf821d23ac556845f70670d8b6a417c29ac0b1585ea865634c0c921e9d930d4018f66d1e024179d80a7154c491c8662d427ab44a3633480782889f1d00c1d182ede30d4127d769291ef408b574a41c29153b7d949d4648b60a4faf32b380dbc87146c36479d47023876abd4ae7e289ba79d988f6c3a86a75bdc784bea2f0b7e2f77cb1282f54a18e1117e50ffa46ac208fcf8a7b5751e83b3e80cb428e4c2ae63ca3cf7b2c4353303edfe328626391f7925f1ab4ef1c7d0f54d0e45590188ecdb6d2c9c0db9b0552dc81b21dc1bbe9e94be5f78dad11f53d6fc3602e9ffb872d3557c44a133ee94e50d57d5eae2214569975982c63f22750db6f5c979ed81b3f68fe6be6daa85bcd98f25548c1d4db1f15394bc708933e0352e4059bedbf832abaf75e9bdca6fea93600357ca4153357d2e0661a308edf82c0f53e7a121c7e1e8bafdc5fdb61c21f4716d06b43a8395aa915a34c4dc4b5b15ba70a4e163728a9966515682b9ca3c2499aeb17a3c17f905fefed806b504f77c52564006273282db5e0c70565ee1016fc7c241830bef951294db9682ef41742b6550246e539143f15d6c2f017a8083ec97eb3a2de8bc2d8d5fec2b9b88996b3ff6c5aa5bed326f72fe9190de74a83e380b9fe89324421697d124d9a1bd3ced8e1856923147958582d737a36da6af4a0fd92b83f0ef0cb1a725d3a5ecb3a39ad039d200989a281a0686336457824ef582698222b7a063475b793a21745d6701940a0baf124461ad71de8dff6a6f7ed676d107e01ae6b7b79aa1f96efce91039dead977bf70365de8ebb3ec06634246d62f78287831984accef27048794468f520db5c71b4fa94818ddc7394fa1b609adb8cc80c0f32efac26a47bd74119100f0cfdcb889aab1019786cc0eefc1e4295ae919e9f6c8c8a16aa76a2bfe39adf5929e9b9925da0241e734378fe140981e3536bf0b77eb0263297a936a5f37605f128d79b16723b953331f99633b8d29ad1d1dbdb74188488ea0d1b7e0ddb652c040aa0477a079e92618e52f3b7ceebd62e0f0c6946469c19ae828b7eed288c3a53320c9d5468c39d608bd42d967a21e6b788de7c6826d1b99130083182562f63443290aeeb24308d3eb4881547db34b284d9af2bd7cac0d2f66bd14758c079c345d2bce3e1efc3599b0d06e69a92db7e05473673726e1848df75e83df50f98a9321468c10c6514dd7b3cb5b0ddf2fef13284463fe88ef2bc95d51288e41e3e0ba5c91bd686d7f7658b5bac8e3991a0f3b36f004585d9edd09d478ede73e7da067ea502894fc1247e62c1a84c9065ffccc3da96f07ddce135ceafdd784dda6f64a7add400d21ae13abf98e90fb96fcda23a8ad79905428a349b2230c19cf8cdca1724382bd19b4b075438098bd46cbc668bcbdcf1da85f733a50669f976a7106ff1936f20d799e7d01b0beeba7057a90016fb2d36bb3d14e11ac077ffb91f139d16ae5e78d84559312c9fd1a91ff70e5d9b4fd279420f7647151fe951b705082230ad20415d2f605665cd9374a50f7fc3c32efe30e4c0fc84f0c0e0bcd35e46665e4f29371c1c96324f65a94c85874e8e3baba68b88acc85c38f466d7353b5a00953c8ff5522cf0903e646301e3539d047286d10be16d9fbef02d450b7b12b1ead250f68c4c893fbc6f48765f34a81c477966278a1c6945d14d6531f0b5e4cef4edaf3708a5787162c39b236272694b0a302465d01004fa9d516414c040c27fccbf38466023b06293bd07f31fcdbb3b5378a8b2c7886e1551b1caeab96f7f3c159075756f5f8aaa05b6f87f581d802903c36d84169f87c01a77c43284adf66daa38fe8633a8f6d258231466aba89bb9e56ef289d2815cde433e381ddf74852302684b974c80d0a1d7d578039120a2db36213d167687e9390ed8f14c709d3149d2f5cfbc42a9b85e6d10c4ee77270534fdff2ccb816dedc6377257a73ba2a4ea82c0cc4a81bfb939f710b109beb279edeeda345867c0130ff6fc0fbbbbd25d16d2e73f6ab2fbb4c72abc0713ef9e4690b72208c468fa64c21f2247867b5edd514e5be23733ef2136b10e03161fe3b4e6018933df1f97a8250747e6140780a064e0c35bfafcb8177a75e8fde25e61e1c6332bbf7ddc3a11910feb3bd66707a7c1a9f87b320298acec88135a177b2f6f3c0ff02765f34c30b078b58470cd227ce4c0a1a77e662180b28fb360c3fbf47ba8982510979b86332b6d8a53d5f3947665c119a71e5b6ddc64228b47c3e23c30ebbede354d71d2780456de3f717a384112ccc9805dfe107fc9440ab7abccd8463150ce1306778fbea9793d88c4a7864a925bac5da593d6b72ee2c743f0b732a10285d293359c8126004f06fa12c0b3ca9c1e9c0a75b587207965c49f7450cb4210da01e5604f83f849b7eb9cb3f73de4bcff064b4fe08580971184db940bf29d6b8cea027dbfe0b78d6fa574da4b5b4db57b4e1939213c9848537baaf8076b1db4e767a467ec6a47c67aa33df96d7113cc9884124bca5579ce0058618b1b1f13ff3b102ff54e6bde7e29fd555acd6ffe6429af27301b6bbda38403d8f6f3266d7724f517778e7b2c1e13e3d83104ce743857c07b70cb5be8d6d8757d63a3bedfc9de79cc7e96c9833e15fd65f1336178568c2453a49cfc8c8dcb4f5d978f0a6144d62a5da6fd75d08a41084d4c59b345e07a5f4446af6e5216cc8d94347d333030015e262036f0a4fa6d2ae523654c55b37ac179efb66d230de5c70a9b33738ef0cd4ba2710d9ec03f426701101182051516a9be380a07e2555a8cda03eafc72d2bc2bc1dcadde4bb819692c1736b0ed203c4934842d791aae9e10bf239cc5393c9faf967109444c8f44532766ca5481f0ac16d25753a121727271c71d97b401dafe91588b362f2798f047deece9f860624b2d5753e46f929f8c2d03753e7245ffed6d8e36c7b380c4fb6a27e087a38b5e4a80f0043f95e5a20701c62692e684a764074e47badcecf8b2145be47b5b7089c249abcf0743a61b517004d120929d7846a39a46e0ddbcf5334fc01aca0bff31e67da8b3c88e38504db1dc3940c55bee158ae6dfcce289cf91106397d8e3990149a86c819e0354d785a4eed76fa6380491b01efbc23e7189ec253884d384865bca5da9a0917d68144a0a02cde867c365d339a025b7c8a16b82e341719a259ede8f09c165a354fd3e8f5d59e349e7c36302cf8ed115537969b598337fe7575157c89a254c0829cdb243d3d788321c756bf2817721db4bead96e1f25be5b8c7100d149d13900b6c6491ddbdbeaef7753ed5c5d9b07449bfd023501075ec08c37c13df696bf73500bd440a6522f5b955862c5eee8dc6e875c5055350b3397a6b31d2b764308ad24aafd4113af76f38f4aaba9e24efa3ad5b1c008a6cad2411ef6c7276dd3a5a2ae8130f91c36c34137731426fdf5272ef4ac5c4415e2d0f7b50da3ae910ba22bb5b962351e841746b"}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000200)=ANY=[@ANYRES64=r4, @ANYBLOB="9200000000000000290c0000000000000000000000000300000000000000000200000000f8080000000000000000030000000000000000000000ab000000000000000000000001000000030019ad7454f5a6bd9400"/126]) r5 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r5, 0x80045530, &(0x7f0000003840)=""/89) [ 3020.844553][ T1240] ieee802154 phy0 wpan0: encryption failed: -22 [ 3020.856297][ T1240] ieee802154 phy1 wpan1: encryption failed: -22 [ 3020.891001][ T9482] total_mapped_file 104759296 [ 3020.945052][ T9482] total_dirty 0 13:59:55 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000004000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3021.049787][ T9482] total_writeback 0 13:59:55 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendto$packet(r0, &(0x7f0000000000)="4814", 0x2, 0x0, &(0x7f0000000140)={0x11, 0x16, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) 13:59:55 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000040)=0x7fffffffffffffff) (async) pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff}, 0x80) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x200000a, 0x8811, r1, 0x8000) write$binfmt_aout(r1, &(0x7f0000000c40)=ANY=[@ANYBLOB="080109040b0000003901000000100000ac02000009000000000000000000000007ca75352662f79338476647af1dbf6a5107d63707da3bfe8519971c0cf61af899b3d26334b9d5464106582dd599a9f8355a8c72d3206ef00cf202c6f9f67ff8599e15664497f0ab4532b90fdcf61043e3501791076b5b56b90e94a54afe8567348e0d76d7e144fdc3576d328d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac75df4971dc90ebe2"], 0x68d) (async) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r2, 0xc0a85320, &(0x7f0000000140)={{0x80}, 'port0\x00', 0x0, 0x10100e}) pidfd_getfd(r0, r2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x2) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000300)={{0x6, 0xaa}, 'port0\x00', 0x10, 0x20008, 0x8001, 0x18b5, 0x4, 0xffffffff, 0xffff, 0x0, 0x2, 0x7}) (async) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r3, 0x8982, &(0x7f0000000000)={0x1, 'vlan1\x00', {}, 0xfe01}) ioctl$sock_SIOCOUTQNSD(r3, 0x894b, &(0x7f00000000c0)) (async) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000780)={0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000001800)={0x0, r4, "02b66c11beed7c64705a2327ec95767e4393a580b2c3043a2fcfb08839b8897467f4a525091f0f7d2480b2fbdcfd2a3924b674e8aed38628fb035a463934e151ef7c0289d4fd7b308135026f77657ca78a849330727be579703bef5f51cf16a7198f8eb8e962cc55e47a88645dc99b6e4dfd15399b64e979124ef3a9120208d05d9de3ff1ce9cc9e6353b97b13c914e3530a6ec5b967674f3cbc69538c66356f6777af618dd96e1730048727e164fcc8139776c1e5061154ffe7838008ce90ccbf0827c03a28016d5f3bdabbc98bee9c405509e3e094ba1677d6b347061c346722828810ba1b68424c585770f6527f3856630aedb97f2ee0742e013d5d412046", "e26481ed1e7c639b5947fa03672a9556f2d9c88f35f8f8b62d6b01c1aef3d08f4ee43881217f959db47d280e8448925694f755ec0256840e58a31c14f0d78d223c58da8e0bd812fb893403e655823624c9e0581484207a6d914ad9befaa148971274f98aa0b753b38761ffcd20135aa09bee95ffc38cfb410de6eb0b1c0eaf69af8375bb982d21281acaa2966378f31ed037b8789d3bf55cda6f1fdefac7c7d4eec101525b850f72c5d3515de41ea6c4cc0a1d4c9d0e83fe98d8baa6325482d6270833cf890aba6768abf6a6ac45c0268bac824f692a521bf8500ce437d7bd4ecafbf918c063d8af3d110e24ddc569f535794d4c8c4ab3897b27310c8d39efca731b7a22caf0ec5f2df04ce6b496582e72b5cbb10480d59c191cd3eca3d3a973fe653216cd08c8de4098133f85da499af2f6a6c7513755f40d13810388f5476a67bb722dc832e4af4c76fda32aa9699c8191a644df90df4b2b2e7993e90bee48e3b65cbc84de44a15926c157018e46c849d57933b96f67dcec40eb733515b880aabbfd1324433ef61e0a112430d3829717820a9eb79c8767614facf386e07a7df2ceb2e9f9d33d65d33fecc7697f5bf74769a67ac297756ec495eaf87674ad5fae2fd772301896e85c617328f32f69bb718bf1ade1d8fd637a6bb4c7044929bf43757821b2bde4ce2ec164ef3841458207326249547ccd2c3ca3467e8c5474cb820ee8647c90d2da6af054fa1f25afb1b0792dcf21b2736c67fc8119a6bdbe19689bb639113f5b9165a50b6f2df8dd8c549220488da3bb10e45dcc7a6207635a550e5ee913aa8ec6ea5f92ba59eb003424e6ea472df633220c8e9644d5bf2f4b01027fc5c0422c39932531e1be7e62e021ac4592b57d95720d5ae86f4bd11d95ad82569ab24e0d1b5a144e6fbcc76c4d7800a70069a852979a3a1f02fcbef6bfeff2101576c998109c65350175bd05435d4be236097340cfafadfde768b1176e6c40f34731164afcd0c3620a0cd015494e432e9aff2c59a4cf476d9037a398183fe74789da0300172e1c02173ff867faf6fbed165ca819be3e4ea05fb6ff1633430984bece64ef93ff8d012b9c321941d59f5b8572008f6bb22597864ea1fbd6b9e349b6d9dc1adc185ea32d5e67e44ac5ebea2063635a53e1718a4246ea47a8874daae0ac6653f821f381a940cbfc98d4a25aea33c63309ee1c6c20f349b673509f09b5381956611359754bdb2eeda100ccb4834596de45556611d5b568f2604653c2129a7d5bd50a209a6d4a956c108b5349a8d208431a2edb17d7650332d308ea2e6f324e589f0e98de49ab655a77509637f0a65614c33f16f91e0d6305e8f9ba0766154e1599f67005ff75af7a6143e574acb799f2363dbb37971fc451c0054b5753de3e2278afe06b9e64b93ab09b4985fe26626a6266da1088f7b9755ac8a9e4e6e99a0dedfe2b1509de12f75d9dea83475543d2b328e986779f4992c870ad128b9d09e8ebcc264e8bb5b85d6d62ab902b8ed7409448cc26a777882627bf3e0c9cdd473289154560c2838c6d4fdaea97ff5d7992909c67710dfeb4977ea7bc06d77b06a19efa42178c46a3fa66ed7d6e2b67ab86be5d94721b099947563db706c5c3a12744ea61d63fce93f546f2669c50b6568e3f32d79bfc75adefc21ee93c5c5360cf2e7ac19571c3663857baf3325b666570642da4dcb309dab05b7ad05bf832d28fa8e871f7b89d6f4327953f4dbde3aac022f4dfe050d0924427e39a8027fbc4b54c4a8c2bf35f8c11c9c0ac4bc1fc31d6bdb2cee2675c5a782aa3ab5ffcc7be7207c89cdb8546fcfdd3a5aadfee5a296abd9afc127ebbf580649e9132b55d9f40a3778af49248b593e00c9f4812b8f7adb7323ab7852e4ed09c55aa356b2e8fee6eb14be3659fdf821d23ac556845f70670d8b6a417c29ac0b1585ea865634c0c921e9d930d4018f66d1e024179d80a7154c491c8662d427ab44a3633480782889f1d00c1d182ede30d4127d769291ef408b574a41c29153b7d949d4648b60a4faf32b380dbc87146c36479d47023876abd4ae7e289ba79d988f6c3a86a75bdc784bea2f0b7e2f77cb1282f54a18e1117e50ffa46ac208fcf8a7b5751e83b3e80cb428e4c2ae63ca3cf7b2c4353303edfe328626391f7925f1ab4ef1c7d0f54d0e45590188ecdb6d2c9c0db9b0552dc81b21dc1bbe9e94be5f78dad11f53d6fc3602e9ffb872d3557c44a133ee94e50d57d5eae2214569975982c63f22750db6f5c979ed81b3f68fe6be6daa85bcd98f25548c1d4db1f15394bc708933e0352e4059bedbf832abaf75e9bdca6fea93600357ca4153357d2e0661a308edf82c0f53e7a121c7e1e8bafdc5fdb61c21f4716d06b43a8395aa915a34c4dc4b5b15ba70a4e163728a9966515682b9ca3c2499aeb17a3c17f905fefed806b504f77c52564006273282db5e0c70565ee1016fc7c241830bef951294db9682ef41742b6550246e539143f15d6c2f017a8083ec97eb3a2de8bc2d8d5fec2b9b88996b3ff6c5aa5bed326f72fe9190de74a83e380b9fe89324421697d124d9a1bd3ced8e1856923147958582d737a36da6af4a0fd92b83f0ef0cb1a725d3a5ecb3a39ad039d200989a281a0686336457824ef582698222b7a063475b793a21745d6701940a0baf124461ad71de8dff6a6f7ed676d107e01ae6b7b79aa1f96efce91039dead977bf70365de8ebb3ec06634246d62f78287831984accef27048794468f520db5c71b4fa94818ddc7394fa1b609adb8cc80c0f32efac26a47bd74119100f0cfdcb889aab1019786cc0eefc1e4295ae919e9f6c8c8a16aa76a2bfe39adf5929e9b9925da0241e734378fe140981e3536bf0b77eb0263297a936a5f37605f128d79b16723b953331f99633b8d29ad1d1dbdb74188488ea0d1b7e0ddb652c040aa0477a079e92618e52f3b7ceebd62e0f0c6946469c19ae828b7eed288c3a53320c9d5468c39d608bd42d967a21e6b788de7c6826d1b99130083182562f63443290aeeb24308d3eb4881547db34b284d9af2bd7cac0d2f66bd14758c079c345d2bce3e1efc3599b0d06e69a92db7e05473673726e1848df75e83df50f98a9321468c10c6514dd7b3cb5b0ddf2fef13284463fe88ef2bc95d51288e41e3e0ba5c91bd686d7f7658b5bac8e3991a0f3b36f004585d9edd09d478ede73e7da067ea502894fc1247e62c1a84c9065ffccc3da96f07ddce135ceafdd784dda6f64a7add400d21ae13abf98e90fb96fcda23a8ad79905428a349b2230c19cf8cdca1724382bd19b4b075438098bd46cbc668bcbdcf1da85f733a50669f976a7106ff1936f20d799e7d01b0beeba7057a90016fb2d36bb3d14e11ac077ffb91f139d16ae5e78d84559312c9fd1a91ff70e5d9b4fd279420f7647151fe951b705082230ad20415d2f605665cd9374a50f7fc3c32efe30e4c0fc84f0c0e0bcd35e46665e4f29371c1c96324f65a94c85874e8e3baba68b88acc85c38f466d7353b5a00953c8ff5522cf0903e646301e3539d047286d10be16d9fbef02d450b7b12b1ead250f68c4c893fbc6f48765f34a81c477966278a1c6945d14d6531f0b5e4cef4edaf3708a5787162c39b236272694b0a302465d01004fa9d516414c040c27fccbf38466023b06293bd07f31fcdbb3b5378a8b2c7886e1551b1caeab96f7f3c159075756f5f8aaa05b6f87f581d802903c36d84169f87c01a77c43284adf66daa38fe8633a8f6d258231466aba89bb9e56ef289d2815cde433e381ddf74852302684b974c80d0a1d7d578039120a2db36213d167687e9390ed8f14c709d3149d2f5cfbc42a9b85e6d10c4ee77270534fdff2ccb816dedc6377257a73ba2a4ea82c0cc4a81bfb939f710b109beb279edeeda345867c0130ff6fc0fbbbbd25d16d2e73f6ab2fbb4c72abc0713ef9e4690b72208c468fa64c21f2247867b5edd514e5be23733ef2136b10e03161fe3b4e6018933df1f97a8250747e6140780a064e0c35bfafcb8177a75e8fde25e61e1c6332bbf7ddc3a11910feb3bd66707a7c1a9f87b320298acec88135a177b2f6f3c0ff02765f34c30b078b58470cd227ce4c0a1a77e662180b28fb360c3fbf47ba8982510979b86332b6d8a53d5f3947665c119a71e5b6ddc64228b47c3e23c30ebbede354d71d2780456de3f717a384112ccc9805dfe107fc9440ab7abccd8463150ce1306778fbea9793d88c4a7864a925bac5da593d6b72ee2c743f0b732a10285d293359c8126004f06fa12c0b3ca9c1e9c0a75b587207965c49f7450cb4210da01e5604f83f849b7eb9cb3f73de4bcff064b4fe08580971184db940bf29d6b8cea027dbfe0b78d6fa574da4b5b4db57b4e1939213c9848537baaf8076b1db4e767a467ec6a47c67aa33df96d7113cc9884124bca5579ce0058618b1b1f13ff3b102ff54e6bde7e29fd555acd6ffe6429af27301b6bbda38403d8f6f3266d7724f517778e7b2c1e13e3d83104ce743857c07b70cb5be8d6d8757d63a3bedfc9de79cc7e96c9833e15fd65f1336178568c2453a49cfc8c8dcb4f5d978f0a6144d62a5da6fd75d08a41084d4c59b345e07a5f4446af6e5216cc8d94347d333030015e262036f0a4fa6d2ae523654c55b37ac179efb66d230de5c70a9b33738ef0cd4ba2710d9ec03f426701101182051516a9be380a07e2555a8cda03eafc72d2bc2bc1dcadde4bb819692c1736b0ed203c4934842d791aae9e10bf239cc5393c9faf967109444c8f44532766ca5481f0ac16d25753a121727271c71d97b401dafe91588b362f2798f047deece9f860624b2d5753e46f929f8c2d03753e7245ffed6d8e36c7b380c4fb6a27e087a38b5e4a80f0043f95e5a20701c62692e684a764074e47badcecf8b2145be47b5b7089c249abcf0743a61b517004d120929d7846a39a46e0ddbcf5334fc01aca0bff31e67da8b3c88e38504db1dc3940c55bee158ae6dfcce289cf91106397d8e3990149a86c819e0354d785a4eed76fa6380491b01efbc23e7189ec253884d384865bca5da9a0917d68144a0a02cde867c365d339a025b7c8a16b82e341719a259ede8f09c165a354fd3e8f5d59e349e7c36302cf8ed115537969b598337fe7575157c89a254c0829cdb243d3d788321c756bf2817721db4bead96e1f25be5b8c7100d149d13900b6c6491ddbdbeaef7753ed5c5d9b07449bfd023501075ec08c37c13df696bf73500bd440a6522f5b955862c5eee8dc6e875c5055350b3397a6b31d2b764308ad24aafd4113af76f38f4aaba9e24efa3ad5b1c008a6cad2411ef6c7276dd3a5a2ae8130f91c36c34137731426fdf5272ef4ac5c4415e2d0f7b50da3ae910ba22bb5b962351e841746b"}) (async) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000200)=ANY=[@ANYRES64=r4, @ANYBLOB="9200000000000000290c0000000000000000000000000300000000000000000200000000f8080000000000000000030000000000000000000000ab000000000000000000000001000000030019ad7454f5a6bd9400"/126]) (async) r5 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r5, 0x80045530, &(0x7f0000003840)=""/89) [ 3021.106300][ T6434] usb 1-1: New USB device found, idVendor=19d2, idProduct=1152, bcdDevice=25.62 [ 3021.115407][ T6434] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3021.149556][ T6434] usb 1-1: Product: syz [ 3021.149731][ T9482] total_workingset_refault_anon 897 [ 3021.164029][ T6434] usb 1-1: SerialNumber: syz [ 3021.183216][ T6434] usb 1-1: config 0 descriptor?? [ 3021.188396][T11996] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3021.246655][T11487] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 3021.273391][ T6434] option 1-1:0.0: GSM modem (1-port) converter detected 13:59:55 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000005000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 13:59:55 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000040)=0x7fffffffffffffff) (async) pipe2$watch_queue(&(0x7f0000000000)={0xffffffffffffffff}, 0x80) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x200000a, 0x8811, r1, 0x8000) (async, rerun: 64) write$binfmt_aout(r1, &(0x7f0000000c40)=ANY=[@ANYBLOB="080109040b0000003901000000100000ac02000009000000000000000000000007ca75352662f79338476647af1dbf6a5107d63707da3bfe8519971c0cf61af899b3d26334b9d5464106582dd599a9f8355a8c72d3206ef00cf202c6f9f67ff8599e15664497f0ab4532b90fdcf61043e3501791076b5b56b90e94a54afe8567348e0d76d7e144fdc3576d328d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ac75df4971dc90ebe2"], 0x68d) (async, rerun: 64) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r2, 0xc0a85320, &(0x7f0000000140)={{0x80}, 'port0\x00', 0x0, 0x10100e}) (async) pidfd_getfd(r0, r2, 0x0) (async) r3 = socket$netlink(0x10, 0x3, 0x2) (async, rerun: 32) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000300)={{0x6, 0xaa}, 'port0\x00', 0x10, 0x20008, 0x8001, 0x18b5, 0x4, 0xffffffff, 0xffff, 0x0, 0x2, 0x7}) (rerun: 32) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r3, 0x8982, &(0x7f0000000000)={0x1, 'vlan1\x00', {}, 0xfe01}) (async) ioctl$sock_SIOCOUTQNSD(r3, 0x894b, &(0x7f00000000c0)) (async) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f0000000780)={0x0}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000001800)={0x0, r4, "02b66c11beed7c64705a2327ec95767e4393a580b2c3043a2fcfb08839b8897467f4a525091f0f7d2480b2fbdcfd2a3924b674e8aed38628fb035a463934e151ef7c0289d4fd7b308135026f77657ca78a849330727be579703bef5f51cf16a7198f8eb8e962cc55e47a88645dc99b6e4dfd15399b64e979124ef3a9120208d05d9de3ff1ce9cc9e6353b97b13c914e3530a6ec5b967674f3cbc69538c66356f6777af618dd96e1730048727e164fcc8139776c1e5061154ffe7838008ce90ccbf0827c03a28016d5f3bdabbc98bee9c405509e3e094ba1677d6b347061c346722828810ba1b68424c585770f6527f3856630aedb97f2ee0742e013d5d412046", "e26481ed1e7c639b5947fa03672a9556f2d9c88f35f8f8b62d6b01c1aef3d08f4ee43881217f959db47d280e8448925694f755ec0256840e58a31c14f0d78d223c58da8e0bd812fb893403e655823624c9e0581484207a6d914ad9befaa148971274f98aa0b753b38761ffcd20135aa09bee95ffc38cfb410de6eb0b1c0eaf69af8375bb982d21281acaa2966378f31ed037b8789d3bf55cda6f1fdefac7c7d4eec101525b850f72c5d3515de41ea6c4cc0a1d4c9d0e83fe98d8baa6325482d6270833cf890aba6768abf6a6ac45c0268bac824f692a521bf8500ce437d7bd4ecafbf918c063d8af3d110e24ddc569f535794d4c8c4ab3897b27310c8d39efca731b7a22caf0ec5f2df04ce6b496582e72b5cbb10480d59c191cd3eca3d3a973fe653216cd08c8de4098133f85da499af2f6a6c7513755f40d13810388f5476a67bb722dc832e4af4c76fda32aa9699c8191a644df90df4b2b2e7993e90bee48e3b65cbc84de44a15926c157018e46c849d57933b96f67dcec40eb733515b880aabbfd1324433ef61e0a112430d3829717820a9eb79c8767614facf386e07a7df2ceb2e9f9d33d65d33fecc7697f5bf74769a67ac297756ec495eaf87674ad5fae2fd772301896e85c617328f32f69bb718bf1ade1d8fd637a6bb4c7044929bf43757821b2bde4ce2ec164ef3841458207326249547ccd2c3ca3467e8c5474cb820ee8647c90d2da6af054fa1f25afb1b0792dcf21b2736c67fc8119a6bdbe19689bb639113f5b9165a50b6f2df8dd8c549220488da3bb10e45dcc7a6207635a550e5ee913aa8ec6ea5f92ba59eb003424e6ea472df633220c8e9644d5bf2f4b01027fc5c0422c39932531e1be7e62e021ac4592b57d95720d5ae86f4bd11d95ad82569ab24e0d1b5a144e6fbcc76c4d7800a70069a852979a3a1f02fcbef6bfeff2101576c998109c65350175bd05435d4be236097340cfafadfde768b1176e6c40f34731164afcd0c3620a0cd015494e432e9aff2c59a4cf476d9037a398183fe74789da0300172e1c02173ff867faf6fbed165ca819be3e4ea05fb6ff1633430984bece64ef93ff8d012b9c321941d59f5b8572008f6bb22597864ea1fbd6b9e349b6d9dc1adc185ea32d5e67e44ac5ebea2063635a53e1718a4246ea47a8874daae0ac6653f821f381a940cbfc98d4a25aea33c63309ee1c6c20f349b673509f09b5381956611359754bdb2eeda100ccb4834596de45556611d5b568f2604653c2129a7d5bd50a209a6d4a956c108b5349a8d208431a2edb17d7650332d308ea2e6f324e589f0e98de49ab655a77509637f0a65614c33f16f91e0d6305e8f9ba0766154e1599f67005ff75af7a6143e574acb799f2363dbb37971fc451c0054b5753de3e2278afe06b9e64b93ab09b4985fe26626a6266da1088f7b9755ac8a9e4e6e99a0dedfe2b1509de12f75d9dea83475543d2b328e986779f4992c870ad128b9d09e8ebcc264e8bb5b85d6d62ab902b8ed7409448cc26a777882627bf3e0c9cdd473289154560c2838c6d4fdaea97ff5d7992909c67710dfeb4977ea7bc06d77b06a19efa42178c46a3fa66ed7d6e2b67ab86be5d94721b099947563db706c5c3a12744ea61d63fce93f546f2669c50b6568e3f32d79bfc75adefc21ee93c5c5360cf2e7ac19571c3663857baf3325b666570642da4dcb309dab05b7ad05bf832d28fa8e871f7b89d6f4327953f4dbde3aac022f4dfe050d0924427e39a8027fbc4b54c4a8c2bf35f8c11c9c0ac4bc1fc31d6bdb2cee2675c5a782aa3ab5ffcc7be7207c89cdb8546fcfdd3a5aadfee5a296abd9afc127ebbf580649e9132b55d9f40a3778af49248b593e00c9f4812b8f7adb7323ab7852e4ed09c55aa356b2e8fee6eb14be3659fdf821d23ac556845f70670d8b6a417c29ac0b1585ea865634c0c921e9d930d4018f66d1e024179d80a7154c491c8662d427ab44a3633480782889f1d00c1d182ede30d4127d769291ef408b574a41c29153b7d949d4648b60a4faf32b380dbc87146c36479d47023876abd4ae7e289ba79d988f6c3a86a75bdc784bea2f0b7e2f77cb1282f54a18e1117e50ffa46ac208fcf8a7b5751e83b3e80cb428e4c2ae63ca3cf7b2c4353303edfe328626391f7925f1ab4ef1c7d0f54d0e45590188ecdb6d2c9c0db9b0552dc81b21dc1bbe9e94be5f78dad11f53d6fc3602e9ffb872d3557c44a133ee94e50d57d5eae2214569975982c63f22750db6f5c979ed81b3f68fe6be6daa85bcd98f25548c1d4db1f15394bc708933e0352e4059bedbf832abaf75e9bdca6fea93600357ca4153357d2e0661a308edf82c0f53e7a121c7e1e8bafdc5fdb61c21f4716d06b43a8395aa915a34c4dc4b5b15ba70a4e163728a9966515682b9ca3c2499aeb17a3c17f905fefed806b504f77c52564006273282db5e0c70565ee1016fc7c241830bef951294db9682ef41742b6550246e539143f15d6c2f017a8083ec97eb3a2de8bc2d8d5fec2b9b88996b3ff6c5aa5bed326f72fe9190de74a83e380b9fe89324421697d124d9a1bd3ced8e1856923147958582d737a36da6af4a0fd92b83f0ef0cb1a725d3a5ecb3a39ad039d200989a281a0686336457824ef582698222b7a063475b793a21745d6701940a0baf124461ad71de8dff6a6f7ed676d107e01ae6b7b79aa1f96efce91039dead977bf70365de8ebb3ec06634246d62f78287831984accef27048794468f520db5c71b4fa94818ddc7394fa1b609adb8cc80c0f32efac26a47bd74119100f0cfdcb889aab1019786cc0eefc1e4295ae919e9f6c8c8a16aa76a2bfe39adf5929e9b9925da0241e734378fe140981e3536bf0b77eb0263297a936a5f37605f128d79b16723b953331f99633b8d29ad1d1dbdb74188488ea0d1b7e0ddb652c040aa0477a079e92618e52f3b7ceebd62e0f0c6946469c19ae828b7eed288c3a53320c9d5468c39d608bd42d967a21e6b788de7c6826d1b99130083182562f63443290aeeb24308d3eb4881547db34b284d9af2bd7cac0d2f66bd14758c079c345d2bce3e1efc3599b0d06e69a92db7e05473673726e1848df75e83df50f98a9321468c10c6514dd7b3cb5b0ddf2fef13284463fe88ef2bc95d51288e41e3e0ba5c91bd686d7f7658b5bac8e3991a0f3b36f004585d9edd09d478ede73e7da067ea502894fc1247e62c1a84c9065ffccc3da96f07ddce135ceafdd784dda6f64a7add400d21ae13abf98e90fb96fcda23a8ad79905428a349b2230c19cf8cdca1724382bd19b4b075438098bd46cbc668bcbdcf1da85f733a50669f976a7106ff1936f20d799e7d01b0beeba7057a90016fb2d36bb3d14e11ac077ffb91f139d16ae5e78d84559312c9fd1a91ff70e5d9b4fd279420f7647151fe951b705082230ad20415d2f605665cd9374a50f7fc3c32efe30e4c0fc84f0c0e0bcd35e46665e4f29371c1c96324f65a94c85874e8e3baba68b88acc85c38f466d7353b5a00953c8ff5522cf0903e646301e3539d047286d10be16d9fbef02d450b7b12b1ead250f68c4c893fbc6f48765f34a81c477966278a1c6945d14d6531f0b5e4cef4edaf3708a5787162c39b236272694b0a302465d01004fa9d516414c040c27fccbf38466023b06293bd07f31fcdbb3b5378a8b2c7886e1551b1caeab96f7f3c159075756f5f8aaa05b6f87f581d802903c36d84169f87c01a77c43284adf66daa38fe8633a8f6d258231466aba89bb9e56ef289d2815cde433e381ddf74852302684b974c80d0a1d7d578039120a2db36213d167687e9390ed8f14c709d3149d2f5cfbc42a9b85e6d10c4ee77270534fdff2ccb816dedc6377257a73ba2a4ea82c0cc4a81bfb939f710b109beb279edeeda345867c0130ff6fc0fbbbbd25d16d2e73f6ab2fbb4c72abc0713ef9e4690b72208c468fa64c21f2247867b5edd514e5be23733ef2136b10e03161fe3b4e6018933df1f97a8250747e6140780a064e0c35bfafcb8177a75e8fde25e61e1c6332bbf7ddc3a11910feb3bd66707a7c1a9f87b320298acec88135a177b2f6f3c0ff02765f34c30b078b58470cd227ce4c0a1a77e662180b28fb360c3fbf47ba8982510979b86332b6d8a53d5f3947665c119a71e5b6ddc64228b47c3e23c30ebbede354d71d2780456de3f717a384112ccc9805dfe107fc9440ab7abccd8463150ce1306778fbea9793d88c4a7864a925bac5da593d6b72ee2c743f0b732a10285d293359c8126004f06fa12c0b3ca9c1e9c0a75b587207965c49f7450cb4210da01e5604f83f849b7eb9cb3f73de4bcff064b4fe08580971184db940bf29d6b8cea027dbfe0b78d6fa574da4b5b4db57b4e1939213c9848537baaf8076b1db4e767a467ec6a47c67aa33df96d7113cc9884124bca5579ce0058618b1b1f13ff3b102ff54e6bde7e29fd555acd6ffe6429af27301b6bbda38403d8f6f3266d7724f517778e7b2c1e13e3d83104ce743857c07b70cb5be8d6d8757d63a3bedfc9de79cc7e96c9833e15fd65f1336178568c2453a49cfc8c8dcb4f5d978f0a6144d62a5da6fd75d08a41084d4c59b345e07a5f4446af6e5216cc8d94347d333030015e262036f0a4fa6d2ae523654c55b37ac179efb66d230de5c70a9b33738ef0cd4ba2710d9ec03f426701101182051516a9be380a07e2555a8cda03eafc72d2bc2bc1dcadde4bb819692c1736b0ed203c4934842d791aae9e10bf239cc5393c9faf967109444c8f44532766ca5481f0ac16d25753a121727271c71d97b401dafe91588b362f2798f047deece9f860624b2d5753e46f929f8c2d03753e7245ffed6d8e36c7b380c4fb6a27e087a38b5e4a80f0043f95e5a20701c62692e684a764074e47badcecf8b2145be47b5b7089c249abcf0743a61b517004d120929d7846a39a46e0ddbcf5334fc01aca0bff31e67da8b3c88e38504db1dc3940c55bee158ae6dfcce289cf91106397d8e3990149a86c819e0354d785a4eed76fa6380491b01efbc23e7189ec253884d384865bca5da9a0917d68144a0a02cde867c365d339a025b7c8a16b82e341719a259ede8f09c165a354fd3e8f5d59e349e7c36302cf8ed115537969b598337fe7575157c89a254c0829cdb243d3d788321c756bf2817721db4bead96e1f25be5b8c7100d149d13900b6c6491ddbdbeaef7753ed5c5d9b07449bfd023501075ec08c37c13df696bf73500bd440a6522f5b955862c5eee8dc6e875c5055350b3397a6b31d2b764308ad24aafd4113af76f38f4aaba9e24efa3ad5b1c008a6cad2411ef6c7276dd3a5a2ae8130f91c36c34137731426fdf5272ef4ac5c4415e2d0f7b50da3ae910ba22bb5b962351e841746b"}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000200)=ANY=[@ANYRES64=r4, @ANYBLOB="9200000000000000290c0000000000000000000000000300000000000000000200000000f8080000000000000000030000000000000000000000ab000000000000000000000001000000030019ad7454f5a6bd9400"/126]) (async, rerun: 32) r5 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (rerun: 32) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r5, 0x80045530, &(0x7f0000003840)=""/89) [ 3021.386764][ T9482] total_workingset_refault_file 0 [ 3021.391871][ T9482] total_swap 96759808 [ 3021.395883][ T9482] total_swapcached 57344 [ 3021.460999][T12102] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3021.473519][ T6434] usb 1-1: USB disconnect, device number 58 [ 3021.510224][ T6434] option 1-1:0.0: device disconnected [ 3021.608210][ T9482] total_pgpgin 870304 13:59:55 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000000)=0x3) r1 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000003840)=""/89) 13:59:55 executing program 2: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) 13:59:55 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000006000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3021.688569][ T9482] total_pgpgout 804772 [ 3021.730772][T12207] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3021.770557][ T9482] total_pgfault 981598 [ 3021.819911][ T9482] total_pgmajfault 547 13:59:56 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000000)=0x3) (async) r1 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000003840)=""/89) 13:59:56 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000007000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 13:59:56 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x81) sendmsg$inet6(r0, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x88c5) [ 3021.959181][T12213] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 13:59:56 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000080)={'wg1\x00', 0x0}) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0x12, &(0x7f0000000000), 0x4) sendto$packet(r0, &(0x7f0000000000)="0f", 0x1, 0x0, &(0x7f00000000c0)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @random="3885c67685cf"}, 0x14) 13:59:56 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000008981810008000100", @ANYRES32, @ANYBLOB="18005e80"], 0x34}}, 0x0) 13:59:56 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000008000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3022.147495][ T9482] total_inactive_anon 21803008 13:59:56 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000000000)=0x3) (async) r1 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000003840)=""/89) [ 3022.206588][ T9482] total_active_anon 246562816 13:59:56 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000080)={'wg1\x00', 0x0}) r2 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r2, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x11, 0x0, r1}, 0x14) [ 3022.286292][ T9482] total_inactive_file 0 [ 3022.359849][ T9482] total_active_file 0 13:59:56 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000300)={0x2, &(0x7f0000000240)=[{}, {0xb154}]}) 13:59:56 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000001c0)={0x0, @aes256, 0x0, @desc4}) r1 = fcntl$getown(r0, 0x9) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x2, 0x5, 0x3ff, 0x0, '\x00', 0x2}, 0x4, 0x1, 0x0, r1, 0x7, 0x7fff, 'syz1\x00', &(0x7f0000000040)=['@&\x00', '+[,]:^\v\x00', '}]\x00', 'syz1\x00', 'syz1\x00', '/dev/snd/controlC#\x00', '-<\x00'], 0x2e}) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000200)={0x7ff, 0x5, {r1}, {0xee00}, 0x20bf, 0x6}) r3 = getgid() fchown(r0, r2, r3) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000000)={0x2, 0x1, 0x2, 0x100, 'syz1\x00', 0x5}) 13:59:56 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000009000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3022.564694][ T9482] total_unevictable 0 13:59:56 executing program 2: r0 = msgget(0x2, 0x0) msgctl$MSG_STAT(r0, 0xb, &(0x7f0000000000)=""/97) 13:59:56 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8927, &(0x7f0000000300)={'sit0\x00', 0x0}) 13:59:56 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000001c0)={0x0, @aes256, 0x0, @desc4}) r1 = fcntl$getown(r0, 0x9) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x2, 0x5, 0x3ff, 0x0, '\x00', 0x2}, 0x4, 0x1, 0x0, r1, 0x7, 0x7fff, 'syz1\x00', &(0x7f0000000040)=['@&\x00', '+[,]:^\v\x00', '}]\x00', 'syz1\x00', 'syz1\x00', '/dev/snd/controlC#\x00', '-<\x00'], 0x2e}) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000200)={0x7ff, 0x5, {r1}, {0xee00}, 0x20bf, 0x6}) (async) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000200)={0x7ff, 0x5, {r1}, {0xee00}, 0x20bf, 0x6}) r3 = getgid() fchown(r0, r2, r3) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000000)={0x2, 0x1, 0x2, 0x100, 'syz1\x00', 0x5}) [ 3022.706118][ T9482] anon_cost 0 [ 3022.709468][ T9482] file_cost 0 [ 3022.712776][ T9482] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9005,uid=0 13:59:57 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x239, 0x0, 0x0, 0x0) [ 3022.766715][ T9482] Memory cgroup out of memory: Killed process 9005 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:14848kB, UID:0 pgtables:108kB oom_score_adj:1000 13:59:57 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000180)={0xfffffffffffffffe, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14}, 0x14}}, 0x0) 13:59:57 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000000a000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 13:59:57 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f00000001c0)={0x0, @aes256, 0x0, @desc4}) r1 = fcntl$getown(r0, 0x9) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x2, 0x5, 0x3ff, 0x0, '\x00', 0x2}, 0x4, 0x1, 0x0, r1, 0x7, 0x7fff, 'syz1\x00', &(0x7f0000000040)=['@&\x00', '+[,]:^\v\x00', '}]\x00', 'syz1\x00', 'syz1\x00', '/dev/snd/controlC#\x00', '-<\x00'], 0x2e}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x2, 0x5, 0x3ff, 0x0, '\x00', 0x2}, 0x4, 0x1, 0x0, r1, 0x7, 0x7fff, 'syz1\x00', &(0x7f0000000040)=['@&\x00', '+[,]:^\v\x00', '}]\x00', 'syz1\x00', 'syz1\x00', '/dev/snd/controlC#\x00', '-<\x00'], 0x2e}) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000200)={0x7ff, 0x5, {r1}, {0xee00}, 0x20bf, 0x6}) r3 = getgid() fchown(r0, r2, r3) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000000)={0x2, 0x1, 0x2, 0x100, 'syz1\x00', 0x5}) 13:59:57 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) read$FUSE(r0, &(0x7f0000002780)={0x2020}, 0x2020) 13:59:57 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000000)={0x0, 0x1, 0x6}, 0x10) 13:59:57 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000000b000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 13:59:57 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$hidraw(r0, &(0x7f0000000040)="eb5e0be26c805a96137e3e363f3cf1296c05d9b53e30415f4b239d0bd6", 0x1d) r1 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000080)=""/64) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x22e400, 0x0) fsync(r2) r3 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000100)={{0x4, 0x5, 0x0, 0x3, '\x00', 0x6}, 0x0, 0x4, 0x1f, r3, 0x2, 0x3, 'syz0\x00', &(0x7f00000000c0)=['-}\x00', '/dev/snd/controlC#\x00'], 0x16}) 13:59:57 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$hidraw(r0, &(0x7f0000000040)="eb5e0be26c805a96137e3e363f3cf1296c05d9b53e30415f4b239d0bd6", 0x1d) (async) r1 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000080)=""/64) (async) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x22e400, 0x0) fsync(r2) (async) r3 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000100)={{0x4, 0x5, 0x0, 0x3, '\x00', 0x6}, 0x0, 0x4, 0x1f, r3, 0x2, 0x3, 'syz0\x00', &(0x7f00000000c0)=['-}\x00', '/dev/snd/controlC#\x00'], 0x16}) 13:59:57 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000000c000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3023.459897][T12717] __nla_validate_parse: 4 callbacks suppressed [ 3023.459920][T12717] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 13:59:57 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8971, &(0x7f0000000300)={'sit0\x00', 0x0}) 13:59:57 executing program 3: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$hidraw(r0, &(0x7f0000000040)="eb5e0be26c805a96137e3e363f3cf1296c05d9b53e30415f4b239d0bd6", 0x1d) (async) r1 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000080)=""/64) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x22e400, 0x0) fsync(r2) r3 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000100)={{0x4, 0x5, 0x0, 0x3, '\x00', 0x6}, 0x0, 0x4, 0x1f, r3, 0x2, 0x3, 'syz0\x00', &(0x7f00000000c0)=['-}\x00', '/dev/snd/controlC#\x00'], 0x16}) 13:59:57 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000000d000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3023.719247][T12776] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 13:59:58 executing program 3: r0 = openat$nci(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000340)={0x2, 0x28, '\x00', 0x1, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000240)=""/78) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000000200)=""/35) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f00000000c0)={{0xa, 0x5, 0x8, 0x6, '\x00', 0x1}, 0x0, 0x20, 0x8, 0x0, 0xa, 0x3, 'syz0\x00', &(0x7f0000000000)=['/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '*[^/\x00', '\xdd$:}:\x00', '*\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', ')-+\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00'], 0x83}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) 13:59:58 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000000e000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 13:59:58 executing program 2: mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) open$dir(&(0x7f0000004400)='./file0\x00', 0x600000, 0x0) 13:59:58 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x81) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000200), 0x8) getsockopt$inet6_opts(r0, 0x29, 0x3b, 0x0, &(0x7f0000000140)=0x2) [ 3024.044385][T12878] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 13:59:58 executing program 3: r0 = openat$nci(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000340)={0x2, 0x28, '\x00', 0x1, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000240)=""/78) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000000200)=""/35) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f00000000c0)={{0xa, 0x5, 0x8, 0x6, '\x00', 0x1}, 0x0, 0x20, 0x8, 0x0, 0xa, 0x3, 'syz0\x00', &(0x7f0000000000)=['/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '*[^/\x00', '\xdd$:}:\x00', '*\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', ')-+\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00'], 0x83}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) openat$nci(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) (async) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000340)={0x2, 0x28, '\x00', 0x1, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0]}) (async) syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000240)=""/78) (async) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000000200)=""/35) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f00000000c0)={{0xa, 0x5, 0x8, 0x6, '\x00', 0x1}, 0x0, 0x20, 0x8, 0x0, 0xa, 0x3, 'syz0\x00', &(0x7f0000000000)=['/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '*[^/\x00', '\xdd$:}:\x00', '*\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', ')-+\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00'], 0x83}) (async) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) (async) 13:59:58 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000000f000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 13:59:58 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000002c0)={0x1, &(0x7f0000000280)=[{0x1d}]}) [ 3024.320777][T12888] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 13:59:58 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x3, 0x0, 0x0, 0x101}]}) 13:59:58 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) bind$packet(r1, &(0x7f0000000040)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14) bind$packet(r1, &(0x7f0000000200)={0x11, 0x1b, r2, 0x1, 0x0, 0x6, @remote}, 0x14) 13:59:58 executing program 2: openat$vcsa(0xffffffffffffff9c, &(0x7f00000000c0), 0x45e181, 0x0) 13:59:58 executing program 3: r0 = openat$nci(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000340)={0x2, 0x28, '\x00', 0x1, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000240)=""/78) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000000200)=""/35) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f00000000c0)={{0xa, 0x5, 0x8, 0x6, '\x00', 0x1}, 0x0, 0x20, 0x8, 0x0, 0xa, 0x3, 'syz0\x00', &(0x7f0000000000)=['/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '*[^/\x00', '\xdd$:}:\x00', '*\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', ')-+\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00'], 0x83}) (async) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) 13:59:58 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000010000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3024.804458][T13003] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 13:59:59 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/68) 13:59:59 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001000050400"/20, @ANYRES16=r0], 0x24}}, 0x0) 13:59:59 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000011000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 13:59:59 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/68) [ 3025.215678][T13113] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 13:59:59 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/68) 13:59:59 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8903, &(0x7f0000000300)={'sit0\x00', 0x0}) 13:59:59 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0xc0300) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000080)={0x7, 0x3, 0x3, 0x1, 'syz1\x00', 0x8000000}) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) waitid(0x1, r1, 0x0, 0xa100000c, 0x0) ptrace$setsig(0x4203, r1, 0x73, &(0x7f0000000640)={0x13, 0x8, 0x800}) ptrace$poke(0x4, r1, &(0x7f00000000c0), 0x833) ptrace$peeksig(0x4209, r1, &(0x7f0000000140)={0xfff, 0x0, 0x7}, &(0x7f0000000a40)=[{}, {}, {}, {}, {}, {}, {}]) ptrace$peeksig(0x4209, r1, &(0x7f0000000180)={0x3, 0x1}, &(0x7f0000000a40)) waitid(0x2, r1, 0x0, 0xa100000c, 0x0) syz_open_procfs(r1, &(0x7f0000000300)='net/icmp6\x00') ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc1105511, &(0x7f0000000100)={{0x6, 0x0, 0x8, 0x8, 'syz1\x00', 0xfffffffe}, 0x2, 0x400, 0xff, r1, 0x1, 0x4, 'syz1\x00', &(0x7f00000000c0)=[':)\x00'], 0x3}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)=""/91) [ 3025.363040][T13116] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3026.265280][ T2413] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3026.551651][ T2413] CPU: 0 PID: 2413 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3026.560338][ T2413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3026.570449][ T2413] Call Trace: [ 3026.573758][ T2413] [ 3026.576730][ T2413] dump_stack_lvl+0x1e7/0x2e0 [ 3026.581466][ T2413] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3026.586715][ T2413] ? __pfx__printk+0x10/0x10 [ 3026.591346][ T2413] ? ___ratelimit+0x4c4/0x670 [ 3026.596074][ T2413] ? __pfx____ratelimit+0x10/0x10 [ 3026.601149][ T2413] dump_header+0xda/0x6a0 [ 3026.605530][ T2413] oom_kill_process+0x3a7/0x930 [ 3026.610435][ T2413] ? trace_contention_end+0x3c/0x100 [ 3026.615771][ T2413] out_of_memory+0xf67/0x1320 [ 3026.620496][ T2413] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3026.626163][ T2413] ? __pfx___mutex_lock+0x10/0x10 [ 3026.631236][ T2413] ? __pfx_out_of_memory+0x10/0x10 [ 3026.636404][ T2413] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3026.641999][ T2413] ? __pfx_lock_release+0x10/0x10 [ 3026.647073][ T2413] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3026.653203][ T2413] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3026.658466][ T2413] ? mem_cgroup_iter+0x422/0x560 [ 3026.663455][ T2413] try_charge_memcg+0xda2/0x18a0 [ 3026.668467][ T2413] ? __pfx_try_charge_memcg+0x10/0x10 [ 3026.673883][ T2413] ? percpu_ref_tryget+0x14/0x180 [ 3026.678979][ T2413] charge_memcg+0xa2/0x160 [ 3026.683452][ T2413] __mem_cgroup_charge+0x27/0x80 [ 3026.688447][ T2413] shmem_alloc_and_add_folio+0x393/0xde0 [ 3026.694122][ T2413] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3026.700322][ T2413] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3026.705583][ T2413] ? lockdep_hardirqs_on+0x98/0x140 [ 3026.710848][ T2413] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3026.716517][ T2413] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3026.722797][ T2413] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3026.729446][ T2413] shmem_write_begin+0x170/0x4d0 [ 3026.734432][ T2413] ? __pfx_shmem_write_begin+0x10/0x10 [ 3026.739938][ T2413] ? fault_in_iov_iter_readable+0x236/0x280 [ 3026.745879][ T2413] generic_perform_write+0x321/0x640 [ 3026.751213][ T2413] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3026.757165][ T2413] ? __pfx_generic_perform_write+0x10/0x10 [ 3026.763026][ T2413] ? mnt_put_write_access_file+0xc2/0x100 [ 3026.768787][ T2413] ? file_update_time+0x3ac/0x3e0 [ 3026.773861][ T2413] shmem_file_write_iter+0xfc/0x120 [ 3026.779097][ T2413] __kernel_write_iter+0x434/0x8c0 [ 3026.784260][ T2413] ? __pfx___kernel_write_iter+0x10/0x10 [ 3026.789975][ T2413] ? iov_iter_bvec+0x4e/0x1b0 [ 3026.794707][ T2413] dump_user_range+0x46c/0x910 [ 3026.799544][ T2413] ? __pfx_dump_user_range+0x10/0x10 [ 3026.804870][ T2413] ? writenote+0x250/0x3b0 [ 3026.809344][ T2413] ? kmalloc_trace+0x1d6/0x360 [ 3026.814150][ T2413] ? elf_core_dump+0x2e01/0x4630 [ 3026.819121][ T2413] ? dump_emit+0x99/0xd0 [ 3026.823413][ T2413] elf_core_dump+0x3d5d/0x4630 [ 3026.828242][ T2413] ? __pfx_elf_core_dump+0x10/0x10 [ 3026.833465][ T2413] ? mark_lock+0x9a/0x350 [ 3026.837861][ T2413] ? mas_next_slot+0xeb2/0xf90 [ 3026.842676][ T2413] ? __lock_acquire+0x1345/0x1fd0 [ 3026.847816][ T2413] ? rcu_read_lock_any_held+0xb7/0x160 [ 3026.853344][ T2413] ? 0xffffffffff600000 [ 3026.857535][ T2413] ? getname_kernel+0x140/0x2f0 [ 3026.862448][ T2413] do_coredump+0x1baa/0x2b50 [ 3026.867093][ T2413] ? get_signal+0xbe1/0x1850 [ 3026.871777][ T2413] ? __pfx_do_coredump+0x10/0x10 [ 3026.876809][ T2413] ? _raw_spin_unlock_irq+0x23/0x50 [ 3026.882054][ T2413] ? lockdep_hardirqs_on+0x98/0x140 [ 3026.887306][ T2413] get_signal+0x146a/0x1850 [ 3026.891899][ T2413] ? __pfx_get_signal+0x10/0x10 [ 3026.896795][ T2413] ? __pfx_force_sig_fault+0x10/0x10 [ 3026.902142][ T2413] arch_do_signal_or_restart+0x96/0x860 [ 3026.907741][ T2413] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3026.913961][ T2413] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3026.919816][ T2413] irqentry_exit_to_user_mode+0x78/0x280 [ 3026.925498][ T2413] exc_page_fault+0x587/0x870 [ 3026.930228][ T2413] asm_exc_page_fault+0x26/0x30 [ 3026.935123][ T2413] RIP: 0033:0x7f8ab667ddb1 [ 3026.939569][ T2413] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3026.959398][ T2413] RSP: 002b:0000000000000180 EFLAGS: 00010217 [ 3026.965509][ T2413] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3026.973529][ T2413] RDX: 0000000000000000 RSI: 0000000000000180 RDI: 0000000000000000 [ 3026.981529][ T2413] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3026.989626][ T2413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3026.997632][ T2413] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3027.005658][ T2413] [ 3027.029118][ T2413] memory: usage 307200kB, limit 307200kB, failcnt 58972 [ 3027.036424][ T2413] memory+swap: usage 401692kB, limit 9007199254740988kB, failcnt 0 [ 3027.044488][ T2413] kmem: usage 44860kB, limit 9007199254740988kB, failcnt 0 [ 3027.052494][ T2413] Memory cgroup stats for /syz4: [ 3027.052655][ T2413] cache 267767808 [ 3027.061532][ T2413] rss 790528 [ 3027.064892][ T2413] rss_huge 0 [ 3027.122276][ T2413] shmem 267767808 14:00:01 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x247, 0x0, 0x0, 0x0) 14:00:01 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000012000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@newtclass={0x24, 0x16, 0x405}, 0x24}}, 0x0) 14:00:01 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req={0x88000, 0x400}, 0x10) 14:00:01 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0xc0300) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000080)={0x7, 0x3, 0x3, 0x1, 'syz1\x00', 0x8000000}) (async) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) (async) waitid(0x1, r1, 0x0, 0xa100000c, 0x0) (async) ptrace$setsig(0x4203, r1, 0x73, &(0x7f0000000640)={0x13, 0x8, 0x800}) ptrace$poke(0x4, r1, &(0x7f00000000c0), 0x833) (async) ptrace$peeksig(0x4209, r1, &(0x7f0000000140)={0xfff, 0x0, 0x7}, &(0x7f0000000a40)=[{}, {}, {}, {}, {}, {}, {}]) (async) ptrace$peeksig(0x4209, r1, &(0x7f0000000180)={0x3, 0x1}, &(0x7f0000000a40)) (async, rerun: 64) waitid(0x2, r1, 0x0, 0xa100000c, 0x0) (async, rerun: 64) syz_open_procfs(r1, &(0x7f0000000300)='net/icmp6\x00') (async) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc1105511, &(0x7f0000000100)={{0x6, 0x0, 0x8, 0x8, 'syz1\x00', 0xfffffffe}, 0x2, 0x400, 0xff, r1, 0x1, 0x4, 'syz1\x00', &(0x7f00000000c0)=[':)\x00'], 0x3}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)=""/91) 14:00:01 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000080)={'wg1\x00', 0x0}) recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$vcsa(0xffffffffffffff9c, 0x0, 0x311440, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000100), 0xffffffffffffffff) r2 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r2, &(0x7f0000000280)="b43e30db2cd7e90e58a5b1a02300ccf3c4312ae4777e54f7116012236c948052fb92ad1b8ed30c6f", 0x28, 0x0, &(0x7f0000000300)={0x11, 0xf5, r1}, 0x14) [ 3027.240341][T13231] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:01 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'pim6reg0\x00', 0x201}) ioctl$TUNSETNOCSUM(r0, 0x400454c8, 0x0) 14:00:01 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000013000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3027.424399][ T2413] mapped_file 109535232 14:00:01 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0xc0300) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0405519, &(0x7f0000000080)={0x7, 0x3, 0x3, 0x1, 'syz1\x00', 0x8000000}) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) (async, rerun: 32) waitid(0x1, r1, 0x0, 0xa100000c, 0x0) (rerun: 32) ptrace$setsig(0x4203, r1, 0x73, &(0x7f0000000640)={0x13, 0x8, 0x800}) ptrace$poke(0x4, r1, &(0x7f00000000c0), 0x833) (async) ptrace$peeksig(0x4209, r1, &(0x7f0000000140)={0xfff, 0x0, 0x7}, &(0x7f0000000a40)=[{}, {}, {}, {}, {}, {}, {}]) ptrace$peeksig(0x4209, r1, &(0x7f0000000180)={0x3, 0x1}, &(0x7f0000000a40)) (async) waitid(0x2, r1, 0x0, 0xa100000c, 0x0) (async) syz_open_procfs(r1, &(0x7f0000000300)='net/icmp6\x00') ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r0, 0xc1105511, &(0x7f0000000100)={{0x6, 0x0, 0x8, 0x8, 'syz1\x00', 0xfffffffe}, 0x2, 0x400, 0xff, r1, 0x1, 0x4, 'syz1\x00', &(0x7f00000000c0)=[':)\x00'], 0x3}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)=""/91) [ 3027.530520][ T2413] dirty 0 14:00:01 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@newtclass={0x24, 0x1d, 0x405}, 0x24}}, 0x0) 14:00:01 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x8, 0x420000) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000001580)={{0x8, 0x2, 0x9, 0x2, '\x00', 0x8}, 0x0, [0xd957, 0x8, 0x8000, 0xffffffffffffffff, 0x3, 0x7589, 0x7, 0x2, 0x100000001, 0x5, 0x20, 0x6, 0xdd40, 0x80000000, 0x6, 0xf04, 0x7, 0x1, 0x4, 0x1, 0xe5a2, 0x9, 0x0, 0xa, 0xe9, 0x6, 0x9, 0x6f59, 0x3, 0x7, 0x400, 0xffffffff80000000, 0x5, 0x4, 0x0, 0x8, 0x3f, 0x2, 0x9, 0xc1, 0x2, 0x5, 0xb3e, 0x6, 0xe6, 0x3, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0xcd23, 0x8, 0xc, 0x9, 0x101, 0x8, 0x8, 0x1, 0x3, 0x0, 0x9, 0x40, 0x3, 0x1, 0x783, 0x3a, 0x5, 0xfff, 0x1400, 0x8, 0xfffffffffffffff9, 0x8, 0x0, 0x5, 0x0, 0x6, 0x3, 0x8, 0x80, 0x5, 0x5, 0x3, 0x7, 0x0, 0x6, 0x3c, 0x80, 0x4000000000, 0x7fff, 0x59, 0xa0000, 0x6, 0x8000000000000000, 0x10000, 0x9, 0xf5, 0x9, 0x100, 0x5, 0x2, 0xff, 0x7, 0x0, 0x81, 0x7, 0x401, 0x8, 0x68, 0x3, 0x943, 0x4, 0x858, 0x9, 0x1, 0x4, 0xfffffffffffff041, 0xffffffffffffff01, 0x10001, 0x0, 0x7fffffff, 0x94, 0x3, 0x9, 0x3, 0x7f, 0x4, 0x9, 0x8]}) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000000580)=""/4096) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) fcntl$getownex(r0, 0x10, &(0x7f0000000180)={0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000200)={{0x5, 0x5, 0x6, 0x8, 'syz1\x00', 0x10001}, 0x0, 0x2, 0x9b4, r1, 0x4, 0x3, 'syz0\x00', &(0x7f00000001c0)=['\x00', '&&.\x00', '!!/-@.%(\x00', '\x00'], 0xf}) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000340)=0x3) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, &(0x7f0000000040)={{0x0, 0x2, 0x5, 0x5, 'syz0\x00', 0x6}, 0x6, 0x30, 0x0, 0x0, 0x1, 0x1, 'syz1\x00', &(0x7f0000000000)=['!!/-@.%(\x00'], 0x9}) [ 3027.634444][ T2413] writeback 0 [ 3027.681320][ T2413] workingset_refault_anon 913 14:00:01 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x8, 0x420000) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000001580)={{0x8, 0x2, 0x9, 0x2, '\x00', 0x8}, 0x0, [0xd957, 0x8, 0x8000, 0xffffffffffffffff, 0x3, 0x7589, 0x7, 0x2, 0x100000001, 0x5, 0x20, 0x6, 0xdd40, 0x80000000, 0x6, 0xf04, 0x7, 0x1, 0x4, 0x1, 0xe5a2, 0x9, 0x0, 0xa, 0xe9, 0x6, 0x9, 0x6f59, 0x3, 0x7, 0x400, 0xffffffff80000000, 0x5, 0x4, 0x0, 0x8, 0x3f, 0x2, 0x9, 0xc1, 0x2, 0x5, 0xb3e, 0x6, 0xe6, 0x3, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0xcd23, 0x8, 0xc, 0x9, 0x101, 0x8, 0x8, 0x1, 0x3, 0x0, 0x9, 0x40, 0x3, 0x1, 0x783, 0x3a, 0x5, 0xfff, 0x1400, 0x8, 0xfffffffffffffff9, 0x8, 0x0, 0x5, 0x0, 0x6, 0x3, 0x8, 0x80, 0x5, 0x5, 0x3, 0x7, 0x0, 0x6, 0x3c, 0x80, 0x4000000000, 0x7fff, 0x59, 0xa0000, 0x6, 0x8000000000000000, 0x10000, 0x9, 0xf5, 0x9, 0x100, 0x5, 0x2, 0xff, 0x7, 0x0, 0x81, 0x7, 0x401, 0x8, 0x68, 0x3, 0x943, 0x4, 0x858, 0x9, 0x1, 0x4, 0xfffffffffffff041, 0xffffffffffffff01, 0x10001, 0x0, 0x7fffffff, 0x94, 0x3, 0x9, 0x3, 0x7f, 0x4, 0x9, 0x8]}) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000000580)=""/4096) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) fcntl$getownex(r0, 0x10, &(0x7f0000000180)={0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000200)={{0x5, 0x5, 0x6, 0x8, 'syz1\x00', 0x10001}, 0x0, 0x2, 0x9b4, r1, 0x4, 0x3, 'syz0\x00', &(0x7f00000001c0)=['\x00', '&&.\x00', '!!/-@.%(\x00', '\x00'], 0xf}) (async) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000340)=0x3) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, &(0x7f0000000040)={{0x0, 0x2, 0x5, 0x5, 'syz0\x00', 0x6}, 0x6, 0x30, 0x0, 0x0, 0x1, 0x1, 'syz1\x00', &(0x7f0000000000)=['!!/-@.%(\x00'], 0x9}) [ 3027.776599][T13342] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:02 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000040)={&(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c, 0x0}, 0x0) [ 3027.888287][ T2413] workingset_refault_file 0 14:00:02 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8920, &(0x7f0000000300)={'sit0\x00', 0x0}) 14:00:02 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000018000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:02 executing program 2: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$FUSE(r0, &(0x7f0000000040)={0x2020}, 0x2020) 14:00:02 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x8, 0x420000) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x8, 0x420000) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000001580)={{0x8, 0x2, 0x9, 0x2, '\x00', 0x8}, 0x0, [0xd957, 0x8, 0x8000, 0xffffffffffffffff, 0x3, 0x7589, 0x7, 0x2, 0x100000001, 0x5, 0x20, 0x6, 0xdd40, 0x80000000, 0x6, 0xf04, 0x7, 0x1, 0x4, 0x1, 0xe5a2, 0x9, 0x0, 0xa, 0xe9, 0x6, 0x9, 0x6f59, 0x3, 0x7, 0x400, 0xffffffff80000000, 0x5, 0x4, 0x0, 0x8, 0x3f, 0x2, 0x9, 0xc1, 0x2, 0x5, 0xb3e, 0x6, 0xe6, 0x3, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0xcd23, 0x8, 0xc, 0x9, 0x101, 0x8, 0x8, 0x1, 0x3, 0x0, 0x9, 0x40, 0x3, 0x1, 0x783, 0x3a, 0x5, 0xfff, 0x1400, 0x8, 0xfffffffffffffff9, 0x8, 0x0, 0x5, 0x0, 0x6, 0x3, 0x8, 0x80, 0x5, 0x5, 0x3, 0x7, 0x0, 0x6, 0x3c, 0x80, 0x4000000000, 0x7fff, 0x59, 0xa0000, 0x6, 0x8000000000000000, 0x10000, 0x9, 0xf5, 0x9, 0x100, 0x5, 0x2, 0xff, 0x7, 0x0, 0x81, 0x7, 0x401, 0x8, 0x68, 0x3, 0x943, 0x4, 0x858, 0x9, 0x1, 0x4, 0xfffffffffffff041, 0xffffffffffffff01, 0x10001, 0x0, 0x7fffffff, 0x94, 0x3, 0x9, 0x3, 0x7f, 0x4, 0x9, 0x8]}) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000000580)=""/4096) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) fcntl$getownex(r0, 0x10, &(0x7f0000000180)={0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000200)={{0x5, 0x5, 0x6, 0x8, 'syz1\x00', 0x10001}, 0x0, 0x2, 0x9b4, r1, 0x4, 0x3, 'syz0\x00', &(0x7f00000001c0)=['\x00', '&&.\x00', '!!/-@.%(\x00', '\x00'], 0xf}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000200)={{0x5, 0x5, 0x6, 0x8, 'syz1\x00', 0x10001}, 0x0, 0x2, 0x9b4, r1, 0x4, 0x3, 'syz0\x00', &(0x7f00000001c0)=['\x00', '&&.\x00', '!!/-@.%(\x00', '\x00'], 0xf}) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000340)=0x3) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, &(0x7f0000000040)={{0x0, 0x2, 0x5, 0x5, 'syz0\x00', 0x6}, 0x6, 0x30, 0x0, 0x0, 0x1, 0x1, 'syz1\x00', &(0x7f0000000000)=['!!/-@.%(\x00'], 0x9}) 14:00:02 executing program 0: bpf$OBJ_GET_PROG(0x11, 0x0, 0x0) [ 3028.036345][T13557] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:02 executing program 2: openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x2c}, 0x18) [ 3028.128321][ T2413] swap 96759808 14:00:02 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000001a000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3028.191632][ T2413] swapcached 57344 14:00:02 executing program 0: bpf$OBJ_GET_PROG(0xf, &(0x7f0000000140)=@generic={&(0x7f0000000100)='./file0\x00'}, 0x18) 14:00:02 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'pim6reg0\x00', 0x201}) write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x4305}, @void, @ipv6=@dccp_packet={0x0, 0x6, "7fde48", 0x10, 0x21, 0x0, @empty, @dev, {[], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d30761", 0x0, "3add4e"}}}}}, 0x3c) 14:00:02 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) r1 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000040)={{0x0, 0x5, 0x38, 0xffffff80, '\x00', 0x4}, 0x1, 0x10000000, 0x4, r1, 0x2, 0x100, 'syz1\x00', &(0x7f0000000000)=['-#,/!}^\x00', '+\x00'], 0xa}) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000180)={0x2, 0x4, 0x3, 0x3, 'syz0\x00', 0x800}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) fsetxattr$trusted_overlay_opaque(r0, &(0x7f00000001c0), &(0x7f0000000200), 0x2, 0x2) [ 3028.317394][ T2413] pgpgin 887468 14:00:02 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x80108906, 0x0) 14:00:02 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000021000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:02 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) r1 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000040)={{0x0, 0x5, 0x38, 0xffffff80, '\x00', 0x4}, 0x1, 0x10000000, 0x4, r1, 0x2, 0x100, 'syz1\x00', &(0x7f0000000000)=['-#,/!}^\x00', '+\x00'], 0xa}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000180)={0x2, 0x4, 0x3, 0x3, 'syz0\x00', 0x800}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async, rerun: 32) fsetxattr$trusted_overlay_opaque(r0, &(0x7f00000001c0), &(0x7f0000000200), 0x2, 0x2) (rerun: 32) [ 3028.512118][ T2413] pgpgout 821885 14:00:02 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'pim6reg0\x00', 0x201}) ioctl$SIOCSIFHWADDR(r0, 0x8924, &(0x7f0000000040)={'geneve0\x00', @broadcast}) [ 3028.613368][ T2413] pgfault 988234 14:00:02 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) r1 = getpid() ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000040)={{0x0, 0x5, 0x38, 0xffffff80, '\x00', 0x4}, 0x1, 0x10000000, 0x4, r1, 0x2, 0x100, 'syz1\x00', &(0x7f0000000000)=['-#,/!}^\x00', '+\x00'], 0xa}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000180)={0x2, 0x4, 0x3, 0x3, 'syz0\x00', 0x800}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) fsetxattr$trusted_overlay_opaque(r0, &(0x7f00000001c0), &(0x7f0000000200), 0x2, 0x2) [ 3028.761618][ T2413] pgmajfault 579 [ 3028.813902][T13680] __nla_validate_parse: 1 callbacks suppressed [ 3028.813924][T13680] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:03 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xfffe, 0x0, @mcast2, 0x2}, 0x1c) 14:00:03 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x255, 0x0, 0x0, 0x0) [ 3028.859855][ T2413] inactive_anon 115376128 14:00:03 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000ffdbdf25010000000500050000000000080003001f00000014"], 0x70}}, 0x0) 14:00:03 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(0xffffffffffffffff, 0x40405514, &(0x7f0000000200)={0x1, 0x2, 0xcc62, 0x8, '\x00', 0x8}) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x1ff, 0x440000) r1 = open(0x0, 0x0, 0x80) vmsplice(r0, &(0x7f0000000580)=[{&(0x7f0000000180)="d612c6adab882b00af997bd19de2e364ffd3b2dbb7bb8be6bf80961ffdf717eab23fc9c17ac5fc87168d609f772b3f8f44d7217aff7fbea013e04ad130dc61f48d69142a581dfbe56b720b967230c7ce254e781dcae90ce58269bfde177b4074dc6287466d", 0x65}, {&(0x7f00000002c0)="1f94a105e1d761c4b751c4b92bea31072704f0b25edd563931a10ee785ad98830b06f0ece784c457b6558a2ef655975c0569bed03d5951d6529f69a6de1ebb61c57ae8207e5a287d3b7b8765534cd7e814ebfed34f22178c5490d70624d5965b5dc5565e4301465f8f556e7574ce9c9b03300aa56fe522175a745b9125c21c7fd2cca2", 0x83}, {&(0x7f0000000380)="e213d428c7a707cb662f3efc83a336e3fb516958d929ac0d8c33d15928e3dcf90094d7b2cb5f2de9aea64cdc83ad915d9eb82ec6632c17257549f79c0c1bfca4204acb6de3e68b3094f45e9a3a932e0d7acc79a6e96083ab1002ee8316284680f65b047b683cb3b03f08e98bb8e2019bbc6b2ef988d6", 0x76}, {&(0x7f0000000400)="d63ca8e4e25cee8b75e8b401067342821fc9e7b9c56749f9f53a70d759988713f9a4ddae6348ddd1f7509cc7c40f8d80e5e41b5ef7d808fdfac847e892a97ff063eb5c880ddc0beb9959a22f7c8e86857df86404e725576721f629d92e2b8d5607f855a636dd547eae8b7a5c8708abbb", 0x70}, {&(0x7f0000000480)="eaf55f88613a103fbc723fc2a836d48bfb044cb3cc9def903bede882ebdc363cb70589315da3bad7119ee4cbc39634f2edc68f45092c9a941d63a9b4010c1ea7ac5265406fd6a81aa8dbc33ecfb7ccddba771e640f45a72e6dbcc169510e5d9ab43db6718a1fb1801e8210811d619a634d64c040a4895ff7ab8c2113a493270cc2a4d7ade5cc6ecb2913c4dfb1eea2645c55c5e400bc3ee1d5409264593057d3c7e2da73d83eb5b2757bcb6fc999ac2a8730f0a6d93dcc", 0xb7}], 0x5, 0x9) openat$cgroup_procs(r1, 0x0, 0x2, 0x0) sendto$unix(r1, 0x0, 0x0, 0x40080, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r1, 0xc0984124, &(0x7f00000000c0)) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)=""/101) 14:00:03 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000023000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3029.065664][ T2413] active_anon 152182784 14:00:03 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendto$packet(r0, &(0x7f0000000000)="f3432af5f8386115b6d69a07a45901b1f03b5ae790960e0c63388440d38ca136fab57be99de609ba33b2e5d57d300d2d0b7d322a6161", 0x36, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) 14:00:03 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(0xffffffffffffffff, 0x40405514, &(0x7f0000000200)={0x1, 0x2, 0xcc62, 0x8, '\x00', 0x8}) (async) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x1ff, 0x440000) (async) r1 = open(0x0, 0x0, 0x80) vmsplice(r0, &(0x7f0000000580)=[{&(0x7f0000000180)="d612c6adab882b00af997bd19de2e364ffd3b2dbb7bb8be6bf80961ffdf717eab23fc9c17ac5fc87168d609f772b3f8f44d7217aff7fbea013e04ad130dc61f48d69142a581dfbe56b720b967230c7ce254e781dcae90ce58269bfde177b4074dc6287466d", 0x65}, {&(0x7f00000002c0)="1f94a105e1d761c4b751c4b92bea31072704f0b25edd563931a10ee785ad98830b06f0ece784c457b6558a2ef655975c0569bed03d5951d6529f69a6de1ebb61c57ae8207e5a287d3b7b8765534cd7e814ebfed34f22178c5490d70624d5965b5dc5565e4301465f8f556e7574ce9c9b03300aa56fe522175a745b9125c21c7fd2cca2", 0x83}, {&(0x7f0000000380)="e213d428c7a707cb662f3efc83a336e3fb516958d929ac0d8c33d15928e3dcf90094d7b2cb5f2de9aea64cdc83ad915d9eb82ec6632c17257549f79c0c1bfca4204acb6de3e68b3094f45e9a3a932e0d7acc79a6e96083ab1002ee8316284680f65b047b683cb3b03f08e98bb8e2019bbc6b2ef988d6", 0x76}, {&(0x7f0000000400)="d63ca8e4e25cee8b75e8b401067342821fc9e7b9c56749f9f53a70d759988713f9a4ddae6348ddd1f7509cc7c40f8d80e5e41b5ef7d808fdfac847e892a97ff063eb5c880ddc0beb9959a22f7c8e86857df86404e725576721f629d92e2b8d5607f855a636dd547eae8b7a5c8708abbb", 0x70}, {&(0x7f0000000480)="eaf55f88613a103fbc723fc2a836d48bfb044cb3cc9def903bede882ebdc363cb70589315da3bad7119ee4cbc39634f2edc68f45092c9a941d63a9b4010c1ea7ac5265406fd6a81aa8dbc33ecfb7ccddba771e640f45a72e6dbcc169510e5d9ab43db6718a1fb1801e8210811d619a634d64c040a4895ff7ab8c2113a493270cc2a4d7ade5cc6ecb2913c4dfb1eea2645c55c5e400bc3ee1d5409264593057d3c7e2da73d83eb5b2757bcb6fc999ac2a8730f0a6d93dcc", 0xb7}], 0x5, 0x9) (async) openat$cgroup_procs(r1, 0x0, 0x2, 0x0) (async) sendto$unix(r1, 0x0, 0x0, 0x40080, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e) (async) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r1, 0xc0984124, &(0x7f00000000c0)) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)=""/101) 14:00:03 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'pim6reg0\x00', 0x201}) ioctl$TUNDETACHFILTER(r0, 0x401054d6, 0x0) [ 3029.269552][ T2413] inactive_file 0 [ 3029.389787][ T2413] active_file 0 [ 3029.393856][ T2413] unevictable 0 [ 3029.429814][ T2413] hierarchical_memory_limit 314572800 14:00:03 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(0xffffffffffffffff, 0x40405514, &(0x7f0000000200)={0x1, 0x2, 0xcc62, 0x8, '\x00', 0x8}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(0xffffffffffffffff, 0x40405514, &(0x7f0000000200)={0x1, 0x2, 0xcc62, 0x8, '\x00', 0x8}) syz_open_dev$sndpcmp(&(0x7f0000000080), 0x1ff, 0x440000) r1 = open(0x0, 0x0, 0x80) vmsplice(r0, &(0x7f0000000580)=[{&(0x7f0000000180)="d612c6adab882b00af997bd19de2e364ffd3b2dbb7bb8be6bf80961ffdf717eab23fc9c17ac5fc87168d609f772b3f8f44d7217aff7fbea013e04ad130dc61f48d69142a581dfbe56b720b967230c7ce254e781dcae90ce58269bfde177b4074dc6287466d", 0x65}, {&(0x7f00000002c0)="1f94a105e1d761c4b751c4b92bea31072704f0b25edd563931a10ee785ad98830b06f0ece784c457b6558a2ef655975c0569bed03d5951d6529f69a6de1ebb61c57ae8207e5a287d3b7b8765534cd7e814ebfed34f22178c5490d70624d5965b5dc5565e4301465f8f556e7574ce9c9b03300aa56fe522175a745b9125c21c7fd2cca2", 0x83}, {&(0x7f0000000380)="e213d428c7a707cb662f3efc83a336e3fb516958d929ac0d8c33d15928e3dcf90094d7b2cb5f2de9aea64cdc83ad915d9eb82ec6632c17257549f79c0c1bfca4204acb6de3e68b3094f45e9a3a932e0d7acc79a6e96083ab1002ee8316284680f65b047b683cb3b03f08e98bb8e2019bbc6b2ef988d6", 0x76}, {&(0x7f0000000400)="d63ca8e4e25cee8b75e8b401067342821fc9e7b9c56749f9f53a70d759988713f9a4ddae6348ddd1f7509cc7c40f8d80e5e41b5ef7d808fdfac847e892a97ff063eb5c880ddc0beb9959a22f7c8e86857df86404e725576721f629d92e2b8d5607f855a636dd547eae8b7a5c8708abbb", 0x70}, {&(0x7f0000000480)="eaf55f88613a103fbc723fc2a836d48bfb044cb3cc9def903bede882ebdc363cb70589315da3bad7119ee4cbc39634f2edc68f45092c9a941d63a9b4010c1ea7ac5265406fd6a81aa8dbc33ecfb7ccddba771e640f45a72e6dbcc169510e5d9ab43db6718a1fb1801e8210811d619a634d64c040a4895ff7ab8c2113a493270cc2a4d7ade5cc6ecb2913c4dfb1eea2645c55c5e400bc3ee1d5409264593057d3c7e2da73d83eb5b2757bcb6fc999ac2a8730f0a6d93dcc", 0xb7}], 0x5, 0x9) openat$cgroup_procs(r1, 0x0, 0x2, 0x0) (async) openat$cgroup_procs(r1, 0x0, 0x2, 0x0) sendto$unix(r1, 0x0, 0x0, 0x40080, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r1, 0xc0984124, &(0x7f00000000c0)) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)=""/101) [ 3029.435735][ T2413] hierarchical_memsw_limit 9223372036854771712 [ 3029.449581][T13897] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3029.512175][ T2413] total_cache 267767808 14:00:03 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000025000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3029.598638][ T2413] total_rss 790528 14:00:03 executing program 0: msgrcv(0xffffffffffffffff, 0x0, 0x41, 0x0, 0x0) [ 3029.767079][ T2413] total_rss_huge 0 14:00:04 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="030000000d80ffff", 0x8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet(0x2, 0x80001, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x4e23, @private=0xa010100}, @in6={0xa, 0x4e21, 0x7ff, @private1={0xfc, 0x1, '\x00', 0x1}}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e21, @multicast1}, @in={0x2, 0x4e23, @local}, @in={0x2, 0x4e21, @remote}, @in={0x2, 0x4e20, @local}], 0x7c) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={r3}, 0x8) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000000)={r3, 0x9, 0x0, 0x6, 0x733, 0x3, 0xd8, 0x33, {0x0, @in6={{0xa, 0x4e24, 0x6, @empty, 0x5}}, 0x80000001, 0x2df, 0xd46, 0x3f, 0x8}}, &(0x7f00000000c0)=0xb0) r4 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r4, 0x80045530, &(0x7f0000003840)=""/89) 14:00:04 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x81) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) 14:00:04 executing program 3: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="030000000d80ffff", 0x8) (async) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="030000000d80ffff", 0x8) socket$inet6_sctp(0xa, 0x5, 0x84) (async) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$inet(0x2, 0x80001, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x4e23, @private=0xa010100}, @in6={0xa, 0x4e21, 0x7ff, @private1={0xfc, 0x1, '\x00', 0x1}}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e21, @multicast1}, @in={0x2, 0x4e23, @local}, @in={0x2, 0x4e21, @remote}, @in={0x2, 0x4e20, @local}], 0x7c) (async) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x4e23, @private=0xa010100}, @in6={0xa, 0x4e21, 0x7ff, @private1={0xfc, 0x1, '\x00', 0x1}}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e21, @multicast1}, @in={0x2, 0x4e23, @local}, @in={0x2, 0x4e21, @remote}, @in={0x2, 0x4e20, @local}], 0x7c) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={r3}, 0x8) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000000)={r3, 0x9, 0x0, 0x6, 0x733, 0x3, 0xd8, 0x33, {0x0, @in6={{0xa, 0x4e24, 0x6, @empty, 0x5}}, 0x80000001, 0x2df, 0xd46, 0x3f, 0x8}}, &(0x7f00000000c0)=0xb0) r4 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r4, 0x80045530, &(0x7f0000003840)=""/89) [ 3029.877857][ T2413] total_shmem 267767808 14:00:04 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'pim6reg0\x00', 0x201}) write$tun(r0, &(0x7f0000000280)={@val, @void, @ipv6=@dccp_packet={0x0, 0x6, "7fde48", 0x10, 0x21, 0x0, @empty, @dev, {[], {{0x0, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d30761", 0x0, "3add4e"}}}}}, 0x3c) [ 3029.953602][T14043] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3030.013297][ T2413] total_mapped_file 109535232 [ 3030.085819][ T2413] total_dirty 0 14:00:04 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000002f000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:04 executing program 3: socket$inet6_sctp(0xa, 0x5, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="030000000d80ffff", 0x8) (async) setsockopt(r0, 0x84, 0x7f, &(0x7f0000000040)="030000000d80ffff", 0x8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet(0x2, 0x80001, 0x84) (async) r2 = socket$inet(0x2, 0x80001, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x4e23, @private=0xa010100}, @in6={0xa, 0x4e21, 0x7ff, @private1={0xfc, 0x1, '\x00', 0x1}}, @in={0x2, 0x4e24, @broadcast}, @in={0x2, 0x4e21, @multicast1}, @in={0x2, 0x4e23, @local}, @in={0x2, 0x4e21, @remote}, @in={0x2, 0x4e20, @local}], 0x7c) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000000)={r3}, 0x8) getsockopt$inet_sctp6_SCTP_STATUS(r0, 0x84, 0xe, &(0x7f0000000000)={r3, 0x9, 0x0, 0x6, 0x733, 0x3, 0xd8, 0x33, {0x0, @in6={{0xa, 0x4e24, 0x6, @empty, 0x5}}, 0x80000001, 0x2df, 0xd46, 0x3f, 0x8}}, &(0x7f00000000c0)=0xb0) r4 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r4, 0x80045530, &(0x7f0000003840)=""/89) [ 3030.195326][ T2413] total_writeback 0 14:00:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8922, &(0x7f0000000300)={'sit0\x00', 0x0}) [ 3030.243736][ T2413] total_workingset_refault_anon 913 14:00:04 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000040)=""/76) syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x20100) [ 3030.330332][ T2413] total_workingset_refault_file 0 [ 3030.383925][ T2413] total_swap 96759808 [ 3030.481802][ T2413] total_swapcached 57344 14:00:04 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000040)=""/76) syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x20100) [ 3030.502245][T14222] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:04 executing program 0: r0 = syz_open_dev$usbfs(&(0x7f0000000080), 0x8a6, 0x0) ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522) [ 3030.599473][ T2413] total_pgpgin 887468 [ 3030.600676][T14312] sit0: mtu less than device minimum 14:00:04 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000003a000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8942, &(0x7f0000000240)={'sit0\x00', 0x0}) 14:00:04 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000040)=""/76) syz_open_dev$loop(&(0x7f0000000000), 0x5, 0x20100) 14:00:04 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8914, 0x0) 14:00:05 executing program 2: bpf$OBJ_GET_PROG(0xe, &(0x7f0000000140)=@generic={&(0x7f0000000100)='./file0\x00'}, 0x18) [ 3030.798874][T14435] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:05 executing program 2: openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0x208000}, 0x18) 14:00:05 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000041000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:05 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8912, &(0x7f0000000300)={'sit0\x00', 0x0}) 14:00:05 executing program 2: socketpair(0x1a, 0x0, 0x0, &(0x7f0000000180)) [ 3031.030930][ T2413] total_pgpgout 821885 14:00:05 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xfffffffffffffff8, 0x20000) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000100)={{0x4, 0x5, 0x24bc, 0xfffffffe}, 0x0, 0x2, 0xfffffff7, r2, 0x6, 0x3, 'syz0\x00', &(0x7f0000000080)=['/dev/snd/controlC#\x00', '!)]!\\+', '/dev/snd/controlC#\x00', '\x00', '\x8f$:\x00', '/dev/snd/controlC#\x00'], 0x44}) [ 3031.113758][T14541] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:05 executing program 2: bpf$OBJ_GET_PROG(0x7, &(0x7f0000000140)=@generic={0x0, 0x2}, 0x18) [ 3031.245184][ T2413] total_pgfault 988234 14:00:05 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xfffffffffffffff8, 0x20000) (async) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000100)={{0x4, 0x5, 0x24bc, 0xfffffffe}, 0x0, 0x2, 0xfffffff7, r2, 0x6, 0x3, 'syz0\x00', &(0x7f0000000080)=['/dev/snd/controlC#\x00', '!)]!\\+', '/dev/snd/controlC#\x00', '\x00', '\x8f$:\x00', '/dev/snd/controlC#\x00'], 0x44}) [ 3031.484843][ T2413] total_pgmajfault 579 [ 3031.558890][ T2413] total_inactive_anon 115376128 [ 3031.687252][ T2413] total_active_anon 152182784 [ 3031.692082][ T2413] total_inactive_file 0 [ 3031.756085][ T2413] total_active_file 0 [ 3031.789832][ T2413] total_unevictable 0 [ 3031.847315][ T2413] anon_cost 0 [ 3031.886243][ T2413] file_cost 0 [ 3031.906860][ T2413] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=6605,uid=0 [ 3031.999201][ T2413] Memory cgroup out of memory: Killed process 6605 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:14080kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3032.388823][ T1266] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3032.531156][ T1266] CPU: 0 PID: 1266 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3032.539818][ T1266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3032.549911][ T1266] Call Trace: [ 3032.553217][ T1266] [ 3032.556175][ T1266] dump_stack_lvl+0x1e7/0x2e0 [ 3032.560905][ T1266] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3032.566157][ T1266] ? __pfx__printk+0x10/0x10 [ 3032.570776][ T1266] ? ___ratelimit+0x4c4/0x670 [ 3032.575477][ T1266] ? __pfx____ratelimit+0x10/0x10 [ 3032.580615][ T1266] dump_header+0xda/0x6a0 [ 3032.584966][ T1266] oom_kill_process+0x3a7/0x930 [ 3032.589916][ T1266] ? trace_contention_end+0x3c/0x100 [ 3032.595218][ T1266] out_of_memory+0xf67/0x1320 [ 3032.599914][ T1266] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3032.605563][ T1266] ? __pfx___mutex_lock+0x10/0x10 [ 3032.610631][ T1266] ? __pfx_out_of_memory+0x10/0x10 [ 3032.615857][ T1266] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3032.621420][ T1266] ? __pfx_lock_release+0x10/0x10 [ 3032.626479][ T1266] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3032.632593][ T1266] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3032.637807][ T1266] ? mem_cgroup_iter+0x422/0x560 [ 3032.642767][ T1266] try_charge_memcg+0xda2/0x18a0 [ 3032.647750][ T1266] ? __pfx_try_charge_memcg+0x10/0x10 [ 3032.653139][ T1266] ? percpu_ref_tryget+0x14/0x180 [ 3032.658197][ T1266] charge_memcg+0xa2/0x160 [ 3032.662637][ T1266] __mem_cgroup_charge+0x27/0x80 [ 3032.667609][ T1266] shmem_alloc_and_add_folio+0x393/0xde0 [ 3032.673262][ T1266] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3032.679437][ T1266] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3032.684667][ T1266] ? lockdep_hardirqs_on+0x98/0x140 [ 3032.689878][ T1266] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3032.695521][ T1266] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3032.701774][ T1266] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3032.708383][ T1266] shmem_write_begin+0x170/0x4d0 [ 3032.713347][ T1266] ? __pfx_shmem_write_begin+0x10/0x10 [ 3032.718828][ T1266] ? fault_in_iov_iter_readable+0x236/0x280 [ 3032.724741][ T1266] generic_perform_write+0x321/0x640 [ 3032.730046][ T1266] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3032.735968][ T1266] ? __pfx_generic_perform_write+0x10/0x10 [ 3032.741806][ T1266] ? mnt_put_write_access_file+0xc2/0x100 [ 3032.747566][ T1266] ? file_update_time+0x3ac/0x3e0 [ 3032.752612][ T1266] shmem_file_write_iter+0xfc/0x120 [ 3032.757825][ T1266] __kernel_write_iter+0x434/0x8c0 [ 3032.762960][ T1266] ? __pfx___kernel_write_iter+0x10/0x10 [ 3032.768616][ T1266] ? dump_user_range+0x562/0x910 [ 3032.773560][ T1266] ? dump_user_range+0x579/0x910 [ 3032.778511][ T1266] ? iov_iter_bvec+0x4e/0x1b0 [ 3032.783205][ T1266] dump_user_range+0x46c/0x910 [ 3032.787990][ T1266] ? __pfx_dump_user_range+0x10/0x10 [ 3032.793285][ T1266] ? writenote+0x250/0x3b0 [ 3032.797727][ T1266] ? kmalloc_trace+0x1d6/0x360 [ 3032.802504][ T1266] ? elf_core_dump+0x2e01/0x4630 [ 3032.807459][ T1266] ? dump_emit+0x99/0xd0 [ 3032.811714][ T1266] elf_core_dump+0x3d5d/0x4630 [ 3032.816559][ T1266] ? __pfx_elf_core_dump+0x10/0x10 [ 3032.821686][ T1266] ? mark_lock+0x9a/0x350 [ 3032.826375][ T1266] ? mas_next_slot+0xeb2/0xf90 [ 3032.831166][ T1266] ? __lock_acquire+0x1345/0x1fd0 [ 3032.836335][ T1266] ? rcu_read_lock_any_held+0xb7/0x160 [ 3032.841821][ T1266] ? 0xffffffffff600000 [ 3032.845993][ T1266] ? getname_kernel+0x140/0x2f0 [ 3032.850874][ T1266] do_coredump+0x1baa/0x2b50 [ 3032.855496][ T1266] ? get_signal+0xbe1/0x1850 [ 3032.860130][ T1266] ? __pfx_do_coredump+0x10/0x10 [ 3032.865215][ T1266] ? _raw_spin_unlock_irq+0x23/0x50 [ 3032.870431][ T1266] ? lockdep_hardirqs_on+0x98/0x140 [ 3032.875649][ T1266] get_signal+0x146a/0x1850 [ 3032.880185][ T1266] ? __pfx_get_signal+0x10/0x10 [ 3032.885054][ T1266] ? __might_fault+0xa9/0x120 [ 3032.889768][ T1266] arch_do_signal_or_restart+0x96/0x860 [ 3032.895347][ T1266] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3032.901531][ T1266] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3032.907361][ T1266] irqentry_exit_to_user_mode+0x78/0x280 [ 3032.913013][ T1266] exc_page_fault+0x587/0x870 [ 3032.917728][ T1266] asm_exc_page_fault+0x26/0x30 [ 3032.922600][ T1266] RIP: 0033:0x7f8ab667ddb1 [ 3032.927032][ T1266] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3032.946664][ T1266] RSP: 002b:0000000000000120 EFLAGS: 00010217 [ 3032.952971][ T1266] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3032.960955][ T1266] RDX: 0000000000000000 RSI: 0000000000000120 RDI: 0000000000000000 [ 3032.969199][ T1266] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3032.977182][ T1266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3032.985160][ T1266] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3032.993177][ T1266] [ 3033.176087][ T1266] memory: usage 302528kB, limit 307200kB, failcnt 63475 [ 3033.183093][ T1266] memory+swap: usage 396124kB, limit 9007199254740988kB, failcnt 0 [ 3033.243484][ T1266] kmem: usage 44940kB, limit 9007199254740988kB, failcnt 0 [ 3033.283414][ T1266] Memory cgroup stats for /syz4: [ 3033.283584][ T1266] cache 266727424 14:00:07 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x25d, 0x0, 0x0, 0x0) 14:00:07 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000045000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:07 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000002c0)={0x1, &(0x7f0000000280)=[{0x6}]}) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) 14:00:07 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req={0x8, 0x2}, 0x10) 14:00:07 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xfffffffffffffff8, 0x20000) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000100)={{0x4, 0x5, 0x24bc, 0xfffffffe}, 0x0, 0x2, 0xfffffff7, r2, 0x6, 0x3, 'syz0\x00', &(0x7f0000000080)=['/dev/snd/controlC#\x00', '!)]!\\+', '/dev/snd/controlC#\x00', '\x00', '\x8f$:\x00', '/dev/snd/controlC#\x00'], 0x44}) [ 3033.320175][ T1266] rss 802816 [ 3033.374663][T14660] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3033.394587][ T28] audit: type=1326 audit(1707141607.567:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14663 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe9df47dda9 code=0x0 14:00:07 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@newtclass={0x24, 0x14, 0x405}, 0x24}}, 0x0) 14:00:07 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x6142) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) [ 3033.440056][ T1266] rss_huge 0 [ 3033.477762][ T1266] shmem 266727424 14:00:07 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000048000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3033.500906][ T1266] mapped_file 102621184 [ 3033.588229][ T1266] dirty 0 14:00:07 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x6142) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 14:00:07 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) sendto$packet(r0, &(0x7f0000000000)="f3", 0x1, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @remote}, 0x14) [ 3033.609412][T14671] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3033.663761][ T1266] writeback 0 14:00:07 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x6142) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 14:00:07 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000004c000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3033.745879][ T1266] workingset_refault_anon 916 14:00:07 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 14:00:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) recvfrom$inet6(r0, 0x0, 0x0, 0x40010042, 0x0, 0x0) [ 3033.800966][ T1266] workingset_refault_file 0 [ 3033.886313][ T1266] swap 93622272 14:00:08 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r0, &(0x7f0000001480)={&(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}, 0xa805) sendmsg$inet6(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000880)="a1fb83b0b2862391ff7d80d355e3321350a9bd4e0edfb1daccea9836a8d11fdbe0d3e0051798cd0c4d61d48fac575be44ee0d1355ba109abf58f435bfa39af37430f3ef652af41100936769f862903b74b0c5fcdad4b0d3657993ab9b5be5f925927991c4e1c688581baaf4033336ee580e90f97b84ad145e4d3416f30fa99e00e386811cf654a33e420828023ca792ce9bcf8f9fca55ed35510445f60a0153c4fc15f1707d2d4c1f2746bee1d445ffbc49ca93ca29ea5fd5ab863669a13d86fb2", 0xc1}, {&(0x7f0000000980)="78c02042587b3a2785b92d324c9b49e246664e108f3646b6ad13a59a1b85b479645350ab73082aa8fcb5b6318463350795b9267f88c2e9ae079b513075a7e3906460fde52872", 0x46}, {&(0x7f0000000a00)="1eea2e5c7117ca7c", 0x8}, {&(0x7f00000014c0)="fa72bd45d100a918fb6971cf98ddbd3114a2a9dfe7252fdbf7b7276a50a52fcd1e8ae5b8164e1b4c2c81463e0ae70bb5d25c0a048f740eda564d3655f4125d20dd01d50d1c9d7ef7658a1e9744ed478100726b6279f7474695489e3c6754c32ffb14a500c83aab67edf66761362af56cfe22c1e00559d9b175cb6fd17a71d88ffc6ba5ef78558e38829dcbf4fa2ffd9dd66c66d374ce6a8295b69c11842e78c78f6d59b2e2190f730c54ad17cb1eca9dc81ee06f6250c917378dc8ffdc7e94138c8963260decb87572aaa248df13d0eddd595602a9d048e34702904a71a7d971a3c766b9260d3dc7d72b055b040845cec6f028fd066966bf9b8ed569fdbf585cd49c516a8dcdfabff09283b52b06cd668802b3cf32f8129e970b590c1e46372f7e07498810ee215578b85d2288a3bdb5826a5f27077a18be50f1aea8548e3730b13b5ccfa58bf8be8ddd71c85472933076c034e95dc65acc06453cf8642f857d2ad29247434dd84d5d2e15aa8ac82952dc526f8a4ea90ce0c28e001256c56d516638d2f9241598cf03240d80dab1e87716266f5c3b85b55ce6ceab024b936ab65295ccf82d9b6886d1b11f21933eddb8fbc2db3f32cc29a72c5625f2fc9f603acdc2b8c17e9bb8dae79dd7fbe3fc00153657028f10cae4b1721808769ef057304e7e6e93526b305feb1ad7513ce612c78ee727617ec2b7796975d002b5bc6cab68d9c998b03cab2ec8c7d54d2a1e02b1d70fc4d623bbff475b3975c91c79165c9dcfb860e3d7922d244c85be606ef2ab37a9af453dc620a6b8adbff2dbaf2345786c1867c258aa8e653482130852735fa2afd064ed90b95430a4a7ed7f84998da2330605e907df55357814d5d621619a20d3b2796d7328d00484986650b99547ddc20a86d96af5386108cd0af9627a3fae713c626d33f0ef1d3a79029237d2c578ec338bfab97d1be70465f0ef92146b29bef846f075e2fece6fee8675566ed8cda1c2a47ade34169d93b75c1df20b5e5d8fa3bd1a584c2da6566e526dbb8cfd80dc477be59e03674f3e0c03a69b8e2e9db452e261bceec616872c5b7fb5aea135e89a0a7b8d36c3ce178c9c21805a34ca49482be87954e3bb90c6b1cbbe318f3a3a36d1c2db3072f1fe8154dded67f4b6f4d162312bbbda30b496f66539df95729d62d6527b8ef7d2bd09c3fb207de935a0691ed02918461c3a9e80d360ae48fcf4195d32e84fa9e7b35ad3f44deb228f560338fefba677618f84331b0d50dfa1695bc3688fc8a18961a621090d6f18b23ce91201f228462a10b1219830932c7a0a41e2ed65f17dcc8e02cd7425684886acd591525486846023fdca1f75103f3dbb053c93c9c23f2ce41a784e9ea84a2a3c2b114d86bef6a59da60e218a4372962f89c7d3b3275051b3d749035533a324ef3982009bfbe935fa4058961052e1c469ad7f7eca43bf7735a8bf9a5d6da9641028cdd7a435621af409893b81ba27f6820ac7c6a0543b80938ca9aeccd467e63dca469ba68da38bfa742045351db572258724cd618ba6f40806d3dd78016e7d9affe19809f5f76da3c0bf8067cce6c2fe391a5a7b57e00df187c89ed5128558c0ca3c19322faae35c7d764c0aa988f148b7e6109129cac3e64ee5a10eb8888851af99898835814f495482d02c", 0x49e}], 0x4}, 0x0) 14:00:08 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) [ 3033.919800][T14685] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3033.980075][ T1266] swapcached 16384 14:00:08 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@newtclass={0x24, 0x10, 0x405}, 0x24}}, 0x0) 14:00:08 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000004d000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:08 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) [ 3034.085917][ T1266] pgpgin 898802 [ 3034.125585][T14691] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. 14:00:08 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="677265300000000000000000000000007271f7cb6457c703aeca1f004a737a7a1f01000100bcfbf170c92f4dd03065903780f51ed2d6650300d6568356059bf7a511a9699919ce50605c134419bede13a33fd17322321c8c29027cbff59a9d74c4a7dfe894f576ea9fa530e9916e58f1e904cce6dcd9608abf0ad185c7c669fb2a27b0099450af3540ba319dea2124f9baa26cff1db9e636b6ac57c08fc3d9888ef5fd8f9fabc68415059f"]}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000000)={'gre0\x00', &(0x7f0000000100)={'ip_vti0\x00', 0x0, 0x2, 0x7800, 0xfffffffd, 0x40dc0, {{0x15, 0x4, 0x3, 0x10, 0x54, 0x65, 0x0, 0x80, 0x4, 0x0, @private=0xa010102, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@timestamp_addr={0x44, 0x34, 0x13, 0x1, 0x6, [{@dev={0xac, 0x14, 0x14, 0x23}, 0xfffd}, {@private=0xa010101, 0x4}, {@multicast2, 0x8}, {@broadcast, 0xffffffff}, {@rand_addr=0x64010100, 0xfffffffd}, {@multicast2, 0xfffffe01}]}, @ra={0x94, 0x4}, @ssrr={0x89, 0x7, 0xa, [@rand_addr=0x64010100]}]}}}}}) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) getsockopt$inet_udp_int(r0, 0x11, 0xb, &(0x7f0000000080), &(0x7f0000000180)=0x4) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x4c, 0x0) [ 3034.166250][ T1266] pgpgout 833484 14:00:08 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000002c0)={0x1, &(0x7f0000000280)=[{0x30}]}) [ 3034.207714][T14694] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3034.270721][ T1266] pgfault 992352 14:00:08 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000080)={0x1, 0x40, 0x1, 0x1ff, '\x00', '\x00', '\x00', 0xffff6ff8, 0x80000001, 0x9, 0x0, "180b2f41ee8f87ab34494c90d9e67804"}) r1 = open(&(0x7f0000000200)='./file0\x00', 0x1, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)="97", 0x1}], 0x1) write$tcp_mem(r1, &(0x7f0000000900)={0x8, 0x20, 0x10000, 0x20, 0x8}, 0x48) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x25, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b0b74473d7e2125d1222717fbd6c1f9634cd4316e081c158acd624404fbc3580f9e0f7d1fed4268e6fbd9d6d64c7c3b5cf5b891f0ecf9ac81ff352ca1b6fb63c4c6c6d4fa47e85c6d3acda32ccb2b63d0adec8c8fb59c101448012c401a668ee9a11333725e37eb988a745b1f755c26575eea141a1fe6c87fbf2654be1fc6ac759ac36c66566a0d67b5c59875d52c5446248befb74cb232caa6d58ae441a4d0feacbb26ff85afbae1b91fd9f0d15f0c8de2c9a631f84adffc72e20a3954117997ed9bd8a540450a1e69eab23bd3d17c5a", @ANYRES32=0x0], &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x2, &(0x7f0000000100)={r3}, 0x14) setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f00000035c0)=ANY=[@ANYRES32=r3, @ANYBLOB="06000010ba8d57d8b881ba296d3d282736fb87be812b795f42feda68cfd8edc359e43f65fcc3d301b46c36383a2aaf08a8e6132f2642733b1ffe4ba5fd41deacaaf74acf737f66a70e9aeae989c1a90af59c3904c45db840314c863756672c626e824ccac25efaf4d235e0dfb04dd4b59af155016fcda4cea82eb6261584ebf24cfa13bc6505ee3eab92ca6c73019c1564937dca0244741bdab8380a13e875b0fa0280ffa234e2d2bdd88829675f3b9c6a078820d2e5295e0364bfd3696a90cbb586e904f0f1c199d1d27de09450949178a7aa371207d33e543058f6300d7fc94c1063abb2b841fb4ba0c1b738a0e1537c193fd830eb57a508e2e6d6c39e70564006bbcf67c0f672598174e9e583196506855346cbcc14f63668b66660132b1c9e84c3944041d24a734756b0d269e2c2845e7f2ed422747f55c26988c789db34317dc341e362cf2f30f47558b3c1f806f472fa076e0f9b8d5d1c790befe4363c0d5a13ec79f2f15bbc2e5842f140549d7ee27b0ec0eaa90789daa31afd0f25ab6a0894efd92105464ce636974a96ec5180db0707e0c94facda1c23579beb1fad0ccc165ab101c4cd986f1337c91cb835179cc1cbb4800448f1cee894f8c3fd46a080eceba8c16d197d6cd8bec738cb4b5213aa85a9175e173be8e8ec54d9c36b5c83e37d512c606346075adcacce74f8341c92ea47f12159a688a2b051fc2220fd62c04e190be5421d553a3b82130290908b340cae8782d1451ffab9bc3a8055f84f7051e609f29a1358cc16c3ded0451b44a31f0db1690bc9e17e1ec9dddaf185f14da2f46811af5f9fac47901afcfd2b7cf39f093bf7b85398f5e7fd7324b595c5e7530f1845e748170c6c3794199417f352345a9797281ade04ae82be4877d193ec5e73c012de44ad17cd917e37ba314d5d2445988b34d829429748cbaa7b8747705d47c506ac1945f6154946d0dab76a41f6191ea66a9ef67e26b863668429af74d67ed1ae99e2cc799837f5825bb94d8f15483493ed42b32b184666cf0f8b975509a905545bedf0ee28ffda4de6c2c5483a1b7e126ec4217f6efbb51b341f2ac4de322eb10a0f8c998c2785829334426ae8a6dc28a3a613dfb817798f24fd6f2053a4c2008f0a51ccf8fda3868259b94847cb6b4efd2343a81c557ff055d84eacb4ab8a99b7bfab30570bc5ca7e8d4c0d1992457670e601703c04e64c5b6000ae5039c7811cf13d76fc6d51baf081aabc1ebbc57ea5fa7434aaf1fa2959d5ea3dc57bb0486991fda0890c02ec1c9946134120dd48da6720e2494b55bf1a1d017d8d18bbf13ff6d130370943d3198b22d5ce79c1d0f5914f81036f5d324acca9c6fe25726198abf394fd083371266ed3b7feb121ecaca80777e3a0cbe45b7dbe94dcfb7ecbde832f04acf34e6eb0d8da443026cd5df0460d9efbf41534ffe78793e0aa2fb6dc8a7c56960bbc80d0b52373b5ad1ac3a9cd0dd2390d13712a54a25ce8557e9af0dc725f32cbc1ff393b5b875b3b8cae5468cebc297be120d8aeba1d8e4f2548fbcb973bdd38e7693847faa7533c4e3beab3e1cb2eb9cc13e389738e2b6fcc81f983e99201c838f3fae2e2d1f37034813e5771936f4bdda2a1f97444d07688db4184cbb950ef941a370a3ff506a7facf11476cef267b59a4e184abf572e1cd25d9f5641e0dc53ff5c95614b9d0264f291550ebb82eab2ef868df7376e4e6bfa8180d9dbcb89888f14a3d1edd2095bc9a7b76b0a117bb51aa43ba5b312bbec4003159c0d50962d78616a9dbe2d97587b3a308c6c64d779ec9f5f849378bf52c7976353d22e841c5efec6a297dacfe519954d309a30ef97240aa802afaf1875cb4a57646a50a2e8f6f2a78e4b8a41ce96cdda3078aa6999bd18ad19065306190e79c4557f6bb03c9c7e39df6f5380d61930c1c4b063792541c88620bd9da82ed584b774d6ef2b33b5f4826f45c35079870270c63a1a97b575cf069023575b670c38c8f23699012d25ffc5b42bb0f3cc586ff842de70fcfdfeaf285b7f3a19140b28ebd78c3fbeb45d8322d92c587b8573d0bdb66a023f4129a55c90465f398a86b1a52c6e7257f651e7a12ddd02f800b048a1e4147adb3c2e2c7347be459d0dd252c791739ad19a76d4489ce9c5208079e68513b09205f21f2a3182669fb9566c6a97438fed0904ab75418ce17b14cc6220ac6b64191457410bb963027a21f60e945486807ac426b99af7d3728ab1373085cacee2a45d613ebede90cc0b422e7c7f00ca8b37df4074caa6415c18cfebf812da9e452ebd038c8af6a30d69f68c33e1e8973e111f41224d2acd6c086f4459726584a867b062566b4ea82dcb1b4a2884c996c956d6b7a91984cf17233aa0eb678d10a3484c05197c00a20f7391731ec2d0a2ff0cc2b656f88a67dc7ff2961a5bcbd34543951c1f46d67685be80c7c389bf8d5271ae6c28ce53632023f7b0658479ec4fa20d637220618ee576b08bb85a6e96d46923642cef9ed0629818b549fef6d99683db407be89f2f07f417e1f2de094cc7049cf6055eb48b7d2f78f4abe7b16952d67a9fe89b396c78eb2fe71f4de2fa8826fd91a36be4dda7351bc5ebadb5ff5ea7fc2fdedaf530aae63e66f13a4611c82f88d1d5d2a94c8cce6353bd58bcfb6d2f62b1bbdfd45f39ca0b6b87736b66acccc94b1c02433d8e7ddd5f1021811282d82db8335bca4fca7c748e2a9ea0d6dfd55b50b764fdf98a226f89b20802b5323122e093c056329b221c001e9010a82510750ae39164704abb1de6cc891dc9c9ef89c7414c27a3cc5078c1d4817a3b2dd7a5ab927474f5601f1c5ccc4615e249617e2c0b8d9767f6d11af46eaa676e6f5764805621e615aaa66a7cd41852b16555562162cc17fa4facb12cb062eace65c6328f9dff1b684b506f9d65c39bbfa6d933ee1faabb44d1dc59037b6d9cedd7c52e70e1d03c63258c15c63d6966b70f02f239cfdfef2c9becd229a84e754772f97996a6a313822a7016ced0e7bf69d25a358ae0f0042bb31c77c9c017fff08b4a38775d31215130b4eec7cda82fc6dab5d1108c17cbb63008afd35da4761792fd9c4471ce43adc2552dbbcea0597fc98432bc9f66339eb595649df62108cd407a1073655e66a79ea3e1f7f8216abeed53dd88877e88178db4b19a2aae61b507eafecaf99e66f50fd4cfcd2b56f6fed3959818020db31d132b3a5685510facaba03825d52512567ddde13140b1600c233dbe87baf70d5d92bb59b2b8e921cec21754c9b2e5eaeadaf29bbdff76c9d348cda2b282341977242ea5b33271d2d2962d5ef26ee77e35045f2ecaa1d7965b413af55091435f21d9e617ce20abf04b1032772f196ea051c4a4a22c289f180bdb4e39f57f35c21b763262099cea34867e6f503ae9a58b814b3c0123a1818142d6f5ea110296adaa4c509bfe15b0a2b7fdc857848c60f562fb5bce8b7113a3d4bf9f1d6b1f670efe93f0cc2ef604c2119f4256088f38b2c05d28e911f6a32c75fca32bcc5339bda061aa0f797b5398177bb69ee99adaac16955b13c1bbabb0f48d25933216c3de31618462fa5bcc3dc6d42ef64f7d0ff73d4f82b4fc6e881641edde90dbf62b67ad8fc16169952ca84892292f775808a092163bc6b2fbae4bdea605ea89a74b53c4704f69a1f7bafe793526f7298986407b71f948542c4404596a7ff64f65161f438d75194605b2a5cb4b82876909c83452ebd6836d65a07653d9eb2158fffe75d1528f035d7dd21dddd7f48aae1d7be5dfc7dd38a9eb5fa24d6fd594fa5d5d943f7c814e6f5917f566cbe14ef9c3365226d9578c77b1baf00227546cde7b9d815fcd7566d9f26b16ce2925b41e32f9397eaabfad16b57e947bc4dd46f8935465ecc4e2b939e6a3a7c0251a890d749aee655071dd21ab2a62dd5cc72b015680ec1f353e717631b353e2196a05006a61a0969f4021aab54bf75b06eb85a5b09eacc2a410ab1d775556cc0e42062a6cc2f6417a91d6313c1056f8fa30c010b136f51cca3accb4ad7bbae6ad16d8347cdf998c0b10efc73668858d43167b32da144ca4c0a700c308f4ffdc7c3a2e9f825ccd430750944ee5156933613d86428fd4fbb511f71bd508422f7d053016bfc60c33f29a33c0d948e6a64b74c0500c1df1d23c21a91239b00b3008be94ac4753d9febc8c6ee1542799a0940d56081f4060c3a94e10577557c797e4221f1b8604cd5235f1e99e05f1f24654f82e94f9d05e6f6bd0b45c874b3bed03dc0fb6ec8424afa1fde8943abb397a9daa462d1fab1ed74f015e879dc453183b34e1439c06b97c37edc0af851a0662e30f84896c1f58f5a152be36367cd6eb49a10f7abe6870ebd5bbc6075e39fd41f9e7ca953fd81d349050e41d39c9439c0d97e3cbaaccc7cc50209bf66875a1f8d079ef2d9c12ae411def057cbc050d3ca47382838b2a1763cf69bd1598e95ae2de6d482049f72fd567210711f5a88a42118c0366a5b9e7edac573832d28803f07b5bbb45f1497d4787b70a733a7b3091a4c4b9f75735978812b7a3925a8ddc4f445219149296b8f01e0019e3fa9a2d5c565f58d88f784a38f80c29f6dad2cd780e380bfa4ceef4bbd8075478a1637fc45432d0232f97fdca554b98818521368b9f413be55be6d18243d17a79d2aa0441700476376c097e553965daa60405760e083d5c35bf29881949bd549aa5f030c49c18c392bc5548c7a060ffd4fba50152b016e8081e12ce6db0b874fffe01d1bd771460d819dac67285022e05b8542c20e8c4b2f5122ba8e7018ea202282bd994124a7eff97fdc334d05e00b02207fc58339ff9383419d6ea07e004da8cee3016e12063729d1ced714ff8f7384e15ff733c40500000000000000713ece05e42eaad9223efb2d0d3095298a6d1a99300cdd4bb4ffcd17b724c58c9b876ab5f8da8cb8e80a8a6ef63fbf76e9458d9100360cd93d59b6864740f5aff180eff2d024a7d4e4ebbc05912e7460bd82db18809cb492482ec31216a29fbfe5dc23190613f4a33fd833925d58e0ea2b2ce917c4a985ed60c8577dccd179359cd500ddb9d6a301758d24a7c8bce0b334b5a9c983685cccabdbd730ac4b4a854bd77203792052ebfcdd48c32b2605ba94cafab278c7f67bd31807338a20573d389bbda1b6c6755ca184efbdba7e0c4c23e371c2e8ebc9396c3eb0ee0f364979e94472cf8e345f9331ab790b4f5bca5cde763147a2039febbc5a35aaa417dc6e0efb91f2543dd8c62825713549ccfc0026111e0e8681562d6a6cfa531674ecb26f8df41a615df415ff6425c1613becaafd6c4cb1cfe8089f1535214ecc0fa8b55404220568321fa86f32d8da62882a8f219be80032bea11c8b98ce19f90b8401defb59153488019e225f38e2896ad68bed8a0f7a7ae8c0db205c523cd409832cb43ab923c01a5b13f3863d56fabecbe0c6c9ac8aceddd5560d529f030e642a856c321565a9519bb5db4f641c6132f49bf690c73dde49d89f18deb7b4e898dc140296494b20fd77883e4f1ae196cd4274cf32ac55729803057b8a3c587638fec2e5b935ce14b28ca6f22b6651acdd574f637a74e6f83df7e211cc68ff039ce852db28ac1ce17b3f27fc2b6c2512605a83c16796dd38c57cdd5a5f24ef918476ad30f03453a9f82e50dd2e721baf3506a0d602f0c905c3f801d237c89964bd78d4814b41436deaff0d68e6728f512681444fa177a700258c9ddcb1fca184710d846f333453228a5a9bfee79dffffd559415000"/4101], 0x1008) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f00000001c0)=""/102) 14:00:08 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000240)={'pim6reg0\x00', 0x201}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'vlan1\x00'}) [ 3034.386508][ T1266] pgmajfault 582 14:00:08 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000060000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:08 executing program 2: open$dir(&(0x7f0000000180)='./file0\x00', 0x42, 0x0) 14:00:08 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000080)={0x1, 0x40, 0x1, 0x1ff, '\x00', '\x00', '\x00', 0xffff6ff8, 0x80000001, 0x9, 0x0, "180b2f41ee8f87ab34494c90d9e67804"}) (async) r1 = open(&(0x7f0000000200)='./file0\x00', 0x1, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)="97", 0x1}], 0x1) (async) write$tcp_mem(r1, &(0x7f0000000900)={0x8, 0x20, 0x10000, 0x20, 0x8}, 0x48) (async) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x25, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b0b74473d7e2125d1222717fbd6c1f9634cd4316e081c158acd624404fbc3580f9e0f7d1fed4268e6fbd9d6d64c7c3b5cf5b891f0ecf9ac81ff352ca1b6fb63c4c6c6d4fa47e85c6d3acda32ccb2b63d0adec8c8fb59c101448012c401a668ee9a11333725e37eb988a745b1f755c26575eea141a1fe6c87fbf2654be1fc6ac759ac36c66566a0d67b5c59875d52c5446248befb74cb232caa6d58ae441a4d0feacbb26ff85afbae1b91fd9f0d15f0c8de2c9a631f84adffc72e20a3954117997ed9bd8a540450a1e69eab23bd3d17c5a", @ANYRES32=0x0], &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x2, &(0x7f0000000100)={r3}, 0x14) setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f00000035c0)=ANY=[@ANYRES32=r3, @ANYBLOB="06000010ba8d57d8b881ba296d3d282736fb87be812b795f42feda68cfd8edc359e43f65fcc3d301b46c36383a2aaf08a8e6132f2642733b1ffe4ba5fd41deacaaf74acf737f66a70e9aeae989c1a90af59c3904c45db840314c863756672c626e824ccac25efaf4d235e0dfb04dd4b59af155016fcda4cea82eb6261584ebf24cfa13bc6505ee3eab92ca6c73019c1564937dca0244741bdab8380a13e875b0fa0280ffa234e2d2bdd88829675f3b9c6a078820d2e5295e0364bfd3696a90cbb586e904f0f1c199d1d27de09450949178a7aa371207d33e543058f6300d7fc94c1063abb2b841fb4ba0c1b738a0e1537c193fd830eb57a508e2e6d6c39e70564006bbcf67c0f672598174e9e583196506855346cbcc14f63668b66660132b1c9e84c3944041d24a734756b0d269e2c2845e7f2ed422747f55c26988c789db34317dc341e362cf2f30f47558b3c1f806f472fa076e0f9b8d5d1c790befe4363c0d5a13ec79f2f15bbc2e5842f140549d7ee27b0ec0eaa90789daa31afd0f25ab6a0894efd92105464ce636974a96ec5180db0707e0c94facda1c23579beb1fad0ccc165ab101c4cd986f1337c91cb835179cc1cbb4800448f1cee894f8c3fd46a080eceba8c16d197d6cd8bec738cb4b5213aa85a9175e173be8e8ec54d9c36b5c83e37d512c606346075adcacce74f8341c92ea47f12159a688a2b051fc2220fd62c04e190be5421d553a3b82130290908b340cae8782d1451ffab9bc3a8055f84f7051e609f29a1358cc16c3ded0451b44a31f0db1690bc9e17e1ec9dddaf185f14da2f46811af5f9fac47901afcfd2b7cf39f093bf7b85398f5e7fd7324b595c5e7530f1845e748170c6c3794199417f352345a9797281ade04ae82be4877d193ec5e73c012de44ad17cd917e37ba314d5d2445988b34d829429748cbaa7b8747705d47c506ac1945f6154946d0dab76a41f6191ea66a9ef67e26b863668429af74d67ed1ae99e2cc799837f5825bb94d8f15483493ed42b32b184666cf0f8b975509a905545bedf0ee28ffda4de6c2c5483a1b7e126ec4217f6efbb51b341f2ac4de322eb10a0f8c998c2785829334426ae8a6dc28a3a613dfb817798f24fd6f2053a4c2008f0a51ccf8fda3868259b94847cb6b4efd2343a81c557ff055d84eacb4ab8a99b7bfab30570bc5ca7e8d4c0d1992457670e601703c04e64c5b6000ae5039c7811cf13d76fc6d51baf081aabc1ebbc57ea5fa7434aaf1fa2959d5ea3dc57bb0486991fda0890c02ec1c9946134120dd48da6720e2494b55bf1a1d017d8d18bbf13ff6d130370943d3198b22d5ce79c1d0f5914f81036f5d324acca9c6fe25726198abf394fd083371266ed3b7feb121ecaca80777e3a0cbe45b7dbe94dcfb7ecbde832f04acf34e6eb0d8da443026cd5df0460d9efbf41534ffe78793e0aa2fb6dc8a7c56960bbc80d0b52373b5ad1ac3a9cd0dd2390d13712a54a25ce8557e9af0dc725f32cbc1ff393b5b875b3b8cae5468cebc297be120d8aeba1d8e4f2548fbcb973bdd38e7693847faa7533c4e3beab3e1cb2eb9cc13e389738e2b6fcc81f983e99201c838f3fae2e2d1f37034813e5771936f4bdda2a1f97444d07688db4184cbb950ef941a370a3ff506a7facf11476cef267b59a4e184abf572e1cd25d9f5641e0dc53ff5c95614b9d0264f291550ebb82eab2ef868df7376e4e6bfa8180d9dbcb89888f14a3d1edd2095bc9a7b76b0a117bb51aa43ba5b312bbec4003159c0d50962d78616a9dbe2d97587b3a308c6c64d779ec9f5f849378bf52c7976353d22e841c5efec6a297dacfe519954d309a30ef97240aa802afaf1875cb4a57646a50a2e8f6f2a78e4b8a41ce96cdda3078aa6999bd18ad19065306190e79c4557f6bb03c9c7e39df6f5380d61930c1c4b063792541c88620bd9da82ed584b774d6ef2b33b5f4826f45c35079870270c63a1a97b575cf069023575b670c38c8f23699012d25ffc5b42bb0f3cc586ff842de70fcfdfeaf285b7f3a19140b28ebd78c3fbeb45d8322d92c587b8573d0bdb66a023f4129a55c90465f398a86b1a52c6e7257f651e7a12ddd02f800b048a1e4147adb3c2e2c7347be459d0dd252c791739ad19a76d4489ce9c5208079e68513b09205f21f2a3182669fb9566c6a97438fed0904ab75418ce17b14cc6220ac6b64191457410bb963027a21f60e945486807ac426b99af7d3728ab1373085cacee2a45d613ebede90cc0b422e7c7f00ca8b37df4074caa6415c18cfebf812da9e452ebd038c8af6a30d69f68c33e1e8973e111f41224d2acd6c086f4459726584a867b062566b4ea82dcb1b4a2884c996c956d6b7a91984cf17233aa0eb678d10a3484c05197c00a20f7391731ec2d0a2ff0cc2b656f88a67dc7ff2961a5bcbd34543951c1f46d67685be80c7c389bf8d5271ae6c28ce53632023f7b0658479ec4fa20d637220618ee576b08bb85a6e96d46923642cef9ed0629818b549fef6d99683db407be89f2f07f417e1f2de094cc7049cf6055eb48b7d2f78f4abe7b16952d67a9fe89b396c78eb2fe71f4de2fa8826fd91a36be4dda7351bc5ebadb5ff5ea7fc2fdedaf530aae63e66f13a4611c82f88d1d5d2a94c8cce6353bd58bcfb6d2f62b1bbdfd45f39ca0b6b87736b66acccc94b1c02433d8e7ddd5f1021811282d82db8335bca4fca7c748e2a9ea0d6dfd55b50b764fdf98a226f89b20802b5323122e093c056329b221c001e9010a82510750ae39164704abb1de6cc891dc9c9ef89c7414c27a3cc5078c1d4817a3b2dd7a5ab927474f5601f1c5ccc4615e249617e2c0b8d9767f6d11af46eaa676e6f5764805621e615aaa66a7cd41852b16555562162cc17fa4facb12cb062eace65c6328f9dff1b684b506f9d65c39bbfa6d933ee1faabb44d1dc59037b6d9cedd7c52e70e1d03c63258c15c63d6966b70f02f239cfdfef2c9becd229a84e754772f97996a6a313822a7016ced0e7bf69d25a358ae0f0042bb31c77c9c017fff08b4a38775d31215130b4eec7cda82fc6dab5d1108c17cbb63008afd35da4761792fd9c4471ce43adc2552dbbcea0597fc98432bc9f66339eb595649df62108cd407a1073655e66a79ea3e1f7f8216abeed53dd88877e88178db4b19a2aae61b507eafecaf99e66f50fd4cfcd2b56f6fed3959818020db31d132b3a5685510facaba03825d52512567ddde13140b1600c233dbe87baf70d5d92bb59b2b8e921cec21754c9b2e5eaeadaf29bbdff76c9d348cda2b282341977242ea5b33271d2d2962d5ef26ee77e35045f2ecaa1d7965b413af55091435f21d9e617ce20abf04b1032772f196ea051c4a4a22c289f180bdb4e39f57f35c21b763262099cea34867e6f503ae9a58b814b3c0123a1818142d6f5ea110296adaa4c509bfe15b0a2b7fdc857848c60f562fb5bce8b7113a3d4bf9f1d6b1f670efe93f0cc2ef604c2119f4256088f38b2c05d28e911f6a32c75fca32bcc5339bda061aa0f797b5398177bb69ee99adaac16955b13c1bbabb0f48d25933216c3de31618462fa5bcc3dc6d42ef64f7d0ff73d4f82b4fc6e881641edde90dbf62b67ad8fc16169952ca84892292f775808a092163bc6b2fbae4bdea605ea89a74b53c4704f69a1f7bafe793526f7298986407b71f948542c4404596a7ff64f65161f438d75194605b2a5cb4b82876909c83452ebd6836d65a07653d9eb2158fffe75d1528f035d7dd21dddd7f48aae1d7be5dfc7dd38a9eb5fa24d6fd594fa5d5d943f7c814e6f5917f566cbe14ef9c3365226d9578c77b1baf00227546cde7b9d815fcd7566d9f26b16ce2925b41e32f9397eaabfad16b57e947bc4dd46f8935465ecc4e2b939e6a3a7c0251a890d749aee655071dd21ab2a62dd5cc72b015680ec1f353e717631b353e2196a05006a61a0969f4021aab54bf75b06eb85a5b09eacc2a410ab1d775556cc0e42062a6cc2f6417a91d6313c1056f8fa30c010b136f51cca3accb4ad7bbae6ad16d8347cdf998c0b10efc73668858d43167b32da144ca4c0a700c308f4ffdc7c3a2e9f825ccd430750944ee5156933613d86428fd4fbb511f71bd508422f7d053016bfc60c33f29a33c0d948e6a64b74c0500c1df1d23c21a91239b00b3008be94ac4753d9febc8c6ee1542799a0940d56081f4060c3a94e10577557c797e4221f1b8604cd5235f1e99e05f1f24654f82e94f9d05e6f6bd0b45c874b3bed03dc0fb6ec8424afa1fde8943abb397a9daa462d1fab1ed74f015e879dc453183b34e1439c06b97c37edc0af851a0662e30f84896c1f58f5a152be36367cd6eb49a10f7abe6870ebd5bbc6075e39fd41f9e7ca953fd81d349050e41d39c9439c0d97e3cbaaccc7cc50209bf66875a1f8d079ef2d9c12ae411def057cbc050d3ca47382838b2a1763cf69bd1598e95ae2de6d482049f72fd567210711f5a88a42118c0366a5b9e7edac573832d28803f07b5bbb45f1497d4787b70a733a7b3091a4c4b9f75735978812b7a3925a8ddc4f445219149296b8f01e0019e3fa9a2d5c565f58d88f784a38f80c29f6dad2cd780e380bfa4ceef4bbd8075478a1637fc45432d0232f97fdca554b98818521368b9f413be55be6d18243d17a79d2aa0441700476376c097e553965daa60405760e083d5c35bf29881949bd549aa5f030c49c18c392bc5548c7a060ffd4fba50152b016e8081e12ce6db0b874fffe01d1bd771460d819dac67285022e05b8542c20e8c4b2f5122ba8e7018ea202282bd994124a7eff97fdc334d05e00b02207fc58339ff9383419d6ea07e004da8cee3016e12063729d1ced714ff8f7384e15ff733c40500000000000000713ece05e42eaad9223efb2d0d3095298a6d1a99300cdd4bb4ffcd17b724c58c9b876ab5f8da8cb8e80a8a6ef63fbf76e9458d9100360cd93d59b6864740f5aff180eff2d024a7d4e4ebbc05912e7460bd82db18809cb492482ec31216a29fbfe5dc23190613f4a33fd833925d58e0ea2b2ce917c4a985ed60c8577dccd179359cd500ddb9d6a301758d24a7c8bce0b334b5a9c983685cccabdbd730ac4b4a854bd77203792052ebfcdd48c32b2605ba94cafab278c7f67bd31807338a20573d389bbda1b6c6755ca184efbdba7e0c4c23e371c2e8ebc9396c3eb0ee0f364979e94472cf8e345f9331ab790b4f5bca5cde763147a2039febbc5a35aaa417dc6e0efb91f2543dd8c62825713549ccfc0026111e0e8681562d6a6cfa531674ecb26f8df41a615df415ff6425c1613becaafd6c4cb1cfe8089f1535214ecc0fa8b55404220568321fa86f32d8da62882a8f219be80032bea11c8b98ce19f90b8401defb59153488019e225f38e2896ad68bed8a0f7a7ae8c0db205c523cd409832cb43ab923c01a5b13f3863d56fabecbe0c6c9ac8aceddd5560d529f030e642a856c321565a9519bb5db4f641c6132f49bf690c73dde49d89f18deb7b4e898dc140296494b20fd77883e4f1ae196cd4274cf32ac55729803057b8a3c587638fec2e5b935ce14b28ca6f22b6651acdd574f637a74e6f83df7e211cc68ff039ce852db28ac1ce17b3f27fc2b6c2512605a83c16796dd38c57cdd5a5f24ef918476ad30f03453a9f82e50dd2e721baf3506a0d602f0c905c3f801d237c89964bd78d4814b41436deaff0d68e6728f512681444fa177a700258c9ddcb1fca184710d846f333453228a5a9bfee79dffffd559415000"/4101], 0x1008) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f00000001c0)=""/102) 14:00:08 executing program 2: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000002c0)={0x1, &(0x7f0000000280)=[{0x6}]}) [ 3034.504456][ T1266] inactive_anon 123899904 [ 3034.554029][ T1266] active_anon 143597568 [ 3034.584748][ T28] audit: type=1326 audit(1707141608.757:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14838 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f288a07dda9 code=0x0 [ 3034.618663][T14831] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@newtclass={0x24, 0x26, 0x405}, 0x24}}, 0x0) 14:00:08 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8922, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000280)={'gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @local}}}}) [ 3034.658077][ T1266] inactive_file 0 14:00:08 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000080)={0x1, 0x40, 0x1, 0x1ff, '\x00', '\x00', '\x00', 0xffff6ff8, 0x80000001, 0x9, 0x0, "180b2f41ee8f87ab34494c90d9e67804"}) (async) r1 = open(&(0x7f0000000200)='./file0\x00', 0x1, 0x0) writev(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)="97", 0x1}], 0x1) write$tcp_mem(r1, &(0x7f0000000900)={0x8, 0x20, 0x10000, 0x20, 0x8}, 0x48) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x25, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b0b74473d7e2125d1222717fbd6c1f9634cd4316e081c158acd624404fbc3580f9e0f7d1fed4268e6fbd9d6d64c7c3b5cf5b891f0ecf9ac81ff352ca1b6fb63c4c6c6d4fa47e85c6d3acda32ccb2b63d0adec8c8fb59c101448012c401a668ee9a11333725e37eb988a745b1f755c26575eea141a1fe6c87fbf2654be1fc6ac759ac36c66566a0d67b5c59875d52c5446248befb74cb232caa6d58ae441a4d0feacbb26ff85afbae1b91fd9f0d15f0c8de2c9a631f84adffc72e20a3954117997ed9bd8a540450a1e69eab23bd3d17c5a", @ANYRES32=0x0], &(0x7f0000000040)=0x8) setsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x2, &(0x7f0000000100)={r3}, 0x14) setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f00000035c0)=ANY=[@ANYRES32=r3, @ANYBLOB="06000010ba8d57d8b881ba296d3d282736fb87be812b795f42feda68cfd8edc359e43f65fcc3d301b46c36383a2aaf08a8e6132f2642733b1ffe4ba5fd41deacaaf74acf737f66a70e9aeae989c1a90af59c3904c45db840314c863756672c626e824ccac25efaf4d235e0dfb04dd4b59af155016fcda4cea82eb6261584ebf24cfa13bc6505ee3eab92ca6c73019c1564937dca0244741bdab8380a13e875b0fa0280ffa234e2d2bdd88829675f3b9c6a078820d2e5295e0364bfd3696a90cbb586e904f0f1c199d1d27de09450949178a7aa371207d33e543058f6300d7fc94c1063abb2b841fb4ba0c1b738a0e1537c193fd830eb57a508e2e6d6c39e70564006bbcf67c0f672598174e9e583196506855346cbcc14f63668b66660132b1c9e84c3944041d24a734756b0d269e2c2845e7f2ed422747f55c26988c789db34317dc341e362cf2f30f47558b3c1f806f472fa076e0f9b8d5d1c790befe4363c0d5a13ec79f2f15bbc2e5842f140549d7ee27b0ec0eaa90789daa31afd0f25ab6a0894efd92105464ce636974a96ec5180db0707e0c94facda1c23579beb1fad0ccc165ab101c4cd986f1337c91cb835179cc1cbb4800448f1cee894f8c3fd46a080eceba8c16d197d6cd8bec738cb4b5213aa85a9175e173be8e8ec54d9c36b5c83e37d512c606346075adcacce74f8341c92ea47f12159a688a2b051fc2220fd62c04e190be5421d553a3b82130290908b340cae8782d1451ffab9bc3a8055f84f7051e609f29a1358cc16c3ded0451b44a31f0db1690bc9e17e1ec9dddaf185f14da2f46811af5f9fac47901afcfd2b7cf39f093bf7b85398f5e7fd7324b595c5e7530f1845e748170c6c3794199417f352345a9797281ade04ae82be4877d193ec5e73c012de44ad17cd917e37ba314d5d2445988b34d829429748cbaa7b8747705d47c506ac1945f6154946d0dab76a41f6191ea66a9ef67e26b863668429af74d67ed1ae99e2cc799837f5825bb94d8f15483493ed42b32b184666cf0f8b975509a905545bedf0ee28ffda4de6c2c5483a1b7e126ec4217f6efbb51b341f2ac4de322eb10a0f8c998c2785829334426ae8a6dc28a3a613dfb817798f24fd6f2053a4c2008f0a51ccf8fda3868259b94847cb6b4efd2343a81c557ff055d84eacb4ab8a99b7bfab30570bc5ca7e8d4c0d1992457670e601703c04e64c5b6000ae5039c7811cf13d76fc6d51baf081aabc1ebbc57ea5fa7434aaf1fa2959d5ea3dc57bb0486991fda0890c02ec1c9946134120dd48da6720e2494b55bf1a1d017d8d18bbf13ff6d130370943d3198b22d5ce79c1d0f5914f81036f5d324acca9c6fe25726198abf394fd083371266ed3b7feb121ecaca80777e3a0cbe45b7dbe94dcfb7ecbde832f04acf34e6eb0d8da443026cd5df0460d9efbf41534ffe78793e0aa2fb6dc8a7c56960bbc80d0b52373b5ad1ac3a9cd0dd2390d13712a54a25ce8557e9af0dc725f32cbc1ff393b5b875b3b8cae5468cebc297be120d8aeba1d8e4f2548fbcb973bdd38e7693847faa7533c4e3beab3e1cb2eb9cc13e389738e2b6fcc81f983e99201c838f3fae2e2d1f37034813e5771936f4bdda2a1f97444d07688db4184cbb950ef941a370a3ff506a7facf11476cef267b59a4e184abf572e1cd25d9f5641e0dc53ff5c95614b9d0264f291550ebb82eab2ef868df7376e4e6bfa8180d9dbcb89888f14a3d1edd2095bc9a7b76b0a117bb51aa43ba5b312bbec4003159c0d50962d78616a9dbe2d97587b3a308c6c64d779ec9f5f849378bf52c7976353d22e841c5efec6a297dacfe519954d309a30ef97240aa802afaf1875cb4a57646a50a2e8f6f2a78e4b8a41ce96cdda3078aa6999bd18ad19065306190e79c4557f6bb03c9c7e39df6f5380d61930c1c4b063792541c88620bd9da82ed584b774d6ef2b33b5f4826f45c35079870270c63a1a97b575cf069023575b670c38c8f23699012d25ffc5b42bb0f3cc586ff842de70fcfdfeaf285b7f3a19140b28ebd78c3fbeb45d8322d92c587b8573d0bdb66a023f4129a55c90465f398a86b1a52c6e7257f651e7a12ddd02f800b048a1e4147adb3c2e2c7347be459d0dd252c791739ad19a76d4489ce9c5208079e68513b09205f21f2a3182669fb9566c6a97438fed0904ab75418ce17b14cc6220ac6b64191457410bb963027a21f60e945486807ac426b99af7d3728ab1373085cacee2a45d613ebede90cc0b422e7c7f00ca8b37df4074caa6415c18cfebf812da9e452ebd038c8af6a30d69f68c33e1e8973e111f41224d2acd6c086f4459726584a867b062566b4ea82dcb1b4a2884c996c956d6b7a91984cf17233aa0eb678d10a3484c05197c00a20f7391731ec2d0a2ff0cc2b656f88a67dc7ff2961a5bcbd34543951c1f46d67685be80c7c389bf8d5271ae6c28ce53632023f7b0658479ec4fa20d637220618ee576b08bb85a6e96d46923642cef9ed0629818b549fef6d99683db407be89f2f07f417e1f2de094cc7049cf6055eb48b7d2f78f4abe7b16952d67a9fe89b396c78eb2fe71f4de2fa8826fd91a36be4dda7351bc5ebadb5ff5ea7fc2fdedaf530aae63e66f13a4611c82f88d1d5d2a94c8cce6353bd58bcfb6d2f62b1bbdfd45f39ca0b6b87736b66acccc94b1c02433d8e7ddd5f1021811282d82db8335bca4fca7c748e2a9ea0d6dfd55b50b764fdf98a226f89b20802b5323122e093c056329b221c001e9010a82510750ae39164704abb1de6cc891dc9c9ef89c7414c27a3cc5078c1d4817a3b2dd7a5ab927474f5601f1c5ccc4615e249617e2c0b8d9767f6d11af46eaa676e6f5764805621e615aaa66a7cd41852b16555562162cc17fa4facb12cb062eace65c6328f9dff1b684b506f9d65c39bbfa6d933ee1faabb44d1dc59037b6d9cedd7c52e70e1d03c63258c15c63d6966b70f02f239cfdfef2c9becd229a84e754772f97996a6a313822a7016ced0e7bf69d25a358ae0f0042bb31c77c9c017fff08b4a38775d31215130b4eec7cda82fc6dab5d1108c17cbb63008afd35da4761792fd9c4471ce43adc2552dbbcea0597fc98432bc9f66339eb595649df62108cd407a1073655e66a79ea3e1f7f8216abeed53dd88877e88178db4b19a2aae61b507eafecaf99e66f50fd4cfcd2b56f6fed3959818020db31d132b3a5685510facaba03825d52512567ddde13140b1600c233dbe87baf70d5d92bb59b2b8e921cec21754c9b2e5eaeadaf29bbdff76c9d348cda2b282341977242ea5b33271d2d2962d5ef26ee77e35045f2ecaa1d7965b413af55091435f21d9e617ce20abf04b1032772f196ea051c4a4a22c289f180bdb4e39f57f35c21b763262099cea34867e6f503ae9a58b814b3c0123a1818142d6f5ea110296adaa4c509bfe15b0a2b7fdc857848c60f562fb5bce8b7113a3d4bf9f1d6b1f670efe93f0cc2ef604c2119f4256088f38b2c05d28e911f6a32c75fca32bcc5339bda061aa0f797b5398177bb69ee99adaac16955b13c1bbabb0f48d25933216c3de31618462fa5bcc3dc6d42ef64f7d0ff73d4f82b4fc6e881641edde90dbf62b67ad8fc16169952ca84892292f775808a092163bc6b2fbae4bdea605ea89a74b53c4704f69a1f7bafe793526f7298986407b71f948542c4404596a7ff64f65161f438d75194605b2a5cb4b82876909c83452ebd6836d65a07653d9eb2158fffe75d1528f035d7dd21dddd7f48aae1d7be5dfc7dd38a9eb5fa24d6fd594fa5d5d943f7c814e6f5917f566cbe14ef9c3365226d9578c77b1baf00227546cde7b9d815fcd7566d9f26b16ce2925b41e32f9397eaabfad16b57e947bc4dd46f8935465ecc4e2b939e6a3a7c0251a890d749aee655071dd21ab2a62dd5cc72b015680ec1f353e717631b353e2196a05006a61a0969f4021aab54bf75b06eb85a5b09eacc2a410ab1d775556cc0e42062a6cc2f6417a91d6313c1056f8fa30c010b136f51cca3accb4ad7bbae6ad16d8347cdf998c0b10efc73668858d43167b32da144ca4c0a700c308f4ffdc7c3a2e9f825ccd430750944ee5156933613d86428fd4fbb511f71bd508422f7d053016bfc60c33f29a33c0d948e6a64b74c0500c1df1d23c21a91239b00b3008be94ac4753d9febc8c6ee1542799a0940d56081f4060c3a94e10577557c797e4221f1b8604cd5235f1e99e05f1f24654f82e94f9d05e6f6bd0b45c874b3bed03dc0fb6ec8424afa1fde8943abb397a9daa462d1fab1ed74f015e879dc453183b34e1439c06b97c37edc0af851a0662e30f84896c1f58f5a152be36367cd6eb49a10f7abe6870ebd5bbc6075e39fd41f9e7ca953fd81d349050e41d39c9439c0d97e3cbaaccc7cc50209bf66875a1f8d079ef2d9c12ae411def057cbc050d3ca47382838b2a1763cf69bd1598e95ae2de6d482049f72fd567210711f5a88a42118c0366a5b9e7edac573832d28803f07b5bbb45f1497d4787b70a733a7b3091a4c4b9f75735978812b7a3925a8ddc4f445219149296b8f01e0019e3fa9a2d5c565f58d88f784a38f80c29f6dad2cd780e380bfa4ceef4bbd8075478a1637fc45432d0232f97fdca554b98818521368b9f413be55be6d18243d17a79d2aa0441700476376c097e553965daa60405760e083d5c35bf29881949bd549aa5f030c49c18c392bc5548c7a060ffd4fba50152b016e8081e12ce6db0b874fffe01d1bd771460d819dac67285022e05b8542c20e8c4b2f5122ba8e7018ea202282bd994124a7eff97fdc334d05e00b02207fc58339ff9383419d6ea07e004da8cee3016e12063729d1ced714ff8f7384e15ff733c40500000000000000713ece05e42eaad9223efb2d0d3095298a6d1a99300cdd4bb4ffcd17b724c58c9b876ab5f8da8cb8e80a8a6ef63fbf76e9458d9100360cd93d59b6864740f5aff180eff2d024a7d4e4ebbc05912e7460bd82db18809cb492482ec31216a29fbfe5dc23190613f4a33fd833925d58e0ea2b2ce917c4a985ed60c8577dccd179359cd500ddb9d6a301758d24a7c8bce0b334b5a9c983685cccabdbd730ac4b4a854bd77203792052ebfcdd48c32b2605ba94cafab278c7f67bd31807338a20573d389bbda1b6c6755ca184efbdba7e0c4c23e371c2e8ebc9396c3eb0ee0f364979e94472cf8e345f9331ab790b4f5bca5cde763147a2039febbc5a35aaa417dc6e0efb91f2543dd8c62825713549ccfc0026111e0e8681562d6a6cfa531674ecb26f8df41a615df415ff6425c1613becaafd6c4cb1cfe8089f1535214ecc0fa8b55404220568321fa86f32d8da62882a8f219be80032bea11c8b98ce19f90b8401defb59153488019e225f38e2896ad68bed8a0f7a7ae8c0db205c523cd409832cb43ab923c01a5b13f3863d56fabecbe0c6c9ac8aceddd5560d529f030e642a856c321565a9519bb5db4f641c6132f49bf690c73dde49d89f18deb7b4e898dc140296494b20fd77883e4f1ae196cd4274cf32ac55729803057b8a3c587638fec2e5b935ce14b28ca6f22b6651acdd574f637a74e6f83df7e211cc68ff039ce852db28ac1ce17b3f27fc2b6c2512605a83c16796dd38c57cdd5a5f24ef918476ad30f03453a9f82e50dd2e721baf3506a0d602f0c905c3f801d237c89964bd78d4814b41436deaff0d68e6728f512681444fa177a700258c9ddcb1fca184710d846f333453228a5a9bfee79dffffd559415000"/4101], 0x1008) (async, rerun: 32) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f00000001c0)=""/102) (rerun: 32) [ 3034.750582][ T1266] active_file 0 14:00:08 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) getsockname$inet6(r0, 0x0, &(0x7f0000000300)=0xe0ffffff) 14:00:09 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000064000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3034.786702][T14923] sit0: mtu greater than device maximum [ 3034.924933][T15024] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3034.925884][ T1266] unevictable 0 [ 3035.016618][ T1266] hierarchical_memory_limit 314572800 [ 3035.083686][ T1266] hierarchical_memsw_limit 9223372036854771712 [ 3035.147380][ T1266] total_cache 266727424 [ 3035.165698][ T1266] total_rss 802816 [ 3035.181997][ T1266] total_rss_huge 0 [ 3035.202970][ T1266] total_shmem 266727424 14:00:09 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x26d, 0x0, 0x0, 0x0) 14:00:09 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$inet6(r0, &(0x7f0000001540)={&(0x7f0000000080)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x18, 0x0}, 0x20004000) 14:00:09 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000040)={{0x0, 0x6, 0xffffffff, 0x2, 'syz1\x00', 0x8000}, 0x5, 0x20000000, 0x4, 0x0, 0x5, 0x1, 'syz0\x00', &(0x7f0000000000)=['%[\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '\x00', '$*\x00'], 0x2d}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 14:00:09 executing program 0: syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x6a3, 0xccd, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) 14:00:09 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000068000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3035.227632][ T1266] total_mapped_file 102621184 [ 3035.232401][ T1266] total_dirty 0 [ 3035.235890][ T1266] total_writeback 0 14:00:09 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000040)={{0x0, 0x6, 0xffffffff, 0x2, 'syz1\x00', 0x8000}, 0x5, 0x20000000, 0x4, 0x0, 0x5, 0x1, 'syz0\x00', &(0x7f0000000000)=['%[\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '\x00', '$*\x00'], 0x2d}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) [ 3035.309780][T15032] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:09 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x891f, &(0x7f0000000e00)={'vcan0\x00'}) [ 3035.416133][ T1266] total_workingset_refault_anon 916 14:00:09 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000006c000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3035.454903][ T1266] total_workingset_refault_file 0 14:00:09 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8991, &(0x7f0000000e00)={'vcan0\x00'}) [ 3035.553821][ T1266] total_swap 93622272 [ 3035.562019][T15126] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:09 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000040)={{0x0, 0x6, 0xffffffff, 0x2, 'syz1\x00', 0x8000}, 0x5, 0x20000000, 0x4, 0x0, 0x5, 0x1, 'syz0\x00', &(0x7f0000000000)=['%[\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '\x00', '$*\x00'], 0x2d}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) [ 3035.596262][ T3905] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 3035.615670][ T1266] total_swapcached 16384 [ 3035.647758][ T1266] total_pgpgin 898802 [ 3035.704614][ T1266] total_pgpgout 833484 14:00:09 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000073000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:09 executing program 2: add_key(&(0x7f00000044c0)='keyring\x00', &(0x7f0000004500)={'syz', 0x3}, &(0x7f0000004540)="10", 0x1, 0xfffffffffffffffb) 14:00:10 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x8, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) r1 = syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2) fcntl$getownex(r1, 0x10, &(0x7f0000000040)) ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f00000000c0)={0x7, 0x7, 0x2, "11532a642213a1fee389368299f5e68ef857bffe76d01c7afa38d381356b2e2f", 0x36314d59}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/stat\x00', 0x0, 0x0) [ 3035.820236][ T1266] total_pgfault 992352 [ 3035.846119][ T3905] usb 1-1: Using ep0 maxpacket: 32 14:00:10 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x5452, 0x0) [ 3035.905850][T15252] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3035.931406][ T1266] total_pgmajfault 582 14:00:10 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x8, 0x0) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x8, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) r1 = syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2) fcntl$getownex(r1, 0x10, &(0x7f0000000040)) (async) fcntl$getownex(r1, 0x10, &(0x7f0000000040)) ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f00000000c0)={0x7, 0x7, 0x2, "11532a642213a1fee389368299f5e68ef857bffe76d01c7afa38d381356b2e2f", 0x36314d59}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/stat\x00', 0x0, 0x0) [ 3035.978324][ T3905] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 14:00:10 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8982, 0x0) 14:00:10 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000074000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3036.036336][ T1266] total_inactive_anon 123899904 [ 3036.041257][ T1266] total_active_anon 143597568 [ 3036.045969][ T1266] total_inactive_file 0 [ 3036.065973][ T1266] total_active_file 0 [ 3036.084113][ T1266] total_unevictable 0 [ 3036.102264][ T1266] anon_cost 0 [ 3036.114076][ T1266] file_cost 0 [ 3036.118062][T15274] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3036.129942][ T1266] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=7190,uid=0 [ 3036.160172][ T1266] Memory cgroup out of memory: Killed process 7190 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:11648kB, UID:0 pgtables:108kB oom_score_adj:1000 14:00:10 executing program 2: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020403fb1698e8"], 0x30}}, 0x0) 14:00:10 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x8, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) r1 = syz_open_dev$vivid(&(0x7f0000000000), 0x2, 0x2) fcntl$getownex(r1, 0x10, &(0x7f0000000040)) (async) ioctl$VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f00000000c0)={0x7, 0x7, 0x2, "11532a642213a1fee389368299f5e68ef857bffe76d01c7afa38d381356b2e2f", 0x36314d59}) (async) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/stat\x00', 0x0, 0x0) [ 3036.236848][ T3905] usb 1-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.40 [ 3036.245957][ T3905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3036.259546][ T3905] usb 1-1: Product: syz [ 3036.263768][ T3905] usb 1-1: Manufacturer: syz [ 3036.296475][ T3905] usb 1-1: SerialNumber: syz 14:00:10 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000075000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3036.369329][ T3905] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 3036.390895][T15369] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:10 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000077000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:10 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8907, 0x0) 14:00:10 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000580)={{0x8, 0x4, 0x2e3822d8, 0x6, 'syz0\x00', 0xff}, 0x1, [0x8000000000000001, 0x100, 0xffffffff, 0x72, 0x1000, 0x9, 0x1000, 0x4, 0x80, 0x6, 0x6, 0x3ff, 0x6, 0x10000, 0x1, 0x0, 0x3, 0x401, 0x3f, 0x200, 0x3, 0x3, 0x50, 0x7, 0xa0, 0x9, 0x8000000000000000, 0x401, 0x7, 0x10001, 0x10000, 0x5, 0x65, 0x8000000000000001, 0x4, 0x5, 0x100, 0x8c2, 0x9, 0x4, 0x1, 0x4, 0x8000000000000001, 0x7fffffffffffffff, 0x2, 0x7, 0x3ff, 0x0, 0x10000, 0x9, 0x9, 0xe12, 0x3ff, 0x8000000000000000, 0xe7, 0x0, 0x72a6, 0xb73, 0x8, 0x6, 0x1, 0x8, 0x1000, 0x56, 0xfb, 0x8, 0x2, 0x5, 0xd6, 0x9, 0x2, 0x7f, 0x3c7, 0x5, 0x95e7, 0x8, 0x3, 0x4, 0x7, 0x3, 0x40, 0x892b, 0x0, 0xffff, 0x1a46, 0x0, 0x43f, 0x8, 0x8, 0x6, 0x7ff, 0x9, 0x3ff, 0xffffffff, 0x200000000000, 0xffff, 0xe09, 0x2, 0xfffffffffffffff9, 0x1, 0xffffffffffff8000, 0x1000, 0x101, 0x3, 0x4a527e11, 0xfffffffffffffff7, 0x2, 0x402, 0x380000000, 0x81, 0x2, 0x85, 0xbc1, 0x6, 0x8000000000000000, 0x3, 0x2, 0x3, 0x58acc3a4, 0xff, 0x7, 0x4, 0x5, 0x2, 0x9, 0x1, 0x8, 0xfffffffffffffffc]}) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x10000) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f0000000040)=0xfffffffd) quotactl_fd$Q_SYNC(r1, 0xffffffff80000102, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) [ 3036.590240][T19333] usb 1-1: USB disconnect, device number 59 14:00:10 executing program 2: pipe2$watch_queue(0x0, 0x80) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$UHID_CREATE(r0, &(0x7f0000000080)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/60, 0x3c, 0x6, 0x7, 0x0, 0x40, 0x5}}, 0x120) 14:00:10 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000580)={{0x8, 0x4, 0x2e3822d8, 0x6, 'syz0\x00', 0xff}, 0x1, [0x8000000000000001, 0x100, 0xffffffff, 0x72, 0x1000, 0x9, 0x1000, 0x4, 0x80, 0x6, 0x6, 0x3ff, 0x6, 0x10000, 0x1, 0x0, 0x3, 0x401, 0x3f, 0x200, 0x3, 0x3, 0x50, 0x7, 0xa0, 0x9, 0x8000000000000000, 0x401, 0x7, 0x10001, 0x10000, 0x5, 0x65, 0x8000000000000001, 0x4, 0x5, 0x100, 0x8c2, 0x9, 0x4, 0x1, 0x4, 0x8000000000000001, 0x7fffffffffffffff, 0x2, 0x7, 0x3ff, 0x0, 0x10000, 0x9, 0x9, 0xe12, 0x3ff, 0x8000000000000000, 0xe7, 0x0, 0x72a6, 0xb73, 0x8, 0x6, 0x1, 0x8, 0x1000, 0x56, 0xfb, 0x8, 0x2, 0x5, 0xd6, 0x9, 0x2, 0x7f, 0x3c7, 0x5, 0x95e7, 0x8, 0x3, 0x4, 0x7, 0x3, 0x40, 0x892b, 0x0, 0xffff, 0x1a46, 0x0, 0x43f, 0x8, 0x8, 0x6, 0x7ff, 0x9, 0x3ff, 0xffffffff, 0x200000000000, 0xffff, 0xe09, 0x2, 0xfffffffffffffff9, 0x1, 0xffffffffffff8000, 0x1000, 0x101, 0x3, 0x4a527e11, 0xfffffffffffffff7, 0x2, 0x402, 0x380000000, 0x81, 0x2, 0x85, 0xbc1, 0x6, 0x8000000000000000, 0x3, 0x2, 0x3, 0x58acc3a4, 0xff, 0x7, 0x4, 0x5, 0x2, 0x9, 0x1, 0x8, 0xfffffffffffffffc]}) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x10000) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f0000000040)=0xfffffffd) (async) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f0000000040)=0xfffffffd) quotactl_fd$Q_SYNC(r1, 0xffffffff80000102, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 14:00:11 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000007a000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3036.803072][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3036.832112][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3036.848544][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3036.870061][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3036.890780][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 14:00:11 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000580)={{0x8, 0x4, 0x2e3822d8, 0x6, 'syz0\x00', 0xff}, 0x1, [0x8000000000000001, 0x100, 0xffffffff, 0x72, 0x1000, 0x9, 0x1000, 0x4, 0x80, 0x6, 0x6, 0x3ff, 0x6, 0x10000, 0x1, 0x0, 0x3, 0x401, 0x3f, 0x200, 0x3, 0x3, 0x50, 0x7, 0xa0, 0x9, 0x8000000000000000, 0x401, 0x7, 0x10001, 0x10000, 0x5, 0x65, 0x8000000000000001, 0x4, 0x5, 0x100, 0x8c2, 0x9, 0x4, 0x1, 0x4, 0x8000000000000001, 0x7fffffffffffffff, 0x2, 0x7, 0x3ff, 0x0, 0x10000, 0x9, 0x9, 0xe12, 0x3ff, 0x8000000000000000, 0xe7, 0x0, 0x72a6, 0xb73, 0x8, 0x6, 0x1, 0x8, 0x1000, 0x56, 0xfb, 0x8, 0x2, 0x5, 0xd6, 0x9, 0x2, 0x7f, 0x3c7, 0x5, 0x95e7, 0x8, 0x3, 0x4, 0x7, 0x3, 0x40, 0x892b, 0x0, 0xffff, 0x1a46, 0x0, 0x43f, 0x8, 0x8, 0x6, 0x7ff, 0x9, 0x3ff, 0xffffffff, 0x200000000000, 0xffff, 0xe09, 0x2, 0xfffffffffffffff9, 0x1, 0xffffffffffff8000, 0x1000, 0x101, 0x3, 0x4a527e11, 0xfffffffffffffff7, 0x2, 0x402, 0x380000000, 0x81, 0x2, 0x85, 0xbc1, 0x6, 0x8000000000000000, 0x3, 0x2, 0x3, 0x58acc3a4, 0xff, 0x7, 0x4, 0x5, 0x2, 0x9, 0x1, 0x8, 0xfffffffffffffffc]}) syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x10000) (async) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x10000) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f0000000040)=0xfffffffd) quotactl_fd$Q_SYNC(r1, 0xffffffff80000102, 0x0, 0x0) (async) quotactl_fd$Q_SYNC(r1, 0xffffffff80000102, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) [ 3036.909055][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3036.926837][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3036.944860][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3036.960864][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3036.980221][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.000194][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.017411][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.034645][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 14:00:11 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000087000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3037.058536][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.078582][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 14:00:11 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x894a, &(0x7f0000000e00)={'vcan0\x00'}) [ 3037.116216][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.146189][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 14:00:11 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) r1 = syz_open_dev$video4linux(&(0x7f0000000040), 0x2cf1389d, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x3011}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x100}}, './file0\x00'}) [ 3037.166284][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.186061][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.205600][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.226484][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.243796][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 14:00:11 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) r1 = syz_open_dev$video4linux(&(0x7f0000000040), 0x2cf1389d, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x3011}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x100}}, './file0\x00'}) syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) syz_open_dev$video4linux(&(0x7f0000000040), 0x2cf1389d, 0x0) (async) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x3011}) (async) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x100}}, './file0\x00'}) (async) [ 3037.271087][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.286453][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.305764][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 14:00:11 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8902, &(0x7f0000000e00)={'vcan0\x00'}) [ 3037.345558][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.373063][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.403276][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.425366][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.447219][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.476677][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.492091][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.507744][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.525507][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.541878][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.558736][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.576564][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.593006][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.616119][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.631463][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.648578][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.665293][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.681799][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.697612][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.713271][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.735354][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.743825][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.752810][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.761067][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.768739][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.776625][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.784151][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.791995][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.800106][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.807729][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.815456][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.830606][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.841762][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.862810][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.878551][T29740] hid-generic 0006:0007:0000.000A: unknown main item tag 0x0 [ 3037.912158][T29740] hid-generic 0006:0007:0000.000A: hidraw0: VIRTUAL HID v0.40 Device [syz1] on syz1 [ 3038.251859][ T30] oom_reaper: reaped process 7190 (syz-executor.4), now anon-rss:112kB, file-rss:8192kB, shmem-rss:11648kB [ 3038.273209][ T4298] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3038.284236][ T4298] CPU: 0 PID: 4298 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3038.293653][ T4298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3038.303745][ T4298] Call Trace: [ 3038.307053][ T4298] [ 3038.310007][ T4298] dump_stack_lvl+0x1e7/0x2e0 [ 3038.314726][ T4298] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3038.319962][ T4298] ? __pfx__printk+0x10/0x10 [ 3038.324600][ T4298] ? ___ratelimit+0x4c4/0x670 [ 3038.329341][ T4298] ? __pfx____ratelimit+0x10/0x10 [ 3038.334403][ T4298] dump_header+0xda/0x6a0 [ 3038.338784][ T4298] oom_kill_process+0x3a7/0x930 [ 3038.343673][ T4298] ? trace_contention_end+0x3c/0x100 [ 3038.348998][ T4298] out_of_memory+0xf67/0x1320 [ 3038.353718][ T4298] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3038.359387][ T4298] ? __pfx___mutex_lock+0x10/0x10 [ 3038.364463][ T4298] ? __pfx_out_of_memory+0x10/0x10 [ 3038.369634][ T4298] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3038.375233][ T4298] ? __pfx_lock_release+0x10/0x10 [ 3038.380300][ T4298] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3038.386397][ T4298] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3038.391631][ T4298] ? mem_cgroup_iter+0x422/0x560 [ 3038.396601][ T4298] try_charge_memcg+0xda2/0x18a0 [ 3038.401584][ T4298] ? __pfx_try_charge_memcg+0x10/0x10 [ 3038.406979][ T4298] ? percpu_ref_tryget+0x14/0x180 [ 3038.412045][ T4298] charge_memcg+0xa2/0x160 [ 3038.416489][ T4298] __mem_cgroup_charge+0x27/0x80 [ 3038.421473][ T4298] shmem_alloc_and_add_folio+0x393/0xde0 [ 3038.427146][ T4298] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3038.433332][ T4298] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3038.438576][ T4298] ? lockdep_hardirqs_on+0x98/0x140 [ 3038.443795][ T4298] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3038.449448][ T4298] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3038.455701][ T4298] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3038.462313][ T4298] shmem_write_begin+0x170/0x4d0 [ 3038.467370][ T4298] ? __pfx_shmem_write_begin+0x10/0x10 [ 3038.472855][ T4298] ? fault_in_iov_iter_readable+0x236/0x280 [ 3038.478779][ T4298] generic_perform_write+0x321/0x640 [ 3038.484090][ T4298] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3038.490017][ T4298] ? __pfx_generic_perform_write+0x10/0x10 [ 3038.495847][ T4298] ? mnt_put_write_access_file+0xc2/0x100 [ 3038.501599][ T4298] ? file_update_time+0x3ac/0x3e0 [ 3038.506649][ T4298] shmem_file_write_iter+0xfc/0x120 [ 3038.511867][ T4298] __kernel_write_iter+0x434/0x8c0 [ 3038.517007][ T4298] ? __pfx___kernel_write_iter+0x10/0x10 [ 3038.522665][ T4298] ? iov_iter_bvec+0x4e/0x1b0 [ 3038.527364][ T4298] ? iov_iter_bvec+0x4e/0x1b0 [ 3038.532065][ T4298] dump_user_range+0x46c/0x910 [ 3038.536858][ T4298] ? __pfx_dump_user_range+0x10/0x10 [ 3038.542153][ T4298] ? writenote+0x250/0x3b0 [ 3038.546602][ T4298] ? kmalloc_trace+0x1d6/0x360 [ 3038.551379][ T4298] ? elf_core_dump+0x2e01/0x4630 [ 3038.556327][ T4298] ? dump_emit+0x99/0xd0 [ 3038.560592][ T4298] elf_core_dump+0x3d5d/0x4630 [ 3038.565391][ T4298] ? __pfx_elf_core_dump+0x10/0x10 [ 3038.570690][ T4298] ? mark_lock+0x9a/0x350 [ 3038.575029][ T4298] ? mas_next_slot+0xeb2/0xf90 [ 3038.579812][ T4298] ? __lock_acquire+0x1345/0x1fd0 [ 3038.584907][ T4298] ? rcu_read_lock_any_held+0xb7/0x160 [ 3038.590386][ T4298] ? 0xffffffffff600000 [ 3038.594725][ T4298] ? getname_kernel+0x140/0x2f0 [ 3038.599603][ T4298] do_coredump+0x1baa/0x2b50 [ 3038.604213][ T4298] ? get_signal+0xbe1/0x1850 [ 3038.608856][ T4298] ? __pfx_do_coredump+0x10/0x10 [ 3038.613935][ T4298] ? _raw_spin_unlock_irq+0x23/0x50 [ 3038.619153][ T4298] ? lockdep_hardirqs_on+0x98/0x140 [ 3038.624370][ T4298] get_signal+0x146a/0x1850 [ 3038.628912][ T4298] ? __pfx_get_signal+0x10/0x10 [ 3038.633780][ T4298] ? __pfx_force_sig_fault+0x10/0x10 [ 3038.639087][ T4298] arch_do_signal_or_restart+0x96/0x860 [ 3038.644656][ T4298] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3038.650845][ T4298] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3038.656699][ T4298] irqentry_exit_to_user_mode+0x78/0x280 [ 3038.663652][ T4298] exc_page_fault+0x587/0x870 [ 3038.668353][ T4298] asm_exc_page_fault+0x26/0x30 [ 3038.673218][ T4298] RIP: 0033:0x7f8ab667ddb1 [ 3038.677642][ T4298] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3038.697264][ T4298] RSP: 002b:0000000000000190 EFLAGS: 00010217 [ 3038.703341][ T4298] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3038.711320][ T4298] RDX: 0000000000000000 RSI: 0000000000000190 RDI: 0000000000000000 [ 3038.719310][ T4298] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3038.727292][ T4298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3038.735365][ T4298] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3038.743361][ T4298] [ 3038.803931][ T4298] memory: usage 307200kB, limit 307200kB, failcnt 65509 [ 3038.830643][ T4298] memory+swap: usage 401620kB, limit 9007199254740988kB, failcnt 0 [ 3038.875633][ T4298] kmem: usage 44892kB, limit 9007199254740988kB, failcnt 0 [ 3038.895889][ T4298] Memory cgroup stats for /syz4: [ 3038.900287][ T4298] cache 267812864 14:00:13 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x26f, 0x0, 0x0, 0x0) 14:00:13 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000008d000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8913, &(0x7f0000000e00)={'vcan0\x00'}) 14:00:13 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) r1 = syz_open_dev$video4linux(&(0x7f0000000040), 0x2cf1389d, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x3011}) (async) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0x100}}, './file0\x00'}) 14:00:13 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x2, &(0x7f0000000e00)={'vcan0\x00'}) [ 3038.923945][ T4298] rss 774144 [ 3038.933206][ T4298] rss_huge 0 [ 3038.936782][ T4298] shmem 267812864 [ 3038.940459][ T4298] mapped_file 98054144 [ 3038.944549][ T4298] dirty 0 [ 3038.962095][ T4298] writeback 0 [ 3038.965440][ T4298] workingset_refault_anon 916 14:00:13 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x5421, 0x0) [ 3039.038074][ T4298] workingset_refault_file 0 14:00:13 executing program 2: clock_gettime(0x0, &(0x7f0000000440)) [ 3039.068184][T15800] __nla_validate_parse: 3 callbacks suppressed [ 3039.068215][T15800] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3039.105548][ T4298] swap 96686080 14:00:13 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x5450, 0x0) 14:00:13 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x292080) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000000)) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) [ 3039.151303][ T4298] swapcached 12288 14:00:13 executing program 0: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x1a9c00, 0x0) 14:00:13 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000094000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3039.234547][ T4298] pgpgin 903639 14:00:13 executing program 2: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) write$UHID_CREATE(r0, &(0x7f0000000080)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/60, 0x3c}}, 0x120) [ 3039.295857][ T4298] pgpgout 838064 14:00:13 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x292080) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0) (async) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000000)) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 14:00:13 executing program 0: syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x6a3, 0xccd, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x1f, 0x0, 0x3, 0x1, 0x3, 0xfa, {0x9, 0x21, 0x0, 0xc5}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x7f, 0x5c}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x0, 0x0, 0xd2}}]}}}]}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x300, 0x0, 0x0, 0xfb, 0x10}, 0x0, 0x0, 0x2, [{0x0, 0x0}, {0x0, 0x0}]}) socket$key(0xf, 0x3, 0x2) [ 3039.324099][ T4298] pgfault 994098 [ 3039.335994][T15912] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3039.383522][ T4298] pgmajfault 582 [ 3039.403495][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.409404][ T4298] inactive_anon 105189376 [ 3039.430855][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.433461][ T4298] active_anon 163405824 [ 3039.464302][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 14:00:13 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000097000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3039.482080][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.501908][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.512322][ T4298] inactive_file 0 [ 3039.524072][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.544061][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.564433][ T4298] active_file 0 [ 3039.576771][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.586567][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 14:00:13 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x292080) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0) (async) ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000000000)) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) [ 3039.606717][ T4298] unevictable 0 [ 3039.612079][T16016] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3039.621817][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.630353][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.641842][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.651564][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.662390][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.673059][ T4298] hierarchical_memory_limit 314572800 [ 3039.678751][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.689411][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.703057][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.706269][T29740] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 3039.717277][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.730514][ T4298] hierarchical_memsw_limit 9223372036854771712 14:00:14 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000009d000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3039.775472][ T4298] total_cache 267812864 [ 3039.780055][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.796401][ T4298] total_rss 774144 [ 3039.800297][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.827631][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.835092][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.869296][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.896258][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.903732][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 14:00:14 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x270, 0x0, 0x0, 0x0) 14:00:14 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000000)={0x3, 0x6, 0x1, 0xffff, '\x00', 0x8001}) [ 3039.921804][T16128] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3039.936543][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.944177][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.948676][ T4298] total_rss_huge 0 [ 3039.966116][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.973643][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.996217][T29740] usb 1-1: Using ep0 maxpacket: 32 [ 3039.996235][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3039.996267][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 14:00:14 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000000)={0x3, 0x6, 0x1, 0xffff, '\x00', 0x8001}) [ 3040.050020][ T4298] total_shmem 267812864 [ 3040.054248][ T4298] total_mapped_file 98054144 [ 3040.059561][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.076229][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.106323][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.113781][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.126180][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.133630][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 14:00:14 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000a5000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3040.156354][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.156841][T29740] usb 1-1: unable to get BOS descriptor or descriptor too short [ 3040.163783][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.163816][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 14:00:14 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000000)={0x3, 0x6, 0x1, 0xffff, '\x00', 0x8001}) [ 3040.216484][ T4298] total_dirty 0 [ 3040.250387][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.262350][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.274963][ T4298] total_writeback 0 [ 3040.277920][T29740] usb 1-1: config 1 interface 0 altsetting 31 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 3040.279866][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.311351][T16135] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3040.323871][T29740] usb 1-1: config 1 interface 0 has no altsetting 0 [ 3040.340025][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.357125][ T4298] total_workingset_refault_anon 916 [ 3040.362537][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.384888][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.409048][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 14:00:14 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) r1 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, 0x0, &(0x7f0000000100)) read$FUSE(0xffffffffffffffff, &(0x7f0000000580)={0x2020, 0x0, 0x0, 0x0}, 0x2020) statx(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x800, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = getegid() read$FUSE(0xffffffffffffffff, &(0x7f00000038c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) r8 = add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r7) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000780)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@broadcast}}, &(0x7f0000000280)=0xe8) r10 = getgid() keyctl$chown(0x4, r8, r9, r10) fsetxattr$system_posix_acl(r1, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x1, 0x2}, [{0x2, 0x4, 0xee01}, {0x2, 0x2, r2}], {0x4, 0x6}, [{0x8, 0x1, r3}, {0x8, 0x1, r4}, {}, {0x8, 0x0, r5}, {0x8, 0x6, r6}, {0x8, 0x1, r10}], {0x10, 0xc}, {0x20, 0x5}}, 0x64, 0x3) [ 3040.447770][ T4298] total_workingset_refault_file 0 [ 3040.451105][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.472854][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.485900][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 14:00:14 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000aa000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3040.493656][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.501793][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.510017][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.528397][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.543659][ T4298] total_swap 96686080 [ 3040.548604][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.563120][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.585921][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.586374][T29740] usb 1-1: string descriptor 0 read error: -22 [ 3040.594194][ T4298] total_swapcached 12288 [ 3040.609342][T16242] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3040.626155][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.628534][T29740] usb 1-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.40 [ 3040.633714][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 14:00:14 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) r1 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, 0x0, &(0x7f0000000100)) read$FUSE(0xffffffffffffffff, &(0x7f0000000580)={0x2020, 0x0, 0x0, 0x0}, 0x2020) statx(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x800, &(0x7f0000000080)) (async) statx(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x800, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = getegid() read$FUSE(0xffffffffffffffff, &(0x7f00000038c0)={0x2020}, 0x2020) (async) read$FUSE(0xffffffffffffffff, &(0x7f00000038c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)) (async) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) r8 = add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r7) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000780)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@broadcast}}, &(0x7f0000000280)=0xe8) r10 = getgid() keyctl$chown(0x4, r8, r9, r10) (async) keyctl$chown(0x4, r8, r9, r10) fsetxattr$system_posix_acl(r1, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x1, 0x2}, [{0x2, 0x4, 0xee01}, {0x2, 0x2, r2}], {0x4, 0x6}, [{0x8, 0x1, r3}, {0x8, 0x1, r4}, {}, {0x8, 0x0, r5}, {0x8, 0x6, r6}, {0x8, 0x1, r10}], {0x10, 0xc}, {0x20, 0x5}}, 0x64, 0x3) [ 3040.675538][T29740] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3040.684661][ T6006] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0 [ 3040.694658][ T4298] total_pgpgin 903639 [ 3040.721729][ T6006] hid-generic 0000:0000:0000.000B: hidraw0: HID v0.00 Device [syz1] on syz1 14:00:14 executing program 2: r0 = timerfd_create(0x1, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000000380)={{0x0, 0x3938700}, {0x77359400}}, &(0x7f00000003c0)) [ 3040.762190][T29740] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 3040.795557][ T4298] total_pgpgout 838064 14:00:15 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000af000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:15 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x274, 0x0, 0x0, 0x0) 14:00:15 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) r1 = socket$can_j1939(0x1d, 0x2, 0x7) getsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, 0x0, &(0x7f0000000100)) (async) read$FUSE(0xffffffffffffffff, &(0x7f0000000580)={0x2020, 0x0, 0x0, 0x0}, 0x2020) (async) statx(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x800, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) r4 = getegid() (async) read$FUSE(0xffffffffffffffff, &(0x7f00000038c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) r7 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) r8 = add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r7) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000780)={{{@in=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@broadcast}}, &(0x7f0000000280)=0xe8) r10 = getgid() keyctl$chown(0x4, r8, r9, r10) (async) fsetxattr$system_posix_acl(r1, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000240)={{}, {0x1, 0x2}, [{0x2, 0x4, 0xee01}, {0x2, 0x2, r2}], {0x4, 0x6}, [{0x8, 0x1, r3}, {0x8, 0x1, r4}, {}, {0x8, 0x0, r5}, {0x8, 0x6, r6}, {0x8, 0x1, r10}], {0x10, 0xc}, {0x20, 0x5}}, 0x64, 0x3) 14:00:15 executing program 2: syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0xfb, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) [ 3040.968936][ T4298] total_pgfault 994098 [ 3040.973083][ T4298] total_pgmajfault 582 [ 3040.980262][T29740] usb 1-1: USB disconnect, device number 60 [ 3041.011285][T16349] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3041.139305][ T4298] total_inactive_anon 105189376 [ 3041.144240][ T4298] total_active_anon 163405824 14:00:15 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000bf000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:15 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x704, 0x702) r1 = openat$damon_kdamond_pid(0xffffffffffffff9c, &(0x7f0000000180), 0x202440, 0x4c) r2 = syz_clone(0x10015000, &(0x7f00000001c0), 0x0, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)="3ac5d07096e5") ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000300)={{0xa, 0x5, 0x3a2, 0x5f39f3c0, '\x00', 0x40}, 0x0, 0x10, 0x2, r2, 0x0, 0x3, 'syz1\x00', &(0x7f00000002c0)}) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r1, 0xc1205531, &(0x7f0000000040)={0x1d4a, 0x4, 0x9, 0x401, '\x00', '\x00', '\x00', 0x9, 0x8ec, 0xff, 0x7ff, "7aaf730d22c8b95add986695bc7ea8f6"}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) [ 3041.316420][ T6434] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 3041.327163][ T4298] total_inactive_file 0 14:00:15 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) syz_open_dev$sndctrl(&(0x7f0000000000), 0x704, 0x702) (async) r1 = openat$damon_kdamond_pid(0xffffffffffffff9c, &(0x7f0000000180), 0x202440, 0x4c) (async) r2 = syz_clone(0x10015000, &(0x7f00000001c0), 0x0, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)="3ac5d07096e5") ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000300)={{0xa, 0x5, 0x3a2, 0x5f39f3c0, '\x00', 0x40}, 0x0, 0x10, 0x2, r2, 0x0, 0x3, 'syz1\x00', &(0x7f00000002c0)}) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r1, 0xc1205531, &(0x7f0000000040)={0x1d4a, 0x4, 0x9, 0x401, '\x00', '\x00', '\x00', 0x9, 0x8ec, 0xff, 0x7ff, "7aaf730d22c8b95add986695bc7ea8f6"}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) [ 3041.411101][ T4298] total_active_file 0 [ 3041.427482][T16457] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3041.506514][ T4298] total_unevictable 0 14:00:15 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@getnexthop={0x18}, 0x18}}, 0x0) [ 3041.560586][ T4298] anon_cost 0 [ 3041.567401][ T6434] usb 3-1: Using ep0 maxpacket: 16 14:00:15 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000d7000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:15 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x5451, 0x0) [ 3041.678919][ T4298] file_cost 0 [ 3041.706445][ T6434] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 14:00:15 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x704, 0x702) (async) syz_open_dev$sndctrl(&(0x7f0000000000), 0x704, 0x702) r1 = openat$damon_kdamond_pid(0xffffffffffffff9c, &(0x7f0000000180), 0x202440, 0x4c) r2 = syz_clone(0x10015000, &(0x7f00000001c0), 0x0, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)="3ac5d07096e5") ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000300)={{0xa, 0x5, 0x3a2, 0x5f39f3c0, '\x00', 0x40}, 0x0, 0x10, 0x2, r2, 0x0, 0x3, 'syz1\x00', &(0x7f00000002c0)}) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r1, 0xc1205531, &(0x7f0000000040)={0x1d4a, 0x4, 0x9, 0x401, '\x00', '\x00', '\x00', 0x9, 0x8ec, 0xff, 0x7ff, "7aaf730d22c8b95add986695bc7ea8f6"}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r1, 0xc1205531, &(0x7f0000000040)={0x1d4a, 0x4, 0x9, 0x401, '\x00', '\x00', '\x00', 0x9, 0x8ec, 0xff, 0x7ff, "7aaf730d22c8b95add986695bc7ea8f6"}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) [ 3041.756613][ T6434] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 3041.800854][ T4298] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=4298,uid=0 [ 3041.838101][T16573] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:16 executing program 0: request_key(&(0x7f00000003c0)='user\x00', &(0x7f0000000400)={'syz', 0x1}, &(0x7f0000000440)='syz', 0x0) 14:00:16 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x277, 0x0, 0x0, 0x0) [ 3041.946463][ T6434] usb 3-1: New USB device found, idVendor=056a, idProduct=00fb, bcdDevice= 0.40 [ 3041.966414][ T6434] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 3041.988014][ T6434] usb 3-1: Product: syz 14:00:16 executing program 0: request_key(&(0x7f00000003c0)='user\x00', &(0x7f0000000400)={'syz', 0x1}, &(0x7f0000000440)='syz', 0x0) [ 3042.006690][ T6434] usb 3-1: Manufacturer: syz [ 3042.011863][ T6434] usb 3-1: SerialNumber: syz 14:00:16 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x99, 0x4000) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000000)=0x1) 14:00:16 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000e1000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:16 executing program 0: request_key(&(0x7f00000003c0)='user\x00', &(0x7f0000000400)={'syz', 0x1}, &(0x7f0000000440)='syz', 0x0) 14:00:16 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x99, 0x4000) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000000)=0x1) syz_open_dev$sndctrl(&(0x7f0000000040), 0x99, 0x4000) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000000)=0x1) (async) [ 3042.180023][ T4298] Memory cgroup out of memory: Killed process 4298 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:11520kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3042.183030][T16685] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:16 executing program 0: request_key(&(0x7f00000003c0)='user\x00', &(0x7f0000000400)={'syz', 0x1}, &(0x7f0000000440)='syz', 0x0) [ 3042.316857][ T6434] usbhid 3-1:1.0: can't add hid device: -22 [ 3042.355343][ T6434] usbhid: probe of 3-1:1.0 failed with error -22 [ 3042.399818][ T6434] usb 3-1: USB disconnect, device number 14 14:00:16 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000ef000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:16 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x99, 0x4000) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000000)=0x1) 14:00:16 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8929, &(0x7f0000000e00)={'vcan0\x00'}) 14:00:16 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000f9000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:16 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="780000002400518600"/20, @ANYRES32=r3, @ANYBLOB="00000000ffffffff0000000008000100736671"], 0x78}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{}, [@TCA_EM_META_HDR={0xc, 0x1, {{}, {0x4}}}]}}]}]}]}}]}, 0x6c}}, 0x0) 14:00:17 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) r1 = socket(0x10, 0x400000000080803, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) read$FUSE(r2, &(0x7f0000002ac0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000480)=@ethtool_ringparam={0x4, 0x0, 0x5, 0x9, 0xbb5f}}) syz_clone3(&(0x7f0000004b40)={0x2902080, &(0x7f0000000800), &(0x7f0000000840), &(0x7f0000000880), {0x39}, &(0x7f00000008c0)=""/172, 0xac, &(0x7f0000000980)=""/68, &(0x7f0000004b00)=[r3, 0x0], 0x2, {r2}}, 0x58) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x4, 0x6, 0x9, 0x43de, 'syz0\x00', 0xf54}, 0x1, 0x400, 0xfff, r3, 0x9, 0x0, 'syz1\x00', &(0x7f0000000000)=['\'&\x00', '\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '\x00', '\xf7:\'#\xdd(##\x00', '\xd1\x00', '/dev/snd/controlC#\x00'], 0x5c}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 14:00:17 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000006340)=[{{&(0x7f0000000400)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="24000000000000002900000002"], 0x28}}], 0x1, 0x0) 14:00:17 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x20040006}) 14:00:17 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000fd000000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3043.070413][T16906] bridge0: port 3(erspan0) entered blocking state [ 3043.100232][T16906] bridge0: port 3(erspan0) entered disabled state [ 3043.111042][T16819] cgroup: fork rejected by pids controller in /syz4 [ 3043.133069][T16906] erspan0: entered allmulticast mode [ 3043.183969][T16906] erspan0: entered promiscuous mode [ 3043.214405][T16906] bridge0: port 3(erspan0) entered blocking state [ 3043.221080][T16906] bridge0: port 3(erspan0) entered forwarding state 14:00:17 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) r1 = socket(0x10, 0x400000000080803, 0x0) fcntl$dupfd(r1, 0x0, r1) (async) r2 = fcntl$dupfd(r1, 0x0, r1) read$FUSE(r2, &(0x7f0000002ac0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000480)=@ethtool_ringparam={0x4, 0x0, 0x5, 0x9, 0xbb5f}}) syz_clone3(&(0x7f0000004b40)={0x2902080, &(0x7f0000000800), &(0x7f0000000840), &(0x7f0000000880), {0x39}, &(0x7f00000008c0)=""/172, 0xac, &(0x7f0000000980)=""/68, &(0x7f0000004b00)=[r3, 0x0], 0x2, {r2}}, 0x58) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x4, 0x6, 0x9, 0x43de, 'syz0\x00', 0xf54}, 0x1, 0x400, 0xfff, r3, 0x9, 0x0, 'syz1\x00', &(0x7f0000000000)=['\'&\x00', '\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '\x00', '\xf7:\'#\xdd(##\x00', '\xd1\x00', '/dev/snd/controlC#\x00'], 0x5c}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 14:00:17 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000180)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @loopback}, {0x2, 0x0, @empty=0xfffffffe}}) 14:00:17 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000007010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:17 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r0}, 0x10) io_destroy(0x0) 14:00:17 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) r1 = socket(0x10, 0x400000000080803, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) read$FUSE(r2, &(0x7f0000002ac0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async, rerun: 64) ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000480)=@ethtool_ringparam={0x4, 0x0, 0x5, 0x9, 0xbb5f}}) (rerun: 64) syz_clone3(&(0x7f0000004b40)={0x2902080, &(0x7f0000000800), &(0x7f0000000840), &(0x7f0000000880), {0x39}, &(0x7f00000008c0)=""/172, 0xac, &(0x7f0000000980)=""/68, &(0x7f0000004b00)=[r3, 0x0], 0x2, {r2}}, 0x58) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x4, 0x6, 0x9, 0x43de, 'syz0\x00', 0xf54}, 0x1, 0x400, 0xfff, r3, 0x9, 0x0, 'syz1\x00', &(0x7f0000000000)=['\'&\x00', '\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '/dev/snd/controlC#\x00', '\x00', '\xf7:\'#\xdd(##\x00', '\xd1\x00', '/dev/snd/controlC#\x00'], 0x5c}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) 14:00:17 executing program 0: open(&(0x7f0000000140)='./file0\x00', 0x149442, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f00000032c0)=[{{&(0x7f0000000040)=@xdp={0x2c, 0x8, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000140)='O', 0x1}], 0x1}}], 0x1, 0x0) 14:00:17 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000000f010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:18 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x409, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_PROXYARP_WIFI={0x5}]}}}]}, 0x44}}, 0x0) 14:00:18 executing program 0: r0 = syz_open_dev$vcsu(&(0x7f0000000b80), 0x2, 0x0) lseek(r0, 0x0, 0x0) 14:00:18 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000031010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:18 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) sched_setaffinity(0xffffffffffffffff, 0x8, &(0x7f0000000700)=0x7) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000005c0)={{0x1, 0x5, 0x7, 0x101, '\x00', 0xfffffffb}, 0x3, 0x20000000, 0x80000001, r1, 0x6, 0x9, 'syz1\x00', &(0x7f0000000580)=['syz0\x00', '$\x00', 'syz0\x00', '\x00', '^\x00', '\x00'], 0x10}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x9, 0x1, 0x802, 0x7, 'syz0\x00', 0x9}, 0x0, [0x4, 0x1, 0x7, 0xfff, 0x9, 0x0, 0x2, 0xffffffffffffff7f, 0x8000000000000000, 0x1, 0x80, 0x8001, 0x4ffffffff, 0x6, 0x80000000006, 0x81, 0x1ff, 0xa, 0x8000000000000000, 0x6, 0x10001, 0x3, 0x8, 0x8, 0x3, 0x800, 0x3, 0x1, 0xfffffffffffffffe, 0x20004, 0x5, 0x520000000000, 0x3f, 0x731, 0x2, 0xfffffffffffffffc, 0x2, 0x9fb, 0x4, 0x7, 0x0, 0x6, 0x8, 0x7fff, 0x3feffd, 0x5, 0x5, 0x8, 0x0, 0x0, 0x0, 0x3, 0x4, 0x7fffffff, 0x0, 0x100000000, 0x1ff, 0x8001, 0x3, 0x0, 0x5, 0x3, 0x7fffffff, 0x6, 0x2, 0x3, 0x0, 0x3, 0x6, 0x1, 0x1, 0x9, 0xc66, 0x8, 0x1, 0xbd, 0x5, 0xffffffff00000001, 0x0, 0x3f, 0xffffffffffff374e, 0x59, 0x1000, 0x81, 0x8001, 0x8, 0x4, 0x7, 0x7, 0x7e3, 0x30000000000, 0x2, 0xffff, 0x0, 0x5, 0x7ff, 0x9, 0xfffffffffffffbdc, 0x200, 0x2, 0x8, 0x8, 0x35c, 0x6, 0x5615de4, 0x8, 0x1eea714a, 0x40, 0x6eac0d06, 0x4, 0x8001, 0xb91, 0x4, 0x1, 0xfff, 0x7, 0x0, 0x924e, 0x800, 0x100, 0x5, 0x8559, 0x3, 0x0, 0x100000000, 0x6c5d6e60, 0x3, 0x401]}) 14:00:18 executing program 0: r0 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_proto_private(r0, 0x894a, &(0x7f0000000000)="0ebc9744361c3192353a") [ 3044.080789][T17241] __nla_validate_parse: 8 callbacks suppressed [ 3044.080810][T17241] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:18 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) sched_setaffinity(0xffffffffffffffff, 0x8, &(0x7f0000000700)=0x7) (async) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000005c0)={{0x1, 0x5, 0x7, 0x101, '\x00', 0xfffffffb}, 0x3, 0x20000000, 0x80000001, r1, 0x6, 0x9, 'syz1\x00', &(0x7f0000000580)=['syz0\x00', '$\x00', 'syz0\x00', '\x00', '^\x00', '\x00'], 0x10}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x9, 0x1, 0x802, 0x7, 'syz0\x00', 0x9}, 0x0, [0x4, 0x1, 0x7, 0xfff, 0x9, 0x0, 0x2, 0xffffffffffffff7f, 0x8000000000000000, 0x1, 0x80, 0x8001, 0x4ffffffff, 0x6, 0x80000000006, 0x81, 0x1ff, 0xa, 0x8000000000000000, 0x6, 0x10001, 0x3, 0x8, 0x8, 0x3, 0x800, 0x3, 0x1, 0xfffffffffffffffe, 0x20004, 0x5, 0x520000000000, 0x3f, 0x731, 0x2, 0xfffffffffffffffc, 0x2, 0x9fb, 0x4, 0x7, 0x0, 0x6, 0x8, 0x7fff, 0x3feffd, 0x5, 0x5, 0x8, 0x0, 0x0, 0x0, 0x3, 0x4, 0x7fffffff, 0x0, 0x100000000, 0x1ff, 0x8001, 0x3, 0x0, 0x5, 0x3, 0x7fffffff, 0x6, 0x2, 0x3, 0x0, 0x3, 0x6, 0x1, 0x1, 0x9, 0xc66, 0x8, 0x1, 0xbd, 0x5, 0xffffffff00000001, 0x0, 0x3f, 0xffffffffffff374e, 0x59, 0x1000, 0x81, 0x8001, 0x8, 0x4, 0x7, 0x7, 0x7e3, 0x30000000000, 0x2, 0xffff, 0x0, 0x5, 0x7ff, 0x9, 0xfffffffffffffbdc, 0x200, 0x2, 0x8, 0x8, 0x35c, 0x6, 0x5615de4, 0x8, 0x1eea714a, 0x40, 0x6eac0d06, 0x4, 0x8001, 0xb91, 0x4, 0x1, 0xfff, 0x7, 0x0, 0x924e, 0x800, 0x100, 0x5, 0x8559, 0x3, 0x0, 0x100000000, 0x6c5d6e60, 0x3, 0x401]}) 14:00:18 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x6c, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0xc}}}, [@NL80211_ATTR_TID_CONFIG={0x34, 0x11d, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xfffffffffffffdd7}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc}]}]}, @NL80211_ATTR_TID_CONFIG={0x18, 0x11d, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x4}]}]}]}]}, 0x6c}}, 0x0) 14:00:18 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000035010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:18 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a0000000", @ANYRES16=r1, @ANYBLOB="11010000000000000000030000008c0001800d0001007564703a73797a3100000000080003000100000044000400200001000a004e230000045bff010000000000000000000000000001c7020000200002000a004e200000000800000000000000000000ffff00000000000800002c0004"], 0xa0}}, 0x0) [ 3044.350832][T17284] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3044.419070][T17309] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3044.690943][T17353] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 3044.716224][T17353] tipc: Invalid UDP bearer configuration [ 3044.716296][T17353] tipc: Enabling of bearer rejected, failed to enable media 14:00:19 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x27b, 0x0, 0x0, 0x0) 14:00:19 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x89fb, &(0x7f0000000780)={'sit0\x00', &(0x7f0000000740)={@local, @dev={0xac, 0x14, 0x14, 0x42}, 0x1f, 0xe}}) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00'}, 0x10) ppoll(&(0x7f0000000380)=[{0xffffffffffffffff, 0x3000}, {0xffffffffffffffff, 0x5040}, {0xffffffffffffffff, 0x400}, {r1, 0x400}, {}, {r1, 0x20}], 0x6, &(0x7f0000000400), &(0x7f0000000440)={[0x493edbc]}, 0x8) 14:00:19 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) sched_setaffinity(0xffffffffffffffff, 0x8, &(0x7f0000000700)=0x7) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000500)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000005c0)={{0x1, 0x5, 0x7, 0x101, '\x00', 0xfffffffb}, 0x3, 0x20000000, 0x80000001, r1, 0x6, 0x9, 'syz1\x00', &(0x7f0000000580)=['syz0\x00', '$\x00', 'syz0\x00', '\x00', '^\x00', '\x00'], 0x10}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f00000005c0)={{0x1, 0x5, 0x7, 0x101, '\x00', 0xfffffffb}, 0x3, 0x20000000, 0x80000001, r1, 0x6, 0x9, 'syz1\x00', &(0x7f0000000580)=['syz0\x00', '$\x00', 'syz0\x00', '\x00', '^\x00', '\x00'], 0x10}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x9, 0x1, 0x802, 0x7, 'syz0\x00', 0x9}, 0x0, [0x4, 0x1, 0x7, 0xfff, 0x9, 0x0, 0x2, 0xffffffffffffff7f, 0x8000000000000000, 0x1, 0x80, 0x8001, 0x4ffffffff, 0x6, 0x80000000006, 0x81, 0x1ff, 0xa, 0x8000000000000000, 0x6, 0x10001, 0x3, 0x8, 0x8, 0x3, 0x800, 0x3, 0x1, 0xfffffffffffffffe, 0x20004, 0x5, 0x520000000000, 0x3f, 0x731, 0x2, 0xfffffffffffffffc, 0x2, 0x9fb, 0x4, 0x7, 0x0, 0x6, 0x8, 0x7fff, 0x3feffd, 0x5, 0x5, 0x8, 0x0, 0x0, 0x0, 0x3, 0x4, 0x7fffffff, 0x0, 0x100000000, 0x1ff, 0x8001, 0x3, 0x0, 0x5, 0x3, 0x7fffffff, 0x6, 0x2, 0x3, 0x0, 0x3, 0x6, 0x1, 0x1, 0x9, 0xc66, 0x8, 0x1, 0xbd, 0x5, 0xffffffff00000001, 0x0, 0x3f, 0xffffffffffff374e, 0x59, 0x1000, 0x81, 0x8001, 0x8, 0x4, 0x7, 0x7, 0x7e3, 0x30000000000, 0x2, 0xffff, 0x0, 0x5, 0x7ff, 0x9, 0xfffffffffffffbdc, 0x200, 0x2, 0x8, 0x8, 0x35c, 0x6, 0x5615de4, 0x8, 0x1eea714a, 0x40, 0x6eac0d06, 0x4, 0x8001, 0xb91, 0x4, 0x1, 0xfff, 0x7, 0x0, 0x924e, 0x800, 0x100, 0x5, 0x8559, 0x3, 0x0, 0x100000000, 0x6c5d6e60, 0x3, 0x401]}) 14:00:19 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000038010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:19 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_delroute={0x34, 0x19, 0x1, 0x0, 0x0, {}, [@RTA_ENCAP_TYPE={0x6}, @RTA_ENCAP={0x10, 0x16, 0x0, 0x1, @SEG6_LOCAL_BPF={0xc, 0x8, 0x0, 0x1, @SEG6_LOCAL_BPF_PROG_NAME={0x6, 0x2, '$\x00'}}}]}, 0x34}}, 0x0) 14:00:19 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r0}, 0x10) clock_gettime(0x0, &(0x7f00000003c0)) 14:00:19 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000ff7000/0x9000)=nil, 0x9002, 0x5c8902a0ffffffff, 0x20012, r0, 0x0) [ 3045.376438][T17369] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:19 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x2}]}}}]}, 0x3c}}, 0x0) 14:00:19 executing program 0: r0 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_proto_private(r0, 0x8949, &(0x7f0000000000)="0ebc9744361c3192353a") 14:00:19 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000000)=0x80000001) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000080)="6f1f2771b42757dc0df474ecf7eaf22ffeac49aa677ed4128509d730279e4057b8bbbc9b9e0196d41f8e12e07f21fd662f24752446d6136f075187c037d7c67413ff0d64a24fab01061f5f2ca160f6e08783eedbd39ba183cac4bba3a4d9f1fdcbeeffb1324b2e36822a5199b4d4", &(0x7f0000000100)=@tcp=r2, 0x1}, 0x20) 14:00:19 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000039010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:19 executing program 2: r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket(0x10, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000000c0)={'wg2\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@ipv4_deladdr={0x20, 0x15, 0x401, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, r2}, [@IFA_LOCAL={0x8, 0x2, @multicast2}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000c0}, 0x8548300d03a2aff0) 14:00:19 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_delrule={0x1c, 0x1e, 0x1, 0x0, 0x0, {0x18}}, 0x1c}}, 0x0) 14:00:19 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000000)=0x80000001) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000080)="6f1f2771b42757dc0df474ecf7eaf22ffeac49aa677ed4128509d730279e4057b8bbbc9b9e0196d41f8e12e07f21fd662f24752446d6136f075187c037d7c67413ff0d64a24fab01061f5f2ca160f6e08783eedbd39ba183cac4bba3a4d9f1fdcbeeffb1324b2e36822a5199b4d4", &(0x7f0000000100)=@tcp=r2, 0x1}, 0x20) syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000000)=0x80000001) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040), 0x4) (async) socket$inet_tcp(0x2, 0x1, 0x0) (async) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000080)="6f1f2771b42757dc0df474ecf7eaf22ffeac49aa677ed4128509d730279e4057b8bbbc9b9e0196d41f8e12e07f21fd662f24752446d6136f075187c037d7c67413ff0d64a24fab01061f5f2ca160f6e08783eedbd39ba183cac4bba3a4d9f1fdcbeeffb1324b2e36822a5199b4d4", &(0x7f0000000100)=@tcp=r2, 0x1}, 0x20) (async) [ 3045.703042][T17474] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:20 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000045010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:20 executing program 0: r0 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_proto_private(r0, 0x8930, &(0x7f0000000000)="0ebc9744361c3192353a") 14:00:20 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0xa, 0x80c20001000002}]}}}]}, 0x40}}, 0x0) 14:00:20 executing program 0: creat(0x0, 0x0) write$cgroup_devices(0xffffffffffffffff, 0x0, 0x8) ftruncate(0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) bind$unix(r0, &(0x7f0000001640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = fcntl$dupfd(r1, 0x0, r0) accept4$packet(r2, 0x0, 0x0, 0x0) recvmsg(r2, &(0x7f0000001600)={&(0x7f0000000000)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x80, &(0x7f0000001580)=[{0x0}, {&(0x7f0000000280)=""/4096, 0x1000}, {&(0x7f0000001280)=""/201, 0xc9}, {&(0x7f0000001380)=""/229, 0xe5}, {&(0x7f0000001480)=""/202, 0xca}], 0x5}, 0x0) [ 3045.938837][T17503] netlink: 'syz-executor.2': attribute type 10 has an invalid length. [ 3045.963094][T17499] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:20 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4) recvmmsg(r0, &(0x7f0000005740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) 14:00:20 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000000)=0x80000001) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000080)="6f1f2771b42757dc0df474ecf7eaf22ffeac49aa677ed4128509d730279e4057b8bbbc9b9e0196d41f8e12e07f21fd662f24752446d6136f075187c037d7c67413ff0d64a24fab01061f5f2ca160f6e08783eedbd39ba183cac4bba3a4d9f1fdcbeeffb1324b2e36822a5199b4d4", &(0x7f0000000100)=@tcp=r2, 0x1}, 0x20) 14:00:20 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000047010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:20 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000006340)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @dev}, 0x1c, 0x0}}, {{&(0x7f0000000400)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="24000000000000002900000036000000fe03"], 0x28}}], 0x2, 0x0) 14:00:20 executing program 0: r0 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_proto_private(r0, 0x8990, &(0x7f0000000000)="0ebc9744361c3192353a") 14:00:20 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x18c00) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000040)={{0x4, 0x5, 0x0, 0x3, '\x00', 0xda9}, 0x1, [0x7, 0x8000000000000000, 0xffff, 0x40d, 0x5, 0x7, 0x8, 0x4, 0x1, 0x4115, 0xb2d, 0x5, 0x9, 0x8, 0x80, 0x7fffffff, 0x5, 0x3, 0x100000001, 0xcd, 0xf7, 0xfc, 0x5, 0x2, 0x2, 0x2, 0x1, 0x2, 0x0, 0x0, 0x8, 0x9, 0xb, 0x7, 0xffffffffffff8000, 0x1, 0x2, 0x100000001, 0x1, 0x2, 0x8000000000000001, 0xfff, 0x0, 0x8001, 0x3ff, 0x7, 0x6, 0x5, 0x100, 0x7f, 0x7, 0x10001, 0x2, 0x7ff, 0x80000001, 0xff, 0x1, 0x2, 0x3, 0x3, 0x861, 0x1, 0x0, 0xff, 0x4, 0x8000000000000001, 0x3f, 0x291, 0x1000, 0x5, 0x1ff, 0x80000001, 0x200, 0x8, 0x3, 0x4, 0x7, 0x0, 0xf28, 0x61847c29, 0x1, 0x4127, 0x8, 0x1, 0x0, 0x100000001, 0x40, 0x2, 0x20, 0x4, 0xffff, 0xce2, 0x2, 0xe0, 0x100, 0xfffffffffffffff7, 0xe3, 0x2, 0x7, 0x6, 0x7, 0x5, 0x9, 0x7, 0x7, 0x4, 0x7, 0x1ff, 0x101, 0x6d, 0x4c9d, 0x1, 0x3, 0x7, 0x3ff, 0x4, 0x0, 0x6, 0x0, 0x3f, 0xfff, 0x6, 0x7ff, 0x9993, 0xfffffffffffffff9, 0x0, 0x101, 0x2]}) [ 3046.248026][T17597] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:20 executing program 2: r0 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_proto_private(r0, 0x8924, &(0x7f0000000000)="0ebc9744361c3192353a") 14:00:20 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x18c00) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000040)={{0x4, 0x5, 0x0, 0x3, '\x00', 0xda9}, 0x1, [0x7, 0x8000000000000000, 0xffff, 0x40d, 0x5, 0x7, 0x8, 0x4, 0x1, 0x4115, 0xb2d, 0x5, 0x9, 0x8, 0x80, 0x7fffffff, 0x5, 0x3, 0x100000001, 0xcd, 0xf7, 0xfc, 0x5, 0x2, 0x2, 0x2, 0x1, 0x2, 0x0, 0x0, 0x8, 0x9, 0xb, 0x7, 0xffffffffffff8000, 0x1, 0x2, 0x100000001, 0x1, 0x2, 0x8000000000000001, 0xfff, 0x0, 0x8001, 0x3ff, 0x7, 0x6, 0x5, 0x100, 0x7f, 0x7, 0x10001, 0x2, 0x7ff, 0x80000001, 0xff, 0x1, 0x2, 0x3, 0x3, 0x861, 0x1, 0x0, 0xff, 0x4, 0x8000000000000001, 0x3f, 0x291, 0x1000, 0x5, 0x1ff, 0x80000001, 0x200, 0x8, 0x3, 0x4, 0x7, 0x0, 0xf28, 0x61847c29, 0x1, 0x4127, 0x8, 0x1, 0x0, 0x100000001, 0x40, 0x2, 0x20, 0x4, 0xffff, 0xce2, 0x2, 0xe0, 0x100, 0xfffffffffffffff7, 0xe3, 0x2, 0x7, 0x6, 0x7, 0x5, 0x9, 0x7, 0x7, 0x4, 0x7, 0x1ff, 0x101, 0x6d, 0x4c9d, 0x1, 0x3, 0x7, 0x3ff, 0x4, 0x0, 0x6, 0x0, 0x3f, 0xfff, 0x6, 0x7ff, 0x9993, 0xfffffffffffffff9, 0x0, 0x101, 0x2]}) 14:00:20 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000006340)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @dev}, 0x1c, 0x0}}, {{&(0x7f0000000400)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="24000000000000002900000032000000ff0308ccc0ffff000000000000000000000001"], 0x28}}], 0x2, 0x0) 14:00:20 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000004f010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:20 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000006340)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @dev}, 0x1c, 0x0}}, {{&(0x7f0000000400)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)'], 0x28}}], 0x2, 0x0) 14:00:20 executing program 0: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) select(0x40, &(0x7f00000001c0)={0x1f}, 0x0, 0x0, 0x0) [ 3046.504562][T17615] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:20 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00'}, 0x10) getrlimit(0x0, &(0x7f0000000a00)) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000b80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x60, 0x60, 0x3, [@restrict={0x3, 0x0, 0x0, 0xb, 0x2}, @union={0xe, 0x5, 0x0, 0x5, 0x1, 0x0, [{0x4, 0x2, 0x3}, {0x1, 0x5, 0x9}, {0x6, 0x3, 0x7}, {0x0, 0x5}, {0x8, 0x3, 0x7}]}, @ptr={0x7, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x0]}}, &(0x7f0000000400)=""/25, 0x7b, 0x19, 0x0, 0x3}, 0x20) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='mlxsw_sp_acl_tcam_vregion_rehash\x00', r0}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000500)=@o_path={&(0x7f0000000380)='./file0\x00', 0x0, 0x8, r1}, 0x18) r2 = open(&(0x7f0000000100)='./file0\x00', 0x60c2, 0x0) r3 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) write(r2, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) sendfile(r2, r3, 0x0, 0xef85) 14:00:20 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000700000000000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x80) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write$binfmt_script(r0, &(0x7f0000000940)=ANY=[@ANYBLOB="2321202e2f66692c38934b793603793100202e26237d2b5d273a2b2f213a2f242073636865645f73774cf8c248f310766c616e310020766c616e300020267d5d212b28252e212d0a402c2d20766c616e2fc00e267ce038d4abca113861fdc45bfca10575a92cbc071e2f17d7be69adaae973d24c2add1cf7dae4bc2077d81e4855d677108f0a091d94fe9a7026943d08a24dde897d7db15569d3c420dc46d6c846e7dff453a2a5b977d5fccd48d8f800be1066a55ba75e909e58cafe0b0794d1f03bc7afd10000cbb26861d18bd713144f21ea373e33b9dafb63b2b91ffcc15dbbe32af0343a4a58f55136bf8a021ba63b65bdb1007f5ea6bdb3834aaf2ccee1085e50e90c66b83f3cd98b0baf42978bac16a003000000000000001c042769af0884f8eeec01c0503e6cfe9d3161acd5fa279c79bed04821a70e7ab7a517ad43ff63e88341801bcc39fe1613f7cf259bb4efe3cdb2227ec8c8d12e87d267c0b2a2086956baec18eb51d51b08dea50bc87bcc086f0d380baf4ffca00ca68eafaa70e8382f69128058293916f4b102533f43f79a29767019a38086923a2ef99e1d057826dc7c0195966bf69796717f0648f706e500000000000000000000000000000000000000000093e43dc261b62d23dba16e5f479df3e5fe614072e5f9015226858a884e7441e4d2e73f84a2ef7ea3c8a710ac253f4e35e39b5efcf7b4ffdbfd8595995e1fdbeca3"], 0x7b) 14:00:21 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x27d, 0x0, 0x0, 0x0) 14:00:21 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x18c00) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000040)={{0x4, 0x5, 0x0, 0x3, '\x00', 0xda9}, 0x1, [0x7, 0x8000000000000000, 0xffff, 0x40d, 0x5, 0x7, 0x8, 0x4, 0x1, 0x4115, 0xb2d, 0x5, 0x9, 0x8, 0x80, 0x7fffffff, 0x5, 0x3, 0x100000001, 0xcd, 0xf7, 0xfc, 0x5, 0x2, 0x2, 0x2, 0x1, 0x2, 0x0, 0x0, 0x8, 0x9, 0xb, 0x7, 0xffffffffffff8000, 0x1, 0x2, 0x100000001, 0x1, 0x2, 0x8000000000000001, 0xfff, 0x0, 0x8001, 0x3ff, 0x7, 0x6, 0x5, 0x100, 0x7f, 0x7, 0x10001, 0x2, 0x7ff, 0x80000001, 0xff, 0x1, 0x2, 0x3, 0x3, 0x861, 0x1, 0x0, 0xff, 0x4, 0x8000000000000001, 0x3f, 0x291, 0x1000, 0x5, 0x1ff, 0x80000001, 0x200, 0x8, 0x3, 0x4, 0x7, 0x0, 0xf28, 0x61847c29, 0x1, 0x4127, 0x8, 0x1, 0x0, 0x100000001, 0x40, 0x2, 0x20, 0x4, 0xffff, 0xce2, 0x2, 0xe0, 0x100, 0xfffffffffffffff7, 0xe3, 0x2, 0x7, 0x6, 0x7, 0x5, 0x9, 0x7, 0x7, 0x4, 0x7, 0x1ff, 0x101, 0x6d, 0x4c9d, 0x1, 0x3, 0x7, 0x3ff, 0x4, 0x0, 0x6, 0x0, 0x3f, 0xfff, 0x6, 0x7ff, 0x9993, 0xfffffffffffffff9, 0x0, 0x101, 0x2]}) 14:00:21 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000005d010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:21 executing program 0: socketpair(0x1e, 0x80805, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000002ec0)={'tunl0\x00', &(0x7f0000002e40)=@ethtool_coalesce={0x1}}) 14:00:21 executing program 2: r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x140}}, 0x0) getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0xab) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000024000b0e00"/20, @ANYRES32=r3, @ANYBLOB="00000000ffffffff0000000008000100687462001c0002001800020003"], 0x48}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {}, {0x6}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_HASH={0x8}]}}]}, 0x38}}, 0x0) 14:00:21 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x8, 0x3, 0x4, 0x0, 'syz1\x00', 0x3}, 0x0, [0x8000, 0x7, 0xfffffffffffeffff, 0x1ff, 0x138, 0x5, 0xd34, 0x1, 0xffff, 0x8000, 0x5, 0x5, 0x2a6befd4, 0xa0000000000000, 0x3, 0x6, 0x8, 0xfffffffffffffffc, 0x1, 0x1ff, 0x8, 0x5, 0x2, 0x10000, 0x41c2, 0x24000000, 0x1, 0xfffffffffffffffd, 0x217cadc0, 0x100, 0x100, 0x1000, 0x6f2, 0x0, 0x2, 0x80000000, 0x9, 0x8000, 0x5, 0x7, 0xfffffffffffff3f7, 0xab5f, 0x9, 0x174e, 0x5, 0x1c, 0x7fffffffffffffff, 0x1f, 0x7fff, 0x6, 0x9, 0x8, 0x2786, 0x1, 0xffffffff80000001, 0x8, 0x9, 0x0, 0x5, 0x8, 0x8, 0x4, 0x3a3, 0x9, 0x400, 0x9, 0x9, 0x8, 0x7, 0x6, 0x7fffffffffffffff, 0x800, 0x7, 0xffffffffffff0000, 0xfffffffffffffff9, 0xbd2c, 0x7bdc581e, 0x9, 0x8, 0x0, 0x100000001, 0x2, 0x8, 0x7fff, 0x10000, 0x80, 0x3, 0x400, 0x101, 0x0, 0x0, 0x7, 0x401, 0x3, 0x1, 0x8001, 0x81, 0x80000001, 0x8000000000000000, 0x6, 0x3, 0x79a6b632, 0x100, 0xffff, 0xc243, 0x2d, 0x9, 0x0, 0x4000000000, 0x6, 0x20, 0x0, 0xffff, 0x400, 0x6a2e, 0x0, 0xfffffffffffffffe, 0x3, 0x8001, 0x1, 0x3, 0x8001, 0xfffffffffffffffd, 0x10000, 0x6, 0x8af2, 0x1f, 0xfffffffffffffffa]}) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000700)={0x9, 0x7d04, 0x101, 0x7, '\x00', '\x00', '\x00', 0x8, 0x1, 0x7fffffff, 0x10000, "d5e54b7149d5bfc34097c9df368c8d96"}) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000680)={0x3, 0x4, 0x100, 0x7, &(0x7f0000000580)=[{}, {}, {}, {}]}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0x80045500, &(0x7f0000000500)) [ 3047.221970][T17727] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 14:00:21 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000080)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 14:00:21 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x8, 0x3, 0x4, 0x0, 'syz1\x00', 0x3}, 0x0, [0x8000, 0x7, 0xfffffffffffeffff, 0x1ff, 0x138, 0x5, 0xd34, 0x1, 0xffff, 0x8000, 0x5, 0x5, 0x2a6befd4, 0xa0000000000000, 0x3, 0x6, 0x8, 0xfffffffffffffffc, 0x1, 0x1ff, 0x8, 0x5, 0x2, 0x10000, 0x41c2, 0x24000000, 0x1, 0xfffffffffffffffd, 0x217cadc0, 0x100, 0x100, 0x1000, 0x6f2, 0x0, 0x2, 0x80000000, 0x9, 0x8000, 0x5, 0x7, 0xfffffffffffff3f7, 0xab5f, 0x9, 0x174e, 0x5, 0x1c, 0x7fffffffffffffff, 0x1f, 0x7fff, 0x6, 0x9, 0x8, 0x2786, 0x1, 0xffffffff80000001, 0x8, 0x9, 0x0, 0x5, 0x8, 0x8, 0x4, 0x3a3, 0x9, 0x400, 0x9, 0x9, 0x8, 0x7, 0x6, 0x7fffffffffffffff, 0x800, 0x7, 0xffffffffffff0000, 0xfffffffffffffff9, 0xbd2c, 0x7bdc581e, 0x9, 0x8, 0x0, 0x100000001, 0x2, 0x8, 0x7fff, 0x10000, 0x80, 0x3, 0x400, 0x101, 0x0, 0x0, 0x7, 0x401, 0x3, 0x1, 0x8001, 0x81, 0x80000001, 0x8000000000000000, 0x6, 0x3, 0x79a6b632, 0x100, 0xffff, 0xc243, 0x2d, 0x9, 0x0, 0x4000000000, 0x6, 0x20, 0x0, 0xffff, 0x400, 0x6a2e, 0x0, 0xfffffffffffffffe, 0x3, 0x8001, 0x1, 0x3, 0x8001, 0xfffffffffffffffd, 0x10000, 0x6, 0x8af2, 0x1f, 0xfffffffffffffffa]}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000700)={0x9, 0x7d04, 0x101, 0x7, '\x00', '\x00', '\x00', 0x8, 0x1, 0x7fffffff, 0x10000, "d5e54b7149d5bfc34097c9df368c8d96"}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000680)={0x3, 0x4, 0x100, 0x7, &(0x7f0000000580)=[{}, {}, {}, {}]}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0x80045500, &(0x7f0000000500)) 14:00:21 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000069010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:21 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) fstat(r0, &(0x7f0000003e00)) 14:00:21 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000061102c0000000000630a00ff000000009500000c00000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48) 14:00:21 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x8, 0x3, 0x4, 0x0, 'syz1\x00', 0x3}, 0x0, [0x8000, 0x7, 0xfffffffffffeffff, 0x1ff, 0x138, 0x5, 0xd34, 0x1, 0xffff, 0x8000, 0x5, 0x5, 0x2a6befd4, 0xa0000000000000, 0x3, 0x6, 0x8, 0xfffffffffffffffc, 0x1, 0x1ff, 0x8, 0x5, 0x2, 0x10000, 0x41c2, 0x24000000, 0x1, 0xfffffffffffffffd, 0x217cadc0, 0x100, 0x100, 0x1000, 0x6f2, 0x0, 0x2, 0x80000000, 0x9, 0x8000, 0x5, 0x7, 0xfffffffffffff3f7, 0xab5f, 0x9, 0x174e, 0x5, 0x1c, 0x7fffffffffffffff, 0x1f, 0x7fff, 0x6, 0x9, 0x8, 0x2786, 0x1, 0xffffffff80000001, 0x8, 0x9, 0x0, 0x5, 0x8, 0x8, 0x4, 0x3a3, 0x9, 0x400, 0x9, 0x9, 0x8, 0x7, 0x6, 0x7fffffffffffffff, 0x800, 0x7, 0xffffffffffff0000, 0xfffffffffffffff9, 0xbd2c, 0x7bdc581e, 0x9, 0x8, 0x0, 0x100000001, 0x2, 0x8, 0x7fff, 0x10000, 0x80, 0x3, 0x400, 0x101, 0x0, 0x0, 0x7, 0x401, 0x3, 0x1, 0x8001, 0x81, 0x80000001, 0x8000000000000000, 0x6, 0x3, 0x79a6b632, 0x100, 0xffff, 0xc243, 0x2d, 0x9, 0x0, 0x4000000000, 0x6, 0x20, 0x0, 0xffff, 0x400, 0x6a2e, 0x0, 0xfffffffffffffffe, 0x3, 0x8001, 0x1, 0x3, 0x8001, 0xfffffffffffffffd, 0x10000, 0x6, 0x8af2, 0x1f, 0xfffffffffffffffa]}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x8, 0x3, 0x4, 0x0, 'syz1\x00', 0x3}, 0x0, [0x8000, 0x7, 0xfffffffffffeffff, 0x1ff, 0x138, 0x5, 0xd34, 0x1, 0xffff, 0x8000, 0x5, 0x5, 0x2a6befd4, 0xa0000000000000, 0x3, 0x6, 0x8, 0xfffffffffffffffc, 0x1, 0x1ff, 0x8, 0x5, 0x2, 0x10000, 0x41c2, 0x24000000, 0x1, 0xfffffffffffffffd, 0x217cadc0, 0x100, 0x100, 0x1000, 0x6f2, 0x0, 0x2, 0x80000000, 0x9, 0x8000, 0x5, 0x7, 0xfffffffffffff3f7, 0xab5f, 0x9, 0x174e, 0x5, 0x1c, 0x7fffffffffffffff, 0x1f, 0x7fff, 0x6, 0x9, 0x8, 0x2786, 0x1, 0xffffffff80000001, 0x8, 0x9, 0x0, 0x5, 0x8, 0x8, 0x4, 0x3a3, 0x9, 0x400, 0x9, 0x9, 0x8, 0x7, 0x6, 0x7fffffffffffffff, 0x800, 0x7, 0xffffffffffff0000, 0xfffffffffffffff9, 0xbd2c, 0x7bdc581e, 0x9, 0x8, 0x0, 0x100000001, 0x2, 0x8, 0x7fff, 0x10000, 0x80, 0x3, 0x400, 0x101, 0x0, 0x0, 0x7, 0x401, 0x3, 0x1, 0x8001, 0x81, 0x80000001, 0x8000000000000000, 0x6, 0x3, 0x79a6b632, 0x100, 0xffff, 0xc243, 0x2d, 0x9, 0x0, 0x4000000000, 0x6, 0x20, 0x0, 0xffff, 0x400, 0x6a2e, 0x0, 0xfffffffffffffffe, 0x3, 0x8001, 0x1, 0x3, 0x8001, 0xfffffffffffffffd, 0x10000, 0x6, 0x8af2, 0x1f, 0xfffffffffffffffa]}) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000700)={0x9, 0x7d04, 0x101, 0x7, '\x00', '\x00', '\x00', 0x8, 0x1, 0x7fffffff, 0x10000, "d5e54b7149d5bfc34097c9df368c8d96"}) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000680)={0x3, 0x4, 0x100, 0x7, &(0x7f0000000580)=[{}, {}, {}, {}]}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000680)={0x3, 0x4, 0x100, 0x7, &(0x7f0000000580)=[{}, {}, {}, {}]}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0x80045500, &(0x7f0000000500)) 14:00:21 executing program 0: r0 = socket(0x1e, 0x2, 0x0) sendmsg$tipc(r0, &(0x7f0000000380)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{}, 0x3}}, 0x10, 0x0}, 0x0) 14:00:21 executing program 2: syslog(0x3, &(0x7f0000000000)=""/9, 0x9) 14:00:21 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x8002, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r0, 0x0, 0x0}, 0x20) 14:00:21 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000071010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:22 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) fcntl$getownex(r0, 0x10, &(0x7f0000003d80)) 14:00:22 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x8, 0x240000) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x6, 0x6, 0x40100, 0x2, 'syz1\x00'}, 0x5, 0x4, 0x1f, r1, 0x2, 0x1, 'syz1\x00', &(0x7f0000000040)=['/dev/snd/controlC#\x00', '#[}\x00'], 0x17}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000280)=ANY=[@ANYBLOB="010000ffffffffff7f000000e39bf61282f9a64a24a6dab621d3cad5c15d32fd08599e74c151b5a4ab30d92d61a2199daf17d5650000000000000000000000000000000000bbb44043439b18797bf6545540ce18628d9580d3128d923d4f5d50b22142664feb7685aed8cdcc055f8fd4dd1e57734a7b3241b23e7849b1880af9190de802bceb", @ANYRES32=r0, @ANYBLOB="00100000000000002e2f66696c653000"]) ioctl$KIOCSOUND(r2, 0x4b2f, 0x7ff) 14:00:22 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r0, &(0x7f0000006340)=[{{&(0x7f0000000040)={0xa, 0x4e21, 0x0, @dev}, 0x1c, 0x0}}, {{&(0x7f0000000400)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="24000000000000002900000032000000fc0308ccc0ffff000000000000000000000001"], 0x28}}], 0x2, 0x0) 14:00:22 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000089010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:22 executing program 2: r0 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_proto_private(r0, 0x8943, &(0x7f0000000000)="0ebc9744361c3192353a") 14:00:22 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x8, 0x240000) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x8, 0x240000) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x6, 0x6, 0x40100, 0x2, 'syz1\x00'}, 0x5, 0x4, 0x1f, r1, 0x2, 0x1, 'syz1\x00', &(0x7f0000000040)=['/dev/snd/controlC#\x00', '#[}\x00'], 0x17}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000280)=ANY=[@ANYBLOB="010000ffffffffff7f000000e39bf61282f9a64a24a6dab621d3cad5c15d32fd08599e74c151b5a4ab30d92d61a2199daf17d5650000000000000000000000000000000000bbb44043439b18797bf6545540ce18628d9580d3128d923d4f5d50b22142664feb7685aed8cdcc055f8fd4dd1e57734a7b3241b23e7849b1880af9190de802bceb", @ANYRES32=r0, @ANYBLOB="00100000000000002e2f66696c653000"]) (async) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000280)=ANY=[@ANYBLOB="010000ffffffffff7f000000e39bf61282f9a64a24a6dab621d3cad5c15d32fd08599e74c151b5a4ab30d92d61a2199daf17d5650000000000000000000000000000000000bbb44043439b18797bf6545540ce18628d9580d3128d923d4f5d50b22142664feb7685aed8cdcc055f8fd4dd1e57734a7b3241b23e7849b1880af9190de802bceb", @ANYRES32=r0, @ANYBLOB="00100000000000002e2f66696c653000"]) ioctl$KIOCSOUND(r2, 0x4b2f, 0x7ff) 14:00:22 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r0}, 0x10) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) readv(r1, 0x0, 0x0) 14:00:22 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5}, @IFLA_BR_MCAST_QUERY_USE_IFADDR={0x5, 0x18, 0x1}]}}}]}, 0x44}}, 0x0) 14:00:22 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/13], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x591002, 0x0) write$FUSE_WRITE(r0, &(0x7f0000000080)={0x18}, 0x18) 14:00:22 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000009d010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:22 executing program 0: r0 = open(&(0x7f0000000140)='./file0\x00', 0x149442, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r0, 0x6, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) 14:00:22 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x8, 0x240000) (async) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000080)={{0x6, 0x6, 0x40100, 0x2, 'syz1\x00'}, 0x5, 0x4, 0x1f, r1, 0x2, 0x1, 'syz1\x00', &(0x7f0000000040)=['/dev/snd/controlC#\x00', '#[}\x00'], 0x17}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000280)=ANY=[@ANYBLOB="010000ffffffffff7f000000e39bf61282f9a64a24a6dab621d3cad5c15d32fd08599e74c151b5a4ab30d92d61a2199daf17d5650000000000000000000000000000000000bbb44043439b18797bf6545540ce18628d9580d3128d923d4f5d50b22142664feb7685aed8cdcc055f8fd4dd1e57734a7b3241b23e7849b1880af9190de802bceb", @ANYRES32=r0, @ANYBLOB="00100000000000002e2f66696c653000"]) ioctl$KIOCSOUND(r2, 0x4b2f, 0x7ff) 14:00:22 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1, 0x2, 0x7, 0x7}, 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000240)={r0, &(0x7f0000000140), 0x0}, 0x20) 14:00:22 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x1d, &(0x7f0000000000), 0x4) 14:00:22 executing program 0: r0 = socket(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f0000000480)={&(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000180)='\tX', 0x2}], 0x1, &(0x7f0000000940)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @empty}}}, @ip_tos_u8={{0x11}}], 0x38}, 0x0) 14:00:22 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000a5010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:23 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x283, 0x0, 0x0, 0x0) 14:00:23 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) io_submit(0x0, 0x0, 0x0) 14:00:23 executing program 3: getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x2c, 0x0, 0xffffff2f, 0x6, 0x0}, &(0x7f0000000040)=0x10) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)={r0, 0x1, 0xa, [0xffff, 0xe7, 0xfff, 0x4, 0x4, 0x0, 0x0, 0x5, 0x4, 0x8]}, &(0x7f00000000c0)=0x1c) r1 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000003840)=""/89) 14:00:23 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)=@ipv6_deladdr={0x80, 0x15, 0x1, 0x0, 0x0, {}, [@IFA_FLAGS={0x8}, @IFA_FLAGS={0x8}, @IFA_LOCAL={0x14, 0x2, @private1}, @IFA_RT_PRIORITY={0x21}, @IFA_ADDRESS={0x14, 0x1, @dev}, @IFA_ADDRESS={0x14, 0x1, @private1}, @IFA_ADDRESS={0x14, 0x1, @local}]}, 0x80}}, 0x0) 14:00:23 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000ad010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:23 executing program 3: getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x2c, 0x0, 0xffffff2f, 0x6, 0x0}, &(0x7f0000000040)=0x10) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)={r0, 0x1, 0xa, [0xffff, 0xe7, 0xfff, 0x4, 0x4, 0x0, 0x0, 0x5, 0x4, 0x8]}, &(0x7f00000000c0)=0x1c) (async) r1 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000003840)=""/89) 14:00:23 executing program 0: r0 = open(&(0x7f0000000140)='./file0\x00', 0x149442, 0x0) ftruncate(r0, 0x200002) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) connect$pppl2tp(r1, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x6, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32) sendfile(r2, r0, 0x0, 0x80001d00c0d2) 14:00:23 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, &(0x7f0000002940)=ANY=[@ANYBLOB="18020000e2ffffff00000000000000c685000000360000009500001800000000922ae83713ab9600010000801b10fb54a8cb72d232ad558c46fff4208d4990ec11ce9413ac30e00bd0081f8504e19a5183d769676520e98a263345e44d5ad12bca35510100c4d86abeb12303ff1c9fe0d0020000d60400000007d3670000008aff66d6b3181ffc1d62a3954c1198bbc4fa13aee48ca9e8969faebf3183fe803ab3f5024b52dc265b36fc9dae00a09404f01f9504d0976d252bd8d24538556e5e57bee3b8cf464ef3c6a7def8bad3ca6e3abdb21696e340bb8e2a093add57196b40def3858ef569147fa4108328392d322ab5df10a2f69a6bdf72ee7944e810d0223917c3d042410f57466f59544047d6d8ac44060000000000ee16c729300d2301800000000000002b5a8b05fcc154ad5290a8cdb97c343f454ff69dd6cbde49b28a6cb5f4fc0001745cff6e00e7ffffff0000acf3209a08439f1ff01779b6f6df7e02aa6d7760525b595fe1f697bc114ed1778e97a3f0395f946974cfb458be2a34cf924dc37b5592bf17956f3547497aba814382ff67b345b677a9d6523d87008000000400000000003fe8613ca29ff92be0d8deffff7b68136b0046d535dd39c0f35408869e9b342b953f91447e6b9eab304f134306320600a44095254b45a6c1312a13696c7202df5f764713504facc532c5a6d44d99ec7530ed7b0311000000000000e54e9072a22d911f4a2c2e2fa806e63c5cd98a8569a6d6bcfb000064885117e2ad910eae67e0ebe380d0f648713e68153579e02d71c58d147b00821ab9a6475b31e1ebf1369a04000000fbf3983f283f2f00000000992774814d63c933912d000006000000a66acb0a38856929e7d8b1b06c9bd5d7e5490f3b8596b694ea9483bd4bd287c83dd998a74694d18bdd8ad0983bc90770bbd26a82b9d99d5fc04563b523c47ef8c33400e90d02000000000000000edf1147a7afe772cd45af8aeffe2753088e02ca6bb2feec446ce7dbce66f0a93a03371320980865c7c62ea4d8f8a864dce9fa85aeb0454349100296ee2dba39c3f6fd6cf96714e11fe03b5062809a7418b165dd0336d226bac1e1223be1c97b15175d0e664beb126000e96549e1a1228c686edb475b705eaa9515c96f4fc6b3c925ea404e0f1de61026dc6c6618580fd6ce9eac602c1756f6d1056712412131ed9925989e01eae489ec7052e0ed72c326c7a8aa63999e2297c54ce1822d14b7c7699a9d0600f11f2e7f474cffbc35bc8623cd5eb68af82275a940be0400000000000000bcc3fbe7d90de96d6a8e9f32f18d1f606b381e4903b500000000000000000000004a2357ba5f6000de1cfa88b7165dcf4f2aaee86d4802000000000000008fdb686d5da2a42e4b5024b6535811f362201d4f82012e6af704973d04ea923c19e6cb723c1923b3eea2d73e176dff383c9fbbac53dfdcb1a68c98e96fe39eec23963faf3ebed3409144c7c53d6318ced678010000009b01e9f2772e5f2999d3435da02556e36c3215d2bd4e96c93bff3ad04a82ff3cfadcf65eb92adc6c68d66b11cb2d7556414a86dfa94bb7aa52c7febb1e9b2efcbbc5bccf9d39bed802f4f056976a9a362ee9cc624ec454b90200fd9603f96908bddc14500000000000000000000000000044d917c62b27679913075731e8fddb07c10c82002d60181588ae63a440454287de9e340f611267f37bdd0f2d21cb06fcaf45a0a297e396f428d43371424b307eef82c5d6d19f3ef0d3b8f7fa51957e3099caab31133b34a1d3eebc0f0c9056df2e9667ba0b55695c7894010079b07e7aef7785e2486472b5cba1f3346c1e8e23deb8c82bb6eb2c72c484241dc3b66da78260f800fffd39368b952f6f4a10295c50c887a31d8b543c5d10f2dbd4d0b84eaad43feb6e169a9f2fcff7000000000000000000e011bc6366f56fa787f212c1f8c0f47f50b1e9b5d841ea55fe569bb7bf1e78191c8a02ad436725771738a2a98891971e3b932352896e1ea10f62e8ef7a87e16151b39d6c27575714540d8c293a3fa4b5a825360423c1cbc8b5d19167152823ed853140edda002c16c842b168bb55f6bb713deb57d0bad97ad522c07450aa78d6d4e5fc5be2c402bd246128f41bcb02000000892b135a92e8c844938aa98ba4839a1408a696454d40e5eed4d4dce481ca86bfac54c330331b7f2cde17cbaeb0377696faf546ecbe742d73d47d726a50f6e752f3325255bd7e8b5923aa3cfb6f7e06494f21ca450139c558000000000000000000000800000000000000000075aa0000000000000000000000005560bd9eb81e839e4992e64b074a66cccccf00334fa94da8477be7d99b558ec6a5b1596ac1e7617c6b32eed0cc70286caf2c5189a103f4b0b04aff171c4d388ccf67fea37e782f025c04fe8ba975cf616c7134d6934e2594c853cde330a193a967d907a8c88fcb033e680f559a72150cb900bafcd536f48797915a2fe9922ce27300009e1b36aa4730117d9b00000000003c630000000000008fbbd11b015c415ca04192fbfb1a8b0e3460af35771dbac10062835c9bab3ad09f7a022c52d800000000000000000000400000000000000000000000007be52c0d05b4cd120400000000000000000000000000006ec473c54399b7b8aa1ee46132fc45da8292631178cecf19550108b8b8423de42957ffe9bb6d752e68d2bc2ce777a17bf4dfdfee5de0f3e4dadf51ab03d2165ccc9562827b762fa611ba5f32861c19dffe1dc9fd5c41cd46cf1342d6b0c2ddad90ac33f768f9ecc70327c59918fa5a249befe98262f53c8182d95f6da3698a6a88c2c31d801a8f1f5e0ce05138d5422da0a6a62b9dfe1f39775d1d0c9186096415f544aaf76b0a1c877a6c826a5adcfb22c4a0e5a46271caa3eaf4f389dd5f3c20dbddc0377a4266d7b9fd61b9287e9b4be0a413ee31be0ddecab0ef5f25cba1fb3654ddf291ecb7768ac1e177042cb4c452fa6b3966950000000000000000c187da23d6855500fe8510b51e13a890e394b84a6ea2cc8d42b97c697c29122298d55e2e1cca8e07abda2606a3f381c64b9fec0000000a7965e4854e252132860c9af1bd5fe263c0313dea5d6e0c11a466d6892ed65f34667dd79b07b5cbdd8aa7dd561a26b5562d4861a7e1b0f48930e0b696ea3bee7eb72794e163d7aeac9a0fa5403ac9cb421eae283b0550f1d0d339cd7b96e71d3ab48ad9d7975e0c9b117f71d3ab80a0c9b0284ecc469fa6181c9c71fce07a6ffb23296a107763138e8d9876291af2076890c47925ac773d95d2ca42acb3e5f3a1550665b898462c139ffd0106bc8a61b6117d252efcab7106b4c3a3c13a70ff452e9d2096142c517b0e91b5cf88332faca5b3ee96363065c3ce32d3d39ec36e20d597e05664f2526bd918090649da11f7299789d00f5024df1e99d3efecb9b457642fe810370ba4fbe00fa60a28af966a27a1659e448bbe43a1dcd2ea760018b57a36ac41ef2051a7b703d55c0602540663016e20d50385766df4dac47802a55bd38dd767ee9960c6daa704fc5d01a1459134d1b9edfde3be9e25a110228c64253588ff420644dbc0854e69a7bdda72f93ceaccf92cfe7dd6296c950db11266f70c2a1f0f6dd8a5ef9b73cf6a12a1ba16fdc7e35b805f4fd2fcff0a623722149c1465e4de2d53f0f10b14c21865027abc71a12cb1e9f8029c7a20000000eeb0d53a83e518c8d2052c08b515d9d0bde24ac4e798040c7db0bb03c019507d6377f3d5dd94a27abc6d6b120d61f772407e0d2cb50d29168b68aef9f176b4c3aa8b21279d4ea9c1f669aa8c2c17d5b3a8d1dda58d26f1019af04b7774c85d5bce8be010f27c5211938031c3404680b01279c778bd1fe1b48c4b5b8e0fe756e54a8d76b7cec5e3407d93b4eadc446440607de844acf5524a4657e33af2115547b735b57b5092d0bc8fa6acb832509abe0882d570ce400aaebd7baff88526608d6991aac95751671174129457e4a03aca69d82b64b89e6ad6ed1e275ec5002e48170e4c7b4f3971481098dedb88fba90770e44bf404d5a97fefe2fe8e459fe45933b78c7ab5fe985a480193a20fb07da1455fb283df68af569ac82aa6dc703e29bf158931fb79f2abfa6ff7eb8c4f381c9da58bea460e2ead969933e5391970ca4fddd64da2e5df9c4d82044068caaaab771b37bb06bbe673056d849825525f1120b2250fc48520381f7a74b1c687781cb6b23e67b918844b83dbaeeb559ec8520d710dd6d6b4e64838bd434a7f7fceff9a7bc2cc571032ffbc9f8ce97041e1bc4729d539358dc9599c1266b9ce2cb6dd0ad57a6e9d3d4a11a27f70b2934c96237e2ba09c58eeda678d4d08b6da99b7a86e946215afb1b48792fde54492e306cb5342e2589874b603a1de972b1f09cc350096f5c3e814118af9ba0793cfdf20c77b34eacfdf63ce59ec4d2f867bf884e941559b068d908325667672b5e1cf71f4829c0493e8b141489ed926b822becead7a0a2b4a4c008ab16b616d60f347e4da54f06443507efe57ea62399ef4eb11b2f559e1b056456a53998bf1c6d13c92e75136147f91aecf020000eb1b51bf700b3c0bf54bc3745ff313c5e75dc66386897f6ee45429371b8d0878c442ad2fe9baf85c1390da13efc353ccbef950c29f39ddf436f0d9bf1be1515ed251d8b6f11ecb16b1e8d1ed04196e9b6c2f9e068b7749bb6c1f533e493f22c901662c65cb761dc2eeff2f698bd4dbae83e2dfdc4f1c7f918a00515c1bc189d10ec22b35c92725cbf0ba244fd029c4f026f68e000000060000ab0476c3fd7f7c1e5c000000000000000000000011e43e39d3f4394fbfa13c416b1c443c5e52eea726491ad75100ebad7c6d5a665c59a3fb158e43da904f19e7e8daa4e90390b8da945f6cd78536c0d2be07221f85ad46b180f256d4d84592811d15d65896b66b63a46705338b67b72dc1c3075fcdc5cbffb0366151632ba5be8ae815dfea9fadfd31c473a24a73d3e5116c3023b3563c72d26fbd59877132bde5ca4ef8d92fd3613c768b35223f6fd0b5e9a8b98cccf1e2b4612e620e3a159d6365c9045aaa826aa0ee6d26cf0397ce674c20824584b464ebdc2f3ea26a7aec4570b242a6677a4e9187f8591c3a9bdc14a31ae7c034bb19da845de69d1300e4a8b6e345c2e31cdf127f77102ef0e576ed1ff4133599882c14943558737da0ed246603d768933b36d8f8df3add2e17ce644347c419a7795b6308d4455dc680be6ee2ee7fae761292d67249baedbd6c03ec95dc0966ccdb319aaa9f8a35b24cc7b7c9c47934a261aeff831dc52d9e54fe0d54641b413298432427eaba265f3ecbffbd3b8465f1acf2073edb06f65241744909ead745c68b260803e7369beabb2740e55e48450c9c3399cb70434463c45f55e4fc8ae737fd702bb46d6c105d9dba8a6e64316a26d7c4c7ca5d033a341360e2c50f8b27b28562"], &(0x7f0000000040)='GPL\x00', 0x4, 0x1076, &(0x7f0000000300)=""/4096}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001380)={r0, 0xfe, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff3c, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r1}, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001300)={r2, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffe56, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001500)={r2, r3}, 0x10) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x0) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000080)={r4, r5}, 0x10) 14:00:23 executing program 2: r0 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_proto_private(r0, 0x8946, &(0x7f0000000000)="0ebc9744361c3192353a") 14:00:23 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000180)={'syztnl2\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40004) sched_setaffinity(0x0, 0x8, &(0x7f0000000c80)=0x9) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c50000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) 14:00:23 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000af010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:23 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000c40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d800000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d7535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7cc957d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe3e26e7a23129d6606fd28a69989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f3273299e693e028bb51cb3f011a7d06602e2fd5234712596b696418f163d1a13ed38ae89d24e1cebfba2f87925bfacba83109753f541cd027edd68149ee99eebc6f7d6df2aed4afe1f44ccb19e810879b70a70000000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbe43a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bb6cd75319596e9e08679b3ce48e90defb6670c3d62ad0a97aec773713a66b223fa8b148871c8d31d24291c25449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed200ada12f7a152539787cb007820e71666f472a97214d0b2874df30ed5eb1affb873a55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff08000000e1ff003853e59de762ff8d8955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8aee9f569435ea9e3217eff89309e190a1fb5a315f8347fb0379659500000000000000000000000000000000a614a5af8650f913058e015bbaf3451f88ba54ece08b332f7a542f8504f2fd973b9aa8269be75569e3471094035c83808103aa9ca15e2f59f49864210e94eae0553ca73d8dca89f31242d9580b12fa99c910a0237ba07b3c4fbb487fa027cd381f4d7ddc9ea56d4a3d1127a25c1d8bb4680c844db962bb9201122fd49d3f194a6e23c45805253a8a1734d6e950a65dcd6988ce7ceb412d8d43d269d2d6e07a21392f008972868f5138ab98fc37cd38c3da84a8f1629132942f0515327846fed99b58db8f473afa18767ea5cbc173d1ac4dda0e0368250c623f8c4a0fdb1d2f29960b358d5c369a177d874289b6a67a080b1a7a08a1c13d874fc634d87fd5816f9e527a1ad7e9c67fe83a87da3ec569a7d6b4a0564b698a6afbfebd9e4b181e101813e5136c7bc4a64edb2b7e151b2f6a8733fcac31a4511fed768d47378a849927a11e39ba508decc29acce5c124deb8cdaa20742337b20ca7866143eeb01ea0810ec8904517c7e370c324b69e54a5ebf500740646db9c237497a70ff1f0214bd8d501c40391a3d0e52954f28b385633f0fe74b91b826a877f538a2af84c9a8aa2cc0bde648c586fa75cd8de205b5479000000000000000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x5c, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2=0xe0000003}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x5c}}, 0x0) 14:00:23 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x140}}, 0x0) getsockname$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0xab) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32=r4, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000024000b0e00"/20, @ANYRES32=r4, @ANYBLOB="00000000ffffffff0000000008000100687462001c0002001800020003"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000940)=ANY=[@ANYBLOB='d\x00\x00\x00(\x00\'\r\x00'/20, @ANYRES32=r4, @ANYBLOB="0200000000000000000000000b0001006367726f7570000034000200300001002c000000080001006270660004000280040006000c"], 0x64}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000007c0)=@newtfilter={0x24, 0x29, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x2}}}, 0x24}}, 0x0) 14:00:23 executing program 3: getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x2c, 0x0, 0xffffff2f, 0x6, 0x0}, &(0x7f0000000040)=0x10) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)={r0, 0x1, 0xa, [0xffff, 0xe7, 0xfff, 0x4, 0x4, 0x0, 0x0, 0x5, 0x4, 0x8]}, &(0x7f00000000c0)=0x1c) (async) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)={r0, 0x1, 0xa, [0xffff, 0xe7, 0xfff, 0x4, 0x4, 0x0, 0x0, 0x5, 0x4, 0x8]}, &(0x7f00000000c0)=0x1c) r1 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000003840)=""/89) 14:00:23 executing program 0: socket$inet6(0xa, 0x2, 0x3a) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mlock2(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0) [ 3049.468400][T18309] __nla_validate_parse: 8 callbacks suppressed [ 3049.468420][T18309] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:23 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x440a00) close_range(r1, r1, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000040)=0x7f) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000580)={{0xa, 0x0, 0x0, 0x9, 'syz0\x00', 0x3}, 0x0, [0x100000001, 0x3f, 0x3f, 0x3ff, 0x1, 0x9, 0x3, 0x4, 0x3f, 0x3, 0x7, 0x401, 0x9, 0x8, 0x3, 0x9, 0x4cca, 0x0, 0x6, 0x9, 0x8000, 0xd36, 0x4, 0x9, 0x9, 0x7f, 0x97, 0x80000001, 0x1000, 0x80, 0xfffffffffffff5fe, 0x6, 0x1, 0xfffffffffffffffe, 0x7ff, 0x6d523da, 0x7fffffffffffffff, 0xffffffffffffffff, 0x7, 0x101, 0x0, 0xbbb, 0x0, 0x5ae, 0x0, 0xffffffff, 0x10000, 0x6, 0x9, 0x2, 0x1000, 0x2, 0x1ff, 0x4, 0x9, 0x800, 0x1, 0x4, 0x1f, 0x1, 0x2, 0x7f, 0xfff, 0x6, 0x1, 0x1, 0x10001, 0x6, 0x2, 0x7ff, 0x0, 0x66b1, 0xfc00000000000, 0x0, 0x200, 0xfffffffffffffc00, 0xfe3e, 0x6, 0x5, 0x8, 0x8, 0x9, 0x1000, 0x3e, 0x9, 0x20, 0x241f, 0x50a, 0x9, 0x80000001, 0x1000, 0x20, 0x101, 0x8, 0x9d, 0x6, 0x40, 0x6, 0x400, 0x56, 0x6, 0x5, 0x6, 0x4, 0x9b2e, 0x4815, 0x3, 0x7cd3, 0x7, 0x1, 0x8234, 0x40, 0x3, 0x5227, 0x2, 0xfffffffffffffffe, 0x662, 0xffffffff, 0xffffffffffffffff, 0x12, 0x31b, 0x8, 0x5, 0x3384c0, 0x400, 0x18a, 0x401, 0x5]}) 14:00:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @xfrm={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_XFRM_LINK={0x8}]}}}]}, 0x3c}}, 0x0) [ 3049.676690][T18310] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. 14:00:23 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x440a00) close_range(r1, r1, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000040)=0x7f) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000580)={{0xa, 0x0, 0x0, 0x9, 'syz0\x00', 0x3}, 0x0, [0x100000001, 0x3f, 0x3f, 0x3ff, 0x1, 0x9, 0x3, 0x4, 0x3f, 0x3, 0x7, 0x401, 0x9, 0x8, 0x3, 0x9, 0x4cca, 0x0, 0x6, 0x9, 0x8000, 0xd36, 0x4, 0x9, 0x9, 0x7f, 0x97, 0x80000001, 0x1000, 0x80, 0xfffffffffffff5fe, 0x6, 0x1, 0xfffffffffffffffe, 0x7ff, 0x6d523da, 0x7fffffffffffffff, 0xffffffffffffffff, 0x7, 0x101, 0x0, 0xbbb, 0x0, 0x5ae, 0x0, 0xffffffff, 0x10000, 0x6, 0x9, 0x2, 0x1000, 0x2, 0x1ff, 0x4, 0x9, 0x800, 0x1, 0x4, 0x1f, 0x1, 0x2, 0x7f, 0xfff, 0x6, 0x1, 0x1, 0x10001, 0x6, 0x2, 0x7ff, 0x0, 0x66b1, 0xfc00000000000, 0x0, 0x200, 0xfffffffffffffc00, 0xfe3e, 0x6, 0x5, 0x8, 0x8, 0x9, 0x1000, 0x3e, 0x9, 0x20, 0x241f, 0x50a, 0x9, 0x80000001, 0x1000, 0x20, 0x101, 0x8, 0x9d, 0x6, 0x40, 0x6, 0x400, 0x56, 0x6, 0x5, 0x6, 0x4, 0x9b2e, 0x4815, 0x3, 0x7cd3, 0x7, 0x1, 0x8234, 0x40, 0x3, 0x5227, 0x2, 0xfffffffffffffffe, 0x662, 0xffffffff, 0xffffffffffffffff, 0x12, 0x31b, 0x8, 0x5, 0x3384c0, 0x400, 0x18a, 0x401, 0x5]}) syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x440a00) (async) close_range(r1, r1, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000040)=0x7f) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000580)={{0xa, 0x0, 0x0, 0x9, 'syz0\x00', 0x3}, 0x0, [0x100000001, 0x3f, 0x3f, 0x3ff, 0x1, 0x9, 0x3, 0x4, 0x3f, 0x3, 0x7, 0x401, 0x9, 0x8, 0x3, 0x9, 0x4cca, 0x0, 0x6, 0x9, 0x8000, 0xd36, 0x4, 0x9, 0x9, 0x7f, 0x97, 0x80000001, 0x1000, 0x80, 0xfffffffffffff5fe, 0x6, 0x1, 0xfffffffffffffffe, 0x7ff, 0x6d523da, 0x7fffffffffffffff, 0xffffffffffffffff, 0x7, 0x101, 0x0, 0xbbb, 0x0, 0x5ae, 0x0, 0xffffffff, 0x10000, 0x6, 0x9, 0x2, 0x1000, 0x2, 0x1ff, 0x4, 0x9, 0x800, 0x1, 0x4, 0x1f, 0x1, 0x2, 0x7f, 0xfff, 0x6, 0x1, 0x1, 0x10001, 0x6, 0x2, 0x7ff, 0x0, 0x66b1, 0xfc00000000000, 0x0, 0x200, 0xfffffffffffffc00, 0xfe3e, 0x6, 0x5, 0x8, 0x8, 0x9, 0x1000, 0x3e, 0x9, 0x20, 0x241f, 0x50a, 0x9, 0x80000001, 0x1000, 0x20, 0x101, 0x8, 0x9d, 0x6, 0x40, 0x6, 0x400, 0x56, 0x6, 0x5, 0x6, 0x4, 0x9b2e, 0x4815, 0x3, 0x7cd3, 0x7, 0x1, 0x8234, 0x40, 0x3, 0x5227, 0x2, 0xfffffffffffffffe, 0x662, 0xffffffff, 0xffffffffffffffff, 0x12, 0x31b, 0x8, 0x5, 0x3384c0, 0x400, 0x18a, 0x401, 0x5]}) (async) 14:00:23 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000b5010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:24 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b']) 14:00:24 executing program 2: r0 = socket(0x1e, 0x6, 0x2) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4) recvmmsg(r0, &(0x7f00000071c0)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/168, 0xa8}], 0x1}}], 0x1, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000329c449c79a9dc58001b0000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) r2 = open(&(0x7f0000000140)='./bus\x00', 0x147042, 0x0) ftruncate(r2, 0x2007fff) r3 = socket(0x200000100000011, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000440)=@deltclass={0x24, 0x29, 0x20}, 0x24}}, 0x0) getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) getsockname$packet(r5, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=@newlink={0x38, 0x10, 0x439, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r6, 0x3}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @dev}]}}}]}, 0x38}}, 0x4000000) bind$packet(r3, &(0x7f00000001c0)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="0fd126608032"}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x800b, 0x4) sendmsg$netlink(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="09040000f63e"], 0x3f00}], 0x1}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r3) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) ioctl$sock_inet_SIOCSIFBRDADDR(r2, 0x891a, &(0x7f0000000080)={'nr0\x00', {0x2, 0x4e26, @multicast1}}) sendmsg$NL80211_CMD_DEL_MPATH(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB="280000a9", @ANYRES16=r7, @ANYBLOB="48002bbd7000fddbdf251800000008000300", @ANYRES32=r8, @ANYBLOB="06009900feffffff33000000"], 0x28}, 0x1, 0x0, 0x0, 0x24044044}, 0x24000001) sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="0432a8080000000300", @ANYRES32=r8, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x8044) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'vxcan0\x00'}) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0x1b4, r9, 0x20, 0x70bd2b, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}, {@pci={{0x8}, {0x11}}, {0xd}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x4040006}, 0x40000) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000005c0)={&(0x7f0000000080)={0x14, r9, 0x200, 0x70bd2d, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x24044894}, 0x4000000) sendmsg$DEVLINK_CMD_SB_POOL_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)={0x94, r9, 0x10, 0x70bd29, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xd2}, {0x6}, {0x8, 0x13, 0x6}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x4}, {0x6, 0x11, 0x2}, {0x8, 0x13, 0x6}, {0x5, 0x14, 0x1}}]}, 0x94}, 0x1, 0x0, 0x0, 0x4000840}, 0x4000) sendmsg$DEVLINK_CMD_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x74, r9, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x74}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000380)={0xac, r9, 0x2, 0x70bd2b, 0x25dfdbfe, {}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}]}, 0xac}, 0x1, 0x0, 0x0, 0x800}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000340)='kmem_cache_free\x00', r1}, 0x10) sendmsg$tipc(r0, &(0x7f0000000200)={&(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10, 0x0}, 0x0) [ 3049.948348][T18343] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:24 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) ioctl$int_in(r0, 0x5421, &(0x7f0000000000)=0x400) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4) recvmmsg(r0, &(0x7f0000005740)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) 14:00:24 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x440a00) close_range(r1, r1, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000040)=0x7f) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000580)={{0xa, 0x0, 0x0, 0x9, 'syz0\x00', 0x3}, 0x0, [0x100000001, 0x3f, 0x3f, 0x3ff, 0x1, 0x9, 0x3, 0x4, 0x3f, 0x3, 0x7, 0x401, 0x9, 0x8, 0x3, 0x9, 0x4cca, 0x0, 0x6, 0x9, 0x8000, 0xd36, 0x4, 0x9, 0x9, 0x7f, 0x97, 0x80000001, 0x1000, 0x80, 0xfffffffffffff5fe, 0x6, 0x1, 0xfffffffffffffffe, 0x7ff, 0x6d523da, 0x7fffffffffffffff, 0xffffffffffffffff, 0x7, 0x101, 0x0, 0xbbb, 0x0, 0x5ae, 0x0, 0xffffffff, 0x10000, 0x6, 0x9, 0x2, 0x1000, 0x2, 0x1ff, 0x4, 0x9, 0x800, 0x1, 0x4, 0x1f, 0x1, 0x2, 0x7f, 0xfff, 0x6, 0x1, 0x1, 0x10001, 0x6, 0x2, 0x7ff, 0x0, 0x66b1, 0xfc00000000000, 0x0, 0x200, 0xfffffffffffffc00, 0xfe3e, 0x6, 0x5, 0x8, 0x8, 0x9, 0x1000, 0x3e, 0x9, 0x20, 0x241f, 0x50a, 0x9, 0x80000001, 0x1000, 0x20, 0x101, 0x8, 0x9d, 0x6, 0x40, 0x6, 0x400, 0x56, 0x6, 0x5, 0x6, 0x4, 0x9b2e, 0x4815, 0x3, 0x7cd3, 0x7, 0x1, 0x8234, 0x40, 0x3, 0x5227, 0x2, 0xfffffffffffffffe, 0x662, 0xffffffff, 0xffffffffffffffff, 0x12, 0x31b, 0x8, 0x5, 0x3384c0, 0x400, 0x18a, 0x401, 0x5]}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000580)={{0xa, 0x0, 0x0, 0x9, 'syz0\x00', 0x3}, 0x0, [0x100000001, 0x3f, 0x3f, 0x3ff, 0x1, 0x9, 0x3, 0x4, 0x3f, 0x3, 0x7, 0x401, 0x9, 0x8, 0x3, 0x9, 0x4cca, 0x0, 0x6, 0x9, 0x8000, 0xd36, 0x4, 0x9, 0x9, 0x7f, 0x97, 0x80000001, 0x1000, 0x80, 0xfffffffffffff5fe, 0x6, 0x1, 0xfffffffffffffffe, 0x7ff, 0x6d523da, 0x7fffffffffffffff, 0xffffffffffffffff, 0x7, 0x101, 0x0, 0xbbb, 0x0, 0x5ae, 0x0, 0xffffffff, 0x10000, 0x6, 0x9, 0x2, 0x1000, 0x2, 0x1ff, 0x4, 0x9, 0x800, 0x1, 0x4, 0x1f, 0x1, 0x2, 0x7f, 0xfff, 0x6, 0x1, 0x1, 0x10001, 0x6, 0x2, 0x7ff, 0x0, 0x66b1, 0xfc00000000000, 0x0, 0x200, 0xfffffffffffffc00, 0xfe3e, 0x6, 0x5, 0x8, 0x8, 0x9, 0x1000, 0x3e, 0x9, 0x20, 0x241f, 0x50a, 0x9, 0x80000001, 0x1000, 0x20, 0x101, 0x8, 0x9d, 0x6, 0x40, 0x6, 0x400, 0x56, 0x6, 0x5, 0x6, 0x4, 0x9b2e, 0x4815, 0x3, 0x7cd3, 0x7, 0x1, 0x8234, 0x40, 0x3, 0x5227, 0x2, 0xfffffffffffffffe, 0x662, 0xffffffff, 0xffffffffffffffff, 0x12, 0x31b, 0x8, 0x5, 0x3384c0, 0x400, 0x18a, 0x401, 0x5]}) 14:00:24 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000bb010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:24 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00', r1}, 0x10) dup3(r0, r1, 0x0) [ 3050.243087][T10423] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 14:00:24 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x30000, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0xa) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x3, r1}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) [ 3050.319501][T18443] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:24 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000bd010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:24 executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x25, &(0x7f0000000300)={0x0, @in6={{0x2, 0x0, 0x0, @loopback}}}, 0x90) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000001080)={0x0, 0xe6, 0x0, 0xf801, 0x401, 0x4, 0x875, 0x1, {0x0, @in6={{0xa, 0x4e21, 0x712f, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1bf800}}, 0x10001, 0x6, 0xbfc5, 0x29a, 0x7ff}}, &(0x7f0000000000)=0xb0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000001140)={r1, 0x2, 0x2d}, 0x8) r2 = syz_open_dev$sndctrl(&(0x7f0000000040), 0xffc, 0xc080) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f0000000080)=""/4096) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f0000003840)=""/89) [ 3050.481975][T10423] CPU: 0 PID: 10423 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3050.490743][T10423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3050.500839][T10423] Call Trace: [ 3050.504150][T10423] [ 3050.507120][T10423] dump_stack_lvl+0x1e7/0x2e0 [ 3050.511849][T10423] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3050.517111][T10423] ? __pfx__printk+0x10/0x10 [ 3050.521763][T10423] ? ___ratelimit+0x4c4/0x670 [ 3050.526491][T10423] ? __pfx____ratelimit+0x10/0x10 [ 3050.531569][T10423] dump_header+0xda/0x6a0 [ 3050.535951][T10423] oom_kill_process+0x3a7/0x930 [ 3050.540838][T10423] ? trace_contention_end+0x3c/0x100 [ 3050.546148][T10423] out_of_memory+0xf67/0x1320 [ 3050.550846][T10423] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3050.556495][T10423] ? __pfx___mutex_lock+0x10/0x10 [ 3050.561544][T10423] ? __pfx_out_of_memory+0x10/0x10 [ 3050.566685][T10423] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3050.572249][T10423] ? __pfx_lock_release+0x10/0x10 [ 3050.577307][T10423] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3050.583409][T10423] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3050.588636][T10423] ? mem_cgroup_iter+0x422/0x560 [ 3050.593607][T10423] try_charge_memcg+0xda2/0x18a0 [ 3050.598587][T10423] ? __pfx_try_charge_memcg+0x10/0x10 [ 3050.603991][T10423] ? percpu_ref_tryget+0x14/0x180 [ 3050.609068][T10423] charge_memcg+0xa2/0x160 [ 3050.613525][T10423] __mem_cgroup_charge+0x27/0x80 [ 3050.618496][T10423] shmem_alloc_and_add_folio+0x393/0xde0 [ 3050.624172][T10423] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3050.630355][T10423] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3050.635592][T10423] ? lockdep_hardirqs_on+0x98/0x140 [ 3050.640814][T10423] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3050.646466][T10423] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3050.652725][T10423] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3050.659339][T10423] shmem_write_begin+0x170/0x4d0 [ 3050.664314][T10423] ? __pfx_shmem_write_begin+0x10/0x10 [ 3050.669799][T10423] ? fault_in_iov_iter_readable+0x236/0x280 [ 3050.675709][T10423] generic_perform_write+0x321/0x640 [ 3050.681011][T10423] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3050.686930][T10423] ? __pfx_generic_perform_write+0x10/0x10 [ 3050.692772][T10423] ? mnt_put_write_access_file+0xc2/0x100 [ 3050.698508][T10423] ? file_update_time+0x3ac/0x3e0 [ 3050.703547][T10423] shmem_file_write_iter+0xfc/0x120 [ 3050.708763][T10423] __kernel_write_iter+0x434/0x8c0 [ 3050.713899][T10423] ? __pfx___kernel_write_iter+0x10/0x10 [ 3050.719552][T10423] ? generic_file_llseek_size+0x34c/0x3b0 [ 3050.725297][T10423] ? iov_iter_bvec+0x4e/0x1b0 [ 3050.729996][T10423] dump_user_range+0x46c/0x910 [ 3050.734781][T10423] ? __pfx_dump_user_range+0x10/0x10 [ 3050.740079][T10423] ? writenote+0x250/0x3b0 [ 3050.744515][T10423] ? kmalloc_trace+0x1d6/0x360 [ 3050.749297][T10423] ? elf_core_dump+0x2e01/0x4630 [ 3050.754279][T10423] ? dump_emit+0x99/0xd0 [ 3050.758533][T10423] elf_core_dump+0x3d5d/0x4630 [ 3050.763333][T10423] ? __pfx_elf_core_dump+0x10/0x10 [ 3050.768460][T10423] ? mark_lock+0x9a/0x350 [ 3050.772795][T10423] ? mas_next_slot+0xeb2/0xf90 [ 3050.777576][T10423] ? __lock_acquire+0x1345/0x1fd0 [ 3050.782659][T10423] ? rcu_read_lock_any_held+0xb7/0x160 [ 3050.788135][T10423] ? 0xffffffffff600000 [ 3050.792299][T10423] ? getname_kernel+0x140/0x2f0 [ 3050.797173][T10423] do_coredump+0x1baa/0x2b50 [ 3050.801782][T10423] ? get_signal+0xbe1/0x1850 [ 3050.806416][T10423] ? __pfx_do_coredump+0x10/0x10 [ 3050.811403][T10423] ? _raw_spin_unlock_irq+0x23/0x50 [ 3050.816614][T10423] ? lockdep_hardirqs_on+0x98/0x140 [ 3050.821912][T10423] get_signal+0x146a/0x1850 [ 3050.826447][T10423] ? __pfx_get_signal+0x10/0x10 [ 3050.831326][T10423] ? __might_fault+0xa9/0x120 [ 3050.836029][T10423] arch_do_signal_or_restart+0x96/0x860 [ 3050.841594][T10423] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3050.847900][T10423] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3050.853729][T10423] irqentry_exit_to_user_mode+0x78/0x280 [ 3050.859377][T10423] exc_page_fault+0x587/0x870 [ 3050.864075][T10423] asm_exc_page_fault+0x26/0x30 [ 3050.868943][T10423] RIP: 0033:0x7f8ab667ddb1 [ 3050.873364][T10423] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3050.892983][T10423] RSP: 002b:0000000000000210 EFLAGS: 00010217 [ 3050.899072][T10423] RAX: 0000000000000000 RBX: 00007f8ab67ac050 RCX: 00007f8ab667dda9 [ 3050.907053][T10423] RDX: 0000000000000000 RSI: 0000000000000210 RDI: 0000000000000000 [ 3050.915039][T10423] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3050.923020][T10423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3050.931002][T10423] R13: 000000000000006e R14: 00007f8ab67ac050 R15: 00007f8ab68cfa48 [ 3050.939000][T10423] [ 3050.943075][T18542] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:25 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) 14:00:25 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000cf010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:25 executing program 0: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_clone(0x40080000, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) [ 3051.111577][T18548] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:25 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000db010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3051.435446][T18654] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3051.492822][T10423] memory: usage 307200kB, limit 307200kB, failcnt 68948 [ 3051.523370][T10423] memory+swap: usage 401736kB, limit 9007199254740988kB, failcnt 0 [ 3051.587878][T10423] kmem: usage 44900kB, limit 9007199254740988kB, failcnt 0 [ 3051.595286][T10423] Memory cgroup stats for /syz4: [ 3051.595445][T10423] cache 267554816 [ 3051.604847][T10423] rss 1028096 [ 3051.609085][T10423] rss_huge 0 [ 3051.612492][T10423] shmem 267554816 [ 3051.623348][T10423] mapped_file 112730112 [ 3051.647257][T10423] dirty 0 [ 3051.654941][T10423] writeback 0 [ 3051.665624][T10423] workingset_refault_anon 942 [ 3051.696441][T10423] workingset_refault_file 0 [ 3051.701093][T10423] swap 96800768 [ 3051.706686][T10423] swapcached 12288 [ 3051.710453][T10423] pgpgin 930560 [ 3051.713938][T10423] pgpgout 864986 [ 3051.720959][T10423] pgfault 1004287 [ 3051.724636][T10423] pgmajfault 611 [ 3051.730694][T10423] inactive_anon 142761984 [ 3051.735065][T10423] active_anon 125566976 [ 3051.740119][T10423] inactive_file 0 [ 3051.743791][T10423] active_file 0 [ 3051.747548][T10423] unevictable 0 [ 3051.751023][T10423] hierarchical_memory_limit 314572800 [ 3051.756509][T10423] hierarchical_memsw_limit 9223372036854771712 [ 3051.762686][T10423] total_cache 267554816 [ 3051.767088][T10423] total_rss 1028096 [ 3051.771693][T10423] total_rss_huge 0 [ 3051.775449][T10423] total_shmem 267554816 [ 3051.779815][T10423] total_mapped_file 112730112 [ 3051.784515][T10423] total_dirty 0 [ 3051.788058][T10423] total_writeback 0 [ 3051.791958][T10423] total_workingset_refault_anon 942 [ 3051.798463][T10423] total_workingset_refault_file 0 [ 3051.803519][T10423] total_swap 96800768 [ 3051.807625][T10423] total_swapcached 12288 [ 3051.811895][T10423] total_pgpgin 930560 [ 3051.815899][T10423] total_pgpgout 864986 [ 3051.820128][T10423] total_pgfault 1004287 [ 3051.824315][T10423] total_pgmajfault 611 [ 3051.830600][T10423] total_inactive_anon 142761984 [ 3051.835487][T10423] total_active_anon 125566976 [ 3051.840332][T10423] total_inactive_file 0 [ 3051.844515][T10423] total_active_file 0 [ 3051.848614][T10423] total_unevictable 0 [ 3051.852618][T10423] anon_cost 0 [ 3051.855931][T10423] file_cost 0 [ 3051.859450][T10423] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=2948,uid=0 [ 3051.885703][T10423] Memory cgroup out of memory: Killed process 2948 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:13952kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3051.966317][T11709] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3052.017081][T11709] CPU: 0 PID: 11709 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3052.025841][T11709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3052.035940][T11709] Call Trace: [ 3052.039261][T11709] [ 3052.042232][T11709] dump_stack_lvl+0x1e7/0x2e0 [ 3052.046969][T11709] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3052.052225][T11709] ? __pfx__printk+0x10/0x10 [ 3052.056879][T11709] ? ___ratelimit+0x4c4/0x670 [ 3052.061604][T11709] ? __pfx____ratelimit+0x10/0x10 [ 3052.066675][T11709] dump_header+0xda/0x6a0 [ 3052.071053][T11709] oom_kill_process+0x3a7/0x930 [ 3052.075950][T11709] out_of_memory+0xf67/0x1320 [ 3052.080673][T11709] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3052.086348][T11709] ? __pfx___mutex_lock+0x10/0x10 [ 3052.091430][T11709] ? __pfx_out_of_memory+0x10/0x10 [ 3052.096593][T11709] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3052.102177][T11709] ? __pfx_lock_release+0x10/0x10 [ 3052.107250][T11709] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3052.113367][T11709] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3052.118613][T11709] ? mem_cgroup_iter+0x422/0x560 [ 3052.123603][T11709] try_charge_memcg+0xda2/0x18a0 [ 3052.128616][T11709] ? __pfx_try_charge_memcg+0x10/0x10 [ 3052.134034][T11709] ? percpu_ref_tryget+0x14/0x180 [ 3052.139137][T11709] charge_memcg+0xa2/0x160 [ 3052.143604][T11709] __mem_cgroup_charge+0x27/0x80 [ 3052.148595][T11709] shmem_alloc_and_add_folio+0x393/0xde0 [ 3052.154293][T11709] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3052.160496][T11709] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3052.165775][T11709] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3052.171474][T11709] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3052.177861][T11709] shmem_write_begin+0x170/0x4d0 [ 3052.182859][T11709] ? __pfx_shmem_write_begin+0x10/0x10 [ 3052.188378][T11709] ? fault_in_iov_iter_readable+0x236/0x280 [ 3052.194324][T11709] generic_perform_write+0x321/0x640 [ 3052.199664][T11709] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3052.205616][T11709] ? __pfx_generic_perform_write+0x10/0x10 [ 3052.211467][T11709] ? __pfx_generic_write_checks+0x10/0x10 [ 3052.217229][T11709] ? file_update_time+0x2a3/0x3e0 [ 3052.222390][T11709] shmem_file_write_iter+0xfc/0x120 [ 3052.227631][T11709] __kernel_write_iter+0x434/0x8c0 [ 3052.232801][T11709] ? __pfx___kernel_write_iter+0x10/0x10 [ 3052.238487][T11709] ? kasan_check_range+0x82/0x290 [ 3052.243558][T11709] ? iov_iter_bvec+0x4e/0x1b0 [ 3052.248285][T11709] dump_user_range+0x46c/0x910 [ 3052.253096][T11709] ? __pfx_dump_user_range+0x10/0x10 [ 3052.258431][T11709] ? writenote+0x250/0x3b0 [ 3052.262897][T11709] ? kmalloc_trace+0x1d6/0x360 [ 3052.267700][T11709] ? elf_core_dump+0x2e01/0x4630 [ 3052.272670][T11709] ? dump_emit+0x99/0xd0 [ 3052.276953][T11709] elf_core_dump+0x3d5d/0x4630 [ 3052.281784][T11709] ? __pfx_elf_core_dump+0x10/0x10 [ 3052.286937][T11709] ? mark_lock+0x9a/0x350 [ 3052.291314][T11709] ? mas_next_slot+0xeb2/0xf90 [ 3052.296117][T11709] ? __lock_acquire+0x1345/0x1fd0 [ 3052.301236][T11709] ? rcu_read_lock_any_held+0xb7/0x160 [ 3052.306742][T11709] ? 0xffffffffff600000 [ 3052.310929][T11709] ? getname_kernel+0x140/0x2f0 [ 3052.315830][T11709] do_coredump+0x1baa/0x2b50 [ 3052.320471][T11709] ? get_signal+0xbe1/0x1850 [ 3052.325143][T11709] ? __pfx_do_coredump+0x10/0x10 [ 3052.330281][T11709] ? _raw_spin_unlock_irq+0x23/0x50 [ 3052.335530][T11709] ? lockdep_hardirqs_on+0x98/0x140 [ 3052.341047][T11709] get_signal+0x146a/0x1850 [ 3052.345626][T11709] ? __pfx_get_signal+0x10/0x10 [ 3052.350544][T11709] ? __pfx_force_sig_fault+0x10/0x10 [ 3052.355905][T11709] arch_do_signal_or_restart+0x96/0x860 [ 3052.361603][T11709] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3052.367828][T11709] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3052.373688][T11709] irqentry_exit_to_user_mode+0x78/0x280 [ 3052.379371][T11709] exc_page_fault+0x587/0x870 [ 3052.384253][T11709] asm_exc_page_fault+0x26/0x30 [ 3052.389165][T11709] RIP: 0033:0x7f8ab667ddb1 [ 3052.393624][T11709] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3052.413271][T11709] RSP: 002b:0000000000000220 EFLAGS: 00010217 [ 3052.419466][T11709] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3052.427469][T11709] RDX: 0000000000000000 RSI: 0000000000000220 RDI: 0000000000000000 [ 3052.435472][T11709] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3052.443570][T11709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3052.451573][T11709] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3052.459685][T11709] [ 3052.556527][T11709] memory: usage 305660kB, limit 307200kB, failcnt 69059 [ 3052.563605][T11709] memory+swap: usage 398892kB, limit 9007199254740988kB, failcnt 0 [ 3052.572122][T11709] kmem: usage 44736kB, limit 9007199254740988kB, failcnt 0 [ 3052.579935][T11709] Memory cgroup stats for /syz4: [ 3052.580106][T11709] cache 266870784 [ 3052.590079][T11709] rss 1015808 [ 3052.593400][T11709] rss_huge 0 [ 3052.597276][T11709] shmem 266866688 [ 3052.600937][T11709] mapped_file 109068288 [ 3052.605107][T11709] dirty 0 [ 3052.608980][T11709] writeback 0 [ 3052.612297][T11709] workingset_refault_anon 942 [ 3052.617499][T11709] workingset_refault_file 0 [ 3052.622097][T11709] swap 94535680 [ 3052.625575][T11709] swapcached 12288 [ 3052.631190][T11709] pgpgin 932039 [ 3052.634776][T11709] pgpgout 866634 [ 3052.638964][T11709] pgfault 1005024 [ 3052.642671][T11709] pgmajfault 611 [ 3052.646810][T11709] inactive_anon 140124160 [ 3052.651274][T11709] active_anon 127700992 [ 3052.655470][T11709] inactive_file 0 [ 3052.659901][T11709] active_file 0 [ 3052.663383][T11709] unevictable 0 [ 3052.667441][T11709] hierarchical_memory_limit 314572800 [ 3052.672840][T11709] hierarchical_memsw_limit 9223372036854771712 [ 3052.679551][T11709] total_cache 266870784 [ 3052.683737][T11709] total_rss 1015808 [ 3052.696117][T11709] total_rss_huge 0 [ 3052.708275][T11709] total_shmem 266866688 [ 3052.712553][T11709] total_mapped_file 109068288 [ 3052.736441][T11709] total_dirty 0 [ 3052.744701][T11709] total_writeback 0 [ 3052.766322][T11709] total_workingset_refault_anon 942 [ 3052.771571][T11709] total_workingset_refault_file 0 [ 3052.787346][T11709] total_swap 94535680 [ 3052.791459][T11709] total_swapcached 12288 [ 3052.816298][T11709] total_pgpgin 932039 [ 3052.820334][T11709] total_pgpgout 866634 [ 3052.864062][T11709] total_pgfault 1005024 [ 3052.871039][T11709] total_pgmajfault 611 [ 3052.875154][T11709] total_inactive_anon 140124160 [ 3052.903205][T11709] total_active_anon 127700992 [ 3052.936215][T11709] total_inactive_file 0 [ 3052.940431][T11709] total_active_file 0 [ 3052.944426][T11709] total_unevictable 0 [ 3052.973998][T11709] anon_cost 0 [ 3052.985237][T11709] file_cost 0 [ 3052.996208][T11709] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=1728,uid=0 [ 3053.056239][T11709] Memory cgroup out of memory: Killed process 1728 (syz-executor.4) total-vm:54640kB, anon-rss:496kB, file-rss:8704kB, shmem-rss:12288kB, UID:0 pgtables:132kB oom_score_adj:1000 14:00:28 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x285, 0x0, 0x0, 0x0) 14:00:28 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wg0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', r1, 0x4, 0x80, 0x1f, 0x8, 0x0, @private1, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x8000, 0x1, 0x6}}) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000b80)={0x0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}}) r3 = syz_clone(0x40080000, 0x0, 0x0, 0x0, &(0x7f0000000240), &(0x7f0000000280)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYRES32=r2, @ANYBLOB="03110100008000000a000200c8c5a9dc115c000008001300", @ANYRES32=r3, @ANYBLOB="08001d00657e00000a000100000000000000000048001980050006003f000000140005004aa030876ec15df20221b7a88dcc28cd14000400bcb62f2dec116621ecad49437c2d945914000500293ced6b3ca7463e0428f25e72ae53d9080004006ea30000"], 0x98}, 0x1, 0x0, 0x0, 0x20000801}, 0xd0) 14:00:28 executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x25, &(0x7f0000000300)={0x0, @in6={{0x2, 0x0, 0x0, @loopback}}}, 0x90) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000001080)={0x0, 0xe6, 0x0, 0xf801, 0x401, 0x4, 0x875, 0x1, {0x0, @in6={{0xa, 0x4e21, 0x712f, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1bf800}}, 0x10001, 0x6, 0xbfc5, 0x29a, 0x7ff}}, &(0x7f0000000000)=0xb0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000001140)={r1, 0x2, 0x2d}, 0x8) r2 = syz_open_dev$sndctrl(&(0x7f0000000040), 0xffc, 0xc080) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f0000000080)=""/4096) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f0000003840)=""/89) 14:00:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'wg0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', r1, 0x4, 0x80, 0x1f, 0x8, 0x2f, @private1, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x8000, 0x1, 0x6}}) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000b80)={0x0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @dev}, {0x2, 0x0, @dev}}) syz_clone(0x40080000, &(0x7f0000000140)="6f60a12d58df1b5baf152cf1e498b04e8d3a0e74a63bc45d960c03721bc7313b17bcb8f8312ff1c17ce9fd5c6932d2a9de18900030a838101764e50fe7a4a30fdd86574f2f717f8acf6d66788f65421f91750483ca388db307ad1b60ecc812a8351c17a8560c9bae3bd1f987a633ea54ec039b849a08e30dc7e07559b56b8caa3d9716af338aed6601df64797054f345d543407f1316e2b42301c72509fefa008146ad8e6bfc5115f95e318cd72dab05", 0xb0, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)="fb45c1059826cb62e88577cec125b78f96a1fc7eaa16ac86") 14:00:28 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000df010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3054.599902][T18670] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:28 executing program 3: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @empty}, 0x1c) (async) sendto$inet6(r0, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x25, &(0x7f0000000300)={0x0, @in6={{0x2, 0x0, 0x0, @loopback}}}, 0x90) (async, rerun: 64) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000001080)={0x0, 0xe6, 0x0, 0xf801, 0x401, 0x4, 0x875, 0x1, {0x0, @in6={{0xa, 0x4e21, 0x712f, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1bf800}}, 0x10001, 0x6, 0xbfc5, 0x29a, 0x7ff}}, &(0x7f0000000000)=0xb0) (rerun: 64) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000001140)={r1, 0x2, 0x2d}, 0x8) r2 = syz_open_dev$sndctrl(&(0x7f0000000040), 0xffc, 0xc080) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f0000000080)=""/4096) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f0000003840)=""/89) 14:00:29 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000ed010000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3054.992722][T18790] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:29 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x80401, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)=""/115) 14:00:29 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000000d020000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3055.357942][T18881] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:29 executing program 0: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', 0x0, 0x4, 0x0, 0x1f, 0x8, 0x2f, @private1, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x8000, 0x1, 0x6}}) socket$nl_route(0x10, 0x3, 0x0) syz_clone(0x40080000, &(0x7f0000000140)="6f60a12d58df1b5baf152cf1e498b04e8d3a0e74a63bc45d960c03721bc7313b17bcb8f8312ff1c17ce9fd5c6932d2a9de18900030a838101764e50fe7a4a30fdd86574f2f717f8acf6d66788f65421f91750483ca388db307ad1b60ecc812a8351c17a8560c9bae3bd1f987a633ea54ec039b849a08e30dc7e07559b56b8caa3d9716af338aed6601df64797054f345d543407f1316e2b42301c72509fefa008146ad8e6bfc5115f95e318cd72dab05", 0xb0, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)="fb45c1059826cb62e88577cec125b78f96a1fc7eaa16ac86") 14:00:29 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x80401, 0x0) (async) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x80401, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)=""/115) 14:00:29 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000019020000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:29 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x80401, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)=""/115) 14:00:29 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$packet(0x11, 0x2, 0x300) splice(r2, &(0x7f0000000000), r1, 0x0, 0xfff, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000140)=""/99) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000080)=0x4) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)=""/118) 14:00:30 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$packet(0x11, 0x2, 0x300) splice(r2, &(0x7f0000000000), r1, 0x0, 0xfff, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000140)=""/99) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000080)=0x4) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)=""/118) syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) pipe(&(0x7f0000000380)) (async) socket$packet(0x11, 0x2, 0x300) (async) splice(r2, &(0x7f0000000000), r1, 0x0, 0xfff, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000140)=""/99) (async) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000080)=0x4) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)=""/118) (async) [ 3055.920182][T18891] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:30 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000028020000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:30 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) socket$packet(0x11, 0x2, 0x300) (async) r2 = socket$packet(0x11, 0x2, 0x300) splice(r2, &(0x7f0000000000), r1, 0x0, 0xfff, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r1, 0x80045530, &(0x7f0000000140)=""/99) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000080)=0x4) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000000000)=""/118) 14:00:30 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) r1 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000040)={0x0, 0x0}) fcntl$lock(r1, 0x7, &(0x7f00000000c0)={0x1, 0x4, 0x3, 0x2, r2}) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB='\r\x00\x00\x00\x00\x00/file0\x00']) [ 3056.312470][T19002] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:30 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) r1 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) (async) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000040)={0x0, 0x0}) fcntl$lock(r1, 0x7, &(0x7f00000000c0)={0x1, 0x4, 0x3, 0x2, r2}) (async) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB='\r\x00\x00\x00\x00\x00/file0\x00']) 14:00:30 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000031020000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:30 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) (async) r1 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000040)={0x0, 0x0}) fcntl$lock(r1, 0x7, &(0x7f00000000c0)={0x1, 0x4, 0x3, 0x2, r2}) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x40, 0x0) ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB='\r\x00\x00\x00\x00\x00/file0\x00']) [ 3056.709341][T19119] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:31 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000004f020000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:31 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000040)={0x7, 0x1, 0x7, 0x8, 'syz0\x00', 0x3f}) 14:00:31 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000040)={0x7, 0x1, 0x7, 0x8, 'syz0\x00', 0x3f}) 14:00:31 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000040)={0x7, 0x1, 0x7, 0x8, 'syz0\x00', 0x3f}) [ 3057.166420][T19315] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:31 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000057020000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:31 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000240)={0x3, 0x9, 0x1}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x8, 0x4, 0x4, 0x2}, 0x48) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r1}, &(0x7f00000005c0), &(0x7f0000000600)=r2}, 0x20) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f0000000140)=""/77) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) getsockopt$inet_mptcp_buf(r3, 0x11c, 0x4, &(0x7f0000000580)=""/4096, &(0x7f0000000040)=0x1000) setsockopt$netlink_NETLINK_CAP_ACK(r3, 0x10e, 0xa, &(0x7f0000000080)=0x4, 0x4) 14:00:31 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000240)={0x3, 0x9, 0x1}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x8, 0x4, 0x4, 0x2}, 0x48) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r1}, &(0x7f00000005c0), &(0x7f0000000600)=r2}, 0x20) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f0000000140)=""/77) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) getsockopt$inet_mptcp_buf(r3, 0x11c, 0x4, &(0x7f0000000580)=""/4096, &(0x7f0000000040)=0x1000) setsockopt$netlink_NETLINK_CAP_ACK(r3, 0x10e, 0xa, &(0x7f0000000080)=0x4, 0x4) syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000240)={0x3, 0x9, 0x1}) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x8, 0x4, 0x4, 0x2}, 0x48) (async) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r1}, &(0x7f00000005c0), &(0x7f0000000600)=r2}, 0x20) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f0000000140)=""/77) (async) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) getsockopt$inet_mptcp_buf(r3, 0x11c, 0x4, &(0x7f0000000580)=""/4096, &(0x7f0000000040)=0x1000) (async) setsockopt$netlink_NETLINK_CAP_ACK(r3, 0x10e, 0xa, &(0x7f0000000080)=0x4, 0x4) (async) [ 3057.564588][T19425] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:31 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000081020000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:31 executing program 3: syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) (async) r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000240)={0x3, 0x9, 0x1}) (async) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000240)={0x3, 0x9, 0x1}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x8, 0x4, 0x4, 0x2}, 0x48) r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r1}, &(0x7f00000005c0), &(0x7f0000000600)=r2}, 0x20) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r2, 0x80045530, &(0x7f0000000140)=""/77) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) getsockopt$inet_mptcp_buf(r3, 0x11c, 0x4, &(0x7f0000000580)=""/4096, &(0x7f0000000040)=0x1000) setsockopt$netlink_NETLINK_CAP_ACK(r3, 0x10e, 0xa, &(0x7f0000000080)=0x4, 0x4) 14:00:32 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) r1 = openat$damon_rm_contexts(0xffffffffffffff9c, &(0x7f0000000000), 0x42040, 0xc1) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) preadv(r2, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), r3) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x3f) r5 = creat(&(0x7f0000000380)='./file0\x00', 0x0) sendmsg$nl_route(r5, 0x0, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)={0x1b, 0x0, 0x0, 0x4, 0x0, r2, 0x7, '\x00', 0x0, r2, 0x1, 0x2, 0x4}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3}, [@exit]}, &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x6e, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000000080)={0x4, 0x1}, 0x8, 0x10, &(0x7f00000000c0)={0x4, 0x0, 0x3f, 0xfffffffa}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000200)=[r6], &(0x7f0000000240)=[{0x2, 0x3, 0x0, 0x3}, {0x200, 0x1, 0xa, 0x4}, {0x5, 0x5, 0x4, 0x7}, {0x0, 0x3, 0x10, 0x5}, {0x5, 0x5, 0x8, 0x6}, {0x0, 0x5, 0xb, 0x3}, {0x2, 0x5, 0x2, 0xa}, {0x1, 0x5, 0x5, 0xb}], 0x10, 0x160}, 0x90) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r5, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r1, 0x8008f511, &(0x7f0000000040)) [ 3058.147208][ T7688] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3058.243859][ T7688] CPU: 0 PID: 7688 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3058.252523][ T7688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3058.262621][ T7688] Call Trace: [ 3058.265940][ T7688] [ 3058.268903][ T7688] dump_stack_lvl+0x1e7/0x2e0 [ 3058.273639][ T7688] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3058.278887][ T7688] ? __pfx__printk+0x10/0x10 [ 3058.283530][ T7688] ? ___ratelimit+0x4c4/0x670 [ 3058.288346][ T7688] ? __pfx____ratelimit+0x10/0x10 [ 3058.293421][ T7688] dump_header+0xda/0x6a0 [ 3058.297804][ T7688] oom_kill_process+0x3a7/0x930 [ 3058.302690][ T7688] ? trace_contention_end+0x3c/0x100 [ 3058.308002][ T7688] out_of_memory+0xf67/0x1320 [ 3058.312741][ T7688] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3058.318414][ T7688] ? __pfx___mutex_lock+0x10/0x10 [ 3058.323567][ T7688] ? __pfx_out_of_memory+0x10/0x10 [ 3058.328723][ T7688] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3058.334299][ T7688] ? __pfx_lock_release+0x10/0x10 [ 3058.339378][ T7688] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3058.345508][ T7688] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3058.350732][ T7688] ? mem_cgroup_iter+0x422/0x560 [ 3058.355704][ T7688] try_charge_memcg+0xda2/0x18a0 [ 3058.360785][ T7688] ? __pfx_try_charge_memcg+0x10/0x10 [ 3058.366215][ T7688] ? percpu_ref_tryget+0x14/0x180 [ 3058.371323][ T7688] charge_memcg+0xa2/0x160 [ 3058.375777][ T7688] __mem_cgroup_charge+0x27/0x80 [ 3058.380745][ T7688] shmem_alloc_and_add_folio+0x393/0xde0 [ 3058.386434][ T7688] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3058.392636][ T7688] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3058.397904][ T7688] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3058.403585][ T7688] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3058.409961][ T7688] shmem_write_begin+0x170/0x4d0 [ 3058.414963][ T7688] ? __pfx_shmem_write_begin+0x10/0x10 [ 3058.420494][ T7688] ? fault_in_iov_iter_readable+0x236/0x280 [ 3058.426448][ T7688] generic_perform_write+0x321/0x640 [ 3058.431793][ T7688] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3058.437752][ T7688] ? __pfx_generic_perform_write+0x10/0x10 [ 3058.443618][ T7688] ? __pfx_generic_write_checks+0x10/0x10 [ 3058.449396][ T7688] ? file_update_time+0x2a3/0x3e0 [ 3058.454467][ T7688] shmem_file_write_iter+0xfc/0x120 [ 3058.459708][ T7688] __kernel_write_iter+0x434/0x8c0 [ 3058.464889][ T7688] ? __pfx___kernel_write_iter+0x10/0x10 [ 3058.470573][ T7688] ? dump_user_range+0x625/0x910 [ 3058.475552][ T7688] ? iov_iter_bvec+0x4e/0x1b0 [ 3058.480274][ T7688] dump_user_range+0x46c/0x910 [ 3058.485169][ T7688] ? __pfx_dump_user_range+0x10/0x10 [ 3058.490502][ T7688] ? writenote+0x250/0x3b0 [ 3058.494960][ T7688] ? kmalloc_trace+0x1d6/0x360 [ 3058.499762][ T7688] ? elf_core_dump+0x2e01/0x4630 [ 3058.504732][ T7688] ? dump_emit+0x99/0xd0 [ 3058.509001][ T7688] elf_core_dump+0x3d5d/0x4630 [ 3058.513812][ T7688] ? __pfx_elf_core_dump+0x10/0x10 [ 3058.518991][ T7688] ? mark_lock+0x9a/0x350 [ 3058.523346][ T7688] ? mas_next_slot+0xeb2/0xf90 [ 3058.528139][ T7688] ? __lock_acquire+0x1345/0x1fd0 [ 3058.533282][ T7688] ? rcu_read_lock_any_held+0xb7/0x160 [ 3058.538795][ T7688] ? 0xffffffffff600000 [ 3058.542973][ T7688] ? getname_kernel+0x140/0x2f0 [ 3058.547861][ T7688] do_coredump+0x1baa/0x2b50 [ 3058.552491][ T7688] ? get_signal+0xbe1/0x1850 [ 3058.557165][ T7688] ? __pfx_do_coredump+0x10/0x10 [ 3058.562199][ T7688] ? _raw_spin_unlock_irq+0x23/0x50 [ 3058.567419][ T7688] ? lockdep_hardirqs_on+0x98/0x140 [ 3058.572663][ T7688] get_signal+0x146a/0x1850 [ 3058.577236][ T7688] ? __pfx_get_signal+0x10/0x10 [ 3058.582136][ T7688] ? __pfx_force_sig_fault+0x10/0x10 [ 3058.587480][ T7688] arch_do_signal_or_restart+0x96/0x860 [ 3058.593072][ T7688] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3058.599389][ T7688] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3058.605232][ T7688] irqentry_exit_to_user_mode+0x78/0x280 [ 3058.610909][ T7688] exc_page_fault+0x587/0x870 [ 3058.615626][ T7688] asm_exc_page_fault+0x26/0x30 [ 3058.620592][ T7688] RIP: 0033:0x7f8ab667ddb1 [ 3058.625037][ T7688] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 14:00:32 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) r1 = openat$damon_rm_contexts(0xffffffffffffff9c, &(0x7f0000000000), 0x42040, 0xc1) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) preadv(r2, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) (async) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), r3) (async) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x3f) (async) r5 = creat(&(0x7f0000000380)='./file0\x00', 0x0) sendmsg$nl_route(r5, 0x0, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)={0x1b, 0x0, 0x0, 0x4, 0x0, r2, 0x7, '\x00', 0x0, r2, 0x1, 0x2, 0x4}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3}, [@exit]}, &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x6e, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000000080)={0x4, 0x1}, 0x8, 0x10, &(0x7f00000000c0)={0x4, 0x0, 0x3f, 0xfffffffa}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000200)=[r6], &(0x7f0000000240)=[{0x2, 0x3, 0x0, 0x3}, {0x200, 0x1, 0xa, 0x4}, {0x5, 0x5, 0x4, 0x7}, {0x0, 0x3, 0x10, 0x5}, {0x5, 0x5, 0x8, 0x6}, {0x0, 0x5, 0xb, 0x3}, {0x2, 0x5, 0x2, 0xa}, {0x1, 0x5, 0x5, 0xb}], 0x10, 0x160}, 0x90) (async) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r5, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) (async) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r1, 0x8008f511, &(0x7f0000000040)) [ 3058.644660][ T7688] RSP: 002b:0000000000000200 EFLAGS: 00010217 [ 3058.650751][ T7688] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3058.658759][ T7688] RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000 [ 3058.666762][ T7688] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3058.674750][ T7688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3058.682737][ T7688] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3058.690771][ T7688] [ 3058.716606][ T7688] memory: usage 307200kB, limit 307200kB, failcnt 72487 [ 3058.723711][T19530] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3058.744995][ T7688] memory+swap: usage 401736kB, limit 9007199254740988kB, failcnt 0 [ 3058.754452][ T7688] kmem: usage 44856kB, limit 9007199254740988kB, failcnt 0 [ 3058.766233][ T7688] Memory cgroup stats for /syz4: [ 3058.766399][ T7688] cache 267579392 [ 3058.776681][ T7688] rss 1052672 [ 3058.780120][ T7688] rss_huge 0 [ 3058.786974][ T7688] shmem 267579392 [ 3058.795014][ T7688] mapped_file 133099520 [ 3058.807635][ T7688] dirty 0 [ 3058.819293][ T7688] writeback 0 [ 3058.835277][ T7688] workingset_refault_anon 945 [ 3058.841943][ T7688] workingset_refault_file 0 [ 3058.848883][ T7688] swap 96804864 [ 3058.857616][ T7688] swapcached 12288 [ 3058.867789][ T7688] pgpgin 949807 [ 3058.871300][ T7688] pgpgout 884221 [ 3058.874885][ T7688] pgfault 1012344 [ 3058.890500][ T7688] pgmajfault 617 [ 3058.899821][ T7688] inactive_anon 80515072 [ 3058.904380][ T7688] active_anon 188125184 [ 3058.909903][ T7688] inactive_file 0 [ 3058.913848][ T7688] active_file 0 [ 3058.919310][ T7688] unevictable 0 [ 3058.925349][ T7688] hierarchical_memory_limit 314572800 [ 3058.944546][ T7688] hierarchical_memsw_limit 9223372036854771712 [ 3058.956884][ T7688] total_cache 267579392 [ 3058.961578][ T7688] total_rss 1052672 [ 3058.965920][ T7688] total_rss_huge 0 [ 3058.976636][ T7688] total_shmem 267579392 [ 3058.985738][ T7688] total_mapped_file 133099520 [ 3058.992029][ T7688] total_dirty 0 [ 3058.995629][ T7688] total_writeback 0 [ 3059.000234][ T7688] total_workingset_refault_anon 945 [ 3059.005596][ T7688] total_workingset_refault_file 0 [ 3059.011592][ T7688] total_swap 96804864 [ 3059.015732][ T7688] total_swapcached 12288 [ 3059.021061][ T7688] total_pgpgin 949807 [ 3059.025193][ T7688] total_pgpgout 884221 [ 3059.035817][ T7688] total_pgfault 1012344 [ 3059.041476][ T7688] total_pgmajfault 617 [ 3059.045633][ T7688] total_inactive_anon 80515072 [ 3059.051578][ T7688] total_active_anon 188125184 [ 3059.056810][ T7688] total_inactive_file 0 [ 3059.061006][ T7688] total_active_file 0 [ 3059.065014][ T7688] total_unevictable 0 [ 3059.075220][ T7688] anon_cost 0 [ 3059.078970][ T7688] file_cost 0 [ 3059.082289][ T7688] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9482,uid=0 [ 3059.098246][ T7688] Memory cgroup out of memory: Killed process 9482 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:13952kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 3059.500480][T13682] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3059.610919][T13682] CPU: 0 PID: 13682 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3059.619678][T13682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3059.629776][T13682] Call Trace: [ 3059.633093][T13682] [ 3059.636052][T13682] dump_stack_lvl+0x1e7/0x2e0 [ 3059.640778][T13682] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3059.646019][T13682] ? __pfx__printk+0x10/0x10 [ 3059.650637][T13682] ? ___ratelimit+0x4c4/0x670 [ 3059.655338][T13682] ? __pfx____ratelimit+0x10/0x10 [ 3059.660380][T13682] dump_header+0xda/0x6a0 [ 3059.664789][T13682] oom_kill_process+0x3a7/0x930 [ 3059.669745][T13682] ? trace_contention_end+0x3c/0x100 [ 3059.675049][T13682] out_of_memory+0xf67/0x1320 [ 3059.679748][T13682] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3059.685394][T13682] ? __pfx___mutex_lock+0x10/0x10 [ 3059.690437][T13682] ? __pfx_out_of_memory+0x10/0x10 [ 3059.695579][T13682] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3059.701580][T13682] ? __pfx_lock_release+0x10/0x10 [ 3059.706623][T13682] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3059.712713][T13682] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3059.717925][T13682] ? mem_cgroup_iter+0x422/0x560 [ 3059.722878][T13682] try_charge_memcg+0xda2/0x18a0 [ 3059.727849][T13682] ? __pfx_try_charge_memcg+0x10/0x10 [ 3059.733232][T13682] ? percpu_ref_tryget+0x14/0x180 [ 3059.738301][T13682] charge_memcg+0xa2/0x160 [ 3059.742741][T13682] __mem_cgroup_charge+0x27/0x80 [ 3059.747697][T13682] shmem_alloc_and_add_folio+0x393/0xde0 [ 3059.753353][T13682] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3059.759526][T13682] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3059.764757][T13682] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3059.770410][T13682] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3059.776763][T13682] shmem_write_begin+0x170/0x4d0 [ 3059.781725][T13682] ? __pfx_shmem_write_begin+0x10/0x10 [ 3059.787204][T13682] ? fault_in_iov_iter_readable+0x236/0x280 [ 3059.793118][T13682] generic_perform_write+0x321/0x640 [ 3059.798428][T13682] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3059.804346][T13682] ? __pfx_generic_perform_write+0x10/0x10 [ 3059.810171][T13682] ? __pfx_generic_write_checks+0x10/0x10 [ 3059.815904][T13682] ? file_update_time+0x2a3/0x3e0 [ 3059.821037][T13682] shmem_file_write_iter+0xfc/0x120 [ 3059.826253][T13682] __kernel_write_iter+0x434/0x8c0 [ 3059.831390][T13682] ? __pfx___kernel_write_iter+0x10/0x10 [ 3059.837041][T13682] ? generic_file_llseek_size+0x34c/0x3b0 [ 3059.842782][T13682] ? iov_iter_bvec+0x4e/0x1b0 [ 3059.847480][T13682] dump_user_range+0x46c/0x910 [ 3059.852272][T13682] ? __pfx_dump_user_range+0x10/0x10 [ 3059.857570][T13682] ? writenote+0x250/0x3b0 [ 3059.862014][T13682] ? kmalloc_trace+0x1d6/0x360 [ 3059.866796][T13682] ? elf_core_dump+0x2e01/0x4630 [ 3059.871744][T13682] ? dump_emit+0x99/0xd0 [ 3059.876007][T13682] elf_core_dump+0x3d5d/0x4630 [ 3059.880810][T13682] ? __pfx_elf_core_dump+0x10/0x10 [ 3059.885944][T13682] ? mark_lock+0x9a/0x350 [ 3059.890284][T13682] ? mas_next_slot+0xeb2/0xf90 [ 3059.895058][T13682] ? __lock_acquire+0x1345/0x1fd0 [ 3059.900155][T13682] ? rcu_read_lock_any_held+0xb7/0x160 [ 3059.905647][T13682] ? 0xffffffffff600000 [ 3059.909820][T13682] ? getname_kernel+0x140/0x2f0 [ 3059.914691][T13682] do_coredump+0x1baa/0x2b50 [ 3059.919303][T13682] ? get_signal+0xbe1/0x1850 [ 3059.923942][T13682] ? __pfx_do_coredump+0x10/0x10 [ 3059.928933][T13682] ? _raw_spin_unlock_irq+0x23/0x50 [ 3059.934144][T13682] ? lockdep_hardirqs_on+0x98/0x140 [ 3059.939364][T13682] get_signal+0x146a/0x1850 [ 3059.943903][T13682] ? __pfx_get_signal+0x10/0x10 [ 3059.948777][T13682] ? __pfx_force_sig_fault+0x10/0x10 [ 3059.954084][T13682] arch_do_signal_or_restart+0x96/0x860 [ 3059.959652][T13682] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3059.965839][T13682] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3059.971670][T13682] irqentry_exit_to_user_mode+0x78/0x280 [ 3059.977318][T13682] exc_page_fault+0x587/0x870 [ 3059.982022][T13682] asm_exc_page_fault+0x26/0x30 [ 3059.986976][T13682] RIP: 0033:0x7f8ab667ddb1 [ 3059.991404][T13682] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3060.011038][T13682] RSP: 002b:0000000000000240 EFLAGS: 00010217 [ 3060.017145][T13682] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3060.025223][T13682] RDX: 0000000000000000 RSI: 0000000000000240 RDI: 0000000000000000 [ 3060.033218][T13682] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3060.041302][T13682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3060.049281][T13682] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3060.057284][T13682] [ 3060.143385][T13682] memory: usage 304136kB, limit 307200kB, failcnt 73089 [ 3060.162948][T13682] memory+swap: usage 398936kB, limit 9007199254740988kB, failcnt 0 [ 3060.172793][T13682] kmem: usage 44404kB, limit 9007199254740988kB, failcnt 0 [ 3060.180666][T13682] Memory cgroup stats for /syz4: [ 3060.180838][T13682] cache 265490432 [ 3060.189639][T13682] rss 966656 [ 3060.192884][T13682] rss_huge 0 [ 3060.196249][T13682] shmem 265490432 [ 3060.199917][T13682] mapped_file 120938496 [ 3060.204115][T13682] dirty 0 [ 3060.229907][T13682] writeback 0 [ 3060.233256][T13682] workingset_refault_anon 945 [ 3060.296121][T13682] workingset_refault_file 0 [ 3060.300691][T13682] swap 96686080 [ 3060.304175][T13682] swapcached 12288 [ 3060.406416][T13682] pgpgin 950414 [ 3060.409944][T13682] pgpgout 885352 [ 3060.413509][T13682] pgfault 1012647 [ 3060.522439][T13682] pgmajfault 617 [ 3060.576081][T13682] inactive_anon 80515072 [ 3060.580379][T13682] active_anon 185978880 [ 3060.584552][T13682] inactive_file 0 [ 3060.686308][T13682] active_file 0 [ 3060.689831][T13682] unevictable 0 [ 3060.693307][T13682] hierarchical_memory_limit 314572800 [ 3060.806821][T13682] hierarchical_memsw_limit 9223372036854771712 [ 3060.813114][T13682] total_cache 265490432 [ 3060.906347][T13682] total_rss 966656 [ 3060.910131][T13682] total_rss_huge 0 [ 3060.913882][T13682] total_shmem 265490432 [ 3061.066107][T13682] total_mapped_file 120938496 [ 3061.070847][T13682] total_dirty 0 [ 3061.074333][T13682] total_writeback 0 [ 3061.156411][T13682] total_workingset_refault_anon 945 [ 3061.161672][T13682] total_workingset_refault_file 0 [ 3061.256195][T13682] total_swap 96686080 [ 3061.260318][T13682] total_swapcached 12288 [ 3061.264572][T13682] total_pgpgin 950414 [ 3061.359992][T13682] total_pgpgout 885352 [ 3061.364123][T13682] total_pgfault 1012647 [ 3061.466473][T13682] total_pgmajfault 617 [ 3061.470685][T13682] total_inactive_anon 80515072 [ 3061.475486][T13682] total_active_anon 185978880 [ 3061.636314][T13682] total_inactive_file 0 [ 3061.640553][T13682] total_active_file 0 [ 3061.644587][T13682] total_unevictable 0 [ 3061.756746][T13682] anon_cost 0 [ 3061.760096][T13682] file_cost 0 [ 3061.763397][T13682] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=10076,uid=0 [ 3062.026156][T13682] Memory cgroup out of memory: Killed process 10076 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:19456kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3062.530524][ T6202] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3062.736044][ T6202] CPU: 1 PID: 6202 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3062.744720][ T6202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3062.754815][ T6202] Call Trace: [ 3062.758137][ T6202] [ 3062.761097][ T6202] dump_stack_lvl+0x1e7/0x2e0 [ 3062.765836][ T6202] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3062.771077][ T6202] ? __pfx__printk+0x10/0x10 [ 3062.775697][ T6202] ? ___ratelimit+0x4c4/0x670 [ 3062.780432][ T6202] ? __pfx____ratelimit+0x10/0x10 [ 3062.785517][ T6202] dump_header+0xda/0x6a0 [ 3062.789896][ T6202] oom_kill_process+0x3a7/0x930 [ 3062.794796][ T6202] out_of_memory+0xf67/0x1320 [ 3062.799520][ T6202] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3062.805191][ T6202] ? __pfx___mutex_lock+0x10/0x10 [ 3062.810258][ T6202] ? __pfx_out_of_memory+0x10/0x10 [ 3062.815465][ T6202] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3062.821058][ T6202] ? __pfx_lock_release+0x10/0x10 [ 3062.826135][ T6202] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3062.832254][ T6202] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3062.837509][ T6202] ? mem_cgroup_iter+0x422/0x560 [ 3062.842497][ T6202] try_charge_memcg+0xda2/0x18a0 [ 3062.847519][ T6202] ? __pfx_try_charge_memcg+0x10/0x10 [ 3062.852925][ T6202] ? percpu_ref_tryget+0x14/0x180 [ 3062.857989][ T6202] charge_memcg+0xa2/0x160 [ 3062.862434][ T6202] __mem_cgroup_charge+0x27/0x80 [ 3062.867401][ T6202] shmem_alloc_and_add_folio+0x393/0xde0 [ 3062.873060][ T6202] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3062.879236][ T6202] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3062.884475][ T6202] ? lockdep_hardirqs_on+0x98/0x140 [ 3062.889713][ T6202] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3062.895371][ T6202] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3062.901634][ T6202] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3062.908335][ T6202] shmem_write_begin+0x170/0x4d0 [ 3062.913297][ T6202] ? __pfx_shmem_write_begin+0x10/0x10 [ 3062.918782][ T6202] ? fault_in_iov_iter_readable+0x236/0x280 [ 3062.924693][ T6202] generic_perform_write+0x321/0x640 [ 3062.930084][ T6202] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3062.936017][ T6202] ? __pfx_generic_perform_write+0x10/0x10 [ 3062.941847][ T6202] ? mnt_put_write_access_file+0xc2/0x100 [ 3062.947592][ T6202] ? file_update_time+0x3ac/0x3e0 [ 3062.952635][ T6202] shmem_file_write_iter+0xfc/0x120 [ 3062.957852][ T6202] __kernel_write_iter+0x434/0x8c0 [ 3062.962990][ T6202] ? __pfx___kernel_write_iter+0x10/0x10 [ 3062.968649][ T6202] ? generic_file_llseek_size+0x34c/0x3b0 [ 3062.974392][ T6202] ? iov_iter_bvec+0x4e/0x1b0 [ 3062.979194][ T6202] dump_user_range+0x46c/0x910 [ 3062.983991][ T6202] ? __pfx_dump_user_range+0x10/0x10 [ 3062.989286][ T6202] ? writenote+0x250/0x3b0 [ 3062.993724][ T6202] ? kmalloc_trace+0x1d6/0x360 [ 3062.998503][ T6202] ? elf_core_dump+0x2e01/0x4630 [ 3063.003454][ T6202] ? dump_emit+0x99/0xd0 [ 3063.007713][ T6202] elf_core_dump+0x3d5d/0x4630 [ 3063.012514][ T6202] ? __pfx_elf_core_dump+0x10/0x10 [ 3063.017703][ T6202] ? mark_lock+0x9a/0x350 [ 3063.022042][ T6202] ? mas_next_slot+0xeb2/0xf90 [ 3063.026823][ T6202] ? __lock_acquire+0x1345/0x1fd0 [ 3063.031906][ T6202] ? rcu_read_lock_any_held+0xb7/0x160 [ 3063.037397][ T6202] ? 0xffffffffff600000 [ 3063.041564][ T6202] ? getname_kernel+0x140/0x2f0 [ 3063.046448][ T6202] do_coredump+0x1baa/0x2b50 [ 3063.051420][ T6202] ? get_signal+0xbe1/0x1850 [ 3063.056061][ T6202] ? __pfx_do_coredump+0x10/0x10 [ 3063.061052][ T6202] ? _raw_spin_unlock_irq+0x23/0x50 [ 3063.066264][ T6202] ? lockdep_hardirqs_on+0x98/0x140 [ 3063.071480][ T6202] get_signal+0x146a/0x1850 [ 3063.076018][ T6202] ? __pfx_get_signal+0x10/0x10 [ 3063.080886][ T6202] ? __pfx_force_sig_fault+0x10/0x10 [ 3063.086192][ T6202] arch_do_signal_or_restart+0x96/0x860 [ 3063.091758][ T6202] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3063.097950][ T6202] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3063.103864][ T6202] irqentry_exit_to_user_mode+0x78/0x280 [ 3063.109515][ T6202] exc_page_fault+0x587/0x870 [ 3063.114219][ T6202] asm_exc_page_fault+0x26/0x30 [ 3063.119086][ T6202] RIP: 0033:0x7f8ab667ddb1 [ 3063.123513][ T6202] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3063.143157][ T6202] RSP: 002b:00000000000001e0 EFLAGS: 00010217 [ 3063.149419][ T6202] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3063.157410][ T6202] RDX: 0000000000000000 RSI: 00000000000001e0 RDI: 0000000000000000 [ 3063.165392][ T6202] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3063.173377][ T6202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3063.181358][ T6202] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3063.189361][ T6202] [ 3063.396082][ T6202] memory: usage 306432kB, limit 307200kB, failcnt 74293 [ 3063.403189][ T6202] memory+swap: usage 399824kB, limit 9007199254740988kB, failcnt 0 [ 3063.506144][ T6202] kmem: usage 44240kB, limit 9007199254740988kB, failcnt 0 [ 3063.513410][ T6202] Memory cgroup stats for /syz4: [ 3063.513575][ T6202] cache 268357632 [ 3063.613885][ T6202] rss 888832 [ 3063.656090][ T6202] rss_huge 0 [ 3063.659364][ T6202] shmem 268357632 [ 3063.663022][ T6202] mapped_file 117395456 [ 3063.747041][ T6202] dirty 0 [ 3063.750661][ T6202] writeback 0 [ 3063.753982][ T6202] workingset_refault_anon 946 [ 3063.791566][ T6202] workingset_refault_file 0 [ 3063.806865][ T6202] swap 96591872 [ 3063.810392][ T6202] swapcached 24576 [ 3063.814145][ T6202] pgpgin 960042 [ 3063.846556][ T6202] pgpgout 894302 [ 3063.850162][ T6202] pgfault 1015781 [ 3063.854292][ T6202] pgmajfault 619 [ 3063.896055][ T6202] inactive_anon 191516672 [ 3063.900482][ T6202] active_anon 77058048 [ 3063.904586][ T6202] inactive_file 0 [ 3063.956287][ T6202] active_file 0 [ 3063.959825][ T6202] unevictable 0 [ 3063.963308][ T6202] hierarchical_memory_limit 314572800 [ 3064.026106][ T6202] hierarchical_memsw_limit 9223372036854771712 [ 3064.032384][ T6202] total_cache 268357632 [ 3064.100188][ T6202] total_rss 888832 [ 3064.103979][ T6202] total_rss_huge 0 [ 3064.120732][ T6202] total_shmem 268357632 [ 3064.124944][ T6202] total_mapped_file 117395456 [ 3064.159264][ T6202] total_dirty 0 [ 3064.163576][ T6202] total_writeback 0 [ 3064.176458][ T6202] total_workingset_refault_anon 946 [ 3064.181709][ T6202] total_workingset_refault_file 0 [ 3064.196196][ T6202] total_swap 96591872 [ 3064.200298][ T6202] total_swapcached 24576 [ 3064.204570][ T6202] total_pgpgin 960042 [ 3064.250383][ T6202] total_pgpgout 894302 [ 3064.254513][ T6202] total_pgfault 1015781 [ 3064.301802][ T6202] total_pgmajfault 619 [ 3064.305935][ T6202] total_inactive_anon 191516672 [ 3064.354292][ T6202] total_active_anon 77058048 [ 3064.362411][ T6202] total_inactive_file 0 [ 3064.386359][ T6202] total_active_file 0 [ 3064.390407][ T6202] total_unevictable 0 [ 3064.394425][ T6202] anon_cost 0 [ 3064.436114][ T6202] file_cost 0 [ 3064.439546][ T6202] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=11709,uid=0 [ 3064.496266][ T6202] Memory cgroup out of memory: Killed process 11709 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:15488kB, UID:0 pgtables:108kB oom_score_adj:1000 14:00:38 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async, rerun: 64) r1 = openat$damon_rm_contexts(0xffffffffffffff9c, &(0x7f0000000000), 0x42040, 0xc1) (async, rerun: 64) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) preadv(r2, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) (async) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), r3) (async, rerun: 32) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x3f) (async, rerun: 32) r5 = creat(&(0x7f0000000380)='./file0\x00', 0x0) sendmsg$nl_route(r5, 0x0, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)={0x1b, 0x0, 0x0, 0x4, 0x0, r2, 0x7, '\x00', 0x0, r2, 0x1, 0x2, 0x4}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3}, [@exit]}, &(0x7f0000000040)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x6e, '\x00', r4, 0x0, r5, 0x8, &(0x7f0000000080)={0x4, 0x1}, 0x8, 0x10, &(0x7f00000000c0)={0x4, 0x0, 0x3f, 0xfffffffa}, 0x10, 0x0, 0x0, 0x8, &(0x7f0000000200)=[r6], &(0x7f0000000240)=[{0x2, 0x3, 0x0, 0x3}, {0x200, 0x1, 0xa, 0x4}, {0x5, 0x5, 0x4, 0x7}, {0x0, 0x3, 0x10, 0x5}, {0x5, 0x5, 0x8, 0x6}, {0x0, 0x5, 0xb, 0x3}, {0x2, 0x5, 0x2, 0xa}, {0x1, 0x5, 0x5, 0xb}], 0x10, 0x160}, 0x90) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r5, 0xc0189379, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1}, './file0\x00'}) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r1, 0x8008f511, &(0x7f0000000040)) 14:00:38 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x28b, 0x0, 0x0, 0x0) 14:00:38 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000040)={'ip6_vti0\x00', 0x0, 0x4, 0x80, 0x1f, 0x8, 0x2f, @private1, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x7, 0x8000, 0x1, 0x6}}) socket$nl_route(0x10, 0x3, 0x0) syz_clone(0x40080000, &(0x7f0000000140)="6f60a12d58df1b5baf152cf1e498b04e8d3a0e74a63bc45d960c03721bc7313b17bcb8f8312ff1c17ce9fd5c6932d2a9de18900030a838101764e50fe7a4a30fdd86574f2f717f8acf6d66788f65421f91750483ca388db307ad1b60ecc812a8351c17a8560c9bae3bd1f987a633ea54ec039b849a08e30dc7e07559b56b8caa3d9716af338aed6601df64797054f345d543407f1316e2b42301c72509fefa008146ad8e6bfc5115f95e318cd72dab05", 0xb0, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)="fb45c1059826cb62e88577cec125b78f96a1fc7eaa16ac86") 14:00:38 executing program 2: r0 = socket$inet6_sctp(0x1c, 0x5, 0x84) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x1c, 0x1c}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x1c, 0x1c}, 0x1c) 14:00:38 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000c1020000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3064.704948][T19857] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:39 executing program 2: r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendto$inet(r0, &(0x7f0000000100)="86", 0x1, 0x0, &(0x7f0000000140)={0x10, 0x2}, 0x10) 14:00:39 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000c3020000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:39 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x400001, 0x80202) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, &(0x7f0000000580)={{r0}, "ca80c5c4cfe61006055937f61d2a36e22bcc0f70a6a575593bfa145e2146ca8a246933d9d93679bc53cf505af4aa78a5d8d73d36ba6a84f433de58ca017b797fd3863ca1c50d4dcc7c8daf95c6d149fc66a8e51fb2697af2a70462097992b13a6c819f0db403a6fd59792b451f532dc5e2aaab716a27080cffec4549e8f4733f0596d31979e22581d1cd615355e0ebad68d40c10e3de96a85de03dfd464216e104e1c414b99da234c4257fd0b4c054e600414c2048d235a4acd55268d30871b72c79606fc0864c7a8acaa703b5fd1c969e16e9253a51d496edcdc835989efa239fc887aba6b257b867d83553f92aecb4b83d1183a15dc6ad805a50329481bd7cf8c21ca243521729d53e40c4111a92405b3e0d46137b6ebda8773892159cb5cd84b5b510014a85056d983b68fa00b5737f3d87657c982fe150b045735af70bc4486d79158e485b4f573e4ee3741491addb86603224bf3a4dd4baeb59b50049d43529e8878b57f331c34846e560ca8646b2d00a05a02d4684984e76bea8187ab14e670bca3ab3f960624eb780b494b3732f7b51cca2fc1ccd6d825090c6e44eb269d08f2c41970f7001dfb41a11e8963608b377a7280c5f9b99df528518cf0d45aec5e1425a7bb310f7cab6a1fcdb940167bbe04a86a6eb2544d2771c38ff9bec363d38657bed28d38ce2998cadb67eb9d1122c17a64f36c8587c83eee32449ec2ab4ab0742567fc1dd51dc2e8448925897add9225ca0b484179f11801f58e64b36a2ce75c00f6a6fb6ba8831a06564c0bb4f12aaa24c7c71cd63e1283cc3226a2ee35946f7bfcc23899ced4717f1a0f229df201be2b38174bc4ab03a2fd3695b2da04a301835c540a60bb10884ece275a145998e2d01b02e2bd7a6672b2a54aab0e5aae33b1aea9954e9a96a6920bd52888c9dc635bfa82d3eba18b9fb2d1387f96b1d17daefc8985a1c1716610fe1b45b4ff04295bc89b67563e82dacc22203b7a8c12babcf09b815c42471d84594f0f05a374c6a6287b3fc3d149f956f1a9a973bd4592dab27bdf2a626ccfc24ac04c1434e1c44129685b4c9dfdfcfc398829a9527e5b54984faeed74d37ae380b492d76d4f4da78fb2b9730b9af37f6ffbfd1f81d9aa8a81b3f4fbea2c77d3bef846220c708c795a5583c7ff021d09a89048842fbb95dfa04e34a02b6da532878daa73f66faa3bd6c4c7ddace81c9d46d99b44582636efadc57b3fd0ec155c214c59a3be75eac86f26eb7df9ec6a43aba672a57559bd9b3071ec76740a168e19ed4e7374b267c6bfb3b4a995c036274e406bf02a12b0e900f006b8c9e8dcd8ddaef0d599d41d7143c9c534676cd16aae417dd43d67c9988ed4cffbb4849f83209d5d4c2ad6159f253a2078b82cd8a52f6e357fb2572ff63c2e902b4bec83349e24916e90776554979943f4337ecb14ad715d4516f8fb35383986468e4f0c865f9a035113d4ff115e41dda405d6507bc7dba0f0fb82f6f8e88f3f64ed2b58bccf7677ab142a34094ce5f12c6dadac6192826c29a8543f6ef69323ad60b9dd84e545a17b55aa10993c35d60cdf19aff9c15a28e5347a950227f4a9d5a0952c95b2c05468e68df04237ef3f6c47d2d1a3c0e4a6768b1a86e16f6a92940113f2c09fa75b63d02f8e75525d481a9907c648b4bccb7417d42e6488f84d737e174f403660ee6df1d84de9005cb4a1cc7ce6037e9088f588ab5779d54e3a8044ffbb9f91f865d77d2047e4ab71924a52374744cddbabb7ea6e97b448ca78bb1f6eced47a47f6ff4c15a32a79101a41b6dbaf547d0dcb53301e2661ee1d4b1575998fb93ff3264c593054b3c0af8fc4d9690b3eb69b149f73de91ffbcefae1feb235ab9cac6e14475b2291f74185300aed6825a6668fa24f0a6f4f6751c1063892d7fe731de96910b7ca558c741dfc1ab6db6170d0efef3e9a10ea8d8eb235ad05a0d20be64219634822224c4e167b570a4049c81bfefd642810871f62ceb2988cfa690ac0706a2f70783d146f32281962e1d9b50e83b8b2f75ff2ec396fd73884e3a5dd65f30c1e3b21ff53950d5fa6b8ab48629c1b5469438c7ebbe7b9c959de1c9074fd834476b7363c690c0bc346cbf43573604addb212abb885687f8164478b551221c5f106a52255777fd641e8b45860d24e6481111fd0eb41a8fd8d43a83b47d036de365275d9f6a3ba351a28246f43e0abdc763b412d8e398909b445978ec3bdc03d73f65997db729dd68564cc3c88a28003693ab95a8654e1443aeed321b208ef7c79aac560b9c9fc91043d244422d589f23ad9a06a1dd825d986e00b7e415b1106012d8e8c26cfab68f392130d5c50c6f552d292b8b0aa3f44644d0d960c403095af400769a5567f74948d7352139130830bf0726667a746a90934b73a2f2d0f2538135300f3b549993dc8d28480ba80f44753c88c437e9e336768f982077567e3a9bc4848affdafdd7e4687f9589fbf64ebf51e254d3212354cd485f7fe30e91788dfaafa00dd59ea2811e0ac16a1ded8066f498b6be4fb560d235ca95cc7e134439f96fe60f00df3195412097230d9c537c008ec764b87623a6a23dd69636608534840bf784553adafd7b90bdba0777cbb1adfd4db671a29877b50b9842c21f0f72b94eb021755865fa8a8c96883e4a5b07b8c2c7e9b9daee85dd620d72108eeb7cedeeca727d121271c70bf69aa0c5afe3e16ad87f5c98d67a5c8bea908bfdb3cadf524aff2306f4f52b6323c73cfd2e4bab057d1f61786ac276472c5307b9994c2bac8f3dcc543c4bf0f18aa001cff63d3243e8e82677f464369a59066fd99588f76ead89195198b72a8424b22736547d2cdd06711cb61760a40f103190f2a945c6d5c39bc653b4faeb55fad0cb3a2c97f3f9de6394c3123adf586897c94eaf7429148df01f15afdc6cea50bf8e2359d872b15b947aad64cf870a37e6fb31d3ceef7455683574aa9055e5951c9ad44ba66f3f844e0c5d411f6620e1efc666982613c344b5b3d5c113cd4b18cd290a30117fb7f2dab15e3c907e3ef9a9f611bf7255482cf39d0b8d60ccd190082fd7e2af9fb6c2530308566beab347c2ae7805057d6f21f25cb4ff133e25061290b2815f6087b7991376b5e2373683b2cef487caa1b6920cd881bc3d06b87484f22b673342dd8a019b64b23cf3d5073bb071d2df2604a0d39eb5a115a50c5f6565c4f6cea47279518d6fa679808b5827bb723a54f3b7226e78560eeea5c5482339d1a1b06c3d50480666f6f06e8e58cbc31ecb51d7f325230d289faf53175400a71db3ebfcfd4c77d3559c3f648d51b73db8cf1e6cfda136825281dd4f1c9423dd49f135b13457868b9a31f2efd5c893be136236560f4d59ecbeee6f2a279b0fcd56dd9cbeda81947b24b7f6ee630786d06d44298155c703b9e2e37dc105620736598db0011cbce569b0a22faea377c678a51c66ab873b279dddf5c1fca86d4f4a6a39a302cb2593a4e53cb42ed667c83190354aae20a93cf17961307ecdceb20d19fc408d69a04bd7b70799af142a8503dda845120d4ff713add68948ea7fb8015055c449fe840d7c65300d919facdb53198fd610ff71ac588264c1dcb4528524e9cde55a60c693d6d3187535c2284fecd31dcd5cfb6b2c9c32a2e7e1f92e6a9bc95bfda5b0db5baaf19cc639bc1db3ea4c96ab5a9a8665d96c1cc6c3893f88fd8235fbfb637ebdfc99c325dc5f4e2516869fb81b74d01dea40851d58eaa693dddabb56302472d21d0ee9bdb782cf644e7ccb06a14ccaa0aa2af114e14f2295ba3a45b6eaecea41a12ea26a87f8ec6d391a186d345684e25a1441080533c0129ab45b7ba63fd54784eefd6bf2ee8833b5d2905d765770d9796608f9ff37a380d261b1a502910b6a8b2e19df7f7867b4d3bc9c5188ba6d3d576527d47b3f2c5a6cf67d380be460530f6a19c13c80bd2e201655c3236bf0d0b26b887e22a7a24d9de478f05dc88885131e649c0860771189bca46fabec7daf1593102f3dba572a7b5416509ae6fd06815e7fa6ccf924dedc7e98820256947a015c1731d289218378e10b4b2dc3ec03c57fd5ad421ba0eb0b37d729b32dc1e713fb8868fb148287f6b8370be57bccd674d130e3aba1a679a2993c83496557700abcae4cc51b9366720268b7f3fdc49e06465a559232f6505e8948a2a48c136c9432fbf1871c1cc9b72a4fd9a18bed107c8c0730edddd77e260cfaa18ae389c206635e17938dee558a837f5f2807ebfbfe216ce75d06ce83fe269b42fac9a4b54d7eabdae4e17fae0e617c9d7e359fd6fe0984c677e2f594ff796d18bf471bfe31053c0669a9dff78869c9688e490f95b5ef1fa7449a6fd3edc33f1711070579fe745ed359c722742b85fd31d94c2845662d3cbf43583f6af813a9286deade10a467d7b8813ca1363f2242d270865400df3169a8c17f6484ad08b71c3a9f7044862a41b25194a0d5c4c91d319a79b1a8ca3c70ce3b23646f6b148593f75098690927b922ecca1c42330e96d24424b10271a782e808e2df7da308adb3427a539e0a130d2dded1cbf3e284754406134a00065758d840c541234046e26b5e71a9c750f1a9501b8461a558d1532ad5fdc5a6c0e01105aa52f23cd2559a109bf2a89626ef364e368fac78be33ed862fe50b55e3ffe923c3c15eb8b826dea0f3f327f9eb4f019a0a37f590595af50348948e90ed2e612ef4e1dd95da28b74fb00f22790bbee91edef82b42459f7831b81c6180a80853de4bc17bf620b7d775fc36797faa8e01a7fe6fb2ac51654ba51cce3ded8abe2914494e6ad15c84f5663e6157067c57bf8c4073bd027915f904d4c3148352fac64a12d8a63a827938b91e0828d73bea6bae78824ddfb37165207ae45729b778ce861c11a8e8c0db80a928d89ec25e88e955713a66585eae53db873e7e290ddfb05f498fbcc72bb9be2861d80a6e0b8ec043ecc35d47eb7742c7d71b482e9881e54501c20e144e8564ac902d7dc0537f2ce6213dc9643f3b0d8e0e5080bedc8144d8813cdffb0206e692123341af88dfe1604fd08b05e307f0703cd1039475f27fff67d1b62b9d440c8fe6d25695043b45f4bce34768295977ef479bfb10aa68a636259d7c1978e0e262fb6cd1af0f43d338bfcb6f8a679d5555bb9c0d67893f54799ae404a225be8e0aec38cc6ee2b6c492ce2935e34b15fd73bf4e071cf59bfef426b057aad5a83d1a1bea4d1307a1ce1011454cd1c07fbb01f5465d8f046899af06b7ed35f35ca9d30b59050b919f315fb2cd47d81b03ae012f7ce97e03c831bad4d5bf035105ca9e6af77304534f9211f3ea65819048fb58a22370c49a8c4cfb675132c85c611b3a186f74514651a4d20f1e144122e567a8d1413fef77d65735c8f0bb7c7cecfe5ff861fe8ac1e9af23aa4d20b28f774aecb55c435806e1a832259103db5cc5634ef1d69854962f429b83c9870f0ce07ed27dbc8927751540e057af2019bdb37a13d1f032120fd0a6dcc5c2162a5d66670247f6c2b5aee877a70a1e7427a1364e4948d385f8a68ac95eb180745e0d2ac1d69f7ac9a99d43d5c9849bbf101bf255ad82e1b702dbdeaaddec4202ad4a4dd9e5267d7ae51b5b7019e18d3b6d8997f5b7487ec6081d0610880eb9544eab3f01c6a149368fb9bab38a9e1daea46d1079ec62868365c5b344822e91e838295a1aaf518f8ac5ff1999b4eaaa24e80ac8f20960cafaacaef63ac57db520f639c181862e7f992bca14d7c0e3b806d51ca38e808160139e68513"}) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000000)={0x5, 0x20, 0x4, 0xfff, '\x00', '\x00', '\x00', 0xfbdb, 0x800, 0xac4, 0xfd4, "b622e11035f54cb31886452af1e9354a"}) quotactl_fd$Q_SYNC(r0, 0xffffffff80000102, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000140)={0x5, 0x2, 0x6c4a5d9b, 0x5, 'syz0\x00', 0x2}) 14:00:39 executing program 2: socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0) [ 3065.011283][T19962] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:39 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000cb020000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:39 executing program 2: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0x101, &(0x7f00000018c0), &(0x7f0000001980)=0x98) 14:00:39 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x400001, 0x80202) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, &(0x7f0000000580)={{r0}, "ca80c5c4cfe61006055937f61d2a36e22bcc0f70a6a575593bfa145e2146ca8a246933d9d93679bc53cf505af4aa78a5d8d73d36ba6a84f433de58ca017b797fd3863ca1c50d4dcc7c8daf95c6d149fc66a8e51fb2697af2a70462097992b13a6c819f0db403a6fd59792b451f532dc5e2aaab716a27080cffec4549e8f4733f0596d31979e22581d1cd615355e0ebad68d40c10e3de96a85de03dfd464216e104e1c414b99da234c4257fd0b4c054e600414c2048d235a4acd55268d30871b72c79606fc0864c7a8acaa703b5fd1c969e16e9253a51d496edcdc835989efa239fc887aba6b257b867d83553f92aecb4b83d1183a15dc6ad805a50329481bd7cf8c21ca243521729d53e40c4111a92405b3e0d46137b6ebda8773892159cb5cd84b5b510014a85056d983b68fa00b5737f3d87657c982fe150b045735af70bc4486d79158e485b4f573e4ee3741491addb86603224bf3a4dd4baeb59b50049d43529e8878b57f331c34846e560ca8646b2d00a05a02d4684984e76bea8187ab14e670bca3ab3f960624eb780b494b3732f7b51cca2fc1ccd6d825090c6e44eb269d08f2c41970f7001dfb41a11e8963608b377a7280c5f9b99df528518cf0d45aec5e1425a7bb310f7cab6a1fcdb940167bbe04a86a6eb2544d2771c38ff9bec363d38657bed28d38ce2998cadb67eb9d1122c17a64f36c8587c83eee32449ec2ab4ab0742567fc1dd51dc2e8448925897add9225ca0b484179f11801f58e64b36a2ce75c00f6a6fb6ba8831a06564c0bb4f12aaa24c7c71cd63e1283cc3226a2ee35946f7bfcc23899ced4717f1a0f229df201be2b38174bc4ab03a2fd3695b2da04a301835c540a60bb10884ece275a145998e2d01b02e2bd7a6672b2a54aab0e5aae33b1aea9954e9a96a6920bd52888c9dc635bfa82d3eba18b9fb2d1387f96b1d17daefc8985a1c1716610fe1b45b4ff04295bc89b67563e82dacc22203b7a8c12babcf09b815c42471d84594f0f05a374c6a6287b3fc3d149f956f1a9a973bd4592dab27bdf2a626ccfc24ac04c1434e1c44129685b4c9dfdfcfc398829a9527e5b54984faeed74d37ae380b492d76d4f4da78fb2b9730b9af37f6ffbfd1f81d9aa8a81b3f4fbea2c77d3bef846220c708c795a5583c7ff021d09a89048842fbb95dfa04e34a02b6da532878daa73f66faa3bd6c4c7ddace81c9d46d99b44582636efadc57b3fd0ec155c214c59a3be75eac86f26eb7df9ec6a43aba672a57559bd9b3071ec76740a168e19ed4e7374b267c6bfb3b4a995c036274e406bf02a12b0e900f006b8c9e8dcd8ddaef0d599d41d7143c9c534676cd16aae417dd43d67c9988ed4cffbb4849f83209d5d4c2ad6159f253a2078b82cd8a52f6e357fb2572ff63c2e902b4bec83349e24916e90776554979943f4337ecb14ad715d4516f8fb35383986468e4f0c865f9a035113d4ff115e41dda405d6507bc7dba0f0fb82f6f8e88f3f64ed2b58bccf7677ab142a34094ce5f12c6dadac6192826c29a8543f6ef69323ad60b9dd84e545a17b55aa10993c35d60cdf19aff9c15a28e5347a950227f4a9d5a0952c95b2c05468e68df04237ef3f6c47d2d1a3c0e4a6768b1a86e16f6a92940113f2c09fa75b63d02f8e75525d481a9907c648b4bccb7417d42e6488f84d737e174f403660ee6df1d84de9005cb4a1cc7ce6037e9088f588ab5779d54e3a8044ffbb9f91f865d77d2047e4ab71924a52374744cddbabb7ea6e97b448ca78bb1f6eced47a47f6ff4c15a32a79101a41b6dbaf547d0dcb53301e2661ee1d4b1575998fb93ff3264c593054b3c0af8fc4d9690b3eb69b149f73de91ffbcefae1feb235ab9cac6e14475b2291f74185300aed6825a6668fa24f0a6f4f6751c1063892d7fe731de96910b7ca558c741dfc1ab6db6170d0efef3e9a10ea8d8eb235ad05a0d20be64219634822224c4e167b570a4049c81bfefd642810871f62ceb2988cfa690ac0706a2f70783d146f32281962e1d9b50e83b8b2f75ff2ec396fd73884e3a5dd65f30c1e3b21ff53950d5fa6b8ab48629c1b5469438c7ebbe7b9c959de1c9074fd834476b7363c690c0bc346cbf43573604addb212abb885687f8164478b551221c5f106a52255777fd641e8b45860d24e6481111fd0eb41a8fd8d43a83b47d036de365275d9f6a3ba351a28246f43e0abdc763b412d8e398909b445978ec3bdc03d73f65997db729dd68564cc3c88a28003693ab95a8654e1443aeed321b208ef7c79aac560b9c9fc91043d244422d589f23ad9a06a1dd825d986e00b7e415b1106012d8e8c26cfab68f392130d5c50c6f552d292b8b0aa3f44644d0d960c403095af400769a5567f74948d7352139130830bf0726667a746a90934b73a2f2d0f2538135300f3b549993dc8d28480ba80f44753c88c437e9e336768f982077567e3a9bc4848affdafdd7e4687f9589fbf64ebf51e254d3212354cd485f7fe30e91788dfaafa00dd59ea2811e0ac16a1ded8066f498b6be4fb560d235ca95cc7e134439f96fe60f00df3195412097230d9c537c008ec764b87623a6a23dd69636608534840bf784553adafd7b90bdba0777cbb1adfd4db671a29877b50b9842c21f0f72b94eb021755865fa8a8c96883e4a5b07b8c2c7e9b9daee85dd620d72108eeb7cedeeca727d121271c70bf69aa0c5afe3e16ad87f5c98d67a5c8bea908bfdb3cadf524aff2306f4f52b6323c73cfd2e4bab057d1f61786ac276472c5307b9994c2bac8f3dcc543c4bf0f18aa001cff63d3243e8e82677f464369a59066fd99588f76ead89195198b72a8424b22736547d2cdd06711cb61760a40f103190f2a945c6d5c39bc653b4faeb55fad0cb3a2c97f3f9de6394c3123adf586897c94eaf7429148df01f15afdc6cea50bf8e2359d872b15b947aad64cf870a37e6fb31d3ceef7455683574aa9055e5951c9ad44ba66f3f844e0c5d411f6620e1efc666982613c344b5b3d5c113cd4b18cd290a30117fb7f2dab15e3c907e3ef9a9f611bf7255482cf39d0b8d60ccd190082fd7e2af9fb6c2530308566beab347c2ae7805057d6f21f25cb4ff133e25061290b2815f6087b7991376b5e2373683b2cef487caa1b6920cd881bc3d06b87484f22b673342dd8a019b64b23cf3d5073bb071d2df2604a0d39eb5a115a50c5f6565c4f6cea47279518d6fa679808b5827bb723a54f3b7226e78560eeea5c5482339d1a1b06c3d50480666f6f06e8e58cbc31ecb51d7f325230d289faf53175400a71db3ebfcfd4c77d3559c3f648d51b73db8cf1e6cfda136825281dd4f1c9423dd49f135b13457868b9a31f2efd5c893be136236560f4d59ecbeee6f2a279b0fcd56dd9cbeda81947b24b7f6ee630786d06d44298155c703b9e2e37dc105620736598db0011cbce569b0a22faea377c678a51c66ab873b279dddf5c1fca86d4f4a6a39a302cb2593a4e53cb42ed667c83190354aae20a93cf17961307ecdceb20d19fc408d69a04bd7b70799af142a8503dda845120d4ff713add68948ea7fb8015055c449fe840d7c65300d919facdb53198fd610ff71ac588264c1dcb4528524e9cde55a60c693d6d3187535c2284fecd31dcd5cfb6b2c9c32a2e7e1f92e6a9bc95bfda5b0db5baaf19cc639bc1db3ea4c96ab5a9a8665d96c1cc6c3893f88fd8235fbfb637ebdfc99c325dc5f4e2516869fb81b74d01dea40851d58eaa693dddabb56302472d21d0ee9bdb782cf644e7ccb06a14ccaa0aa2af114e14f2295ba3a45b6eaecea41a12ea26a87f8ec6d391a186d345684e25a1441080533c0129ab45b7ba63fd54784eefd6bf2ee8833b5d2905d765770d9796608f9ff37a380d261b1a502910b6a8b2e19df7f7867b4d3bc9c5188ba6d3d576527d47b3f2c5a6cf67d380be460530f6a19c13c80bd2e201655c3236bf0d0b26b887e22a7a24d9de478f05dc88885131e649c0860771189bca46fabec7daf1593102f3dba572a7b5416509ae6fd06815e7fa6ccf924dedc7e98820256947a015c1731d289218378e10b4b2dc3ec03c57fd5ad421ba0eb0b37d729b32dc1e713fb8868fb148287f6b8370be57bccd674d130e3aba1a679a2993c83496557700abcae4cc51b9366720268b7f3fdc49e06465a559232f6505e8948a2a48c136c9432fbf1871c1cc9b72a4fd9a18bed107c8c0730edddd77e260cfaa18ae389c206635e17938dee558a837f5f2807ebfbfe216ce75d06ce83fe269b42fac9a4b54d7eabdae4e17fae0e617c9d7e359fd6fe0984c677e2f594ff796d18bf471bfe31053c0669a9dff78869c9688e490f95b5ef1fa7449a6fd3edc33f1711070579fe745ed359c722742b85fd31d94c2845662d3cbf43583f6af813a9286deade10a467d7b8813ca1363f2242d270865400df3169a8c17f6484ad08b71c3a9f7044862a41b25194a0d5c4c91d319a79b1a8ca3c70ce3b23646f6b148593f75098690927b922ecca1c42330e96d24424b10271a782e808e2df7da308adb3427a539e0a130d2dded1cbf3e284754406134a00065758d840c541234046e26b5e71a9c750f1a9501b8461a558d1532ad5fdc5a6c0e01105aa52f23cd2559a109bf2a89626ef364e368fac78be33ed862fe50b55e3ffe923c3c15eb8b826dea0f3f327f9eb4f019a0a37f590595af50348948e90ed2e612ef4e1dd95da28b74fb00f22790bbee91edef82b42459f7831b81c6180a80853de4bc17bf620b7d775fc36797faa8e01a7fe6fb2ac51654ba51cce3ded8abe2914494e6ad15c84f5663e6157067c57bf8c4073bd027915f904d4c3148352fac64a12d8a63a827938b91e0828d73bea6bae78824ddfb37165207ae45729b778ce861c11a8e8c0db80a928d89ec25e88e955713a66585eae53db873e7e290ddfb05f498fbcc72bb9be2861d80a6e0b8ec043ecc35d47eb7742c7d71b482e9881e54501c20e144e8564ac902d7dc0537f2ce6213dc9643f3b0d8e0e5080bedc8144d8813cdffb0206e692123341af88dfe1604fd08b05e307f0703cd1039475f27fff67d1b62b9d440c8fe6d25695043b45f4bce34768295977ef479bfb10aa68a636259d7c1978e0e262fb6cd1af0f43d338bfcb6f8a679d5555bb9c0d67893f54799ae404a225be8e0aec38cc6ee2b6c492ce2935e34b15fd73bf4e071cf59bfef426b057aad5a83d1a1bea4d1307a1ce1011454cd1c07fbb01f5465d8f046899af06b7ed35f35ca9d30b59050b919f315fb2cd47d81b03ae012f7ce97e03c831bad4d5bf035105ca9e6af77304534f9211f3ea65819048fb58a22370c49a8c4cfb675132c85c611b3a186f74514651a4d20f1e144122e567a8d1413fef77d65735c8f0bb7c7cecfe5ff861fe8ac1e9af23aa4d20b28f774aecb55c435806e1a832259103db5cc5634ef1d69854962f429b83c9870f0ce07ed27dbc8927751540e057af2019bdb37a13d1f032120fd0a6dcc5c2162a5d66670247f6c2b5aee877a70a1e7427a1364e4948d385f8a68ac95eb180745e0d2ac1d69f7ac9a99d43d5c9849bbf101bf255ad82e1b702dbdeaaddec4202ad4a4dd9e5267d7ae51b5b7019e18d3b6d8997f5b7487ec6081d0610880eb9544eab3f01c6a149368fb9bab38a9e1daea46d1079ec62868365c5b344822e91e838295a1aaf518f8ac5ff1999b4eaaa24e80ac8f20960cafaacaef63ac57db520f639c181862e7f992bca14d7c0e3b806d51ca38e808160139e68513"}) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000000)={0x5, 0x20, 0x4, 0xfff, '\x00', '\x00', '\x00', 0xfbdb, 0x800, 0xac4, 0xfd4, "b622e11035f54cb31886452af1e9354a"}) quotactl_fd$Q_SYNC(r0, 0xffffffff80000102, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000140)={0x5, 0x2, 0x6c4a5d9b, 0x5, 'syz0\x00', 0x2}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000140)={0x5, 0x2, 0x6c4a5d9b, 0x5, 'syz0\x00', 0x2}) 14:00:39 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f0000000080)={0x0, @in, 0x8f1, 0x0, 0x0, 0x0, 0x9}, 0x98) 14:00:39 executing program 2: open$dir(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x202, 0x0) open$dir(&(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200, 0x0) [ 3065.396885][T19973] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:39 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x400001, 0x80202) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, &(0x7f0000000580)={{r0}, "ca80c5c4cfe61006055937f61d2a36e22bcc0f70a6a575593bfa145e2146ca8a246933d9d93679bc53cf505af4aa78a5d8d73d36ba6a84f433de58ca017b797fd3863ca1c50d4dcc7c8daf95c6d149fc66a8e51fb2697af2a70462097992b13a6c819f0db403a6fd59792b451f532dc5e2aaab716a27080cffec4549e8f4733f0596d31979e22581d1cd615355e0ebad68d40c10e3de96a85de03dfd464216e104e1c414b99da234c4257fd0b4c054e600414c2048d235a4acd55268d30871b72c79606fc0864c7a8acaa703b5fd1c969e16e9253a51d496edcdc835989efa239fc887aba6b257b867d83553f92aecb4b83d1183a15dc6ad805a50329481bd7cf8c21ca243521729d53e40c4111a92405b3e0d46137b6ebda8773892159cb5cd84b5b510014a85056d983b68fa00b5737f3d87657c982fe150b045735af70bc4486d79158e485b4f573e4ee3741491addb86603224bf3a4dd4baeb59b50049d43529e8878b57f331c34846e560ca8646b2d00a05a02d4684984e76bea8187ab14e670bca3ab3f960624eb780b494b3732f7b51cca2fc1ccd6d825090c6e44eb269d08f2c41970f7001dfb41a11e8963608b377a7280c5f9b99df528518cf0d45aec5e1425a7bb310f7cab6a1fcdb940167bbe04a86a6eb2544d2771c38ff9bec363d38657bed28d38ce2998cadb67eb9d1122c17a64f36c8587c83eee32449ec2ab4ab0742567fc1dd51dc2e8448925897add9225ca0b484179f11801f58e64b36a2ce75c00f6a6fb6ba8831a06564c0bb4f12aaa24c7c71cd63e1283cc3226a2ee35946f7bfcc23899ced4717f1a0f229df201be2b38174bc4ab03a2fd3695b2da04a301835c540a60bb10884ece275a145998e2d01b02e2bd7a6672b2a54aab0e5aae33b1aea9954e9a96a6920bd52888c9dc635bfa82d3eba18b9fb2d1387f96b1d17daefc8985a1c1716610fe1b45b4ff04295bc89b67563e82dacc22203b7a8c12babcf09b815c42471d84594f0f05a374c6a6287b3fc3d149f956f1a9a973bd4592dab27bdf2a626ccfc24ac04c1434e1c44129685b4c9dfdfcfc398829a9527e5b54984faeed74d37ae380b492d76d4f4da78fb2b9730b9af37f6ffbfd1f81d9aa8a81b3f4fbea2c77d3bef846220c708c795a5583c7ff021d09a89048842fbb95dfa04e34a02b6da532878daa73f66faa3bd6c4c7ddace81c9d46d99b44582636efadc57b3fd0ec155c214c59a3be75eac86f26eb7df9ec6a43aba672a57559bd9b3071ec76740a168e19ed4e7374b267c6bfb3b4a995c036274e406bf02a12b0e900f006b8c9e8dcd8ddaef0d599d41d7143c9c534676cd16aae417dd43d67c9988ed4cffbb4849f83209d5d4c2ad6159f253a2078b82cd8a52f6e357fb2572ff63c2e902b4bec83349e24916e90776554979943f4337ecb14ad715d4516f8fb35383986468e4f0c865f9a035113d4ff115e41dda405d6507bc7dba0f0fb82f6f8e88f3f64ed2b58bccf7677ab142a34094ce5f12c6dadac6192826c29a8543f6ef69323ad60b9dd84e545a17b55aa10993c35d60cdf19aff9c15a28e5347a950227f4a9d5a0952c95b2c05468e68df04237ef3f6c47d2d1a3c0e4a6768b1a86e16f6a92940113f2c09fa75b63d02f8e75525d481a9907c648b4bccb7417d42e6488f84d737e174f403660ee6df1d84de9005cb4a1cc7ce6037e9088f588ab5779d54e3a8044ffbb9f91f865d77d2047e4ab71924a52374744cddbabb7ea6e97b448ca78bb1f6eced47a47f6ff4c15a32a79101a41b6dbaf547d0dcb53301e2661ee1d4b1575998fb93ff3264c593054b3c0af8fc4d9690b3eb69b149f73de91ffbcefae1feb235ab9cac6e14475b2291f74185300aed6825a6668fa24f0a6f4f6751c1063892d7fe731de96910b7ca558c741dfc1ab6db6170d0efef3e9a10ea8d8eb235ad05a0d20be64219634822224c4e167b570a4049c81bfefd642810871f62ceb2988cfa690ac0706a2f70783d146f32281962e1d9b50e83b8b2f75ff2ec396fd73884e3a5dd65f30c1e3b21ff53950d5fa6b8ab48629c1b5469438c7ebbe7b9c959de1c9074fd834476b7363c690c0bc346cbf43573604addb212abb885687f8164478b551221c5f106a52255777fd641e8b45860d24e6481111fd0eb41a8fd8d43a83b47d036de365275d9f6a3ba351a28246f43e0abdc763b412d8e398909b445978ec3bdc03d73f65997db729dd68564cc3c88a28003693ab95a8654e1443aeed321b208ef7c79aac560b9c9fc91043d244422d589f23ad9a06a1dd825d986e00b7e415b1106012d8e8c26cfab68f392130d5c50c6f552d292b8b0aa3f44644d0d960c403095af400769a5567f74948d7352139130830bf0726667a746a90934b73a2f2d0f2538135300f3b549993dc8d28480ba80f44753c88c437e9e336768f982077567e3a9bc4848affdafdd7e4687f9589fbf64ebf51e254d3212354cd485f7fe30e91788dfaafa00dd59ea2811e0ac16a1ded8066f498b6be4fb560d235ca95cc7e134439f96fe60f00df3195412097230d9c537c008ec764b87623a6a23dd69636608534840bf784553adafd7b90bdba0777cbb1adfd4db671a29877b50b9842c21f0f72b94eb021755865fa8a8c96883e4a5b07b8c2c7e9b9daee85dd620d72108eeb7cedeeca727d121271c70bf69aa0c5afe3e16ad87f5c98d67a5c8bea908bfdb3cadf524aff2306f4f52b6323c73cfd2e4bab057d1f61786ac276472c5307b9994c2bac8f3dcc543c4bf0f18aa001cff63d3243e8e82677f464369a59066fd99588f76ead89195198b72a8424b22736547d2cdd06711cb61760a40f103190f2a945c6d5c39bc653b4faeb55fad0cb3a2c97f3f9de6394c3123adf586897c94eaf7429148df01f15afdc6cea50bf8e2359d872b15b947aad64cf870a37e6fb31d3ceef7455683574aa9055e5951c9ad44ba66f3f844e0c5d411f6620e1efc666982613c344b5b3d5c113cd4b18cd290a30117fb7f2dab15e3c907e3ef9a9f611bf7255482cf39d0b8d60ccd190082fd7e2af9fb6c2530308566beab347c2ae7805057d6f21f25cb4ff133e25061290b2815f6087b7991376b5e2373683b2cef487caa1b6920cd881bc3d06b87484f22b673342dd8a019b64b23cf3d5073bb071d2df2604a0d39eb5a115a50c5f6565c4f6cea47279518d6fa679808b5827bb723a54f3b7226e78560eeea5c5482339d1a1b06c3d50480666f6f06e8e58cbc31ecb51d7f325230d289faf53175400a71db3ebfcfd4c77d3559c3f648d51b73db8cf1e6cfda136825281dd4f1c9423dd49f135b13457868b9a31f2efd5c893be136236560f4d59ecbeee6f2a279b0fcd56dd9cbeda81947b24b7f6ee630786d06d44298155c703b9e2e37dc105620736598db0011cbce569b0a22faea377c678a51c66ab873b279dddf5c1fca86d4f4a6a39a302cb2593a4e53cb42ed667c83190354aae20a93cf17961307ecdceb20d19fc408d69a04bd7b70799af142a8503dda845120d4ff713add68948ea7fb8015055c449fe840d7c65300d919facdb53198fd610ff71ac588264c1dcb4528524e9cde55a60c693d6d3187535c2284fecd31dcd5cfb6b2c9c32a2e7e1f92e6a9bc95bfda5b0db5baaf19cc639bc1db3ea4c96ab5a9a8665d96c1cc6c3893f88fd8235fbfb637ebdfc99c325dc5f4e2516869fb81b74d01dea40851d58eaa693dddabb56302472d21d0ee9bdb782cf644e7ccb06a14ccaa0aa2af114e14f2295ba3a45b6eaecea41a12ea26a87f8ec6d391a186d345684e25a1441080533c0129ab45b7ba63fd54784eefd6bf2ee8833b5d2905d765770d9796608f9ff37a380d261b1a502910b6a8b2e19df7f7867b4d3bc9c5188ba6d3d576527d47b3f2c5a6cf67d380be460530f6a19c13c80bd2e201655c3236bf0d0b26b887e22a7a24d9de478f05dc88885131e649c0860771189bca46fabec7daf1593102f3dba572a7b5416509ae6fd06815e7fa6ccf924dedc7e98820256947a015c1731d289218378e10b4b2dc3ec03c57fd5ad421ba0eb0b37d729b32dc1e713fb8868fb148287f6b8370be57bccd674d130e3aba1a679a2993c83496557700abcae4cc51b9366720268b7f3fdc49e06465a559232f6505e8948a2a48c136c9432fbf1871c1cc9b72a4fd9a18bed107c8c0730edddd77e260cfaa18ae389c206635e17938dee558a837f5f2807ebfbfe216ce75d06ce83fe269b42fac9a4b54d7eabdae4e17fae0e617c9d7e359fd6fe0984c677e2f594ff796d18bf471bfe31053c0669a9dff78869c9688e490f95b5ef1fa7449a6fd3edc33f1711070579fe745ed359c722742b85fd31d94c2845662d3cbf43583f6af813a9286deade10a467d7b8813ca1363f2242d270865400df3169a8c17f6484ad08b71c3a9f7044862a41b25194a0d5c4c91d319a79b1a8ca3c70ce3b23646f6b148593f75098690927b922ecca1c42330e96d24424b10271a782e808e2df7da308adb3427a539e0a130d2dded1cbf3e284754406134a00065758d840c541234046e26b5e71a9c750f1a9501b8461a558d1532ad5fdc5a6c0e01105aa52f23cd2559a109bf2a89626ef364e368fac78be33ed862fe50b55e3ffe923c3c15eb8b826dea0f3f327f9eb4f019a0a37f590595af50348948e90ed2e612ef4e1dd95da28b74fb00f22790bbee91edef82b42459f7831b81c6180a80853de4bc17bf620b7d775fc36797faa8e01a7fe6fb2ac51654ba51cce3ded8abe2914494e6ad15c84f5663e6157067c57bf8c4073bd027915f904d4c3148352fac64a12d8a63a827938b91e0828d73bea6bae78824ddfb37165207ae45729b778ce861c11a8e8c0db80a928d89ec25e88e955713a66585eae53db873e7e290ddfb05f498fbcc72bb9be2861d80a6e0b8ec043ecc35d47eb7742c7d71b482e9881e54501c20e144e8564ac902d7dc0537f2ce6213dc9643f3b0d8e0e5080bedc8144d8813cdffb0206e692123341af88dfe1604fd08b05e307f0703cd1039475f27fff67d1b62b9d440c8fe6d25695043b45f4bce34768295977ef479bfb10aa68a636259d7c1978e0e262fb6cd1af0f43d338bfcb6f8a679d5555bb9c0d67893f54799ae404a225be8e0aec38cc6ee2b6c492ce2935e34b15fd73bf4e071cf59bfef426b057aad5a83d1a1bea4d1307a1ce1011454cd1c07fbb01f5465d8f046899af06b7ed35f35ca9d30b59050b919f315fb2cd47d81b03ae012f7ce97e03c831bad4d5bf035105ca9e6af77304534f9211f3ea65819048fb58a22370c49a8c4cfb675132c85c611b3a186f74514651a4d20f1e144122e567a8d1413fef77d65735c8f0bb7c7cecfe5ff861fe8ac1e9af23aa4d20b28f774aecb55c435806e1a832259103db5cc5634ef1d69854962f429b83c9870f0ce07ed27dbc8927751540e057af2019bdb37a13d1f032120fd0a6dcc5c2162a5d66670247f6c2b5aee877a70a1e7427a1364e4948d385f8a68ac95eb180745e0d2ac1d69f7ac9a99d43d5c9849bbf101bf255ad82e1b702dbdeaaddec4202ad4a4dd9e5267d7ae51b5b7019e18d3b6d8997f5b7487ec6081d0610880eb9544eab3f01c6a149368fb9bab38a9e1daea46d1079ec62868365c5b344822e91e838295a1aaf518f8ac5ff1999b4eaaa24e80ac8f20960cafaacaef63ac57db520f639c181862e7f992bca14d7c0e3b806d51ca38e808160139e68513"}) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000000)={0x5, 0x20, 0x4, 0xfff, '\x00', '\x00', '\x00', 0xfbdb, 0x800, 0xac4, 0xfd4, "b622e11035f54cb31886452af1e9354a"}) (async) quotactl_fd$Q_SYNC(r0, 0xffffffff80000102, 0x0, 0x0) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000140)={0x5, 0x2, 0x6c4a5d9b, 0x5, 'syz0\x00', 0x2}) 14:00:39 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000d7020000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:39 executing program 0: open$dir(&(0x7f0000000140)='./file0\x00', 0x20202, 0x0) utimensat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x0) 14:00:39 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000580)={0x101, 0x3, {0xffffffffffffffff}, {0xee00}, 0xffff, 0x6}) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000600)={{0x5, 0x0, 0x8, 0x9, 'syz1\x00', 0x10001}, 0x5, 0x10000000, 0x2, r1, 0x1, 0x67, 'syz1\x00', &(0x7f00000005c0)=['syz1\x00'], 0x5}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000500)={0x9, 0x4, 0xff, 0x3, 'syz1\x00', 0x753}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x6, 0x2, 0x1, 0x16, 'syz0\x00', 0x21b9}, 0x0, [0xfff, 0x94c, 0x2, 0x682, 0x401, 0xa5e, 0xfffffffffffffff9, 0x2, 0x78b8, 0x9eb2, 0xf590, 0x1000, 0x7, 0x81, 0x1, 0xfb9, 0x3ff, 0x7, 0x0, 0x8001, 0x7, 0xfffffffffffff801, 0xd2, 0x4, 0x1, 0x9, 0x81, 0x7, 0x4, 0x3c31, 0x2, 0x3, 0x40, 0x8, 0xfdaf, 0x20, 0x4, 0x9, 0x10001, 0x3, 0x3379580e, 0x20, 0x800, 0x10001, 0x7, 0x0, 0x2, 0x80, 0x6, 0xdb, 0x100000002, 0x400, 0xfffffffffffffe09, 0x3, 0x4, 0x7, 0x8001, 0x20, 0x8, 0x4, 0x0, 0x200, 0x100000000, 0xe9e, 0x15ce62fc, 0x1, 0x5, 0x5a45, 0xffffffffffffffff, 0x1, 0x7, 0x1000, 0x9, 0x7fffffffffffffff, 0x6, 0xa4, 0x8, 0x5, 0x6a, 0x2, 0x7, 0xfffffffffffffff9, 0x44, 0x8, 0x7fffffff, 0x80000000, 0x70, 0xf0, 0x800, 0x8, 0x7, 0x7, 0x9, 0x3f, 0x1f, 0x4, 0x7, 0x4, 0x3, 0x4, 0x8000000000000000, 0x9, 0x7f, 0x7, 0x5be4, 0x8, 0x40, 0x3, 0x2, 0x2, 0x581, 0x5, 0x40, 0x1, 0x0, 0x8, 0x8001, 0x2, 0x7, 0x1, 0x101, 0x4, 0x7, 0x3, 0x4, 0x0, 0xfffffffffff80000, 0x1ff]}) fcntl$getownex(r0, 0x10, &(0x7f0000000740)) 14:00:39 executing program 2: open$dir(&(0x7f0000000000)='.\x00', 0x1, 0x0) 14:00:39 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000580)={0x101, 0x3, {0xffffffffffffffff}, {0xee00}, 0xffff, 0x6}) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000600)={{0x5, 0x0, 0x8, 0x9, 'syz1\x00', 0x10001}, 0x5, 0x10000000, 0x2, r1, 0x1, 0x67, 'syz1\x00', &(0x7f00000005c0)=['syz1\x00'], 0x5}) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000500)={0x9, 0x4, 0xff, 0x3, 'syz1\x00', 0x753}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x6, 0x2, 0x1, 0x16, 'syz0\x00', 0x21b9}, 0x0, [0xfff, 0x94c, 0x2, 0x682, 0x401, 0xa5e, 0xfffffffffffffff9, 0x2, 0x78b8, 0x9eb2, 0xf590, 0x1000, 0x7, 0x81, 0x1, 0xfb9, 0x3ff, 0x7, 0x0, 0x8001, 0x7, 0xfffffffffffff801, 0xd2, 0x4, 0x1, 0x9, 0x81, 0x7, 0x4, 0x3c31, 0x2, 0x3, 0x40, 0x8, 0xfdaf, 0x20, 0x4, 0x9, 0x10001, 0x3, 0x3379580e, 0x20, 0x800, 0x10001, 0x7, 0x0, 0x2, 0x80, 0x6, 0xdb, 0x100000002, 0x400, 0xfffffffffffffe09, 0x3, 0x4, 0x7, 0x8001, 0x20, 0x8, 0x4, 0x0, 0x200, 0x100000000, 0xe9e, 0x15ce62fc, 0x1, 0x5, 0x5a45, 0xffffffffffffffff, 0x1, 0x7, 0x1000, 0x9, 0x7fffffffffffffff, 0x6, 0xa4, 0x8, 0x5, 0x6a, 0x2, 0x7, 0xfffffffffffffff9, 0x44, 0x8, 0x7fffffff, 0x80000000, 0x70, 0xf0, 0x800, 0x8, 0x7, 0x7, 0x9, 0x3f, 0x1f, 0x4, 0x7, 0x4, 0x3, 0x4, 0x8000000000000000, 0x9, 0x7f, 0x7, 0x5be4, 0x8, 0x40, 0x3, 0x2, 0x2, 0x581, 0x5, 0x40, 0x1, 0x0, 0x8, 0x8001, 0x2, 0x7, 0x1, 0x101, 0x4, 0x7, 0x3, 0x4, 0x0, 0xfffffffffff80000, 0x1ff]}) (async) fcntl$getownex(r0, 0x10, &(0x7f0000000740)) 14:00:39 executing program 0: r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x200, 0x2ac55df8e3777c3) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) read(r0, &(0x7f0000000100)=""/4096, 0x1000) close(r1) [ 3065.696992][T19988] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:40 executing program 2: r0 = socket(0x18, 0x4001, 0x0) getsockname$unix(r0, 0x0, &(0x7f00000000c0)) 14:00:40 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000dd020000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:40 executing program 0: openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) select(0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x0, 0x2710}) 14:00:40 executing program 2: getgroups(0x3fffffffffffffd1, &(0x7f0000000040)) 14:00:40 executing program 3: r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x1, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000580)={0x101, 0x3, {0xffffffffffffffff}, {0xee00}, 0xffff, 0x6}) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000600)={{0x5, 0x0, 0x8, 0x9, 'syz1\x00', 0x10001}, 0x5, 0x10000000, 0x2, r1, 0x1, 0x67, 'syz1\x00', &(0x7f00000005c0)=['syz1\x00'], 0x5}) (async) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000600)={{0x5, 0x0, 0x8, 0x9, 'syz1\x00', 0x10001}, 0x5, 0x10000000, 0x2, r1, 0x1, 0x67, 'syz1\x00', &(0x7f00000005c0)=['syz1\x00'], 0x5}) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) (async) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80045530, &(0x7f0000003840)=""/89) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000500)={0x9, 0x4, 0xff, 0x3, 'syz1\x00', 0x753}) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000000)={{0x6, 0x2, 0x1, 0x16, 'syz0\x00', 0x21b9}, 0x0, [0xfff, 0x94c, 0x2, 0x682, 0x401, 0xa5e, 0xfffffffffffffff9, 0x2, 0x78b8, 0x9eb2, 0xf590, 0x1000, 0x7, 0x81, 0x1, 0xfb9, 0x3ff, 0x7, 0x0, 0x8001, 0x7, 0xfffffffffffff801, 0xd2, 0x4, 0x1, 0x9, 0x81, 0x7, 0x4, 0x3c31, 0x2, 0x3, 0x40, 0x8, 0xfdaf, 0x20, 0x4, 0x9, 0x10001, 0x3, 0x3379580e, 0x20, 0x800, 0x10001, 0x7, 0x0, 0x2, 0x80, 0x6, 0xdb, 0x100000002, 0x400, 0xfffffffffffffe09, 0x3, 0x4, 0x7, 0x8001, 0x20, 0x8, 0x4, 0x0, 0x200, 0x100000000, 0xe9e, 0x15ce62fc, 0x1, 0x5, 0x5a45, 0xffffffffffffffff, 0x1, 0x7, 0x1000, 0x9, 0x7fffffffffffffff, 0x6, 0xa4, 0x8, 0x5, 0x6a, 0x2, 0x7, 0xfffffffffffffff9, 0x44, 0x8, 0x7fffffff, 0x80000000, 0x70, 0xf0, 0x800, 0x8, 0x7, 0x7, 0x9, 0x3f, 0x1f, 0x4, 0x7, 0x4, 0x3, 0x4, 0x8000000000000000, 0x9, 0x7f, 0x7, 0x5be4, 0x8, 0x40, 0x3, 0x2, 0x2, 0x581, 0x5, 0x40, 0x1, 0x0, 0x8, 0x8001, 0x2, 0x7, 0x1, 0x101, 0x4, 0x7, 0x3, 0x4, 0x0, 0xfffffffffff80000, 0x1ff]}) fcntl$getownex(r0, 0x10, &(0x7f0000000740)) [ 3066.038485][T20099] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:40 executing program 2: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x1081, 0x0) write$cgroup_freezer_state(r0, 0x0, 0x0) 14:00:40 executing program 0: r0 = epoll_create1(0x0) r1 = socket$packet(0x11, 0x3, 0x300) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000040)) 14:00:40 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000f9020000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:40 executing program 2: r0 = open(&(0x7f0000000080)='./bus\x00', 0x105042, 0x0) setrlimit(0x1, &(0x7f0000000100)={0xffffffff, 0xffffffffffffffff}) fallocate(r0, 0x0, 0x0, 0x7fffffff) rt_sigreturn() utime(&(0x7f00000002c0)='./bus\x00', 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002340)={0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000340)=ANY=[], 0xffffff46) r3 = dup3(r2, r1, 0x0) sendmsg$netlink(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000002ec0)=[{&(0x7f0000000ec0)=ANY=[], 0x10}], 0x1}, 0x0) rt_sigreturn() write$P9_RCLUNK(r3, &(0x7f0000000300)={0x7}, 0x7) timer_create(0x0, &(0x7f0000000180)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)=0x0) rename(&(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000280)='\xe9\x1fq\x89Y\x1e\x923aK\x00') connect$inet6(0xffffffffffffffff, &(0x7f0000000380)={0xa, 0x4e21, 0xffffffff, @private1, 0x6}, 0x1c) clock_gettime(0x0, &(0x7f0000000340)={0x0}) utime(&(0x7f0000000400)='./bus\x00', &(0x7f0000000440)={0x1, 0x40}) timer_settime(0x0, 0x0, &(0x7f0000000200)={{r5}, {0x0, 0x3938700}}, 0x0) timer_create(0x0, &(0x7f00000001c0)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r6, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x989680}}, 0x0) dup2(r0, r3) statx(r3, &(0x7f00000004c0)='./bus\x00', 0x0, 0x0, 0x0) timer_settime(r4, 0x0, &(0x7f0000000480)={{0x0, 0x989680}, {0x0, 0x3938700}}, &(0x7f0000000500)) 14:00:40 executing program 3: socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000a00)) [ 3066.364176][T20215] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:40 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000580)={@multicast2, @remote}, 0x10) 14:00:40 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000000030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3066.660916][ T30] oom_reaper: reaped process 11709 (syz-executor.4), now anon-rss:136kB, file-rss:8192kB, shmem-rss:15360kB [ 3066.712694][T20221] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3073.144050][T12413] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3073.228115][T12413] CPU: 0 PID: 12413 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3073.236868][T12413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3073.246972][T12413] Call Trace: [ 3073.250286][T12413] [ 3073.253255][T12413] dump_stack_lvl+0x1e7/0x2e0 [ 3073.257996][T12413] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3073.263251][T12413] ? __pfx__printk+0x10/0x10 [ 3073.267974][T12413] ? ___ratelimit+0x4c4/0x670 [ 3073.272715][T12413] ? __pfx____ratelimit+0x10/0x10 [ 3073.277791][T12413] dump_header+0xda/0x6a0 [ 3073.282179][T12413] oom_kill_process+0x3a7/0x930 [ 3073.287064][T12413] ? trace_contention_end+0x3c/0x100 [ 3073.292385][T12413] out_of_memory+0xf67/0x1320 [ 3073.297117][T12413] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3073.302796][T12413] ? __pfx___mutex_lock+0x10/0x10 [ 3073.307850][T12413] ? __pfx_out_of_memory+0x10/0x10 [ 3073.313009][T12413] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3073.318606][T12413] ? __pfx_lock_release+0x10/0x10 [ 3073.323667][T12413] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3073.329763][T12413] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3073.335104][T12413] ? mem_cgroup_iter+0x422/0x560 [ 3073.340088][T12413] try_charge_memcg+0xda2/0x18a0 [ 3073.345072][T12413] ? __pfx_try_charge_memcg+0x10/0x10 [ 3073.350470][T12413] ? percpu_ref_tryget+0x14/0x180 [ 3073.355563][T12413] charge_memcg+0xa2/0x160 [ 3073.360019][T12413] __mem_cgroup_charge+0x27/0x80 [ 3073.364981][T12413] shmem_alloc_and_add_folio+0x393/0xde0 [ 3073.370637][T12413] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3073.376840][T12413] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3073.382114][T12413] ? lockdep_hardirqs_on+0x98/0x140 [ 3073.387363][T12413] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3073.393031][T12413] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3073.399311][T12413] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3073.405942][T12413] shmem_write_begin+0x170/0x4d0 [ 3073.410922][T12413] ? __pfx_shmem_write_begin+0x10/0x10 [ 3073.416417][T12413] ? fault_in_iov_iter_readable+0x236/0x280 [ 3073.422344][T12413] generic_perform_write+0x321/0x640 [ 3073.427652][T12413] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3073.433578][T12413] ? __pfx_generic_perform_write+0x10/0x10 [ 3073.439409][T12413] ? mnt_put_write_access_file+0xc2/0x100 [ 3073.445146][T12413] ? file_update_time+0x3ac/0x3e0 [ 3073.450283][T12413] shmem_file_write_iter+0xfc/0x120 [ 3073.455496][T12413] __kernel_write_iter+0x434/0x8c0 [ 3073.460639][T12413] ? __pfx___kernel_write_iter+0x10/0x10 [ 3073.468246][T12413] ? generic_file_llseek_size+0x34c/0x3b0 [ 3073.473992][T12413] ? iov_iter_bvec+0x4e/0x1b0 [ 3073.478708][T12413] dump_user_range+0x46c/0x910 [ 3073.483503][T12413] ? __pfx_dump_user_range+0x10/0x10 [ 3073.488808][T12413] ? writenote+0x250/0x3b0 [ 3073.493248][T12413] ? kmalloc_trace+0x1d6/0x360 [ 3073.498027][T12413] ? elf_core_dump+0x2e01/0x4630 [ 3073.503018][T12413] ? dump_emit+0x99/0xd0 [ 3073.507287][T12413] elf_core_dump+0x3d5d/0x4630 [ 3073.512098][T12413] ? __pfx_elf_core_dump+0x10/0x10 [ 3073.517231][T12413] ? mark_lock+0x9a/0x350 [ 3073.521578][T12413] ? mas_next_slot+0xeb2/0xf90 [ 3073.526362][T12413] ? __lock_acquire+0x1345/0x1fd0 [ 3073.531470][T12413] ? rcu_read_lock_any_held+0xb7/0x160 [ 3073.536979][T12413] ? 0xffffffffff600000 [ 3073.541162][T12413] ? getname_kernel+0x140/0x2f0 [ 3073.546051][T12413] do_coredump+0x1baa/0x2b50 [ 3073.550670][T12413] ? get_signal+0xbe1/0x1850 [ 3073.555309][T12413] ? __pfx_do_coredump+0x10/0x10 [ 3073.560304][T12413] ? _raw_spin_unlock_irq+0x23/0x50 [ 3073.565520][T12413] ? lockdep_hardirqs_on+0x98/0x140 [ 3073.570740][T12413] get_signal+0x146a/0x1850 [ 3073.575280][T12413] ? __pfx_get_signal+0x10/0x10 [ 3073.580155][T12413] ? __pfx_force_sig_fault+0x10/0x10 [ 3073.585473][T12413] arch_do_signal_or_restart+0x96/0x860 [ 3073.591132][T12413] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3073.597323][T12413] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3073.603152][T12413] irqentry_exit_to_user_mode+0x78/0x280 [ 3073.608805][T12413] exc_page_fault+0x587/0x870 [ 3073.613512][T12413] asm_exc_page_fault+0x26/0x30 [ 3073.618381][T12413] RIP: 0033:0x7f8ab667ddb1 [ 3073.622812][T12413] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3073.642915][T12413] RSP: 002b:0000000000000230 EFLAGS: 00010217 [ 3073.648998][T12413] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3073.656982][T12413] RDX: 0000000000000000 RSI: 0000000000000230 RDI: 0000000000000000 [ 3073.664960][T12413] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3073.672971][T12413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3073.680960][T12413] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3073.688965][T12413] [ 3073.894626][T12413] memory: usage 307200kB, limit 307200kB, failcnt 77195 [ 3073.963002][T12413] memory+swap: usage 400064kB, limit 9007199254740988kB, failcnt 0 [ 3074.014690][T12413] kmem: usage 43892kB, limit 9007199254740988kB, failcnt 0 [ 3074.064011][T12413] Memory cgroup stats for /syz4: [ 3074.064183][T12413] cache 268824576 [ 3074.074963][T12413] rss 720896 [ 3074.078880][T12413] rss_huge 0 [ 3074.082116][T12413] shmem 268824576 [ 3074.086637][T12413] mapped_file 102129664 [ 3074.090849][T12413] dirty 0 [ 3074.094274][T12413] writeback 0 [ 3074.098837][T12413] workingset_refault_anon 1064 [ 3074.103633][T12413] workingset_refault_file 0 [ 3074.108684][T12413] swap 95092736 [ 3074.112177][T12413] swapcached 81920 [ 3074.116689][T12413] pgpgin 1006840 [ 3074.120263][T12413] pgpgout 941013 [ 3074.123830][T12413] pgfault 1031391 [ 3074.128184][T12413] pgmajfault 703 [ 3074.131763][T12413] inactive_anon 155062272 [ 3074.136771][T12413] active_anon 114298880 [ 3074.140961][T12413] inactive_file 0 [ 3074.144619][T12413] active_file 0 [ 3074.152091][T12413] unevictable 0 [ 3074.155586][T12413] hierarchical_memory_limit 314572800 [ 3074.161539][T12413] hierarchical_memsw_limit 9223372036854771712 [ 3074.168325][T12413] total_cache 268824576 [ 3074.172527][T12413] total_rss 720896 [ 3074.176964][T12413] total_rss_huge 0 [ 3074.180718][T12413] total_shmem 268824576 [ 3074.184893][T12413] total_mapped_file 102129664 [ 3074.190698][T12413] total_dirty 0 [ 3074.194201][T12413] total_writeback 0 [ 3074.199142][T12413] total_workingset_refault_anon 1064 [ 3074.204573][T12413] total_workingset_refault_file 0 [ 3074.210192][T12413] total_swap 95092736 [ 3074.214205][T12413] total_swapcached 81920 [ 3074.219023][T12413] total_pgpgin 1006840 [ 3074.223119][T12413] total_pgpgout 941013 [ 3074.227832][T12413] total_pgfault 1031391 [ 3074.232014][T12413] total_pgmajfault 703 [ 3074.246512][T12413] total_inactive_anon 155062272 [ 3074.251400][T12413] total_active_anon 114298880 [ 3074.274749][T12413] total_inactive_file 0 [ 3074.284270][T12413] total_active_file 0 [ 3074.295775][T12413] total_unevictable 0 [ 3074.306817][T12413] anon_cost 0 [ 3074.310150][T12413] file_cost 0 [ 3074.313464][T12413] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=13682,uid=0 [ 3074.346091][T12413] Memory cgroup out of memory: Killed process 13682 (syz-executor.4) total-vm:54508kB, anon-rss:504kB, file-rss:8192kB, shmem-rss:21632kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3074.446251][ T7688] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3074.528240][ T7688] CPU: 1 PID: 7688 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3074.536893][ T7688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3074.546965][ T7688] Call Trace: [ 3074.550260][ T7688] [ 3074.553201][ T7688] dump_stack_lvl+0x1e7/0x2e0 [ 3074.557907][ T7688] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3074.563121][ T7688] ? __pfx__printk+0x10/0x10 [ 3074.567723][ T7688] ? ___ratelimit+0x4c4/0x670 [ 3074.572418][ T7688] ? __pfx____ratelimit+0x10/0x10 [ 3074.577461][ T7688] dump_header+0xda/0x6a0 [ 3074.581811][ T7688] oom_kill_process+0x3a7/0x930 [ 3074.586776][ T7688] out_of_memory+0xf67/0x1320 [ 3074.591484][ T7688] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3074.597132][ T7688] ? __pfx___mutex_lock+0x10/0x10 [ 3074.602181][ T7688] ? __pfx_out_of_memory+0x10/0x10 [ 3074.607317][ T7688] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3074.612880][ T7688] ? __pfx_lock_release+0x10/0x10 [ 3074.617922][ T7688] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3074.624020][ T7688] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3074.629231][ T7688] ? mem_cgroup_iter+0x422/0x560 [ 3074.634187][ T7688] try_charge_memcg+0xda2/0x18a0 [ 3074.639166][ T7688] ? __pfx_try_charge_memcg+0x10/0x10 [ 3074.644555][ T7688] ? percpu_ref_tryget+0x14/0x180 [ 3074.649672][ T7688] charge_memcg+0xa2/0x160 [ 3074.654111][ T7688] __mem_cgroup_charge+0x27/0x80 [ 3074.659091][ T7688] shmem_alloc_and_add_folio+0x393/0xde0 [ 3074.664774][ T7688] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3074.670961][ T7688] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3074.676207][ T7688] ? lockdep_hardirqs_on+0x98/0x140 [ 3074.681432][ T7688] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3074.687098][ T7688] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3074.693356][ T7688] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3074.699974][ T7688] shmem_write_begin+0x170/0x4d0 [ 3074.704940][ T7688] ? __pfx_shmem_write_begin+0x10/0x10 [ 3074.710604][ T7688] ? fault_in_iov_iter_readable+0x236/0x280 [ 3074.716537][ T7688] generic_perform_write+0x321/0x640 [ 3074.721852][ T7688] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3074.727774][ T7688] ? __pfx_generic_perform_write+0x10/0x10 [ 3074.733609][ T7688] ? mnt_put_write_access_file+0xc2/0x100 [ 3074.739359][ T7688] ? file_update_time+0x3ac/0x3e0 [ 3074.744420][ T7688] shmem_file_write_iter+0xfc/0x120 [ 3074.749661][ T7688] __kernel_write_iter+0x434/0x8c0 [ 3074.754804][ T7688] ? __pfx___kernel_write_iter+0x10/0x10 [ 3074.760490][ T7688] ? iov_iter_bvec+0x4e/0x1b0 [ 3074.765206][ T7688] dump_user_range+0x46c/0x910 [ 3074.770011][ T7688] ? __pfx_dump_user_range+0x10/0x10 [ 3074.775317][ T7688] ? writenote+0x250/0x3b0 [ 3074.779775][ T7688] ? kmalloc_trace+0x1d6/0x360 [ 3074.784560][ T7688] ? elf_core_dump+0x2e01/0x4630 [ 3074.789525][ T7688] ? dump_emit+0x99/0xd0 [ 3074.793806][ T7688] elf_core_dump+0x3d5d/0x4630 [ 3074.798660][ T7688] ? __pfx_elf_core_dump+0x10/0x10 [ 3074.803795][ T7688] ? mark_lock+0x9a/0x350 [ 3074.808173][ T7688] ? mas_next_slot+0xeb2/0xf90 [ 3074.812967][ T7688] ? __lock_acquire+0x1345/0x1fd0 [ 3074.818106][ T7688] ? rcu_read_lock_any_held+0xb7/0x160 [ 3074.823597][ T7688] ? 0xffffffffff600000 [ 3074.827778][ T7688] ? getname_kernel+0x140/0x2f0 [ 3074.832671][ T7688] do_coredump+0x1baa/0x2b50 [ 3074.837283][ T7688] ? get_signal+0xbe1/0x1850 [ 3074.841933][ T7688] ? __pfx_do_coredump+0x10/0x10 [ 3074.847372][ T7688] ? _raw_spin_unlock_irq+0x23/0x50 [ 3074.852589][ T7688] ? lockdep_hardirqs_on+0x98/0x140 [ 3074.857813][ T7688] get_signal+0x146a/0x1850 [ 3074.862363][ T7688] ? __pfx_get_signal+0x10/0x10 [ 3074.867238][ T7688] ? __pfx_force_sig_fault+0x10/0x10 [ 3074.872545][ T7688] arch_do_signal_or_restart+0x96/0x860 [ 3074.878113][ T7688] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3074.884386][ T7688] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3074.890226][ T7688] irqentry_exit_to_user_mode+0x78/0x280 [ 3074.895967][ T7688] exc_page_fault+0x587/0x870 [ 3074.900711][ T7688] asm_exc_page_fault+0x26/0x30 [ 3074.905609][ T7688] RIP: 0033:0x7f8ab667ddb1 [ 3074.910050][ T7688] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3074.929749][ T7688] RSP: 002b:0000000000000200 EFLAGS: 00010217 [ 3074.935849][ T7688] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3074.943830][ T7688] RDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000 [ 3074.951916][ T7688] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3074.959908][ T7688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3074.967917][ T7688] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3074.975935][ T7688] [ 3075.075373][ T7688] memory: usage 304908kB, limit 307200kB, failcnt 77649 [ 3075.086022][ T7688] memory+swap: usage 396476kB, limit 9007199254740988kB, failcnt 0 [ 3075.093977][ T7688] kmem: usage 43740kB, limit 9007199254740988kB, failcnt 0 [ 3075.114791][ T7688] Memory cgroup stats for /syz4: [ 3075.114992][ T7688] cache 263114752 [ 3075.125232][ T7688] rss 761856 [ 3075.129222][ T7688] rss_huge 0 [ 3075.132447][ T7688] shmem 263114752 [ 3075.141599][ T7688] mapped_file 86011904 [ 3075.145709][ T7688] dirty 0 [ 3075.149286][ T7688] writeback 0 [ 3075.152597][ T7688] workingset_refault_anon 1073 [ 3075.158149][ T7688] workingset_refault_file 0 [ 3075.162689][ T7688] swap 94932992 [ 3075.166848][ T7688] swapcached 90112 [ 3075.170606][ T7688] pgpgin 1008864 [ 3075.174172][ T7688] pgpgout 944422 [ 3075.178548][ T7688] pgfault 1032075 [ 3075.182214][ T7688] pgmajfault 716 [ 3075.185781][ T7688] inactive_anon 92356608 [ 3075.190659][ T7688] active_anon 171556864 [ 3075.194860][ T7688] inactive_file 0 [ 3075.199295][ T7688] active_file 0 [ 3075.202798][ T7688] unevictable 0 [ 3075.208641][ T7688] hierarchical_memory_limit 314572800 [ 3075.214046][ T7688] hierarchical_memsw_limit 9223372036854771712 [ 3075.221320][ T7688] total_cache 263114752 [ 3075.225513][ T7688] total_rss 761856 [ 3075.256207][ T7688] total_rss_huge 0 [ 3075.260040][ T7688] total_shmem 263114752 [ 3075.264215][ T7688] total_mapped_file 86011904 [ 3075.329377][ T7688] total_dirty 0 [ 3075.332914][ T7688] total_writeback 0 [ 3075.406592][ T7688] total_workingset_refault_anon 1073 [ 3075.411945][ T7688] total_workingset_refault_file 0 [ 3075.466098][ T7688] total_swap 94932992 [ 3075.470238][ T7688] total_swapcached 90112 [ 3075.474951][ T7688] total_pgpgin 1008864 [ 3075.576113][ T7688] total_pgpgout 944422 [ 3075.580345][ T7688] total_pgfault 1032075 [ 3075.584626][ T7688] total_pgmajfault 716 [ 3075.666165][ T7688] total_inactive_anon 92356608 [ 3075.671003][ T7688] total_active_anon 171556864 [ 3075.675711][ T7688] total_inactive_file 0 [ 3075.776055][ T7688] total_active_file 0 [ 3075.780121][ T7688] total_unevictable 0 [ 3075.784119][ T7688] anon_cost 0 [ 3075.866048][ T7688] file_cost 0 [ 3075.869405][ T7688] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=17721,uid=0 [ 3075.969527][ T7688] Memory cgroup out of memory: Killed process 17721 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:22528kB, UID:0 pgtables:132kB oom_score_adj:1000 14:00:51 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x293, 0x0, 0x0, 0x0) 14:00:51 executing program 3: r0 = semget$private(0x0, 0x5, 0x0) semctl$GETVAL(r0, 0x1, 0xc, &(0x7f0000000280)=""/4096) 14:00:51 executing program 0: syz_clone3(&(0x7f0000000000)={0x5086100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 14:00:51 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000007030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:51 executing program 2: r0 = socket$inet6_icmp_raw(0x1c, 0x3, 0x3a) setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x51, &(0x7f0000000000)={0x0, {{0x1c, 0x1c}}}, 0x88) 14:00:51 executing program 3: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040), 0xa801, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r0, 0x8010500c, &(0x7f0000000100)) [ 3077.068147][T20232] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:51 executing program 2: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8914, &(0x7f0000000000)={'xfrm0\x00'}) 14:00:51 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$netlink(r0, &(0x7f0000009240)={0x0, 0x0, 0x0}, 0x0) 14:00:51 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000000b030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:51 executing program 2: r0 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_tcp_int(r0, 0x6, 0x24, &(0x7f0000000100), &(0x7f0000000140)=0x4) 14:00:51 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000a00)={0x14}, 0x14}}, 0x0) 14:00:51 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x6, 0x0, 0x0) [ 3077.473051][T20246] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:51 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f}}, 0x20) 14:00:51 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x7c, 0x0, 0x0) 14:00:51 executing program 2: r0 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x0) ioctl$VIDIOC_QUERYBUF_DMABUF(r0, 0xc0585609, &(0x7f0000000080)={0x0, 0x9, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "6336167c"}, 0x0, 0x4, {}, 0x8}) 14:00:51 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000013030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:51 executing program 3: syz_io_uring_setup(0x545c, &(0x7f0000000100), &(0x7f0000000180), &(0x7f00000001c0)) 14:00:51 executing program 2: clock_gettime(0x0, &(0x7f0000000180)={0x0}) select(0x40, &(0x7f0000000080), 0x0, &(0x7f0000000140)={0x2}, &(0x7f00000001c0)={r0}) 14:00:52 executing program 3: bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0}, 0x20) 14:00:52 executing program 0: syz_io_uring_setup(0x65f1, &(0x7f0000000000), &(0x7f0000000080), 0x0) syz_io_uring_setup(0x32e5, &(0x7f0000000100), &(0x7f0000000180), &(0x7f00000001c0)) [ 3077.890091][T20259] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:52 executing program 3: clock_gettime(0x7, &(0x7f0000000100)) 14:00:52 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000019030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:52 executing program 3: io_uring_setup(0x217a, &(0x7f0000000380)={0x0, 0x0, 0x1000}) 14:00:52 executing program 0: openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x1e58c0, 0x0) 14:00:52 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0xb, &(0x7f0000000000), 0x6) [ 3078.277710][T20270] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:52 executing program 0: select(0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x0, 0x2710}) 14:00:52 executing program 3: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) epoll_pwait2(r0, &(0x7f00000000c0)=[{}], 0x1, 0x0, 0x0, 0x0) 14:00:52 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000029030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:52 executing program 0: openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x44180, 0x0) [ 3078.538452][T20281] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:52 executing program 3: r0 = socket$can_bcm(0x1d, 0x2, 0x2) recvmsg$can_bcm(r0, &(0x7f0000003a40)={0x0, 0x0, 0x0}, 0x0) 14:00:52 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000002b030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:52 executing program 2: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000001300), 0x0, 0x0) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(0xffffffffffffffff, 0x3312, 0x0) ioctl$SNAPSHOT_FREE(r0, 0x3305) landlock_restrict_self(0xffffffffffffffff, 0x0) [ 3078.766947][T20289] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:53 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x299, 0x0, 0x0, 0x0) 14:00:53 executing program 0: bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0}, 0x20) mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000140), 0x59) 14:00:53 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000003f030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:53 executing program 0: syz_io_uring_setup(0x3c2e, &(0x7f0000000100)={0x0, 0x0, 0x8}, 0x0, 0x0) [ 3079.084302][T20297] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:53 executing program 2: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000440)=ANY=[]) 14:00:53 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000057030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:53 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x64, 0x0, 0x0) 14:00:53 executing program 2: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045007, 0x0) [ 3079.334911][T20303] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:53 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x4, 0x0, 0x0) 14:00:53 executing program 2: bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x4, 0x0, 0x1}, 0x48) 14:00:53 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000007b030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:53 executing program 2: r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x0) getsockname$packet(r0, 0x0, 0x0) 14:00:53 executing program 0: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000030c0), 0x3612c1, 0x0) landlock_restrict_self(r0, 0x0) 14:00:53 executing program 3: r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x8, "ae4ae06db9b1711d7078480e17fbd8ad26bdc036fe82614a2883ce49595ec61a"}) ioctl$SW_SYNC_IOC_INC(r0, 0x40045701, &(0x7f00000000c0)) 14:00:53 executing program 0: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000030c0), 0x0, 0x0) sendmsg$nl_crypto(r0, 0x0, 0x0) 14:00:53 executing program 3: landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000030c0), 0x0, 0x0) io_uring_setup(0x11e9, &(0x7f0000000040)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, r2}) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x200300, 0x0) [ 3079.710538][T20316] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:54 executing program 0: socketpair(0x23, 0x0, 0x8, &(0x7f0000000080)) 14:00:54 executing program 2: openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) 14:00:54 executing program 3: syz_clone(0x20882000, &(0x7f0000001dc0), 0x0, 0x0, 0x0, 0x0) 14:00:54 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000007f030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:54 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x10, 0xf, &(0x7f0000000000)=@ringbuf, 0x0}, 0x90) 14:00:54 executing program 0: modify_ldt$write(0x1, &(0x7f0000000040), 0x10) 14:00:54 executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x39, &(0x7f0000000400)=@framed={{}, [@snprintf, @map_idx_val, @snprintf, @snprintf, @snprintf]}, &(0x7f0000000600)='GPL\x00', 0x9, 0x9b, &(0x7f0000000640)=""/155}, 0x90) [ 3080.048124][T20333] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:54 executing program 3: add_key(&(0x7f0000000080)='big_key\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0x0) 14:00:54 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x78, 0x0, 0x0) 14:00:54 executing program 2: bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)={@map, 0xffffffffffffffff, 0x31, 0x0, 0x0, @link_id}, 0x20) 14:00:54 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000085030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:54 executing program 0: syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f00000011c0)='ns/mnt\x00') 14:00:54 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0xe) 14:00:54 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@bloom_filter={0x1e, 0x0, 0x4, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4}, 0x48) 14:00:54 executing program 0: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000030c0), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001280)={0xc, 0x1, &(0x7f0000000080)=@raw=[@func], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x90) 14:00:54 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89a3, &(0x7f0000000200)={'syztnl2\x00', 0x0}) 14:00:54 executing program 0: r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000100), 0x401, 0x0) write$USERIO_CMD_REGISTER(r0, 0x0, 0x0) 14:00:54 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x0, 0x9b}, 0x48) 14:00:54 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000089030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:54 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x29d, 0x0, 0x0, 0x0) 14:00:54 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x3, &(0x7f0000000000), 0x6) 14:00:55 executing program 0: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, &(0x7f0000000440)=ANY=[@ANYBLOB="95a2f26c933b0499fd88"]) [ 3080.831575][T20367] misc userio: Invalid payload size 14:00:55 executing program 2: openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x0) 14:00:55 executing program 3: landlock_create_ruleset(&(0x7f0000000040)={0x8001}, 0x10, 0x0) 14:00:55 executing program 0: mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x70}, 0x20) 14:00:55 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000008b030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:55 executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x3, &(0x7f0000000400)=@framed, &(0x7f0000000600)='GPL\x00', 0x9, 0x9b, &(0x7f0000000640)=""/155}, 0x90) 14:00:55 executing program 2: bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@cgroup, 0xffffffffffffffff, 0x15}, 0x20) 14:00:55 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000280)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, 0x1}}}, &(0x7f00000003c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000480), 0x10}, 0x90) 14:00:55 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x76, 0x0, 0x0) 14:00:55 executing program 0: r0 = syz_open_dev$vbi(&(0x7f00000000c0), 0x3, 0x2) ioctl$VIDIOC_TRY_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000080)={0x0, 0x617, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 14:00:55 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r1, 0x0) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x2, @local}, 0x10) r2 = accept(r1, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000080)="09166d0a1b11576582b33a058454e295", 0x10) ioctl$TIOCL_SETSEL(r3, 0x5450, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/netstat\x00') setsockopt$inet6_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000000)=@gcm_128={{}, "317fd501cdf780a4", "99bf31ce2745c1fb8326f3d7a09d305d"}, 0x28) 14:00:55 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000000008f030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:55 executing program 3: openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x0, 0x0) 14:00:55 executing program 0: r0 = openat$damon_kdamond_pid(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) close$fd_v4l2_buffer(r0) 14:00:55 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000140)={'erspan0\x00', 0x0}) 14:00:55 executing program 0: r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_QUERYBUF_DMABUF(r0, 0xc0585609, &(0x7f0000000200)={0x0, 0x7, 0x4, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "9af37fd5"}}) 14:00:55 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000099030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:55 executing program 3: stat(&(0x7f0000000000)='./file0\x00', 0x0) open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 14:00:55 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000200), &(0x7f0000000240)=0xe) 14:00:55 executing program 3: openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x402, 0x0) 14:00:55 executing program 3: r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)) 14:00:55 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000003580)={0x11, 0x5, &(0x7f0000003240)=@framed={{}, [@map_idx_val]}, &(0x7f0000003300)='GPL\x00'}, 0x90) 14:00:56 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000a1030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:56 executing program 0: openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x0) 14:00:56 executing program 3: r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x39, &(0x7f0000000400)=@framed={{}, [@snprintf, @map_idx_val, @snprintf, @snprintf, @snprintf]}, &(0x7f0000000600)='GPL\x00', 0x9, 0x9b, &(0x7f0000000640)=""/155, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000740), 0x10}, 0x90) 14:00:56 executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001780)={0x18, 0x11, &(0x7f0000000440)=@ringbuf={{}, {}, {}, [@map_idx_val]}, &(0x7f0000000540)='GPL\x00'}, 0x90) 14:00:56 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000480)={'ip6gre0\x00', 0x0}) 14:00:56 executing program 3: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x1e, 0x0, 0x0) 14:00:56 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000a7030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:56 executing program 0: r0 = socket$nl_generic(0x10, 0x3, 0x10) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_GET(r0, &(0x7f0000000500)={&(0x7f00000000c0), 0xc, &(0x7f00000004c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="50030000", @ANYRES16=r1, @ANYBLOB="01002cbd7000fcdbdf2504"], 0x350}, 0x1, 0x0, 0x0, 0x1}, 0x0) [ 3082.242853][T20434] __nla_validate_parse: 6 callbacks suppressed [ 3082.242873][T20434] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3082.266841][ T1240] ieee802154 phy0 wpan0: encryption failed: -22 [ 3082.266906][ T1240] ieee802154 phy1 wpan1: encryption failed: -22 [ 3082.325478][T20436] netlink: 828 bytes leftover after parsing attributes in process `syz-executor.0'. 14:00:56 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2a5, 0x0, 0x0, 0x0) 14:00:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x18, 0x1, &(0x7f0000000140)=@raw=[@alu], 0x0}, 0x90) 14:00:56 executing program 2: r0 = syz_open_dev$vbi(&(0x7f0000000180), 0x2, 0x2) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000000)={0xc, @vbi}) 14:00:56 executing program 0: r0 = syz_open_dev$audion(0x0, 0x0, 0x0) mmap$IORING_OFF_SQES(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x10000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f00000002c0), r0) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r1, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x0) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000400), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010600000000000000000600000014"], 0x38}}, 0x0) 14:00:56 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000ad030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:56 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x8, &(0x7f0000000000), 0x6) [ 3082.640288][T20441] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 3082.655517][T20444] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:56 executing program 0: socketpair(0xa, 0x0, 0x401, &(0x7f0000000140)) 14:00:56 executing program 3: select(0x40, &(0x7f0000000080), &(0x7f0000000100)={0x5}, &(0x7f0000000140)={0x2}, &(0x7f00000001c0)) 14:00:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x17, 0xf, &(0x7f0000000080)=@ringbuf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x90) 14:00:57 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, &(0x7f0000000240)) 14:00:57 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) recvmsg$can_bcm(r0, &(0x7f0000001940)={0x0, 0x0, 0x0}, 0x12161) 14:00:57 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000b3030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:57 executing program 3: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000080), 0x9) sendmsg$can_bcm(r0, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f00000001c0)={0x0, 0x0, 0x0, {}, {0x0, 0xea60}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "d33b660eb5527d8bb1082554193d9383d08c1b65b2b9bf652983bf4b9a063a9822ecf248ca87ef48d49ecae7912281c8527fc321726ada38d1401ba232e51031"}}, 0x48}}, 0x0) 14:00:57 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x82, 0x0, 0x0) 14:00:57 executing program 0: r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/user\x00') ioctl$NS_GET_OWNER_UID(r0, 0xb704, &(0x7f0000000080)) [ 3082.960406][T20459] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:57 executing program 2: r0 = socket$pppoe(0x18, 0x1, 0x0) recvmsg(r0, &(0x7f0000002440)={0x0, 0x0, 0x0}, 0x42) 14:00:57 executing program 3: select(0x40, &(0x7f0000000300), 0x0, &(0x7f0000000380)={0x7}, &(0x7f00000003c0)={0x0, 0x2710}) 14:00:57 executing program 0: r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x0) recvmsg$can_bcm(r0, 0x0, 0x0) 14:00:57 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000bb030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:57 executing program 2: clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) select(0x40, &(0x7f0000000080), 0x0, &(0x7f0000000140)={0x2}, &(0x7f00000001c0)={0x0, r0/1000+60000}) 14:00:57 executing program 3: add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='r', 0x1, 0xfffffffffffffffd) [ 3083.285337][T20476] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:57 executing program 3: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000030c0), 0x0, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), r0) 14:00:57 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000d1030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:57 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="01"], 0x14}}, 0x0) 14:00:57 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x8971, &(0x7f0000000200)={'syztnl2\x00', 0x0}) [ 3083.508640][T20483] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:57 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0xc0045878, 0x0) 14:00:57 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x7b, 0x0, 0x0) 14:00:57 executing program 3: bpf$BPF_PROG_QUERY(0x4, &(0x7f0000000ac0)={@map, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/syz0\x00', 0x200002, 0x0) r1 = openat$incfs(0xffffffffffffff9c, &(0x7f00000001c0)='.pending_reads\x00', 0x841, 0x8) r2 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x10, 0x0, @val=@tracing={0xffffffffffffffff, 0x8}}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup=r0, r1, 0x0, 0x0, 0x0, @link_fd=r2}, 0x20) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'syztnl0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x2f, 0x0, 0x7, 0xffff4405, 0x0, @empty, @mcast2, 0x1, 0x20, 0x2, 0x17f1755f}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000140)={'ip6tnl0\x00', &(0x7f00000000c0)={'syztnl2\x00', r4, 0x29, 0x3, 0xd4, 0x7, 0x48, @mcast2, @local, 0x20, 0x7, 0xba, 0x3ff}}) 14:00:57 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000d5030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:57 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x7, 0x0, 0x0) 14:00:57 executing program 3: r0 = syz_open_dev$vbi(&(0x7f0000000180), 0x2, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) 14:00:58 executing program 2: openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) [ 3083.840044][T20496] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:58 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2a7, 0x0, 0x0, 0x0) 14:00:58 executing program 0: clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) pselect6(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x8}, &(0x7f0000000140)={0x0, r0+60000000}, &(0x7f00000001c0)={&(0x7f0000000180)={[0x1]}, 0x8}) 14:00:58 executing program 3: bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000000c0)={@map, 0xffffffffffffffff, 0x7, 0x0, 0xffffffffffffffff, @link_id}, 0x20) 14:00:58 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x15}, 0x48) 14:00:58 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000df030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:58 executing program 2: openat$vimc0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) 14:00:58 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_TUNNEL_DELETE(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000280)={0x2c, 0x0, 0x0, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_RECV_TIMEOUT]}, 0xffa9}}, 0x0) 14:00:58 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xd, 0x1, &(0x7f0000000100)=@raw=[@call], 0x0}, 0x90) 14:00:58 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x64, &(0x7f0000000000), 0x6) [ 3084.157873][T20510] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:58 executing program 0: r0 = landlock_create_ruleset(&(0x7f0000000080)={0x5110}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1cd921, 0x0) 14:00:58 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_DELETE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r1, 0x207, 0x0, 0x0, {}, [@L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_vlan\x00'}]}, 0x28}}, 0x0) 14:00:58 executing program 2: r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$l2tp6(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @private0}, 0x20) 14:00:58 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000e5030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:58 executing program 3: openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x40882, 0x0) [ 3084.375423][T20522] random: crng reseeded on system resumption 14:00:58 executing program 2: mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x100002}, 0x20) [ 3084.459651][T20529] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 14:00:58 executing program 2: openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x84000, 0x0) 14:00:59 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000eb030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:59 executing program 3: syz_genetlink_get_family_id$SEG6(&(0x7f00000036c0), 0xffffffffffffffff) 14:00:59 executing program 0: waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x0) 14:00:59 executing program 0: bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={0xffffffffffffffff, 0x0, 0x25, 0x0, @val=@kprobe_multi=@addrs={0x0, 0x0, 0x0, 0x0}}, 0x40) 14:00:59 executing program 3: recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003440)={0x77359400}) 14:00:59 executing program 3: r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x2001, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) pidfd_getfd(r0, r1, 0x0) syz_clone3(&(0x7f0000000240)={0x102000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x1f}, &(0x7f0000000100)=""/155, 0x9b, &(0x7f00000001c0)=""/59, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0xa}, 0x58) 14:00:59 executing program 0: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f00000004c0)={0x12, 0x10, 0xfa00, {0x0}}, 0x18) 14:00:59 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$netlink(r0, &(0x7f0000009240)={0x0, 0x0, &(0x7f00000091c0)=[{&(0x7f0000009280)={0x4d0, 0x0, 0x0, 0x0, 0x0, "", [@generic="13d9b0d3c92e9c43e84747c654d3f82682b4ea03ba1e27c05eeb3c16f2ce6a1ac8cff97c48be8b2948dfb5d2fd07b70bc132784f85a5d66bec2f7c176da375aff5d630088c834ecb887e616b4bf17f6e538262c487cb4ac97126254ea42348c12bf22529ccf55ad3ae8ce3c97f0f178776ac3f013b0d1742f5cfd88828e9b3448c421e85fb6b673aeeab22bc12a21fb0ef3082df5514f99577cd0ec2", @generic="159e64d2f5db3c37e05540f3c326cb3f25e88521ef90", @typed={0x4}, @generic="383936ba47dc94b8184a2cee1907fc15112034a81666e2d75765edb9b680b1504cf269f82db5d642650921c1af2c46f637030ebe278ec7d6c49c8f73880c6c068b5ae29b1b2e27a705a3205a760d0fbdf2a5eaaaddc0a40d65635090ee57fcecf31f14a65dc264193d209a7b3560eec43b80520a43ed811f3752f1d9cf8232b171f549bdc299bcb7f37b960aed6605682a7773b2ace66ef4084a2b201ab60aca286959c43f2b4d01bb561c73cd876932ca390fee7fd720d987ea9d665cc5dcb05d60a37f437fce07b1626276d0af8d7f98129599cab58687105ed2c934e4c89f6e7ae0641d6ef8f78bb5b9", @nested={0x79, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @generic="9ceff02d87240411cf5c57da86a81dcbda6d1b66f677346abeab41d2afb21788545ef71a77e43ade8596ad7891332bcc1f18fe993ec223ae3e113c7784c59a5a4110fbdebdc776ddf8dc722a14498ce9ff7d0fd36879046a674191dd58f2c09c004e6d0c2cc090b06b51f32801"]}, @nested={0x29d, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4}, @generic="a1ac12bfba7800b9671a8bff1523d4d4318a865595db32fab81c842616f01545f45c1319c5c17dded7e4491d16b5e26ab21c498f1f97b12243b7a739927f5c33dc4b2090f60415a705f564e0358ebcaf1368dfa006b2c19140b8b7a7dfedd414db916be2998ef0f66887012bdfd20e5193b26ca6e9cd8ded0158fddf0e7629f38c3f007a7f13ed29c7cdbb0bf0fabc0b70c9e28b", @typed={0x6, 0x0, 0x0, 0x0, @str=',\x00'}, @generic="50b4a43aed2a4f841ae6d48a937eaa844f2fe72312a6a9ffb014da244ebfcc61d716ed9717d07e8b249e0f58f8c03049258ab905edbe7d0d831a637ea8ff430750b7926c6d80c53b59df6f9aff39f5879c05cef35680339787496b712400c8480b7441cb540173874796bd9c7b1c0d1fcb6b8ca395b240a858bc546337ef7dc9b832b25adfb8977157ee65651c867032cee27c3a89f356f7eaf8d9c60ad8dc736291d9ec0ff8cb1a6465ef41c7fc5012dd5c35ee393161636e6ae85a0dcd7a51a3c716a0956f69c9c0eca8d00a91f2b3089069e0ea4f03fe5a10d7dd75de6326035dd0d1f22a340d8dfa24aa971459eb272ce4be7f28713dde09a111967cb94a1fdf81f592e61a44711830cedec0840f6ee9e224a2ac7f02bfd932ff5d1b5dd1afb607e522312e4d96ef8a1d4dbf", @typed={0xc, 0x0, 0x0, 0x0, @u64}, @generic="04a98b9fd499443499753a25a0843fd4c35b79ebaa46a928fc523b7fe6eac0506cb37172d1f93771c29ee8f1f086777d699ac75c2c2c3a8fe1911b213f1f14aa37aabacf0d6b8dabf6dc983b4532548d8e04e949d0e0e107abd7b89e8481d47dd2f95b9319c7dc0fdc2a102669b62bab30a473796b1be71ec5d350c8ad01adb11df7118f64bb95856d8cb24889833534cef3deee89289af46dddaa1f19d828192eb07133a29255b4f986e20895f83b297a35ab31e71f8f7b764312"]}]}, 0x4d0}, {&(0x7f0000000740)={0x650, 0x0, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @pid}, @nested={0xc, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @pid}]}, @generic="73f27b02b8ddce46af7fa7b66d2c47aa63a38d8e04adac0c", @generic="17028014ae1eba85891bbbcee84371a822c501293b18a32618d8e917065914507af72622ac93352087c342fef46fe8db0ab805870bf1a863173305010c6a5c0a430776e6e64c9922df3ad8773fab9e0a18debc0b3232c87ab14c1e7ac464b67309e2c11e53a86fcedf5b7ac847dfddf8e2c80f96b53ad05e2acbd58c2992c3b9428aca330438540ebf030cad842685b23a586c092d74fdaaa6f4aad27c20ee057bb39c8178eccb50829ed03b0a63c750892ae535851cdb6636b8eb0c639f66e040e61bf654a268b4cab6c4d88805017dfc57926e0f4e6ec675e7480e99cf", @nested={0x1dd, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@remote}, @generic="4644e60af30a0458044c119216fb142e162ce76ef5bc8c8b8858819e780ad7b848c319043314ae9ee098c68c46045c78de36c58a7a85e09341477851d1286ead21b6ee9e2c1b7182ac4c2f069dbbfaf60c4961720bc3587859c74804d2143cf286287ad44c2829c4ca0e711a59d9e665a49ccd2fe64bff625f89661b0b03d347503d6105e86eb9abfdae07c1421ee77dd7484e41aa98793361c479ca6cec43a25fdaad943a4359b4c6ff2bc11bf6ae72e507ccf0decdd5", @generic="16792eb205bd4ab6f11b2e086118dea3f6e08e2c811b9f223c670b8f4e9284d5497e85e48d8a913b40adf5181718df693fae5b8ff23af8a819f4eed953a26980f10d5e172e1a6ea0e1f0ea1f273b87f3ccf62e756f6dbe7f542d205abd18e97272a8de736c229a8b8d5eb8393819399b9ede46b1036402f8506e056618fcc687819776279d6364f7ec2f6c8488f80633c27b09aff6b55da15da50b58621ce650dabe0b4a670765082878748bd70697144dd1208ee22435f7d19d9a4d5265dd6d34", @generic="f0edbeb8ed47260d6eacf595aaedde4d01c7b739186cbeedf5c49da5121ef54720f4e834539149207e6080fae758044564834efde5c572f74e8ce68e7add0d3971", @typed={0x4}, @typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x8, 0x0, 0x0, 0x0, @pid}, @typed={0x4}]}, @nested={0x2a5, 0x0, 0x0, 0x1, [@generic="6095133b5011bb52273d5ea34cf5289b098ab54aa84767a86213c68fc09d330bee0a8eb0", @typed={0x9, 0x0, 0x0, 0x0, @str='\'!\x1f}\x00'}, @generic="b010b06768f7e3f0b91f797e334c771d340017605f18b2c5dbf8462be84ffc04b248ec32fda3fa7a8f4fbbcf23834267cd07a0aff46ee77c154cfb237da5d844872f70a210ccacb0d9ef3e2d3e49a65e55", @generic="27c8ffba6d4137eaacc8d231ee9cbc199a58a8d4b6f49f1510a5ca6122d2024bb374259bf9a8efcb8afd2c96429ee99bc55971444094e18ff3fca485176a09231844a351f5c634f2ec5eaa29be5f16e844b89e2edd5179467627d78c637df0f68da5aeff25b0ec9def6f511f737be834504f43e82f303621f5498b6b2462ced5e704d1ac22eb2ddd306949ffa2cd6387b1a756bea2b8c9b9454d00dde3e2534288c5c3ca476149f94ce0fb219f3f07242fec49e67f275724bb4e71ccab6d299ad9da9fc1632642130ac1ab2f576d1a51fcfdf7f977df5c49", @typed={0x81, 0x0, 0x0, 0x0, @binary="3a70a22cb220c610b2afec5600a7e3b6eaf02b0c0258c4db4be49de94b56f3ea8ab7fa41f6a33566c21bea2da830ec759a204850666de27d666c7f40019987cee29b17a7e25dcefdedf16f917ff8e15e6203e8fa70a605a369eb8438628741d778668c6188c9c3478eeea696cb8a1eff9da8965a4982efd2241c200dec"}, @generic="51e2f1fdaa2c4ea7ff001d9c83a8a1fe88c59e43365d11923be35270f04ce7dbe384d0c97c41e7b599aecc0e533eb4fddff31fe44f61c412f065c48df9c5042824a0f3e2a8673eaee27759386ffa9b9bc72f3d4b16f1f5ec60878aeff70001fa64481be38508fc7fe4ed0118fd65b01b6aaf144b607affb481f95f11be89377d8f5512434cb244d2196926af6d9f2dd8b12cfd90ca7b89921ff99bc0a1da9248fc9c702cfcf44e51b44dd6da44d674c02af0ac84f71c028d08499f3a76188f7b4ebcde82"]}, @typed={0xc, 0x0, 0x0, 0x0, @u64}, @generic="e66bb717aea4d1e95b1094f10611770d0d93f074f1fd37f8fe642fe7c9c5c5576df44863152c358621f05ca8bc8e50b490136bbe52b483fce892844f874f60e3b62fc6573fefdff88c360ab175ccbec919d3288450a2aae48237b87d611b7fe971a9bee683f96e9c3ccddc88155e852284dbfcd1ded325678cb321f368705537057740c8b77c0b8752ad74", @typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0xa, 0x0, 0x0, 0x0, @str='%!@-&\x00'}]}, 0x650}, {&(0x7f0000000f00)={0x70, 0x0, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @generic="8374b682751bb79b2b40251548b7b591b06437b52743dea3c62a6a60cf0436a7872ff922b4a4684645811d94d9a2f7e94290faea977db5a20023a773ee0ec5caf789548840818624bdbf74f6c99d078a90ed23d186"]}, 0x70}, {&(0x7f0000000f80)={0x270, 0x0, 0x0, 0x0, 0x0, "", [@generic="c275fa75ab369a1582c3551f86941fdf50561d5fdb2e674653532736c39ce4496f46bda7cbd4386278931bc6fc0f7304b9bbb42ce0449223bcb821b9a0674297b1bf5f88a7e4faec434a3376fe3ec74c52ab52e577f25af94ce0a35c4b0c28127f75b9a5ce2504fdcc", @generic="5f56978fd81e7206b704b08216827254a0c63b018f843af2a4bd3fe05c7b60335fa31e019dac68f05bd7200fb1d46780fe4bc09f71bec47783821ecba96761d1adcbae2833f93dca588541c5782158ea5a2cb8cb38dfc881a18d46b97dd4724223d5e3074d3af92c47804167e6916ea04207f06f9e4ecbb41cc6cf4d", @generic="d97e52d5219064304ea6cd63edbcef95763d73cbdd64862246e1697ca71dbadd37a695ce9e7655656f67a86d9314e7f23ce84b59774c459e81740864ed6744afcff351ed99da82b27bf98057344a0a186b4e4c7057bae8820b6ccf238baff2c3d22f6d260cb185e7e3d84a8edf6f7b03b1d81abdb1befb6a39687060f63519bd2c72a9914a975a718b83a24a6b8a7f071ce4d0abcf954f5f3bbe341038d5c4f7f7fc46702cee815f0f75b5bfc0f471ea238eb6f56c92d168db2aec51f44051fa0281f73e0cd733", @generic="c64c03b5174d5090d0a27cf1a3ca57f6c6b059ea2a4024ce883b85401e2f550a63bd2b18f2adac61c5d2d2be1c670fded7d7c5db9d14e3bcfaa21cb0c463136cd15780b19600ee1d5df69b4cfac4ff52dd75ea1db6114a1aa6b9115e811bfbe8d952bf3818a474b45b37cfc21ec9547d2d73651d687033be6e701736c13b681e7c92f4db8b1535c513bfeb8e78ada4c32e6996faff8d23009dc98ac1e91b46b62b91cdd4f5924729c0", @typed={0x8, 0x0, 0x0, 0x0, @str='/#*\x00'}]}, 0x270}, {&(0x7f0000001240)={0x204, 0x0, 0x0, 0x0, 0x0, "", [@typed={0x6, 0x0, 0x0, 0x0, @str=',\x00'}, @nested={0x1e9, 0x0, 0x0, 0x1, [@typed={0x85, 0x0, 0x0, 0x0, @binary="90d8b547b0c419e8de93ada628607b9b64a9825ca748c7dc5d7fe0eb098aca0a7a10d312494319a678250d4f80c6707e260cc3e7fee7889a421e122f7c9914da743be7958a9d01e71367adb9cb86299589c41d8494a2ed0c76a16c77d272f1f02703bc892f92d093aa5ac84a9862840abb4b11d4bf945af78b08b23aafde0f6501"}, @generic="40a26494889a355050bfc65471271b26859075cb96cb7a2d11e32ffcb033d2af87b22c38dcf85e4e3ee71b623b880774f9960183d59e6e4654a65dd04dcbbd1ef9f92d43d2b6f0cd8443d0fbbeb8f04fcd1810944f9baf8f4c0c55e80ea3dc07c0b4c9ad05844a90a7d332e252824f117f0ed9bf022007c243821f1e502e7b1ab7921020eea1f5a018f31c5c57921c4e99effa787d52f7f5cbfaa068b76cdf1d8cd3547b275b36794c6a898588d20a388a919cb4c345ed5941e70237af39f328da9445a0096e897147c196e6aee28d52183563f87d5c4878cc5fe1bbe335ed8d184c9b6ff5b258b20f1f7c0e20465aaac2", @generic="8e1d6a20a172ca29e9ab8570f80b6ec4acddcb8fd3c914e22a876e7b87409181f27e35824a15bf1831e71138dd97db8f7150ddd8af2cdf18d503f20bc72c27e19413c8206c083b998fafee24dd69c9c0f145b5a4088f0f7c4cdfc099aa0e2ff25791a27f4531e79429284eeb"]}]}, 0x204}], 0x5}, 0x0) 14:00:59 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$netlink(r0, &(0x7f0000009240)={0x0, 0x0, &(0x7f00000091c0)=[{0x0}, {0x0, 0x1f0}], 0x2}, 0x0) 14:00:59 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000f7030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:00:59 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$netlink(r0, &(0x7f0000009240)={0x0, 0x0, &(0x7f00000091c0)=[{&(0x7f0000009280)={0x18, 0x0, 0x0, 0x0, 0x0, "", [@typed={0x4}, @generic, @nested={0x4}]}, 0x18}, {0x0, 0x1f0}, {&(0x7f0000003900)={0x10}, 0x10}, {&(0x7f0000003940)={0x10}, 0x10}, {&(0x7f0000007b00)={0x64, 0x0, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}, @generic="ff7a2ae6b6000d78981f82e34a355eeea2484cad94baf7d8ade51a0c249b9a", @generic, @typed={0xa, 0x0, 0x0, 0x0, @str='$--*^\x00'}, @generic="1244f84850f38a25fb9802c0c431"]}, 0x64}, {&(0x7f0000009800)={0x1c, 0x0, 0x0, 0x0, 0x0, "", [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='&\x00'}, @generic]}]}, 0x1c}], 0x6}, 0x20008000) 14:00:59 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x6, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), r0) 14:00:59 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) read$FUSE(r0, &(0x7f0000003a80)={0x2020}, 0x2020) sendmsg$netlink(r0, &(0x7f0000009240)={0x0, 0x0, &(0x7f00000091c0)=[{&(0x7f0000009280)={0x14, 0x0, 0x0, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}, {0x0}], 0x2}, 0x0) 14:00:59 executing program 0: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$netlink(r0, &(0x7f0000009240)={0x0, 0x0, 0x0}, 0x20008003) 14:00:59 executing program 3: r0 = openat$apparmor_thread_exec(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) write$apparmor_exec(r0, &(0x7f00000002c0)=ANY=[], 0xc) 14:00:59 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000fb030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:01:00 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2b5, 0x0, 0x0, 0x0) 14:01:00 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000480)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0, 0x0, &(0x7f00000003c0)=[@dstaddrv4={0x10, 0x84, 0x9, @remote={0xac, 0x14, 0x0}}], 0x10}, 0x0) 14:01:00 executing program 3: r0 = openat$vimc2(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_QUERYBUF_DMABUF(r0, 0xc04c5609, &(0x7f0000000080)={0x0, 0x7, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "ffef0c48"}}) 14:01:00 executing program 2: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) sendmsg$netlink(r0, &(0x7f0000009240)={0x0, 0x0, &(0x7f00000091c0)=[{&(0x7f0000009280)={0x18, 0x0, 0x0, 0x0, 0x0, "", [@typed={0x4}, @generic, @nested={0x4}]}, 0xbd80}, {0x0, 0x1f0}, {&(0x7f0000003900)={0x10}, 0x10}, {&(0x7f0000003940)={0x10}, 0x10}, {&(0x7f0000007b00)={0x64, 0x0, 0x0, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}, @generic="ff7a2ae6b6000d78981f82e34a355eeea2484cad94baf7d8ade51a0c249b9a", @generic, @typed={0xa, 0x0, 0x0, 0x0, @str='$--*^\x00'}, @generic="1244f84850f38a25fb9802c0c431"]}, 0x64}, {&(0x7f0000009800)={0x1c, 0x0, 0x0, 0x0, 0x0, "", [@nested={0xc, 0x0, 0x0, 0x1, [@typed={0x6, 0x0, 0x0, 0x0, @str='&\x00'}, @generic]}]}, 0x1c}], 0x6}, 0x0) 14:01:00 executing program 0: r0 = openat$apparmor_thread_exec(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) write$apparmor_exec(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="737461636b3e92a26486eb15"], 0xc) 14:01:00 executing program 3: socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) read$FUSE(r0, &(0x7f0000003a80)={0x2020}, 0x2020) sendmsg$netlink(r0, &(0x7f0000009240)={0x0, 0x0, &(0x7f00000091c0)=[{0x0, 0x1f0}], 0x1}, 0x0) 14:01:00 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c000000100003040000000000fd030000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:01:00 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, &(0x7f0000000040)={0x8}) 14:01:00 executing program 0: fsopen(&(0x7f00000001c0)='autofs\x00', 0x0) 14:01:00 executing program 2: getdents64(0xffffffffffffffff, 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x129600, 0x0) getdents64(r0, &(0x7f0000000200)=""/167, 0xa7) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2800000010005fba000000eaffffff0000000000", @ANYRES32=0x0, @ANYBLOB="030000100000000008001b"], 0x28}}, 0x0) sendmsg$netlink(r2, &(0x7f0000006440)={0x0, 0x0, &(0x7f00000063c0)=[{&(0x7f0000000600)={0x34, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xc00, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @ipv4=@loopback}, @typed={0x14, 0x1b, 0x0, 0x0, @ipv6=@loopback={0x21}}]}, 0x34}], 0x1}, 0x0) 14:01:00 executing program 3: getdents64(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000006440)={0x0, 0x0, &(0x7f00000063c0)=[{&(0x7f0000000600)={0x34, 0x10, 0x1, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @ipv4=@loopback}, @typed={0x14, 0x1b, 0x0, 0x0, @ipv6=@loopback={0x21}}]}, 0x34}], 0x1}, 0x0) 14:01:00 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000000050000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) 14:01:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = creat(&(0x7f0000000040)='./bus\x00', 0x42) fcntl$setstatus(r2, 0x4, 0x46900) ftruncate(r2, 0x800) lseek(r2, 0x20400, 0x0) r3 = open(&(0x7f0000000240)='./bus\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0x80001d00c0d0) ftruncate(r2, 0x3) [ 3086.431563][T20687] vcan0: left promiscuous mode [ 3086.446394][T20687] vcan0: left allmulticast mode [ 3086.465586][T20687] 1ªX: left allmulticast mode 14:01:00 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(0xffffffffffffffff) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, 0x0, 0x0, 0x86, 0x1) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000140)={@dev}, 0x14) setsockopt$MRT6_PIM(0xffffffffffffffff, 0x29, 0xcf, &(0x7f00000004c0)=0x3, 0x4) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000480)={0x4, &(0x7f0000000440)=[{0x2129, 0x0, 0x0, 0x9}, {0xf800, 0x82, 0x3, 0x6}, {0x72, 0x81, 0x80, 0x5}, {0x1f, 0x6, 0x8, 0x7}]}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000006c0)=0xb9) [ 3086.476586][T20687] bond_slave_0: left allmulticast mode [ 3086.482198][T20687] bond_slave_1: left allmulticast mode [ 3086.493565][T20687] 8021q: adding VLAN 0 to HW filter on device team0 [ 3086.506486][T20687] dummy0: entered promiscuous mode 14:01:00 executing program 0: openat$pfkey(0xffffffffffffff9c, 0x0, 0x129600, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2800000010005fba000000eaffffff0000000000", @ANYRES32=0x0, @ANYBLOB="030000100000000008001b"], 0x28}}, 0x0) sendmsg$netlink(r1, &(0x7f0000006440)={0x0, 0x0, &(0x7f00000063c0)=[{&(0x7f0000000600)={0x34, 0x10, 0x1, 0x0, 0x18000000, "", [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @ipv4=@loopback}, @typed={0x14, 0x1b, 0x0, 0x0, @ipv6=@loopback={0x21}}]}, 0x34}], 0x1}, 0x0) [ 3086.608799][T20687] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 3086.647803][T20690] netlink: 'syz-executor.3': attribute type 27 has an invalid length. 14:01:01 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2b7, 0x0, 0x0, 0x0) [ 3087.222986][T20690] bridge0: port 3(erspan0) entered disabled state 14:01:02 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2c5, 0x0, 0x0, 0x0) [ 3088.313526][T20690] bridge0: port 2(bridge_slave_1) entered disabled state [ 3088.320936][T20690] bridge0: port 1(bridge_slave_0) entered disabled state [ 3088.531375][T20690] bond_slave_0: left promiscuous mode [ 3088.547687][T20690] bond_slave_1: left promiscuous mode [ 3088.694477][T20690] team_slave_0: left promiscuous mode [ 3088.735325][T20690] team_slave_1: left promiscuous mode 14:01:03 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2d5, 0x0, 0x0, 0x0) 14:01:04 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2e3, 0x0, 0x0, 0x0) 14:01:04 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2f3, 0x0, 0x0, 0x0) 14:01:05 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2f5, 0x0, 0x0, 0x0) 14:01:06 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2f7, 0x0, 0x0, 0x0) 14:01:07 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2f9, 0x0, 0x0, 0x0) [ 3093.865245][T20690] batman_adv: batadv0: Interface deactivated: ªªªªªª [ 3093.948685][T20690] batman_adv: batadv0: Interface deactivated: batadv_slave_1 14:01:08 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2fb, 0x0, 0x0, 0x0) 14:01:09 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2fd, 0x0, 0x0, 0x0) 14:01:09 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x300, 0x0, 0x0, 0x0) [ 3095.785797][T20690] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3095.799494][T20690] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3095.816871][T20690] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 3095.825795][T20690] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 14:01:11 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x301, 0x0, 0x0, 0x0) [ 3097.526632][T20721] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3097.681444][T20721] CPU: 0 PID: 20721 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3097.690213][T20721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3097.700296][T20721] Call Trace: [ 3097.703599][T20721] [ 3097.706581][T20721] dump_stack_lvl+0x1e7/0x2e0 [ 3097.711307][T20721] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3097.716546][T20721] ? __pfx__printk+0x10/0x10 [ 3097.721174][T20721] ? ___ratelimit+0x4c4/0x670 [ 3097.725896][T20721] ? __pfx____ratelimit+0x10/0x10 [ 3097.731017][T20721] dump_header+0xda/0x6a0 [ 3097.735403][T20721] oom_kill_process+0x3a7/0x930 [ 3097.740289][T20721] ? trace_contention_end+0x3c/0x100 [ 3097.745611][T20721] out_of_memory+0xf67/0x1320 [ 3097.750333][T20721] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3097.756017][T20721] ? __pfx___mutex_lock+0x10/0x10 [ 3097.761120][T20721] ? __pfx_out_of_memory+0x10/0x10 [ 3097.766284][T20721] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3097.771867][T20721] ? __pfx_lock_release+0x10/0x10 [ 3097.776936][T20721] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3097.783044][T20721] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3097.788287][T20721] ? mem_cgroup_iter+0x422/0x560 [ 3097.793289][T20721] try_charge_memcg+0xda2/0x18a0 [ 3097.798291][T20721] ? __pfx_try_charge_memcg+0x10/0x10 [ 3097.803715][T20721] ? percpu_ref_tryget+0x14/0x180 [ 3097.808780][T20721] charge_memcg+0xa2/0x160 [ 3097.813214][T20721] __mem_cgroup_charge+0x27/0x80 [ 3097.818265][T20721] shmem_alloc_and_add_folio+0x393/0xde0 [ 3097.823910][T20721] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3097.830085][T20721] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3097.835317][T20721] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3097.840968][T20721] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3097.847321][T20721] shmem_write_begin+0x170/0x4d0 [ 3097.852283][T20721] ? __pfx_shmem_write_begin+0x10/0x10 [ 3097.857767][T20721] ? fault_in_iov_iter_readable+0x236/0x280 [ 3097.863683][T20721] generic_perform_write+0x321/0x640 [ 3097.868995][T20721] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3097.874926][T20721] ? __pfx_generic_perform_write+0x10/0x10 [ 3097.880780][T20721] ? __pfx_generic_write_checks+0x10/0x10 [ 3097.886518][T20721] ? file_update_time+0x2a3/0x3e0 [ 3097.891564][T20721] shmem_file_write_iter+0xfc/0x120 [ 3097.896794][T20721] __kernel_write_iter+0x434/0x8c0 [ 3097.901957][T20721] ? __pfx___kernel_write_iter+0x10/0x10 [ 3097.907633][T20721] ? generic_file_llseek_size+0x34c/0x3b0 [ 3097.913382][T20721] ? iov_iter_bvec+0x4e/0x1b0 [ 3097.918085][T20721] dump_user_range+0x46c/0x910 [ 3097.922875][T20721] ? __pfx_dump_user_range+0x10/0x10 [ 3097.928445][T20721] ? writenote+0x250/0x3b0 [ 3097.932877][T20721] ? kmalloc_trace+0x1d6/0x360 [ 3097.937652][T20721] ? elf_core_dump+0x2e01/0x4630 [ 3097.942608][T20721] ? dump_emit+0x99/0xd0 [ 3097.946880][T20721] elf_core_dump+0x3d5d/0x4630 [ 3097.951705][T20721] ? __pfx_elf_core_dump+0x10/0x10 [ 3097.956961][T20721] ? mark_lock+0x9a/0x350 [ 3097.961313][T20721] ? mas_next_slot+0xeb2/0xf90 [ 3097.966102][T20721] ? __lock_acquire+0x1345/0x1fd0 [ 3097.971199][T20721] ? rcu_read_lock_any_held+0xb7/0x160 [ 3097.976778][T20721] ? 0xffffffffff600000 [ 3097.980964][T20721] ? getname_kernel+0x140/0x2f0 [ 3097.985858][T20721] do_coredump+0x1baa/0x2b50 [ 3097.992144][T20721] ? get_signal+0xbe1/0x1850 [ 3097.996790][T20721] ? __pfx_do_coredump+0x10/0x10 [ 3098.001785][T20721] ? _raw_spin_unlock_irq+0x23/0x50 [ 3098.007051][T20721] ? lockdep_hardirqs_on+0x98/0x140 [ 3098.012268][T20721] get_signal+0x146a/0x1850 [ 3098.016902][T20721] ? __pfx_get_signal+0x10/0x10 [ 3098.021771][T20721] ? __pfx_force_sig_fault+0x10/0x10 [ 3098.027081][T20721] arch_do_signal_or_restart+0x96/0x860 [ 3098.032647][T20721] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3098.038833][T20721] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3098.044670][T20721] irqentry_exit_to_user_mode+0x78/0x280 [ 3098.050320][T20721] exc_page_fault+0x587/0x870 [ 3098.055019][T20721] asm_exc_page_fault+0x26/0x30 [ 3098.059904][T20721] RIP: 0033:0x7f8ab667ddb1 [ 3098.064329][T20721] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3098.083948][T20721] RSP: 002b:00000000000002f0 EFLAGS: 00010217 [ 3098.090045][T20721] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3098.098031][T20721] RDX: 0000000000000000 RSI: 00000000000002f0 RDI: 0000000000000000 [ 3098.106010][T20721] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3098.114102][T20721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3098.122086][T20721] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3098.130087][T20721] [ 3098.136399][T20721] memory: usage 307200kB, limit 307200kB, failcnt 89119 [ 3098.143591][T20721] memory+swap: usage 400048kB, limit 9007199254740988kB, failcnt 0 [ 3098.153228][T20721] kmem: usage 44428kB, limit 9007199254740988kB, failcnt 0 [ 3098.161479][T20721] Memory cgroup stats for /syz4: [ 3098.166493][T20721] cache 267104256 [ 3098.175223][T20721] rss 1880064 [ 3098.179274][T20721] rss_huge 0 [ 3098.182601][T20721] shmem 267104256 [ 3098.187042][T20721] mapped_file 166297600 [ 3098.191326][T20721] dirty 0 [ 3098.212623][T20721] writeback 0 [ 3098.223884][T20721] workingset_refault_anon 1307 [ 3098.233539][T20721] workingset_refault_file 0 [ 3098.242937][T20721] swap 95076352 [ 3098.257276][T20721] swapcached 98304 [ 3098.266214][T20721] pgpgin 1139515 [ 3098.269802][T20721] pgpgout 1073822 [ 3098.273460][T20721] pgfault 1080277 [ 3098.289721][T20721] pgmajfault 905 [ 3098.293383][T20721] inactive_anon 35442688 [ 3098.298438][T20721] active_anon 233635840 [ 3098.302627][T20721] inactive_file 0 [ 3098.306733][T20721] active_file 0 [ 3098.310217][T20721] unevictable 0 [ 3098.313697][T20721] hierarchical_memory_limit 314572800 [ 3098.319280][T20721] hierarchical_memsw_limit 9223372036854771712 [ 3098.325592][T20721] total_cache 267104256 [ 3098.330289][T20721] total_rss 1880064 [ 3098.334156][T20721] total_rss_huge 0 [ 3098.338359][T20721] total_shmem 267104256 [ 3098.342610][T20721] total_mapped_file 166297600 [ 3098.347660][T20721] total_dirty 0 [ 3098.351152][T20721] total_writeback 0 [ 3098.354985][T20721] total_workingset_refault_anon 1307 [ 3098.360812][T20721] total_workingset_refault_file 0 [ 3098.366621][T20721] total_swap 95076352 [ 3098.370662][T20721] total_swapcached 98304 [ 3098.374966][T20721] total_pgpgin 1139515 [ 3098.380715][T20721] total_pgpgout 1073822 [ 3098.384922][T20721] total_pgfault 1080277 [ 3098.393112][T20721] total_pgmajfault 905 [ 3098.397591][T20721] total_inactive_anon 35442688 [ 3098.408005][T20721] total_active_anon 233635840 [ 3098.412809][T20721] total_inactive_file 0 [ 3098.425470][T20721] total_active_file 0 [ 3098.434205][T20721] total_unevictable 0 [ 3098.445253][T20721] anon_cost 0 [ 3098.456055][T20721] file_cost 0 [ 3098.459481][T20721] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=20283,uid=0 [ 3098.477109][T20721] Memory cgroup out of memory: Killed process 20283 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:22912kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3099.064031][T20711] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3099.180866][T20711] CPU: 0 PID: 20711 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3099.189618][T20711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3099.199721][T20711] Call Trace: [ 3099.203028][T20711] [ 3099.205981][T20711] dump_stack_lvl+0x1e7/0x2e0 [ 3099.210690][T20711] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3099.215905][T20711] ? __pfx__printk+0x10/0x10 [ 3099.220533][T20711] ? ___ratelimit+0x4c4/0x670 [ 3099.225235][T20711] ? __pfx____ratelimit+0x10/0x10 [ 3099.230281][T20711] dump_header+0xda/0x6a0 [ 3099.234647][T20711] oom_kill_process+0x3a7/0x930 [ 3099.239520][T20711] ? trace_contention_end+0x3c/0x100 [ 3099.244830][T20711] out_of_memory+0xf67/0x1320 [ 3099.249542][T20711] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3099.255189][T20711] ? __pfx___mutex_lock+0x10/0x10 [ 3099.260236][T20711] ? __pfx_out_of_memory+0x10/0x10 [ 3099.265369][T20711] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3099.270929][T20711] ? __pfx_lock_release+0x10/0x10 [ 3099.275978][T20711] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3099.282069][T20711] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3099.287292][T20711] ? mem_cgroup_iter+0x422/0x560 [ 3099.292253][T20711] try_charge_memcg+0xda2/0x18a0 [ 3099.297241][T20711] ? __pfx_try_charge_memcg+0x10/0x10 [ 3099.302639][T20711] ? percpu_ref_tryget+0x14/0x180 [ 3099.307702][T20711] charge_memcg+0xa2/0x160 [ 3099.312153][T20711] __mem_cgroup_charge+0x27/0x80 [ 3099.317135][T20711] shmem_alloc_and_add_folio+0x393/0xde0 [ 3099.322797][T20711] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3099.328976][T20711] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3099.334207][T20711] ? lockdep_hardirqs_on+0x98/0x140 [ 3099.339433][T20711] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3099.345095][T20711] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3099.351354][T20711] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3099.358065][T20711] shmem_write_begin+0x170/0x4d0 [ 3099.363035][T20711] ? __pfx_shmem_write_begin+0x10/0x10 [ 3099.368522][T20711] ? fault_in_iov_iter_readable+0x236/0x280 [ 3099.374445][T20711] generic_perform_write+0x321/0x640 [ 3099.379761][T20711] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3099.385786][T20711] ? __pfx_generic_perform_write+0x10/0x10 [ 3099.391628][T20711] ? mnt_put_write_access_file+0xc2/0x100 [ 3099.397373][T20711] ? file_update_time+0x3ac/0x3e0 [ 3099.402424][T20711] shmem_file_write_iter+0xfc/0x120 [ 3099.407641][T20711] __kernel_write_iter+0x434/0x8c0 [ 3099.412779][T20711] ? __pfx___kernel_write_iter+0x10/0x10 [ 3099.418431][T20711] ? generic_file_llseek_size+0x34c/0x3b0 [ 3099.424188][T20711] ? iov_iter_bvec+0x4e/0x1b0 [ 3099.428914][T20711] dump_user_range+0x46c/0x910 [ 3099.433709][T20711] ? __pfx_dump_user_range+0x10/0x10 [ 3099.439004][T20711] ? writenote+0x250/0x3b0 [ 3099.443460][T20711] ? kmalloc_trace+0x1d6/0x360 [ 3099.448248][T20711] ? elf_core_dump+0x2e01/0x4630 [ 3099.453210][T20711] ? dump_emit+0x99/0xd0 [ 3099.457468][T20711] elf_core_dump+0x3d5d/0x4630 [ 3099.462287][T20711] ? __pfx_elf_core_dump+0x10/0x10 [ 3099.467434][T20711] ? mark_lock+0x9a/0x350 [ 3099.471780][T20711] ? mas_next_slot+0xeb2/0xf90 [ 3099.476566][T20711] ? __lock_acquire+0x1345/0x1fd0 [ 3099.481652][T20711] ? rcu_read_lock_any_held+0xb7/0x160 [ 3099.487135][T20711] ? 0xffffffffff600000 [ 3099.491303][T20711] ? getname_kernel+0x140/0x2f0 [ 3099.496186][T20711] do_coredump+0x1baa/0x2b50 [ 3099.500798][T20711] ? get_signal+0xbe1/0x1850 [ 3099.505433][T20711] ? __pfx_do_coredump+0x10/0x10 [ 3099.510425][T20711] ? _raw_spin_unlock_irq+0x23/0x50 [ 3099.515652][T20711] ? lockdep_hardirqs_on+0x98/0x140 [ 3099.520867][T20711] get_signal+0x146a/0x1850 [ 3099.525409][T20711] ? __pfx_get_signal+0x10/0x10 [ 3099.530299][T20711] ? __pfx_force_sig_fault+0x10/0x10 [ 3099.535612][T20711] arch_do_signal_or_restart+0x96/0x860 [ 3099.541178][T20711] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3099.547367][T20711] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3099.553367][T20711] irqentry_exit_to_user_mode+0x78/0x280 [ 3099.559013][T20711] exc_page_fault+0x587/0x870 [ 3099.563708][T20711] asm_exc_page_fault+0x26/0x30 [ 3099.568579][T20711] RIP: 0033:0x7f8ab667ddb1 [ 3099.573003][T20711] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3099.592622][T20711] RSP: 002b:00000000000002c0 EFLAGS: 00010217 [ 3099.598705][T20711] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3099.606686][T20711] RDX: 0000000000000000 RSI: 00000000000002c0 RDI: 0000000000000000 [ 3099.614664][T20711] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3099.622642][T20711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3099.630623][T20711] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3099.638620][T20711] [ 3099.845884][T20711] memory: usage 307200kB, limit 307200kB, failcnt 90242 [ 3099.853203][T20711] memory+swap: usage 400008kB, limit 9007199254740988kB, failcnt 0 [ 3099.862574][T20711] kmem: usage 44348kB, limit 9007199254740988kB, failcnt 0 [ 3099.871023][T20711] Memory cgroup stats for /syz4: [ 3099.871183][T20711] cache 267210752 [ 3099.879874][T20711] rss 1822720 [ 3099.883210][T20711] rss_huge 0 [ 3099.886522][T20711] shmem 267210752 [ 3099.890184][T20711] mapped_file 151769088 [ 3099.894355][T20711] dirty 0 [ 3099.897698][T20711] writeback 0 [ 3099.901024][T20711] workingset_refault_anon 1307 [ 3099.905811][T20711] workingset_refault_file 0 [ 3099.912027][T20711] swap 95035392 [ 3099.915531][T20711] swapcached 94208 [ 3099.941894][T20711] pgpgin 1141203 [ 3099.945531][T20711] pgpgout 1075491 [ 3099.977418][T20711] pgfault 1080798 [ 3099.995411][T20711] pgmajfault 905 [ 3100.015250][T20711] inactive_anon 35442688 [ 3100.024157][T20711] active_anon 233713664 [ 3100.029581][T20711] inactive_file 0 [ 3100.033257][T20711] active_file 0 [ 3100.037128][T20711] unevictable 0 [ 3100.040632][T20711] hierarchical_memory_limit 314572800 [ 3100.048562][T20711] hierarchical_memsw_limit 9223372036854771712 [ 3100.054853][T20711] total_cache 267210752 [ 3100.078156][T20711] total_rss 1822720 [ 3100.082038][T20711] total_rss_huge 0 [ 3100.086467][T20711] total_shmem 267210752 [ 3100.090921][T20711] total_mapped_file 151769088 [ 3100.095636][T20711] total_dirty 0 [ 3100.101273][T20711] total_writeback 0 [ 3100.105788][T20711] total_workingset_refault_anon 1307 [ 3100.115401][T20711] total_workingset_refault_file 0 [ 3100.125579][T20711] total_swap 95035392 [ 3100.134745][T20711] total_swapcached 94208 [ 3100.155324][T20711] total_pgpgin 1141203 14:01:14 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x307, 0x0, 0x0, 0x0) [ 3100.204765][T20711] total_pgpgout 1075491 [ 3100.221807][T20711] total_pgfault 1080798 [ 3100.283326][T20711] total_pgmajfault 905 [ 3100.287665][T20711] total_inactive_anon 35442688 [ 3100.292457][T20711] total_active_anon 233713664 [ 3100.297198][T20711] total_inactive_file 0 [ 3100.301384][T20711] total_active_file 0 [ 3100.305405][T20711] total_unevictable 0 [ 3100.312102][T20711] anon_cost 0 [ 3100.315449][T20711] file_cost 0 [ 3100.321069][T20711] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=20359,uid=0 [ 3100.389996][T20711] Memory cgroup out of memory: Killed process 20359 (syz-executor.4) total-vm:54508kB, anon-rss:368kB, file-rss:8192kB, shmem-rss:22912kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3102.495459][ T30] oom_reaper: reaped process 20359 (syz-executor.4), now anon-rss:0kB, file-rss:8192kB, shmem-rss:19388kB 14:01:17 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x30b, 0x0, 0x0, 0x0) 14:01:17 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x30d, 0x0, 0x0, 0x0) 14:01:18 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x30f, 0x0, 0x0, 0x0) 14:01:19 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x315, 0x0, 0x0, 0x0) 14:01:22 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x317, 0x0, 0x0, 0x0) 14:01:23 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x31b, 0x0, 0x0, 0x0) [ 3109.832873][T20714] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3109.859488][T20714] CPU: 1 PID: 20714 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3109.868250][T20714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3109.878347][T20714] Call Trace: [ 3109.881661][T20714] [ 3109.884622][T20714] dump_stack_lvl+0x1e7/0x2e0 [ 3109.889354][T20714] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3109.894600][T20714] ? __pfx__printk+0x10/0x10 [ 3109.899239][T20714] ? ___ratelimit+0x4c4/0x670 [ 3109.903964][T20714] ? __pfx____ratelimit+0x10/0x10 [ 3109.909123][T20714] dump_header+0xda/0x6a0 [ 3109.913503][T20714] oom_kill_process+0x3a7/0x930 [ 3109.918394][T20714] ? trace_contention_end+0x3c/0x100 [ 3109.923727][T20714] out_of_memory+0xf67/0x1320 [ 3109.928458][T20714] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3109.934134][T20714] ? __pfx___mutex_lock+0x10/0x10 [ 3109.939224][T20714] ? __pfx_out_of_memory+0x10/0x10 [ 3109.944391][T20714] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3109.949974][T20714] ? __pfx_lock_release+0x10/0x10 [ 3109.955049][T20714] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3109.961164][T20714] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3109.966412][T20714] ? mem_cgroup_iter+0x422/0x560 [ 3109.971401][T20714] try_charge_memcg+0xda2/0x18a0 [ 3109.976414][T20714] ? __pfx_try_charge_memcg+0x10/0x10 [ 3109.981833][T20714] ? percpu_ref_tryget+0x14/0x180 [ 3109.986936][T20714] charge_memcg+0xa2/0x160 [ 3109.991408][T20714] __mem_cgroup_charge+0x27/0x80 [ 3109.996398][T20714] shmem_alloc_and_add_folio+0x393/0xde0 [ 3110.002083][T20714] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3110.008297][T20714] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3110.013572][T20714] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3110.019261][T20714] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3110.025649][T20714] shmem_write_begin+0x170/0x4d0 [ 3110.030815][T20714] ? __pfx_shmem_write_begin+0x10/0x10 [ 3110.036330][T20714] ? fault_in_iov_iter_readable+0x236/0x280 [ 3110.042274][T20714] generic_perform_write+0x321/0x640 [ 3110.047605][T20714] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3110.053560][T20714] ? __pfx_generic_perform_write+0x10/0x10 [ 3110.059412][T20714] ? __pfx_generic_write_checks+0x10/0x10 [ 3110.065173][T20714] ? file_update_time+0x2a3/0x3e0 [ 3110.070258][T20714] shmem_file_write_iter+0xfc/0x120 [ 3110.075496][T20714] __kernel_write_iter+0x434/0x8c0 [ 3110.080667][T20714] ? __pfx___kernel_write_iter+0x10/0x10 [ 3110.086351][T20714] ? generic_file_llseek_size+0x34c/0x3b0 [ 3110.092122][T20714] ? iov_iter_bvec+0x4e/0x1b0 [ 3110.096856][T20714] dump_user_range+0x46c/0x910 [ 3110.101677][T20714] ? __pfx_dump_user_range+0x10/0x10 [ 3110.107017][T20714] ? writenote+0x250/0x3b0 [ 3110.111487][T20714] ? kmalloc_trace+0x1d6/0x360 [ 3110.116297][T20714] ? elf_core_dump+0x2e01/0x4630 [ 3110.121274][T20714] ? dump_emit+0x99/0xd0 [ 3110.125557][T20714] elf_core_dump+0x3d5d/0x4630 [ 3110.130392][T20714] ? __pfx_elf_core_dump+0x10/0x10 [ 3110.135553][T20714] ? mark_lock+0x9a/0x350 [ 3110.139951][T20714] ? mas_next_slot+0xeb2/0xf90 [ 3110.144765][T20714] ? __lock_acquire+0x1345/0x1fd0 [ 3110.150598][T20714] ? rcu_read_lock_any_held+0xb7/0x160 [ 3110.156111][T20714] ? 0xffffffffff600000 [ 3110.160302][T20714] ? getname_kernel+0x140/0x2f0 [ 3110.165291][T20714] do_coredump+0x1baa/0x2b50 [ 3110.169935][T20714] ? get_signal+0xbe1/0x1850 [ 3110.174624][T20714] ? __pfx_do_coredump+0x10/0x10 [ 3110.179656][T20714] ? _raw_spin_unlock_irq+0x23/0x50 [ 3110.184902][T20714] ? lockdep_hardirqs_on+0x98/0x140 [ 3110.190163][T20714] get_signal+0x146a/0x1850 [ 3110.194744][T20714] ? __pfx_get_signal+0x10/0x10 [ 3110.199646][T20714] ? __pfx_force_sig_fault+0x10/0x10 [ 3110.204994][T20714] arch_do_signal_or_restart+0x96/0x860 [ 3110.210597][T20714] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3110.216823][T20714] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3110.222682][T20714] irqentry_exit_to_user_mode+0x78/0x280 [ 3110.228362][T20714] exc_page_fault+0x587/0x870 [ 3110.233086][T20714] asm_exc_page_fault+0x26/0x30 [ 3110.237989][T20714] RIP: 0033:0x7f8ab667ddb1 [ 3110.242448][T20714] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3110.262106][T20714] RSP: 002b:00000000000002d0 EFLAGS: 00010217 [ 3110.268249][T20714] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3110.276268][T20714] RDX: 0000000000000000 RSI: 00000000000002d0 RDI: 0000000000000000 [ 3110.284274][T20714] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3110.292291][T20714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3110.300307][T20714] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3110.308348][T20714] [ 3110.516597][T20714] memory: usage 303492kB, limit 307200kB, failcnt 93728 [ 3110.553727][T20714] memory+swap: usage 396028kB, limit 9007199254740988kB, failcnt 0 [ 3110.686568][T20714] kmem: usage 45476kB, limit 9007199254740988kB, failcnt 0 [ 3110.749339][T20714] Memory cgroup stats for /syz4: [ 3110.749553][T20714] cache 264019968 [ 3110.760690][T20714] rss 1093632 [ 3110.764025][T20714] rss_huge 0 [ 3110.768049][T20714] shmem 264024064 [ 3110.771719][T20714] mapped_file 55541760 [ 3110.775806][T20714] dirty 0 [ 3110.779515][T20714] writeback 0 [ 3110.784196][T20714] workingset_refault_anon 1374 [ 3110.789750][T20714] workingset_refault_file 0 [ 3110.794290][T20714] swap 94912512 [ 3110.798412][T20714] swapcached 45056 [ 3110.802173][T20714] pgpgin 1211297 [ 3110.805778][T20714] pgpgout 1146445 [ 3110.846230][T20714] pgfault 1110341 [ 3110.849941][T20714] pgmajfault 941 [ 3110.853520][T20714] inactive_anon 76840960 [ 3110.880412][T20714] active_anon 187654144 [ 3110.884638][T20714] inactive_file 0 [ 3110.900941][T20714] active_file 0 [ 3110.904453][T20714] unevictable 0 [ 3110.915515][T20714] hierarchical_memory_limit 314572800 [ 3110.935665][T20714] hierarchical_memsw_limit 9223372036854771712 14:01:25 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x323, 0x0, 0x0, 0x0) [ 3110.953966][T20714] total_cache 264019968 [ 3110.960080][T20714] total_rss 1093632 [ 3110.963935][T20714] total_rss_huge 0 [ 3111.017267][T20714] total_shmem 264024064 [ 3111.021493][T20714] total_mapped_file 55541760 [ 3111.115288][T20714] total_dirty 0 [ 3111.206543][T20714] total_writeback 0 [ 3111.210417][T20714] total_workingset_refault_anon 1374 [ 3111.296058][T20714] total_workingset_refault_file 0 [ 3111.301154][T20714] total_swap 94912512 [ 3111.305162][T20714] total_swapcached 45056 [ 3111.412736][T20714] total_pgpgin 1211297 [ 3111.480798][T20714] total_pgpgout 1146445 [ 3111.485121][T20714] total_pgfault 1110341 [ 3111.588210][T20714] total_pgmajfault 941 [ 3111.592347][T20714] total_inactive_anon 76840960 [ 3111.786135][T20714] total_active_anon 187654144 [ 3111.790907][T20714] total_inactive_file 0 [ 3111.795085][T20714] total_active_file 0 [ 3112.056511][T20714] total_unevictable 0 [ 3112.083938][T20714] anon_cost 0 [ 3112.087849][T20714] file_cost 0 [ 3112.091166][T20714] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=20721,uid=0 [ 3112.316051][T20714] Memory cgroup out of memory: Killed process 20721 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:9472kB, UID:0 pgtables:124kB oom_score_adj:1000 14:01:27 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x325, 0x0, 0x0, 0x0) [ 3114.570020][ T30] oom_reaper: reaped process 20721 (syz-executor.4), now anon-rss:60kB, file-rss:8192kB, shmem-rss:9344kB [ 3114.601249][T20765] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3114.757488][T20765] CPU: 0 PID: 20765 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3114.766237][T20765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3114.776320][T20765] Call Trace: [ 3114.779653][T20765] [ 3114.782612][T20765] dump_stack_lvl+0x1e7/0x2e0 [ 3114.787369][T20765] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3114.792585][T20765] ? __pfx__printk+0x10/0x10 [ 3114.797187][T20765] ? ___ratelimit+0x4c4/0x670 [ 3114.801900][T20765] ? __pfx____ratelimit+0x10/0x10 [ 3114.806957][T20765] dump_header+0xda/0x6a0 [ 3114.811481][T20765] oom_kill_process+0x3a7/0x930 [ 3114.816339][T20765] ? trace_contention_end+0x3c/0x100 [ 3114.821637][T20765] out_of_memory+0xf67/0x1320 [ 3114.826329][T20765] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3114.831971][T20765] ? __pfx___mutex_lock+0x10/0x10 [ 3114.837016][T20765] ? __pfx_out_of_memory+0x10/0x10 [ 3114.842150][T20765] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3114.847711][T20765] ? __pfx_lock_release+0x10/0x10 [ 3114.852752][T20765] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3114.858844][T20765] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3114.864056][T20765] ? mem_cgroup_iter+0x422/0x560 [ 3114.869009][T20765] try_charge_memcg+0xda2/0x18a0 [ 3114.873991][T20765] ? __pfx_try_charge_memcg+0x10/0x10 [ 3114.879382][T20765] ? percpu_ref_tryget+0x14/0x180 [ 3114.884441][T20765] charge_memcg+0xa2/0x160 [ 3114.888888][T20765] __mem_cgroup_charge+0x27/0x80 [ 3114.893844][T20765] shmem_alloc_and_add_folio+0x393/0xde0 [ 3114.899500][T20765] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3114.905670][T20765] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3114.910902][T20765] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3114.916549][T20765] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3114.922900][T20765] shmem_write_begin+0x170/0x4d0 [ 3114.927878][T20765] ? __pfx_shmem_write_begin+0x10/0x10 [ 3114.933366][T20765] ? fault_in_iov_iter_readable+0x236/0x280 [ 3114.939274][T20765] generic_perform_write+0x321/0x640 [ 3114.944575][T20765] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3114.950497][T20765] ? __pfx_generic_perform_write+0x10/0x10 [ 3114.956325][T20765] ? __pfx_generic_write_checks+0x10/0x10 [ 3114.962061][T20765] ? file_update_time+0x2a3/0x3e0 [ 3114.967115][T20765] shmem_file_write_iter+0xfc/0x120 [ 3114.972325][T20765] __kernel_write_iter+0x434/0x8c0 [ 3114.977467][T20765] ? __pfx___kernel_write_iter+0x10/0x10 [ 3114.983204][T20765] ? generic_file_llseek_size+0x34c/0x3b0 [ 3114.988967][T20765] ? iov_iter_bvec+0x4e/0x1b0 [ 3114.993662][T20765] dump_user_range+0x46c/0x910 [ 3114.998538][T20765] ? __pfx_dump_user_range+0x10/0x10 [ 3115.003860][T20765] ? writenote+0x250/0x3b0 [ 3115.008307][T20765] ? kmalloc_trace+0x1d6/0x360 [ 3115.013081][T20765] ? elf_core_dump+0x2e01/0x4630 [ 3115.018035][T20765] ? dump_emit+0x99/0xd0 [ 3115.022286][T20765] elf_core_dump+0x3d5d/0x4630 [ 3115.027084][T20765] ? __pfx_elf_core_dump+0x10/0x10 [ 3115.032213][T20765] ? mark_lock+0x9a/0x350 [ 3115.036549][T20765] ? mas_next_slot+0xeb2/0xf90 [ 3115.041331][T20765] ? __lock_acquire+0x1345/0x1fd0 [ 3115.046415][T20765] ? rcu_read_lock_any_held+0xb7/0x160 [ 3115.051894][T20765] ? 0xffffffffff600000 [ 3115.056068][T20765] ? getname_kernel+0x140/0x2f0 [ 3115.060951][T20765] do_coredump+0x1baa/0x2b50 [ 3115.065820][T20765] ? get_signal+0xbe1/0x1850 [ 3115.070461][T20765] ? __pfx_do_coredump+0x10/0x10 [ 3115.075448][T20765] ? _raw_spin_unlock_irq+0x23/0x50 [ 3115.080661][T20765] ? lockdep_hardirqs_on+0x98/0x140 [ 3115.086224][T20765] get_signal+0x146a/0x1850 [ 3115.090760][T20765] ? __pfx_get_signal+0x10/0x10 [ 3115.095633][T20765] ? __pfx_force_sig_fault+0x10/0x10 [ 3115.100952][T20765] arch_do_signal_or_restart+0x96/0x860 [ 3115.106516][T20765] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3115.112699][T20765] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3115.118520][T20765] irqentry_exit_to_user_mode+0x78/0x280 [ 3115.124168][T20765] exc_page_fault+0x587/0x870 [ 3115.128872][T20765] asm_exc_page_fault+0x26/0x30 [ 3115.133748][T20765] RIP: 0033:0x7f8ab667ddb1 [ 3115.138172][T20765] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3115.157798][T20765] RSP: 002b:0000000000000310 EFLAGS: 00010217 [ 3115.163887][T20765] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3115.172130][T20765] RDX: 0000000000000000 RSI: 0000000000000310 RDI: 0000000000000000 [ 3115.180108][T20765] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3115.188084][T20765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3115.196058][T20765] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3115.204046][T20765] [ 3115.632515][T20765] memory: usage 307200kB, limit 307200kB, failcnt 97477 [ 3115.687962][T20765] memory+swap: usage 417784kB, limit 9007199254740988kB, failcnt 0 [ 3115.741647][T20765] kmem: usage 45412kB, limit 9007199254740988kB, failcnt 0 [ 3115.826917][T20765] Memory cgroup stats for /syz4: [ 3115.827104][T20765] cache 266952704 [ 3115.870644][T20765] rss 1007616 [ 3115.874474][T20765] rss_huge 0 [ 3115.893915][T20765] shmem 266952704 [ 3115.913214][T20765] mapped_file 57143296 [ 3115.983254][T20765] dirty 0 [ 3116.026107][T20765] writeback 0 [ 3116.029458][T20765] workingset_refault_anon 1380 [ 3116.034298][T20765] workingset_refault_file 0 14:01:30 executing program 2: getdents64(0xffffffffffffffff, 0x0, 0x0) r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x129600, 0x0) getdents64(r0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2800000010005fba000000eaffffff0000000000", @ANYRES32=0x0, @ANYBLOB="030000100000000008001b"], 0x28}}, 0x0) sendmsg$netlink(r2, &(0x7f0000006440)={0x0, 0x0, &(0x7f00000063c0)=[{&(0x7f0000000600)={0x34, 0x10, 0x1, 0x0, 0x0, "", [@typed={0xdfc, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @ipv4=@loopback}, @typed={0x14, 0x1b, 0x0, 0x0, @ipv6=@loopback={0x21}}]}, 0x34}], 0x1}, 0x0) [ 3116.096091][T20765] swap 113238016 [ 3116.113514][T20765] swapcached 40960 14:01:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r3, 0xc008aec1, &(0x7f0000000000)) [ 3116.206635][T20765] pgpgin 1229239 [ 3116.216863][T20765] pgpgout 1163805 [ 3116.236670][T20765] pgfault 1115995 14:01:30 executing program 1: epoll_create(0x8001) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) socket$igmp6(0xa, 0x3, 0x2) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) epoll_create(0x2) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c00000010000304000000000000060000000300", @ANYRES32=r1, @ANYBLOB="0104000000000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r2], 0x3c}}, 0x0) [ 3116.275725][T20765] pgmajfault 947 [ 3116.329181][T20765] inactive_anon 175550464 [ 3116.385217][T20765] active_anon 91942912 [ 3116.505703][T20765] inactive_file 0 [ 3116.536087][T20765] active_file 0 [ 3116.588535][T20765] unevictable 0 [ 3116.606061][T20765] hierarchical_memory_limit 314572800 [ 3116.611496][T20765] hierarchical_memsw_limit 9223372036854771712 14:01:30 executing program 0: ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x107042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x1c1002, 0x0) ftruncate(r1, 0x5d801) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x187842, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x107042, 0x0) write(r3, &(0x7f0000000400)="6f88b2a60614ef91a3f8ef9e1220b2675bce0f59b2336b1e3eb222ffa77b91bd642da8472b07a5059831e5c03734ccff6480db993a9be5198f428be1838bef5847f8452dab06605676dc879a87d9c28bf128eb784296078f4a28e8a2595743bd65e4e6a9e5ced66e5524edc432ceaab8552a2c2f179d91122a961061343c8695c39084b2370dae938e8d43b6d6fbd905eff6c6360e26d2ef525c6a46357a0f26061ba8da82c8c39b6ec93cea456c8ed747b85fa822136714ad8bdb0d36d7c9c75354e5d73d216e45cb24fc975e092c08bd1bfb1102952f580acce4909b84036801c1f0b88c7508aa2bf5999b5f8b0da1b6d5a83203cf784ce1e8a562c75310eea1c28d9f650073742c8e9311718b35acee6a272bd76b7e547c06b9b9c461163e18f48033a79c7f3a6574c234d84fa9c569100e6c088070010175611c6643b7cd4eb643ab300fa1e46fb4027fe48882975fcfd5a5295ead29b97cb0e86af8a0b4beb400d3b54774eafac72f7d222a4248662afdd0072963aef817701d5fc445f61d563c3ed0992670002289a555f7bebfcc91b5c75e9222b17ed54aff16a3d6a0cfab24f8bffcaef7c61f2be13411eb800853f37dd2d0efc25abc246e833d350206539d5160991f02e4b0201f14ed8fdc814c4034ed7e438934b250352ece17f1145ba3ea72c698adfeeb89e4e1338fd7598d83f70137a83ef553d770193c4738", 0x353c00) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000240)={0x3920e, r0}) [ 3116.766817][T20765] total_cache 266952704 [ 3116.837440][T20765] total_rss 1007616 [ 3116.866348][T20765] total_rss_huge 0 [ 3116.870256][T20765] total_shmem 266952704 [ 3116.884569][T20765] total_mapped_file 57143296 [ 3116.937459][T20765] total_dirty 0 [ 3116.990646][T20765] total_writeback 0 [ 3117.031195][T20765] total_workingset_refault_anon 1380 [ 3117.088087][T20765] total_workingset_refault_file 0 [ 3117.093415][T20765] total_swap 113238016 [ 3117.116234][T20765] total_swapcached 40960 [ 3117.120531][T20765] total_pgpgin 1229239 [ 3117.124630][T20765] total_pgpgout 1163805 [ 3117.179542][T20765] total_pgfault 1115995 [ 3117.254772][T20765] total_pgmajfault 947 [ 3117.279294][T20765] total_inactive_anon 175550464 [ 3117.330618][T20765] total_active_anon 91942912 [ 3117.335272][T20765] total_inactive_file 0 [ 3117.374711][T20765] total_active_file 0 [ 3117.406291][T20765] total_unevictable 0 [ 3117.446275][T20765] anon_cost 0 [ 3117.449647][T20765] file_cost 0 [ 3117.513872][T20765] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=20748,uid=0 [ 3117.643496][T20765] Memory cgroup out of memory: Killed process 20748 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8224kB, shmem-rss:11520kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3119.090271][T20714] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 14:01:33 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x331, 0x0, 0x0, 0x0) [ 3119.434589][T20714] CPU: 1 PID: 20714 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3119.443351][T20714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3119.453449][T20714] Call Trace: [ 3119.456771][T20714] [ 3119.459822][T20714] dump_stack_lvl+0x1e7/0x2e0 [ 3119.464546][T20714] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3119.469778][T20714] ? __pfx__printk+0x10/0x10 [ 3119.474403][T20714] ? ___ratelimit+0x4c4/0x670 [ 3119.479129][T20714] ? __pfx____ratelimit+0x10/0x10 [ 3119.484195][T20714] dump_header+0xda/0x6a0 [ 3119.488586][T20714] oom_kill_process+0x3a7/0x930 [ 3119.493477][T20714] ? trace_contention_end+0x3c/0x100 [ 3119.498807][T20714] out_of_memory+0xf67/0x1320 [ 3119.503528][T20714] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3119.509195][T20714] ? __pfx___mutex_lock+0x10/0x10 [ 3119.514288][T20714] ? __pfx_out_of_memory+0x10/0x10 [ 3119.519458][T20714] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3119.525048][T20714] ? __pfx_lock_release+0x10/0x10 [ 3119.530136][T20714] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3119.536260][T20714] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3119.541510][T20714] ? mem_cgroup_iter+0x422/0x560 [ 3119.546499][T20714] try_charge_memcg+0xda2/0x18a0 [ 3119.551508][T20714] ? __pfx_try_charge_memcg+0x10/0x10 [ 3119.556920][T20714] ? percpu_ref_tryget+0x14/0x180 [ 3119.562024][T20714] charge_memcg+0xa2/0x160 [ 3119.566491][T20714] __mem_cgroup_charge+0x27/0x80 [ 3119.571472][T20714] shmem_alloc_and_add_folio+0x393/0xde0 [ 3119.577146][T20714] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3119.583338][T20714] ? filemap_map_pages+0x1248/0x1830 [ 3119.588678][T20714] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3119.593949][T20714] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3119.599645][T20714] shmem_fault+0x254/0x6f0 [ 3119.604115][T20714] ? __pfx_shmem_fault+0x10/0x10 [ 3119.609093][T20714] ? __pfx_lock_release+0x10/0x10 [ 3119.614157][T20714] ? pte_offset_map_nolock+0x137/0x1f0 [ 3119.619670][T20714] __do_fault+0x135/0x460 [ 3119.624038][T20714] ? __pfx_filemap_map_pages+0x10/0x10 [ 3119.629543][T20714] ? __handle_mm_fault+0x31c8/0x72d0 [ 3119.634857][T20714] __handle_mm_fault+0x49e6/0x72d0 [ 3119.640043][T20714] ? __pfx___handle_mm_fault+0x10/0x10 [ 3119.645567][T20714] ? follow_page_pte+0x28e/0x1910 [ 3119.650643][T20714] ? follow_page_pte+0x760/0x1910 [ 3119.655718][T20714] ? __pfx_lock_release+0x10/0x10 [ 3119.660821][T20714] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3119.666074][T20714] ? follow_page_pte+0x7f2/0x1910 [ 3119.671173][T20714] ? mt_find+0x62d/0x850 [ 3119.675495][T20714] handle_mm_fault+0x3c1/0x8a0 [ 3119.680319][T20714] __get_user_pages+0x6bd/0x1600 [ 3119.685314][T20714] ? get_dump_page+0xe1/0x2f0 [ 3119.690048][T20714] ? __pfx___get_user_pages+0x10/0x10 [ 3119.695490][T20714] ? __kernel_write_iter+0x632/0x8c0 [ 3119.700832][T20714] get_dump_page+0x154/0x2f0 [ 3119.705467][T20714] ? __pfx___kernel_write_iter+0x10/0x10 [ 3119.711145][T20714] ? __pfx_get_dump_page+0x10/0x10 [ 3119.716297][T20714] ? generic_file_llseek_size+0x34c/0x3b0 [ 3119.722071][T20714] ? iov_iter_bvec+0x4e/0x1b0 [ 3119.726895][T20714] dump_user_range+0x126/0x910 [ 3119.731721][T20714] ? __pfx_dump_user_range+0x10/0x10 [ 3119.737057][T20714] ? writenote+0x250/0x3b0 [ 3119.741529][T20714] ? kmalloc_trace+0x1d6/0x360 [ 3119.746350][T20714] ? elf_core_dump+0x2e01/0x4630 [ 3119.751334][T20714] ? dump_emit+0x99/0xd0 [ 3119.755628][T20714] elf_core_dump+0x3d5d/0x4630 [ 3119.760464][T20714] ? __pfx_elf_core_dump+0x10/0x10 [ 3119.765632][T20714] ? mark_lock+0x9a/0x350 [ 3119.770008][T20714] ? mas_next_slot+0xeb2/0xf90 [ 3119.774819][T20714] ? __lock_acquire+0x1345/0x1fd0 [ 3119.779946][T20714] ? rcu_read_lock_any_held+0xb7/0x160 [ 3119.785467][T20714] ? 0xffffffffff600000 [ 3119.789659][T20714] ? getname_kernel+0x140/0x2f0 [ 3119.794566][T20714] do_coredump+0x1baa/0x2b50 [ 3119.799203][T20714] ? get_signal+0xbe1/0x1850 [ 3119.803901][T20714] ? __pfx_do_coredump+0x10/0x10 [ 3119.808929][T20714] ? _raw_spin_unlock_irq+0x23/0x50 [ 3119.814174][T20714] ? lockdep_hardirqs_on+0x98/0x140 [ 3119.819421][T20714] get_signal+0x146a/0x1850 [ 3119.824000][T20714] ? __pfx_get_signal+0x10/0x10 [ 3119.828890][T20714] ? __pfx_force_sig_fault+0x10/0x10 [ 3119.834225][T20714] arch_do_signal_or_restart+0x96/0x860 [ 3119.839836][T20714] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3119.846072][T20714] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3119.851942][T20714] irqentry_exit_to_user_mode+0x78/0x280 [ 3119.857633][T20714] exc_page_fault+0x587/0x870 [ 3119.862362][T20714] asm_exc_page_fault+0x26/0x30 [ 3119.867259][T20714] RIP: 0033:0x7f8ab667ddb1 [ 3119.871734][T20714] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3119.891409][T20714] RSP: 002b:00000000000002d0 EFLAGS: 00010217 [ 3119.897530][T20714] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3119.905548][T20714] RDX: 0000000000000000 RSI: 00000000000002d0 RDI: 0000000000000000 [ 3119.913560][T20714] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3119.921572][T20714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3119.929583][T20714] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3119.937615][T20714] [ 3120.005242][T20714] memory: usage 306612kB, limit 307200kB, failcnt 99629 14:01:34 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x335, 0x0, 0x0, 0x0) [ 3120.088230][T20714] memory+swap: usage 416512kB, limit 9007199254740988kB, failcnt 0 [ 3120.112755][T20714] kmem: usage 45044kB, limit 9007199254740988kB, failcnt 0 [ 3120.291152][T20714] Memory cgroup stats for /syz4: [ 3120.306631][T20714] cache 264728576 [ 3120.315261][T20714] rss 970752 [ 3120.356172][T20714] rss_huge 0 [ 3120.359485][T20714] shmem 264728576 [ 3120.363169][T20714] mapped_file 60256256 [ 3120.728841][T20714] dirty 0 [ 3120.731837][T20714] writeback 0 [ 3120.735137][T20714] workingset_refault_anon 1380 [ 3121.083562][T20714] workingset_refault_file 0 [ 3121.196476][T20714] swap 112644096 [ 3121.288192][T20714] swapcached 12288 [ 3121.378663][ T8350] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 3121.391191][ T8350] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 3121.399603][ T8350] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 3121.421643][T20714] pgpgin 1238476 [ 3121.427663][T21011] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 3121.435634][T21018] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 3121.437499][T21011] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 3121.446266][T21018] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 3121.451534][T21011] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 3121.459978][T21018] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 3121.473542][T21018] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 3121.482418][T21018] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 3121.492523][T21018] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 3121.503045][T21020] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 3121.512170][T21018] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 3121.524724][T21020] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 3121.537976][T21020] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 3121.545281][T21018] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 3121.571914][T21018] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 3121.588765][T21020] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 3121.596133][T21020] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 3121.604300][T21020] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 3121.613866][T21020] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 3121.621089][T21018] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 3121.629750][T21018] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 3121.866141][T20714] pgpgout 1173606 [ 3121.869859][T20714] pgfault 1119074 [ 3121.873513][T20714] pgmajfault 947 [ 3121.936440][T20714] inactive_anon 74551296 [ 3121.948680][T20714] active_anon 190353408 [ 3122.003559][T20714] inactive_file 0 [ 3122.035693][T20714] active_file 0 [ 3122.068229][T20714] unevictable 0 [ 3122.102998][T20714] hierarchical_memory_limit 314572800 [ 3122.132582][T20714] hierarchical_memsw_limit 9223372036854771712 [ 3122.153326][T20714] total_cache 264728576 14:01:36 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x345, 0x0, 0x0, 0x0) [ 3122.246362][T20714] total_rss 970752 [ 3122.250147][T20714] total_rss_huge 0 [ 3122.253889][T20714] total_shmem 264728576 [ 3122.266017][T20714] total_mapped_file 60256256 [ 3122.300742][T20714] total_dirty 0 [ 3122.304259][T20714] total_writeback 0 [ 3122.336914][T20714] total_workingset_refault_anon 1380 [ 3122.342259][T20714] total_workingset_refault_file 0 [ 3122.361719][T20714] total_swap 112644096 [ 3122.365836][T20714] total_swapcached 12288 [ 3122.400332][T20714] total_pgpgin 1238476 [ 3122.441844][T20714] total_pgpgout 1173606 [ 3122.476309][T20714] total_pgfault 1119074 [ 3122.501587][T20714] total_pgmajfault 947 [ 3122.536251][T20714] total_inactive_anon 74551296 [ 3122.577999][T20714] total_active_anon 190353408 [ 3122.582749][T20714] total_inactive_file 0 [ 3122.636160][T20714] total_active_file 0 14:01:36 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x34b, 0x0, 0x0, 0x0) [ 3122.695169][T20714] total_unevictable 0 [ 3122.716188][T20714] anon_cost 0 [ 3122.719566][T20714] file_cost 0 [ 3122.722873][T20714] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=20745,uid=0 [ 3122.820409][T20714] Memory cgroup out of memory: Killed process 20745 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:8448kB, UID:0 pgtables:100kB oom_score_adj:1000 14:01:37 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x361, 0x0, 0x0, 0x0) [ 3123.455001][T20727] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3123.554064][T20727] CPU: 1 PID: 20727 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3123.562824][T20727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3123.572915][T20727] Call Trace: [ 3123.576226][T20727] [ 3123.579183][T20727] dump_stack_lvl+0x1e7/0x2e0 [ 3123.583905][T20727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3123.589150][T20727] ? __pfx__printk+0x10/0x10 [ 3123.593773][T20727] ? ___ratelimit+0x4c4/0x670 [ 3123.598500][T20727] ? __pfx____ratelimit+0x10/0x10 [ 3123.603565][T20727] dump_header+0xda/0x6a0 [ 3123.607936][T20727] oom_kill_process+0x3a7/0x930 [ 3123.612847][T20727] out_of_memory+0xf67/0x1320 [ 3123.617587][T20727] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3123.623278][T20727] ? __pfx___mutex_lock+0x10/0x10 [ 3123.628354][T20727] ? __pfx_out_of_memory+0x10/0x10 [ 3123.633518][T20727] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3123.639118][T20727] ? __pfx_lock_release+0x10/0x10 [ 3123.644213][T20727] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3123.650333][T20727] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3123.655594][T20727] ? mem_cgroup_iter+0x422/0x560 [ 3123.656112][ T5111] Bluetooth: hci5: command 0x0409 tx timeout [ 3123.660578][T20727] try_charge_memcg+0xda2/0x18a0 [ 3123.660615][T20727] ? early_init_intel+0xb78/0x10f0 [ 3123.668188][T21020] Bluetooth: hci6: command 0x0409 tx timeout [ 3123.671897][T20727] ? __pfx_try_charge_memcg+0x10/0x10 [ 3123.688709][T20727] ? percpu_ref_tryget+0x14/0x180 [ 3123.693815][T20727] charge_memcg+0xa2/0x160 [ 3123.696875][T21020] Bluetooth: hci8: command 0x0409 tx timeout [ 3123.698263][T20727] __mem_cgroup_charge+0x27/0x80 [ 3123.698306][T20727] shmem_alloc_and_add_folio+0x393/0xde0 [ 3123.705087][T21020] Bluetooth: hci7: command 0x0409 tx timeout [ 3123.709623][T20727] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3123.709668][T20727] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3123.709727][T20727] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3123.738716][T20727] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3123.745122][T20727] shmem_write_begin+0x170/0x4d0 [ 3123.750222][T20727] ? __pfx_shmem_write_begin+0x10/0x10 [ 3123.755732][T20727] ? fault_in_iov_iter_readable+0x236/0x280 [ 3123.761682][T20727] generic_perform_write+0x321/0x640 [ 3123.767020][T20727] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3123.772984][T20727] ? __pfx_generic_perform_write+0x10/0x10 [ 3123.778835][T20727] ? __pfx_generic_write_checks+0x10/0x10 [ 3123.784594][T20727] ? file_update_time+0x2a3/0x3e0 [ 3123.789663][T20727] shmem_file_write_iter+0xfc/0x120 [ 3123.794894][T20727] __kernel_write_iter+0x434/0x8c0 [ 3123.800060][T20727] ? __pfx___kernel_write_iter+0x10/0x10 [ 3123.805745][T20727] ? iov_iter_bvec+0x4e/0x1b0 [ 3123.810478][T20727] dump_user_range+0x46c/0x910 [ 3123.815288][T20727] ? __pfx_dump_user_range+0x10/0x10 [ 3123.820607][T20727] ? writenote+0x250/0x3b0 [ 3123.825087][T20727] ? kmalloc_trace+0x1d6/0x360 [ 3123.829893][T20727] ? elf_core_dump+0x2e01/0x4630 [ 3123.834867][T20727] ? dump_emit+0x99/0xd0 [ 3123.839143][T20727] elf_core_dump+0x3d5d/0x4630 [ 3123.843970][T20727] ? __pfx_elf_core_dump+0x10/0x10 [ 3123.849119][T20727] ? mark_lock+0x9a/0x350 [ 3123.853498][T20727] ? mas_next_slot+0xeb2/0xf90 [ 3123.858309][T20727] ? __lock_acquire+0x1345/0x1fd0 [ 3123.863429][T20727] ? rcu_read_lock_any_held+0xb7/0x160 [ 3123.868946][T20727] ? 0xffffffffff600000 [ 3123.873138][T20727] ? getname_kernel+0x140/0x2f0 [ 3123.878045][T20727] do_coredump+0x1baa/0x2b50 [ 3123.882681][T20727] ? get_signal+0xbe1/0x1850 [ 3123.887359][T20727] ? __pfx_do_coredump+0x10/0x10 [ 3123.892478][T20727] ? _raw_spin_unlock_irq+0x23/0x50 [ 3123.897719][T20727] ? lockdep_hardirqs_on+0x98/0x140 [ 3123.902975][T20727] get_signal+0x146a/0x1850 [ 3123.907552][T20727] ? __pfx_get_signal+0x10/0x10 [ 3123.912451][T20727] ? __pfx_force_sig_fault+0x10/0x10 [ 3123.917788][T20727] arch_do_signal_or_restart+0x96/0x860 [ 3123.923471][T20727] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3123.929693][T20727] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3123.935549][T20727] irqentry_exit_to_user_mode+0x78/0x280 [ 3123.941227][T20727] exc_page_fault+0x587/0x870 [ 3123.945954][T20727] asm_exc_page_fault+0x26/0x30 [ 3123.950847][T20727] RIP: 0033:0x7f8ab667ddb1 [ 3123.955296][T20727] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3123.974956][T20727] RSP: 002b:00000000000002f0 EFLAGS: 00010217 [ 3123.981079][T20727] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3123.989086][T20727] RDX: 0000000000000000 RSI: 00000000000002f0 RDI: 0000000000000000 [ 3123.997094][T20727] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3124.005099][T20727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3124.013105][T20727] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3124.021144][T20727] [ 3124.094285][T20727] memory: usage 301764kB, limit 307200kB, failcnt 100189 [ 3124.102090][T20727] memory+swap: usage 410252kB, limit 9007199254740988kB, failcnt 0 [ 3124.129327][T20727] kmem: usage 45224kB, limit 9007199254740988kB, failcnt 0 [ 3124.257698][T20727] Memory cgroup stats for /syz4: [ 3124.257882][T20727] cache 258531328 [ 3124.496159][T20727] rss 962560 [ 3124.506165][T20727] rss_huge 0 [ 3124.568933][T20727] shmem 258531328 [ 3124.666208][T20727] mapped_file 65470464 [ 3124.686708][T20727] dirty 0 [ 3124.746158][T20727] writeback 0 [ 3124.816111][T20727] workingset_refault_anon 1386 [ 3124.904853][T20727] workingset_refault_file 0 14:01:39 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x365, 0x0, 0x0, 0x0) [ 3125.026077][T20727] swap 113020928 [ 3125.029690][T20727] swapcached 36864 [ 3125.033433][T20727] pgpgin 1253477 [ 3125.128291][T20727] pgpgout 1190115 [ 3125.131987][T20727] pgfault 1123941 [ 3125.135686][T20727] pgmajfault 953 [ 3125.216351][T20727] inactive_anon 72581120 [ 3125.237394][T20727] active_anon 184852480 [ 3125.267824][T20727] inactive_file 0 [ 3125.318562][T20727] active_file 0 [ 3125.426929][T20727] unevictable 0 [ 3125.430463][T20727] hierarchical_memory_limit 314572800 [ 3125.486546][T20727] hierarchical_memsw_limit 9223372036854771712 [ 3125.492864][T20727] total_cache 258531328 14:01:39 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x36b, 0x0, 0x0, 0x0) [ 3125.646088][T20727] total_rss 962560 [ 3125.649963][T20727] total_rss_huge 0 [ 3125.653704][T20727] total_shmem 258531328 [ 3125.686202][T21020] Bluetooth: hci6: command 0x041b tx timeout [ 3125.692281][T21020] Bluetooth: hci5: command 0x041b tx timeout [ 3125.768938][T21020] Bluetooth: hci7: command 0x041b tx timeout [ 3125.775024][T21020] Bluetooth: hci8: command 0x041b tx timeout [ 3125.803016][T20727] total_mapped_file 65470464 [ 3125.885237][T20727] total_dirty 0 [ 3125.956103][T20727] total_writeback 0 [ 3125.960007][T20727] total_workingset_refault_anon 1386 [ 3125.965394][T20727] total_workingset_refault_file 0 [ 3126.016159][T20727] total_swap 113020928 [ 3126.020293][T20727] total_swapcached 36864 [ 3126.024563][T20727] total_pgpgin 1253477 [ 3126.096388][T20727] total_pgpgout 1190115 [ 3126.100601][T20727] total_pgfault 1123941 [ 3126.104773][T20727] total_pgmajfault 953 14:01:40 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x36d, 0x0, 0x0, 0x0) [ 3126.186891][T20727] total_inactive_anon 72581120 [ 3126.191739][T20727] total_active_anon 184852480 [ 3126.301984][T20727] total_inactive_file 0 [ 3126.326882][T20727] total_active_file 0 [ 3126.330924][T20727] total_unevictable 0 [ 3126.334927][T20727] anon_cost 0 [ 3126.456078][T20727] file_cost 0 [ 3126.475330][T20727] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=20734,uid=0 [ 3126.538933][T20727] Memory cgroup out of memory: Killed process 20734 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:9216kB, shmem-rss:15872kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3127.769561][T21020] Bluetooth: hci5: command 0x040f tx timeout [ 3127.775646][T21020] Bluetooth: hci6: command 0x040f tx timeout [ 3127.848273][ T5111] Bluetooth: hci7: command 0x040f tx timeout [ 3127.854766][T21020] Bluetooth: hci8: command 0x040f tx timeout 14:01:42 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x375, 0x0, 0x0, 0x0) 14:01:42 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x37b, 0x0, 0x0, 0x0) 14:01:43 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x37d, 0x0, 0x0, 0x0) [ 3129.846888][T21020] Bluetooth: hci6: command 0x0419 tx timeout [ 3129.852970][T21020] Bluetooth: hci5: command 0x0419 tx timeout [ 3129.926170][ T5111] Bluetooth: hci7: command 0x0419 tx timeout [ 3129.932269][T21020] Bluetooth: hci8: command 0x0419 tx timeout 14:01:45 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x37f, 0x0, 0x0, 0x0) 14:01:46 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x381, 0x0, 0x0, 0x0) 14:01:47 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x385, 0x0, 0x0, 0x0) [ 3134.078397][T20690] netdevsim netdevsim3 netdevsim0: left allmulticast mode 14:01:48 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x387, 0x0, 0x0, 0x0) 14:01:50 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x389, 0x0, 0x0, 0x0) [ 3136.514751][ T5122] syz-executor.4 invoked oom-killer: gfp_mask=0xdc0(GFP_KERNEL|__GFP_ZERO), order=0, oom_score_adj=0 [ 3136.563946][ T5122] CPU: 1 PID: 5122 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3136.572605][ T5122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3136.582691][ T5122] Call Trace: [ 3136.585991][ T5122] [ 3136.588946][ T5122] dump_stack_lvl+0x1e7/0x2e0 [ 3136.593664][ T5122] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3136.598899][ T5122] ? __pfx__printk+0x10/0x10 [ 3136.603530][ T5122] ? ___ratelimit+0x4c4/0x670 [ 3136.608266][ T5122] ? __pfx____ratelimit+0x10/0x10 [ 3136.613330][ T5122] dump_header+0xda/0x6a0 [ 3136.617725][ T5122] oom_kill_process+0x3a7/0x930 [ 3136.622621][ T5122] out_of_memory+0xf67/0x1320 [ 3136.627350][ T5122] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3136.633020][ T5122] ? __pfx___mutex_lock+0x10/0x10 [ 3136.638181][ T5122] ? __pfx_out_of_memory+0x10/0x10 [ 3136.643349][ T5122] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3136.648943][ T5122] ? __pfx_lock_release+0x10/0x10 [ 3136.654013][ T5122] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3136.660128][ T5122] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3136.665368][ T5122] ? mem_cgroup_iter+0x422/0x560 [ 3136.670359][ T5122] try_charge_memcg+0xda2/0x18a0 [ 3136.675372][ T5122] ? __pfx_try_charge_memcg+0x10/0x10 [ 3136.680791][ T5122] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 3136.686549][ T5122] ? __pfx_lock_release+0x10/0x10 [ 3136.691621][ T5122] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3136.697651][ T5122] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 3136.703410][ T5122] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 3136.709344][ T5122] obj_cgroup_charge+0x389/0x630 [ 3136.714339][ T5122] ? obj_cgroup_charge+0x121/0x630 [ 3136.719495][ T5122] ? __pfx_obj_cgroup_charge+0x10/0x10 [ 3136.724997][ T5122] ? kmem_cache_alloc+0x4f/0x340 [ 3136.729971][ T5122] ? __pfx___might_resched+0x10/0x10 [ 3136.735304][ T5122] __memcg_slab_pre_alloc_hook+0x28d/0x2b0 [ 3136.741163][ T5122] ? alloc_empty_file+0x9e/0x1d0 [ 3136.746141][ T5122] kmem_cache_alloc+0x202/0x340 [ 3136.751037][ T5122] alloc_empty_file+0x9e/0x1d0 [ 3136.755838][ T5122] path_openat+0xfa/0x3240 [ 3136.760327][ T5122] ? mark_lock+0x9a/0x350 [ 3136.764692][ T5122] ? __pfx_stack_trace_save+0x10/0x10 [ 3136.770107][ T5122] ? __lock_acquire+0x1345/0x1fd0 [ 3136.775176][ T5122] ? mark_lock+0x9a/0x350 [ 3136.779541][ T5122] ? __lock_acquire+0x1345/0x1fd0 [ 3136.784608][ T5122] ? __pfx_path_openat+0x10/0x10 [ 3136.789626][ T5122] do_filp_open+0x234/0x490 [ 3136.794172][ T5122] ? __pfx_do_filp_open+0x10/0x10 [ 3136.799270][ T5122] ? _raw_spin_unlock+0x28/0x50 [ 3136.804169][ T5122] ? alloc_fd+0x59c/0x640 [ 3136.808550][ T5122] do_sys_openat2+0x13e/0x1d0 [ 3136.813283][ T5122] ? __pfx_do_sys_openat2+0x10/0x10 [ 3136.818519][ T5122] ? kmem_cache_free+0x102/0x2a0 [ 3136.823526][ T5122] __x64_sys_openat+0x247/0x2a0 [ 3136.828421][ T5122] ? __pfx___x64_sys_openat+0x10/0x10 [ 3136.833833][ T5122] ? do_syscall_64+0x108/0x240 [ 3136.838643][ T5122] ? do_syscall_64+0xb4/0x240 [ 3136.843362][ T5122] do_syscall_64+0xf9/0x240 [ 3136.847914][ T5122] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 3136.853894][ T5122] RIP: 0033:0x7f8ab667c9a0 [ 3136.858347][ T5122] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 09 82 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 5c 82 02 00 8b 44 [ 3136.877997][ T5122] RSP: 002b:00007f8ab68cfce0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 3136.886478][ T5122] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f8ab667c9a0 [ 3136.894654][ T5122] RDX: 0000000000000002 RSI: 00007f8ab68cfe20 RDI: 00000000ffffff9c [ 3136.902661][ T5122] RBP: 00007f8ab68cfe20 R08: 0000000000000000 R09: 00007f8ab68cfaa7 [ 3136.910665][ T5122] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000032 [ 3136.918669][ T5122] R13: 00000000002fdaaa R14: 00000000002fd564 R15: 0000000000000003 [ 3136.926705][ T5122] [ 3137.036169][ T5122] memory: usage 305456kB, limit 307200kB, failcnt 112825 [ 3137.043272][ T5122] memory+swap: usage 415724kB, limit 9007199254740988kB, failcnt 0 [ 3137.172370][ T5122] kmem: usage 44796kB, limit 9007199254740988kB, failcnt 0 [ 3137.224605][ T5122] Memory cgroup stats for /syz4: [ 3137.225183][ T5122] cache 267804672 [ 3137.247482][ T5122] rss 692224 [ 3137.270009][ T5122] rss_huge 0 [ 3137.313915][ T5122] shmem 267804672 [ 3137.350103][ T5122] mapped_file 138412032 [ 3137.400028][ T5122] dirty 0 [ 3137.412886][ T5122] writeback 0 [ 3137.452973][ T5122] workingset_refault_anon 1670 [ 3137.476101][ T5122] workingset_refault_file 0 [ 3137.536095][ T5122] swap 111144960 [ 3137.539704][ T5122] swapcached 208896 [ 3137.543533][ T5122] pgpgin 1337307 [ 3137.616089][ T5122] pgpgout 1271706 [ 3137.619782][ T5122] pgfault 1153769 [ 3137.623435][ T5122] pgmajfault 1112 [ 3137.675076][ T5122] inactive_anon 185892864 [ 3137.816438][ T5122] active_anon 79806464 [ 3137.820574][ T5122] inactive_file 0 [ 3137.824229][ T5122] active_file 0 [ 3137.996080][ T5122] unevictable 0 [ 3137.999601][ T5122] hierarchical_memory_limit 314572800 [ 3138.005007][ T5122] hierarchical_memsw_limit 9223372036854771712 [ 3138.230615][ T5122] total_cache 267804672 [ 3138.234824][ T5122] total_rss 692224 [ 3138.336308][ T5122] total_rss_huge 0 [ 3138.340089][ T5122] total_shmem 267804672 [ 3138.344303][ T5122] total_mapped_file 138412032 [ 3138.546010][ T5122] total_dirty 0 [ 3138.549531][ T5122] total_writeback 0 [ 3138.553362][ T5122] total_workingset_refault_anon 1670 [ 3138.696050][ T5122] total_workingset_refault_file 0 [ 3138.701157][ T5122] total_swap 111144960 [ 3138.705246][ T5122] total_swapcached 208896 [ 3138.846269][ T5122] total_pgpgin 1337307 [ 3138.850406][ T5122] total_pgpgout 1271706 [ 3138.854597][ T5122] total_pgfault 1153769 [ 3138.996127][ T5122] total_pgmajfault 1112 [ 3139.036758][ T5122] total_inactive_anon 185892864 [ 3139.086078][ T5122] total_active_anon 79806464 [ 3139.090830][ T5122] total_inactive_file 0 [ 3139.095040][ T5122] total_active_file 0 [ 3139.276170][ T5122] total_unevictable 0 [ 3139.326041][ T5122] anon_cost 0 [ 3139.329398][ T5122] file_cost 0 [ 3139.332705][ T5122] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=20973,uid=0 [ 3139.723359][ T5122] Memory cgroup out of memory: Killed process 20973 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:6912kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3140.456732][T20692] netlink: 'syz-executor.2': attribute type 27 has an invalid length. 14:01:54 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x38b, 0x0, 0x0, 0x0) 14:01:55 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x38d, 0x0, 0x0, 0x0) 14:01:57 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x38f, 0x0, 0x0, 0x0) [ 3143.192688][ T5122] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3143.372881][ T5122] CPU: 0 PID: 5122 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3143.381543][ T5122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3143.391649][ T5122] Call Trace: [ 3143.394976][ T5122] [ 3143.397947][ T5122] dump_stack_lvl+0x1e7/0x2e0 [ 3143.402684][ T5122] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3143.407937][ T5122] ? __pfx__printk+0x10/0x10 [ 3143.412657][ T5122] ? ___ratelimit+0x4c4/0x670 [ 3143.417392][ T5122] ? __pfx____ratelimit+0x10/0x10 [ 3143.422461][ T5122] dump_header+0xda/0x6a0 [ 3143.426832][ T5122] oom_kill_process+0x3a7/0x930 [ 3143.431721][ T5122] out_of_memory+0xf67/0x1320 [ 3143.436441][ T5122] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3143.442132][ T5122] ? __pfx___mutex_lock+0x10/0x10 [ 3143.447199][ T5122] ? __pfx_out_of_memory+0x10/0x10 [ 3143.452364][ T5122] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3143.457961][ T5122] ? __pfx_lock_release+0x10/0x10 [ 3143.463042][ T5122] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3143.469152][ T5122] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3143.474387][ T5122] ? mem_cgroup_iter+0x422/0x560 [ 3143.479385][ T5122] try_charge_memcg+0xda2/0x18a0 [ 3143.484403][ T5122] ? __pfx_try_charge_memcg+0x10/0x10 [ 3143.489821][ T5122] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 3143.495580][ T5122] ? __pfx_lock_release+0x10/0x10 [ 3143.500655][ T5122] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3143.506690][ T5122] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 3143.512452][ T5122] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 3143.518300][ T5122] obj_cgroup_charge+0x389/0x630 [ 3143.523302][ T5122] ? obj_cgroup_charge+0x121/0x630 [ 3143.528461][ T5122] ? __pfx_obj_cgroup_charge+0x10/0x10 [ 3143.533967][ T5122] ? __pfx___might_resched+0x10/0x10 [ 3143.539300][ T5122] __memcg_slab_pre_alloc_hook+0x28d/0x2b0 [ 3143.545160][ T5122] ? sock_alloc_inode+0x28/0xc0 [ 3143.550051][ T5122] kmem_cache_alloc_lru+0x204/0x350 [ 3143.555297][ T5122] sock_alloc_inode+0x28/0xc0 [ 3143.560015][ T5122] ? __pfx_sock_alloc_inode+0x10/0x10 [ 3143.565435][ T5122] new_inode_pseudo+0x69/0x1e0 [ 3143.570289][ T5122] __sock_create+0x123/0x920 [ 3143.574932][ T5122] ? __pfx_debug_check_no_obj_freed+0x10/0x10 [ 3143.581061][ T5122] __sys_socket+0x14f/0x3c0 [ 3143.585613][ T5122] ? __pfx___sys_socket+0x10/0x10 [ 3143.590682][ T5122] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3143.597057][ T5122] ? do_syscall_64+0x108/0x240 [ 3143.601863][ T5122] __x64_sys_socket+0x7a/0x90 [ 3143.606588][ T5122] do_syscall_64+0xf9/0x240 [ 3143.611136][ T5122] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 3143.617063][ T5122] RIP: 0033:0x7f8ab667fb27 [ 3143.621507][ T5122] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 3143.641158][ T5122] RSP: 002b:00007f8ab68cf678 EFLAGS: 00000202 ORIG_RAX: 0000000000000029 [ 3143.649613][ T5122] RAX: ffffffffffffffda RBX: 00007f8ab67791a0 RCX: 00007f8ab667fb27 [ 3143.657670][ T5122] RDX: 0000000000000006 RSI: 0000000000000001 RDI: 0000000000000002 [ 3143.665762][ T5122] RBP: 00007f8ab68cfdbc R08: 0000000000000000 R09: 00007f8ab68cfaa7 [ 3143.673759][ T5122] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000032 [ 3143.681763][ T5122] R13: 00000000002ff442 R14: 0000000000000000 R15: 0000000000000003 [ 3143.689791][ T5122] [ 3143.702345][ T1240] ieee802154 phy0 wpan0: encryption failed: -22 [ 3143.708823][ T1240] ieee802154 phy1 wpan1: encryption failed: -22 [ 3143.742807][ T5122] memory: usage 307008kB, limit 307200kB, failcnt 115487 [ 3143.757720][ T5122] memory+swap: usage 417804kB, limit 9007199254740988kB, failcnt 0 [ 3143.765653][ T5122] kmem: usage 45180kB, limit 9007199254740988kB, failcnt 0 [ 3143.784032][ T5122] Memory cgroup stats for /syz4: [ 3143.784194][ T5122] cache 267571200 [ 3143.811461][ T5122] rss 708608 [ 3143.814699][ T5122] rss_huge 0 [ 3143.819399][ T5122] shmem 267571200 [ 3143.823059][ T5122] mapped_file 100134912 [ 3143.828596][ T5122] dirty 0 [ 3143.831566][ T5122] writeback 0 [ 3143.834872][ T5122] workingset_refault_anon 1685 [ 3143.860300][ T5122] workingset_refault_file 0 [ 3143.864857][ T5122] swap 113258496 [ 3143.875174][ T5122] swapcached 28672 [ 3143.879265][ T5122] pgpgin 1375776 [ 3143.882852][ T5122] pgpgout 1310272 [ 3143.896043][ T5122] pgfault 1169484 [ 3143.899754][ T5122] pgmajfault 1122 [ 3143.903439][ T5122] inactive_anon 173297664 [ 3143.908915][ T5122] active_anon 94982144 [ 3143.913018][ T5122] inactive_file 0 [ 3143.917291][ T5122] active_file 0 [ 3143.920784][ T5122] unevictable 0 [ 3143.924257][ T5122] hierarchical_memory_limit 314572800 [ 3143.933767][ T5122] hierarchical_memsw_limit 9223372036854771712 [ 3143.942631][ T5122] total_cache 267571200 [ 3143.947721][ T5122] total_rss 708608 [ 3143.951493][ T5122] total_rss_huge 0 [ 3143.955231][ T5122] total_shmem 267571200 [ 3143.960118][ T5122] total_mapped_file 100134912 [ 3143.964825][ T5122] total_dirty 0 [ 3143.968908][ T5122] total_writeback 0 [ 3143.972780][ T5122] total_workingset_refault_anon 1685 [ 3143.978806][ T5122] total_workingset_refault_file 0 [ 3143.983865][ T5122] total_swap 113258496 [ 3143.988532][ T5122] total_swapcached 28672 [ 3143.992807][ T5122] total_pgpgin 1375776 [ 3143.997402][ T5122] total_pgpgout 1310272 [ 3144.001589][ T5122] total_pgfault 1169484 [ 3144.005803][ T5122] total_pgmajfault 1122 [ 3144.010986][ T5122] total_inactive_anon 173297664 [ 3144.015933][ T5122] total_active_anon 94982144 [ 3144.021086][ T5122] total_inactive_file 0 [ 3144.025263][ T5122] total_active_file 0 [ 3144.029803][ T5122] total_unevictable 0 [ 3144.034533][ T5122] anon_cost 0 [ 3144.038321][ T5122] file_cost 0 [ 3144.041636][ T5122] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21103,uid=0 [ 3144.059670][ T5122] Memory cgroup out of memory: Killed process 21103 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:11648kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3144.263968][T20714] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3144.396594][T20714] CPU: 1 PID: 20714 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3144.405332][T20714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3144.415402][T20714] Call Trace: [ 3144.418694][T20714] [ 3144.421631][T20714] dump_stack_lvl+0x1e7/0x2e0 [ 3144.426331][T20714] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3144.431626][T20714] ? __pfx__printk+0x10/0x10 [ 3144.436224][T20714] ? ___ratelimit+0x4c4/0x670 [ 3144.440938][T20714] ? __pfx____ratelimit+0x10/0x10 [ 3144.446020][T20714] dump_header+0xda/0x6a0 [ 3144.450374][T20714] oom_kill_process+0x3a7/0x930 [ 3144.455242][T20714] out_of_memory+0xf67/0x1320 [ 3144.459940][T20714] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3144.465627][T20714] ? __pfx___mutex_lock+0x10/0x10 [ 3144.470673][T20714] ? __pfx_out_of_memory+0x10/0x10 [ 3144.475802][T20714] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3144.481359][T20714] ? __pfx_lock_release+0x10/0x10 [ 3144.486397][T20714] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3144.492481][T20714] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3144.497706][T20714] ? mem_cgroup_iter+0x422/0x560 [ 3144.502665][T20714] try_charge_memcg+0xda2/0x18a0 [ 3144.507763][T20714] ? __pfx_try_charge_memcg+0x10/0x10 [ 3144.513148][T20714] ? percpu_ref_tryget+0x14/0x180 [ 3144.518209][T20714] charge_memcg+0xa2/0x160 [ 3144.522654][T20714] __mem_cgroup_charge+0x27/0x80 [ 3144.527611][T20714] shmem_alloc_and_add_folio+0x393/0xde0 [ 3144.533349][T20714] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3144.539518][T20714] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3144.544753][T20714] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3144.550405][T20714] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3144.556755][T20714] shmem_write_begin+0x170/0x4d0 [ 3144.561713][T20714] ? __pfx_shmem_write_begin+0x10/0x10 [ 3144.567288][T20714] ? fault_in_iov_iter_readable+0x236/0x280 [ 3144.573198][T20714] generic_perform_write+0x321/0x640 [ 3144.578500][T20714] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3144.584418][T20714] ? __pfx_generic_perform_write+0x10/0x10 [ 3144.590240][T20714] ? __pfx_generic_write_checks+0x10/0x10 [ 3144.595995][T20714] ? file_update_time+0x2a3/0x3e0 [ 3144.601037][T20714] shmem_file_write_iter+0xfc/0x120 [ 3144.606248][T20714] __kernel_write_iter+0x434/0x8c0 [ 3144.611380][T20714] ? __pfx___kernel_write_iter+0x10/0x10 [ 3144.617033][T20714] ? __pfx___sanitizer_cov_trace_const_cmp4+0x10/0x10 [ 3144.623815][T20714] ? iov_iter_bvec+0x4e/0x1b0 [ 3144.628513][T20714] dump_user_range+0x46c/0x910 [ 3144.633298][T20714] ? __pfx_dump_user_range+0x10/0x10 [ 3144.638591][T20714] ? writenote+0x250/0x3b0 [ 3144.643025][T20714] ? kmalloc_trace+0x1d6/0x360 [ 3144.647802][T20714] ? elf_core_dump+0x2e01/0x4630 [ 3144.652751][T20714] ? dump_emit+0x99/0xd0 [ 3144.657013][T20714] elf_core_dump+0x3d5d/0x4630 [ 3144.661807][T20714] ? __pfx_elf_core_dump+0x10/0x10 [ 3144.666925][T20714] ? mark_lock+0x9a/0x350 [ 3144.671277][T20714] ? mas_next_slot+0xeb2/0xf90 [ 3144.676053][T20714] ? __lock_acquire+0x1345/0x1fd0 [ 3144.681131][T20714] ? rcu_read_lock_any_held+0xb7/0x160 [ 3144.686603][T20714] ? 0xffffffffff600000 [ 3144.690776][T20714] ? getname_kernel+0x140/0x2f0 [ 3144.695643][T20714] do_coredump+0x1baa/0x2b50 [ 3144.700245][T20714] ? get_signal+0xbe1/0x1850 [ 3144.704876][T20714] ? __pfx_do_coredump+0x10/0x10 [ 3144.709860][T20714] ? _raw_spin_unlock_irq+0x23/0x50 [ 3144.715070][T20714] ? lockdep_hardirqs_on+0x98/0x140 [ 3144.720289][T20714] get_signal+0x146a/0x1850 [ 3144.724823][T20714] ? __pfx_get_signal+0x10/0x10 [ 3144.729689][T20714] ? __pfx_force_sig_fault+0x10/0x10 [ 3144.734995][T20714] arch_do_signal_or_restart+0x96/0x860 [ 3144.740561][T20714] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3144.746744][T20714] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3144.752565][T20714] irqentry_exit_to_user_mode+0x78/0x280 [ 3144.758217][T20714] exc_page_fault+0x587/0x870 [ 3144.762921][T20714] asm_exc_page_fault+0x26/0x30 [ 3144.767794][T20714] RIP: 0033:0x7f8ab667ddb1 [ 3144.772222][T20714] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3144.791851][T20714] RSP: 002b:00000000000002d0 EFLAGS: 00010217 [ 3144.797945][T20714] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3144.805927][T20714] RDX: 0000000000000000 RSI: 00000000000002d0 RDI: 0000000000000000 [ 3144.813913][T20714] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3144.821896][T20714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3144.829871][T20714] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3144.837958][T20714] [ 3145.109371][T20714] memory: usage 301316kB, limit 307200kB, failcnt 115798 [ 3145.158642][T20714] memory+swap: usage 411628kB, limit 9007199254740988kB, failcnt 0 [ 3145.179254][T20714] kmem: usage 45032kB, limit 9007199254740988kB, failcnt 0 [ 3145.195132][T20714] Memory cgroup stats for /syz4: [ 3145.195344][T20714] cache 260923392 [ 3145.256200][T20714] rss 643072 [ 3145.259475][T20714] rss_huge 0 [ 3145.263007][T20714] shmem 260923392 [ 3145.356082][T20714] mapped_file 91910144 [ 3145.360217][T20714] dirty 0 [ 3145.363498][T20714] writeback 12288 [ 3145.465614][T20714] workingset_refault_anon 1685 [ 3145.494592][T20714] workingset_refault_file 0 [ 3145.556062][T20714] swap 112660480 [ 3145.581639][T20714] swapcached 49152 [ 3145.585420][T20714] pgpgin 1379945 [ 3145.666655][T20714] pgpgout 1316075 [ 3145.686113][T20714] pgfault 1171137 [ 3145.690192][T20714] pgmajfault 1122 [ 3145.693835][T20714] inactive_anon 149676032 [ 3145.826246][T20714] active_anon 111251456 [ 3145.834807][T20714] inactive_file 0 [ 3145.849187][T20714] active_file 0 [ 3145.852687][T20714] unevictable 0 [ 3145.905754][T20714] hierarchical_memory_limit 314572800 [ 3145.931086][T20714] hierarchical_memsw_limit 9223372036854771712 [ 3145.946451][T20714] total_cache 260923392 [ 3145.950659][T20714] total_rss 643072 [ 3145.954415][T20714] total_rss_huge 0 [ 3145.966088][T20714] total_shmem 260923392 [ 3145.970287][T20714] total_mapped_file 91910144 [ 3145.974889][T20714] total_dirty 0 [ 3146.120437][T20714] total_writeback 12288 [ 3146.124659][T20714] total_workingset_refault_anon 1685 [ 3146.144162][T20714] total_workingset_refault_file 0 [ 3146.168173][T20714] total_swap 112660480 [ 3146.172306][T20714] total_swapcached 49152 [ 3146.192829][T20714] total_pgpgin 1379945 [ 3146.204818][T20714] total_pgpgout 1316075 [ 3146.214299][T20714] total_pgfault 1171137 [ 3146.226849][T20714] total_pgmajfault 1122 [ 3146.231057][T20714] total_inactive_anon 149676032 [ 3146.254094][T20714] total_active_anon 111251456 [ 3146.271089][T20714] total_inactive_file 0 [ 3146.275287][T20714] total_active_file 0 [ 3146.292377][T20714] total_unevictable 0 [ 3146.301593][T20714] anon_cost 0 [ 3146.304927][T20714] file_cost 0 [ 3146.322804][T20714] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=20759,uid=0 [ 3146.366180][T20714] Memory cgroup out of memory: Killed process 20759 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:8192kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 3146.860121][T21176] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3146.976068][T21176] CPU: 1 PID: 21176 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3146.984808][T21176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3146.994889][T21176] Call Trace: [ 3146.998192][T21176] [ 3147.001147][T21176] dump_stack_lvl+0x1e7/0x2e0 [ 3147.005872][T21176] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3147.011129][T21176] ? __pfx__printk+0x10/0x10 [ 3147.015749][T21176] ? ___ratelimit+0x4c4/0x670 [ 3147.020467][T21176] ? __pfx____ratelimit+0x10/0x10 [ 3147.025561][T21176] dump_header+0xda/0x6a0 [ 3147.029944][T21176] oom_kill_process+0x3a7/0x930 [ 3147.034834][T21176] out_of_memory+0xf67/0x1320 [ 3147.039530][T21176] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3147.045172][T21176] ? __pfx___mutex_lock+0x10/0x10 [ 3147.050219][T21176] ? __pfx_out_of_memory+0x10/0x10 [ 3147.055354][T21176] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3147.060910][T21176] ? __pfx_lock_release+0x10/0x10 [ 3147.065965][T21176] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3147.072048][T21176] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3147.077280][T21176] ? mem_cgroup_iter+0x422/0x560 [ 3147.082236][T21176] try_charge_memcg+0xda2/0x18a0 [ 3147.087187][T21176] ? unix_seqpacket_recvmsg+0x118/0x140 [ 3147.092761][T21176] ? __pfx_try_charge_memcg+0x10/0x10 [ 3147.098150][T21176] ? percpu_ref_tryget+0x14/0x180 [ 3147.103206][T21176] charge_memcg+0xa2/0x160 [ 3147.107645][T21176] __mem_cgroup_charge+0x27/0x80 [ 3147.112602][T21176] shmem_alloc_and_add_folio+0x393/0xde0 [ 3147.118252][T21176] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3147.124423][T21176] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3147.129649][T21176] ? lockdep_hardirqs_on+0x98/0x140 [ 3147.134877][T21176] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3147.140524][T21176] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3147.146779][T21176] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3147.153381][T21176] shmem_write_begin+0x170/0x4d0 [ 3147.158338][T21176] ? __pfx_shmem_write_begin+0x10/0x10 [ 3147.163816][T21176] ? fault_in_iov_iter_readable+0x236/0x280 [ 3147.169731][T21176] generic_perform_write+0x321/0x640 [ 3147.175032][T21176] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3147.180953][T21176] ? __pfx_generic_perform_write+0x10/0x10 [ 3147.186778][T21176] ? mnt_put_write_access_file+0xc2/0x100 [ 3147.192508][T21176] ? file_update_time+0x3ac/0x3e0 [ 3147.197551][T21176] shmem_file_write_iter+0xfc/0x120 [ 3147.202759][T21176] __kernel_write_iter+0x434/0x8c0 [ 3147.207898][T21176] ? __pfx___kernel_write_iter+0x10/0x10 [ 3147.213545][T21176] ? generic_file_llseek_size+0x34c/0x3b0 [ 3147.219277][T21176] ? iov_iter_bvec+0x4e/0x1b0 [ 3147.223976][T21176] dump_user_range+0x46c/0x910 [ 3147.228773][T21176] ? __pfx_dump_user_range+0x10/0x10 [ 3147.234075][T21176] ? writenote+0x250/0x3b0 [ 3147.238512][T21176] ? kmalloc_trace+0x1d6/0x360 [ 3147.243333][T21176] ? elf_core_dump+0x2e01/0x4630 [ 3147.248286][T21176] ? dump_emit+0x99/0xd0 [ 3147.252544][T21176] elf_core_dump+0x3d5d/0x4630 [ 3147.257354][T21176] ? __pfx_elf_core_dump+0x10/0x10 [ 3147.262515][T21176] ? mark_lock+0x9a/0x350 [ 3147.266857][T21176] ? mas_next_slot+0xeb2/0xf90 [ 3147.271637][T21176] ? __lock_acquire+0x1345/0x1fd0 [ 3147.276761][T21176] ? rcu_read_lock_any_held+0xb7/0x160 [ 3147.282252][T21176] ? 0xffffffffff600000 [ 3147.286424][T21176] ? getname_kernel+0x140/0x2f0 [ 3147.291295][T21176] do_coredump+0x1baa/0x2b50 [ 3147.295905][T21176] ? get_signal+0xbe1/0x1850 [ 3147.300543][T21176] ? __pfx_do_coredump+0x10/0x10 [ 3147.305614][T21176] ? _raw_spin_unlock_irq+0x23/0x50 [ 3147.310825][T21176] ? lockdep_hardirqs_on+0x98/0x140 [ 3147.316039][T21176] get_signal+0x146a/0x1850 [ 3147.320575][T21176] ? __pfx_get_signal+0x10/0x10 [ 3147.325440][T21176] ? __might_fault+0xa9/0x120 [ 3147.330136][T21176] arch_do_signal_or_restart+0x96/0x860 [ 3147.335787][T21176] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3147.341973][T21176] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3147.347795][T21176] irqentry_exit_to_user_mode+0x78/0x280 [ 3147.353464][T21176] exc_page_fault+0x587/0x870 [ 3147.358186][T21176] asm_exc_page_fault+0x26/0x30 [ 3147.363073][T21176] RIP: 0033:0x7f8ab667ddb1 [ 3147.367502][T21176] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3147.387228][T21176] RSP: 002b:0000000000000370 EFLAGS: 00010217 [ 3147.393338][T21176] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3147.401331][T21176] RDX: 0000000000000000 RSI: 0000000000000370 RDI: 0000000000000000 [ 3147.409318][T21176] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3147.417326][T21176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3147.425503][T21176] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3147.433509][T21176] [ 3147.626222][T20694] __nla_validate_parse: 4 callbacks suppressed [ 3147.626246][T20694] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 3147.751142][T20702] netlink: 'syz-executor.0': attribute type 27 has an invalid length. [ 3147.867477][T21176] memory: usage 305204kB, limit 307200kB, failcnt 115984 [ 3147.874599][T21176] memory+swap: usage 407980kB, limit 9007199254740988kB, failcnt 0 [ 3147.999505][T21176] kmem: usage 44752kB, limit 9007199254740988kB, failcnt 0 [ 3148.128096][T21176] Memory cgroup stats for /syz4: [ 3148.128280][T21176] cache 267341824 [ 3148.300457][T21176] rss 602112 [ 3148.303722][T21176] rss_huge 0 [ 3148.403673][T21176] shmem 267341824 [ 3148.440008][T21176] mapped_file 79425536 [ 3148.444168][T21176] dirty 0 [ 3148.605561][T21176] writeback 4096 [ 3148.657294][T21176] workingset_refault_anon 1728 [ 3148.662205][T21176] workingset_refault_file 0 [ 3148.710708][T21176] swap 104460288 [ 3148.720326][T21176] swapcached 49152 [ 3148.724128][T21176] pgpgin 1397611 [ 3148.833248][T21176] pgpgout 1332186 [ 3148.843243][T21176] pgfault 1176645 [ 3148.853796][T21176] pgmajfault 1164 [ 3148.864061][T21176] inactive_anon 116436992 [ 3148.921262][T21176] active_anon 149327872 [ 3148.925487][T21176] inactive_file 0 [ 3148.998392][T21176] active_file 0 [ 3149.001922][T21176] unevictable 0 [ 3149.005400][T21176] hierarchical_memory_limit 314572800 [ 3149.126374][T21176] hierarchical_memsw_limit 9223372036854771712 [ 3149.132630][T21176] total_cache 267341824 [ 3149.206881][T21176] total_rss 602112 [ 3149.210679][T21176] total_rss_huge 0 [ 3149.214452][T21176] total_shmem 267341824 [ 3149.316190][T21176] total_mapped_file 79425536 [ 3149.320850][T21176] total_dirty 0 [ 3149.324331][T21176] total_writeback 4096 [ 3149.416206][T21176] total_workingset_refault_anon 1728 [ 3149.421600][T21176] total_workingset_refault_file 0 [ 3149.466188][T21176] total_swap 104460288 [ 3149.470326][T21176] total_swapcached 49152 [ 3149.570927][T21176] total_pgpgin 1397611 [ 3149.575147][T21176] total_pgpgout 1332186 [ 3149.726281][T21176] total_pgfault 1176645 [ 3149.730509][T21176] total_pgmajfault 1164 [ 3149.734702][T21176] total_inactive_anon 116436992 [ 3149.900849][T21176] total_active_anon 149327872 [ 3149.905597][T21176] total_inactive_file 0 [ 3150.028710][T21176] total_active_file 0 [ 3150.036278][T21176] total_unevictable 0 [ 3150.040351][T21176] anon_cost 0 [ 3150.043667][T21176] file_cost 0 [ 3150.136109][T21176] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=20765,uid=0 [ 3150.352586][T21176] Memory cgroup out of memory: Killed process 20765 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:13824kB, UID:0 pgtables:124kB oom_score_adj:1000 14:02:06 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x395, 0x0, 0x0, 0x0) 14:02:06 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x397, 0x0, 0x0, 0x0) [ 3154.660155][T21206] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3154.670612][T21206] CPU: 1 PID: 21206 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3154.679326][T21206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3154.689436][T21206] Call Trace: [ 3154.692746][T21206] [ 3154.695703][T21206] dump_stack_lvl+0x1e7/0x2e0 [ 3154.700506][T21206] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3154.705746][T21206] ? __pfx__printk+0x10/0x10 [ 3154.710396][T21206] ? ___ratelimit+0x4c4/0x670 [ 3154.715105][T21206] ? __pfx____ratelimit+0x10/0x10 [ 3154.720187][T21206] dump_header+0xda/0x6a0 [ 3154.724555][T21206] oom_kill_process+0x3a7/0x930 [ 3154.729438][T21206] ? trace_contention_end+0x3c/0x100 [ 3154.734790][T21206] out_of_memory+0xf67/0x1320 [ 3154.739506][T21206] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3154.745157][T21206] ? __pfx___mutex_lock+0x10/0x10 [ 3154.750199][T21206] ? __pfx_out_of_memory+0x10/0x10 [ 3154.755329][T21206] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3154.760883][T21206] ? __pfx_lock_release+0x10/0x10 [ 3154.765924][T21206] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3154.772025][T21206] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3154.777242][T21206] ? mem_cgroup_iter+0x422/0x560 [ 3154.782214][T21206] try_charge_memcg+0xda2/0x18a0 [ 3154.787194][T21206] ? __pfx_try_charge_memcg+0x10/0x10 [ 3154.792578][T21206] ? percpu_ref_tryget+0x14/0x180 [ 3154.797635][T21206] charge_memcg+0xa2/0x160 [ 3154.802070][T21206] __mem_cgroup_charge+0x27/0x80 [ 3154.807050][T21206] shmem_alloc_and_add_folio+0x393/0xde0 [ 3154.812717][T21206] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3154.818970][T21206] ? filemap_map_pages+0x1248/0x1830 [ 3154.824306][T21206] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3154.829541][T21206] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3154.835197][T21206] shmem_fault+0x254/0x6f0 [ 3154.839627][T21206] ? __pfx_shmem_fault+0x10/0x10 [ 3154.844574][T21206] ? __pfx_lock_release+0x10/0x10 [ 3154.849607][T21206] ? pte_offset_map_nolock+0x137/0x1f0 [ 3154.855087][T21206] __do_fault+0x135/0x460 [ 3154.859434][T21206] ? __pfx_filemap_map_pages+0x10/0x10 [ 3154.864907][T21206] ? __handle_mm_fault+0x31c8/0x72d0 [ 3154.870201][T21206] __handle_mm_fault+0x49e6/0x72d0 [ 3154.875356][T21206] ? __pfx___handle_mm_fault+0x10/0x10 [ 3154.880842][T21206] ? follow_page_pte+0x28e/0x1910 [ 3154.885887][T21206] ? follow_page_pte+0x760/0x1910 [ 3154.890929][T21206] ? __pfx_lock_release+0x10/0x10 [ 3154.896002][T21206] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3154.901223][T21206] ? follow_page_pte+0x7f2/0x1910 [ 3154.906265][T21206] ? mt_find+0x62d/0x850 [ 3154.910632][T21206] handle_mm_fault+0x3c1/0x8a0 [ 3154.915421][T21206] __get_user_pages+0x6bd/0x1600 [ 3154.920383][T21206] ? get_dump_page+0xe1/0x2f0 [ 3154.925074][T21206] ? __pfx___get_user_pages+0x10/0x10 [ 3154.930495][T21206] ? __kernel_write_iter+0x632/0x8c0 [ 3154.935804][T21206] get_dump_page+0x154/0x2f0 [ 3154.940429][T21206] ? __pfx___kernel_write_iter+0x10/0x10 [ 3154.946083][T21206] ? __pfx_get_dump_page+0x10/0x10 [ 3154.951204][T21206] ? generic_file_llseek_size+0x34c/0x3b0 [ 3154.956964][T21206] ? iov_iter_bvec+0x4e/0x1b0 [ 3154.961661][T21206] dump_user_range+0x126/0x910 [ 3154.966654][T21206] ? __pfx_dump_user_range+0x10/0x10 [ 3154.971954][T21206] ? writenote+0x250/0x3b0 [ 3154.976390][T21206] ? kmalloc_trace+0x1d6/0x360 [ 3154.981174][T21206] ? elf_core_dump+0x2e01/0x4630 [ 3154.986293][T21206] ? dump_emit+0x99/0xd0 [ 3154.990551][T21206] elf_core_dump+0x3d5d/0x4630 [ 3154.995351][T21206] ? __pfx_elf_core_dump+0x10/0x10 [ 3155.000484][T21206] ? mark_lock+0x9a/0x350 [ 3155.004823][T21206] ? mas_next_slot+0xeb2/0xf90 [ 3155.009603][T21206] ? __lock_acquire+0x1345/0x1fd0 [ 3155.014715][T21206] ? rcu_read_lock_any_held+0xb7/0x160 [ 3155.020195][T21206] ? 0xffffffffff600000 [ 3155.024358][T21206] ? getname_kernel+0x140/0x2f0 [ 3155.029235][T21206] do_coredump+0x1baa/0x2b50 [ 3155.033848][T21206] ? get_signal+0xbe1/0x1850 [ 3155.038485][T21206] ? __pfx_do_coredump+0x10/0x10 [ 3155.043476][T21206] ? _raw_spin_unlock_irq+0x23/0x50 [ 3155.048704][T21206] ? lockdep_hardirqs_on+0x98/0x140 [ 3155.053914][T21206] get_signal+0x146a/0x1850 [ 3155.058451][T21206] ? __pfx_get_signal+0x10/0x10 [ 3155.063320][T21206] ? __pfx_force_sig_fault+0x10/0x10 [ 3155.068628][T21206] arch_do_signal_or_restart+0x96/0x860 [ 3155.074189][T21206] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3155.080371][T21206] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3155.086194][T21206] irqentry_exit_to_user_mode+0x78/0x280 [ 3155.091852][T21206] exc_page_fault+0x587/0x870 [ 3155.096584][T21206] asm_exc_page_fault+0x26/0x30 [ 3155.101450][T21206] RIP: 0033:0x7f8ab667ddb1 [ 3155.105872][T21206] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3155.125488][T21206] RSP: 002b:0000000000000380 EFLAGS: 00010217 [ 3155.131568][T21206] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3155.139550][T21206] RDX: 0000000000000000 RSI: 0000000000000380 RDI: 0000000000000000 [ 3155.147615][T21206] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3155.155593][T21206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3155.163574][T21206] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3155.171600][T21206] [ 3155.263363][T21206] memory: usage 305640kB, limit 307200kB, failcnt 122019 [ 3155.360454][T21206] memory+swap: usage 416920kB, limit 9007199254740988kB, failcnt 0 [ 3155.482159][T21206] kmem: usage 44732kB, limit 9007199254740988kB, failcnt 0 [ 3155.641940][T21206] Memory cgroup stats for /syz4: [ 3155.642121][T21206] cache 267329536 [ 3155.748414][T21206] rss 737280 [ 3155.826218][T21206] rss_huge 0 [ 3155.958517][T21206] shmem 267329536 [ 3155.962319][T21206] mapped_file 99131392 [ 3156.026091][T21206] dirty 0 [ 3156.029088][T21206] writeback 0 [ 3156.032390][T21206] workingset_refault_anon 1890 [ 3156.208401][T21206] workingset_refault_file 0 [ 3156.212982][T21206] swap 113106944 [ 3156.218143][T21206] swapcached 184320 [ 3156.222082][T21206] pgpgin 1437094 [ 3156.225647][T21206] pgpgout 1371597 [ 3156.229796][T21206] pgfault 1188900 [ 3156.233475][T21206] pgmajfault 1235 [ 3156.237771][T21206] inactive_anon 113864704 [ 3156.242138][T21206] active_anon 154353664 [ 3156.248662][T21206] inactive_file 0 [ 3156.252337][T21206] active_file 0 [ 3156.255819][T21206] unevictable 0 [ 3156.260555][T21206] hierarchical_memory_limit 314572800 [ 3156.266223][T21206] hierarchical_memsw_limit 9223372036854771712 [ 3156.272407][T21206] total_cache 267329536 [ 3156.277118][T21206] total_rss 737280 [ 3156.280873][T21206] total_rss_huge 0 [ 3156.284607][T21206] total_shmem 267329536 [ 3156.289112][T21206] total_mapped_file 99131392 [ 3156.293726][T21206] total_dirty 0 [ 3156.344691][T21206] total_writeback 0 [ 3156.450067][T21206] total_workingset_refault_anon 1890 [ 3156.455516][T21206] total_workingset_refault_file 0 [ 3156.460974][T21206] total_swap 113106944 [ 3156.465161][T21206] total_swapcached 184320 [ 3156.469888][T21206] total_pgpgin 1437094 [ 3156.474086][T21206] total_pgpgout 1371597 [ 3156.479080][T21206] total_pgfault 1188900 [ 3156.483366][T21206] total_pgmajfault 1235 [ 3156.488006][T21206] total_inactive_anon 113864704 [ 3156.494301][T21206] total_active_anon 154353664 [ 3156.499419][T21206] total_inactive_file 0 [ 3156.503705][T21206] total_active_file 0 [ 3156.508095][T21206] total_unevictable 0 [ 3156.512269][T21206] anon_cost 0 [ 3156.524675][T21206] file_cost 0 [ 3156.528432][T21206] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21114,uid=0 [ 3156.639207][T21206] Memory cgroup out of memory: OOM victim 21114 (syz-executor.4) is already exiting. Skip killing the task [ 3156.783150][T21195] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3156.972820][T21195] CPU: 1 PID: 21195 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3156.981567][T21195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3156.991662][T21195] Call Trace: [ 3156.994972][T21195] [ 3156.997935][T21195] dump_stack_lvl+0x1e7/0x2e0 [ 3157.002660][T21195] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3157.007894][T21195] ? __pfx__printk+0x10/0x10 [ 3157.012512][T21195] ? ___ratelimit+0x4c4/0x670 [ 3157.017229][T21195] ? __pfx____ratelimit+0x10/0x10 [ 3157.022290][T21195] dump_header+0xda/0x6a0 [ 3157.026662][T21195] oom_kill_process+0x3a7/0x930 [ 3157.031560][T21195] out_of_memory+0xf67/0x1320 [ 3157.036286][T21195] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3157.041956][T21195] ? __pfx___mutex_lock+0x10/0x10 [ 3157.047028][T21195] ? __pfx_out_of_memory+0x10/0x10 [ 3157.052276][T21195] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3157.057859][T21195] ? __pfx_lock_release+0x10/0x10 [ 3157.062924][T21195] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3157.069032][T21195] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3157.074265][T21195] ? mem_cgroup_iter+0x422/0x560 [ 3157.079244][T21195] try_charge_memcg+0xda2/0x18a0 [ 3157.084252][T21195] ? __pfx_try_charge_memcg+0x10/0x10 [ 3157.089674][T21195] ? percpu_ref_tryget+0x14/0x180 [ 3157.094792][T21195] charge_memcg+0xa2/0x160 [ 3157.099271][T21195] __mem_cgroup_charge+0x27/0x80 [ 3157.104252][T21195] shmem_alloc_and_add_folio+0x393/0xde0 [ 3157.109924][T21195] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3157.116121][T21195] ? filemap_map_pages+0x1248/0x1830 [ 3157.121455][T21195] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3157.126731][T21195] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3157.132413][T21195] shmem_fault+0x254/0x6f0 [ 3157.137016][T21195] ? __pfx_shmem_fault+0x10/0x10 [ 3157.141983][T21195] ? __pfx_lock_release+0x10/0x10 [ 3157.147057][T21195] ? pte_offset_map_nolock+0x137/0x1f0 [ 3157.152584][T21195] __do_fault+0x135/0x460 [ 3157.156968][T21195] ? __pfx_filemap_map_pages+0x10/0x10 [ 3157.162477][T21195] ? __handle_mm_fault+0x31c8/0x72d0 [ 3157.167803][T21195] __handle_mm_fault+0x49e6/0x72d0 [ 3157.173008][T21195] ? __pfx___handle_mm_fault+0x10/0x10 [ 3157.178612][T21195] ? follow_page_pte+0x28e/0x1910 [ 3157.183685][T21195] ? follow_page_pte+0x760/0x1910 [ 3157.188758][T21195] ? __pfx_lock_release+0x10/0x10 [ 3157.193852][T21195] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3157.199106][T21195] ? follow_page_pte+0x7f2/0x1910 [ 3157.204184][T21195] ? mt_find+0x62d/0x850 [ 3157.208511][T21195] handle_mm_fault+0x3c1/0x8a0 [ 3157.213336][T21195] __get_user_pages+0x6bd/0x1600 [ 3157.218328][T21195] ? get_dump_page+0xe1/0x2f0 [ 3157.223049][T21195] ? __pfx___get_user_pages+0x10/0x10 [ 3157.228472][T21195] ? __kernel_write_iter+0x632/0x8c0 [ 3157.233820][T21195] get_dump_page+0x154/0x2f0 [ 3157.238449][T21195] ? __pfx___kernel_write_iter+0x10/0x10 [ 3157.244133][T21195] ? __pfx_get_dump_page+0x10/0x10 [ 3157.249363][T21195] ? generic_file_llseek_size+0x34c/0x3b0 [ 3157.255152][T21195] ? iov_iter_bvec+0x4e/0x1b0 [ 3157.259873][T21195] dump_user_range+0x126/0x910 [ 3157.264689][T21195] ? __pfx_dump_user_range+0x10/0x10 [ 3157.270005][T21195] ? writenote+0x250/0x3b0 [ 3157.274464][T21195] ? kmalloc_trace+0x1d6/0x360 [ 3157.279265][T21195] ? elf_core_dump+0x2e01/0x4630 [ 3157.284237][T21195] ? dump_emit+0x99/0xd0 [ 3157.288529][T21195] elf_core_dump+0x3d5d/0x4630 [ 3157.293385][T21195] ? __pfx_elf_core_dump+0x10/0x10 [ 3157.298537][T21195] ? mark_lock+0x9a/0x350 [ 3157.302896][T21195] ? mas_next_slot+0xeb2/0xf90 [ 3157.307703][T21195] ? __lock_acquire+0x1345/0x1fd0 [ 3157.312821][T21195] ? rcu_read_lock_any_held+0xb7/0x160 [ 3157.318320][T21195] ? 0xffffffffff600000 [ 3157.322506][T21195] ? getname_kernel+0x140/0x2f0 [ 3157.327399][T21195] do_coredump+0x1baa/0x2b50 [ 3157.332025][T21195] ? get_signal+0xbe1/0x1850 [ 3157.336718][T21195] ? __pfx_do_coredump+0x10/0x10 [ 3157.341767][T21195] ? _raw_spin_unlock_irq+0x23/0x50 [ 3157.347014][T21195] ? lockdep_hardirqs_on+0x98/0x140 [ 3157.352263][T21195] get_signal+0x146a/0x1850 [ 3157.356836][T21195] ? __pfx_get_signal+0x10/0x10 [ 3157.361722][T21195] ? __pfx_force_sig_fault+0x10/0x10 [ 3157.367070][T21195] arch_do_signal_or_restart+0x96/0x860 [ 3157.372749][T21195] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3157.378979][T21195] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3157.384825][T21195] irqentry_exit_to_user_mode+0x78/0x280 [ 3157.390494][T21195] exc_page_fault+0x587/0x870 [ 3157.395224][T21195] asm_exc_page_fault+0x26/0x30 [ 3157.400186][T21195] RIP: 0033:0x7f8ab667ddb1 [ 3157.404637][T21195] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3157.424368][T21195] RSP: 002b:0000000000000380 EFLAGS: 00010217 [ 3157.430477][T21195] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3157.438493][T21195] RDX: 0000000000000000 RSI: 0000000000000380 RDI: 0000000000000000 [ 3157.446500][T21195] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3157.454495][T21195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3157.462491][T21195] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3157.470520][T21195] 14:02:11 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x399, 0x0, 0x0, 0x0) [ 3157.726004][T21195] memory: usage 307152kB, limit 307200kB, failcnt 123613 [ 3157.736143][T21195] memory+swap: usage 417620kB, limit 9007199254740988kB, failcnt 0 [ 3157.744089][T21195] kmem: usage 44348kB, limit 9007199254740988kB, failcnt 0 [ 3157.886006][T21195] Memory cgroup stats for /syz4: [ 3157.886179][T21195] cache 267423744 [ 3157.894795][T21195] rss 536576 [ 3158.017830][T21195] rss_huge 0 [ 3158.169118][T21029] chnl_net:caif_netlink_parms(): no params data found [ 3158.207631][T21195] shmem 267423744 [ 3158.211327][T21195] mapped_file 98521088 [ 3158.215420][T21195] dirty 0 [ 3158.377073][T21028] chnl_net:caif_netlink_parms(): no params data found [ 3158.453266][T21027] chnl_net:caif_netlink_parms(): no params data found [ 3158.466885][T21195] writeback 0 [ 3158.498202][T21195] workingset_refault_anon 1890 [ 3158.559474][T21195] workingset_refault_file 0 [ 3158.574271][T19598] team0: Port device macvlan2 removed 14:02:12 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x39f, 0x0, 0x0, 0x0) [ 3158.706128][T21195] swap 113119232 [ 3158.709734][T21195] swapcached 180224 [ 3158.713566][T21195] pgpgin 1440848 [ 3158.796360][T21195] pgpgout 1375385 [ 3158.800056][T21195] pgfault 1190409 [ 3158.803721][T21195] pgmajfault 1235 [ 3158.808597][T19598] team0: Port device macvlan3 removed [ 3158.945992][T21195] inactive_anon 72073216 [ 3158.950305][T21195] active_anon 195014656 [ 3158.954491][T21195] inactive_file 0 [ 3159.037532][T19598] team0: Port device macvlan4 removed 14:02:13 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3a1, 0x0, 0x0, 0x0) [ 3159.176155][T21195] active_file 0 [ 3159.179677][T21195] unevictable 0 [ 3159.183152][T21195] hierarchical_memory_limit 314572800 [ 3159.197591][T19598] team0: Port device macvlan5 removed [ 3159.296573][T21195] hierarchical_memsw_limit 9223372036854771712 [ 3159.302785][T21195] total_cache 267423744 [ 3159.456037][T21195] total_rss 536576 [ 3159.459826][T21195] total_rss_huge 0 [ 3159.463582][T21195] total_shmem 267423744 [ 3159.666180][T21195] total_mapped_file 98521088 [ 3159.670838][T21195] total_dirty 0 [ 3159.674342][T21195] total_writeback 0 14:02:14 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3a5, 0x0, 0x0, 0x0) [ 3159.912101][T21195] total_workingset_refault_anon 1890 [ 3159.973351][T21195] total_workingset_refault_file 0 [ 3160.045483][T21195] total_swap 113119232 [ 3160.056251][T21195] total_swapcached 180224 [ 3160.060634][T21195] total_pgpgin 1440848 [ 3160.064738][T21195] total_pgpgout 1375385 [ 3160.105003][T21031] chnl_net:caif_netlink_parms(): no params data found [ 3160.232696][T21195] total_pgfault 1190409 [ 3160.237360][T21195] total_pgmajfault 1235 [ 3160.241545][T21195] total_inactive_anon 72073216 [ 3160.246855][T21195] total_active_anon 195014656 [ 3160.251564][T21195] total_inactive_file 0 [ 3160.255737][T21195] total_active_file 0 [ 3160.260478][T21195] total_unevictable 0 [ 3160.264490][T21195] anon_cost 0 [ 3160.268327][T21195] file_cost 0 [ 3160.271643][T21195] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21167,uid=0 [ 3160.289146][T21195] Memory cgroup out of memory: Killed process 21167 (syz-executor.4) total-vm:54640kB, anon-rss:472kB, file-rss:8192kB, shmem-rss:11776kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3160.726374][T21185] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3160.905994][T21185] CPU: 0 PID: 21185 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3160.914740][T21185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3160.924834][T21185] Call Trace: [ 3160.928147][T21185] [ 3160.931197][T21185] dump_stack_lvl+0x1e7/0x2e0 [ 3160.935932][T21185] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3160.941171][T21185] ? __pfx__printk+0x10/0x10 [ 3160.945789][T21185] ? ___ratelimit+0x4c4/0x670 [ 3160.950514][T21185] ? __pfx____ratelimit+0x10/0x10 [ 3160.955666][T21185] dump_header+0xda/0x6a0 [ 3160.960044][T21185] oom_kill_process+0x3a7/0x930 [ 3160.964936][T21185] out_of_memory+0xf67/0x1320 [ 3160.969656][T21185] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3160.975322][T21185] ? __pfx___mutex_lock+0x10/0x10 [ 3160.980393][T21185] ? __pfx_out_of_memory+0x10/0x10 [ 3160.985566][T21185] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3160.991169][T21185] ? __pfx_lock_release+0x10/0x10 [ 3160.996267][T21185] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3161.002380][T21185] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3161.007624][T21185] ? mem_cgroup_iter+0x422/0x560 [ 3161.012609][T21185] try_charge_memcg+0xda2/0x18a0 [ 3161.017619][T21185] ? __pfx_try_charge_memcg+0x10/0x10 [ 3161.023042][T21185] ? percpu_ref_tryget+0x14/0x180 [ 3161.028130][T21185] charge_memcg+0xa2/0x160 [ 3161.032607][T21185] __mem_cgroup_charge+0x27/0x80 [ 3161.037593][T21185] shmem_alloc_and_add_folio+0x393/0xde0 [ 3161.043289][T21185] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3161.049475][T21185] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 3161.055407][T21185] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 3161.061781][T21185] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3161.067043][T21185] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3161.072732][T21185] shmem_fault+0x254/0x6f0 [ 3161.077285][T21185] ? __pfx_shmem_fault+0x10/0x10 [ 3161.082257][T21185] ? __pfx_lock_release+0x10/0x10 [ 3161.087327][T21185] ? pte_offset_map_nolock+0x137/0x1f0 [ 3161.092837][T21185] __do_fault+0x135/0x460 [ 3161.097214][T21185] ? __pfx_filemap_map_pages+0x10/0x10 [ 3161.102717][T21185] ? __handle_mm_fault+0x31c8/0x72d0 [ 3161.108052][T21185] __handle_mm_fault+0x49e6/0x72d0 [ 3161.113255][T21185] ? __pfx___handle_mm_fault+0x10/0x10 [ 3161.118763][T21185] ? follow_page_pte+0x28e/0x1910 [ 3161.123844][T21185] ? follow_page_pte+0x760/0x1910 [ 3161.128922][T21185] ? __pfx_lock_release+0x10/0x10 [ 3161.134004][T21185] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3161.139264][T21185] ? follow_page_pte+0x7f2/0x1910 [ 3161.144437][T21185] ? mt_find+0x62d/0x850 [ 3161.148772][T21185] handle_mm_fault+0x3c1/0x8a0 [ 3161.153602][T21185] __get_user_pages+0x6bd/0x1600 [ 3161.158603][T21185] ? get_dump_page+0xe1/0x2f0 [ 3161.163334][T21185] ? __pfx___get_user_pages+0x10/0x10 [ 3161.168764][T21185] ? __kernel_write_iter+0x632/0x8c0 [ 3161.174104][T21185] get_dump_page+0x154/0x2f0 [ 3161.178762][T21185] ? __pfx___kernel_write_iter+0x10/0x10 [ 3161.184553][T21185] ? __pfx_get_dump_page+0x10/0x10 [ 3161.189728][T21185] ? generic_file_llseek_size+0x34c/0x3b0 [ 3161.195592][T21185] ? iov_iter_bvec+0x4e/0x1b0 [ 3161.200319][T21185] dump_user_range+0x126/0x910 [ 3161.205131][T21185] ? __pfx_dump_user_range+0x10/0x10 [ 3161.210452][T21185] ? writenote+0x250/0x3b0 [ 3161.214922][T21185] ? kmalloc_trace+0x1d6/0x360 [ 3161.219732][T21185] ? elf_core_dump+0x2e01/0x4630 [ 3161.224709][T21185] ? dump_emit+0x99/0xd0 [ 3161.228990][T21185] elf_core_dump+0x3d5d/0x4630 [ 3161.233820][T21185] ? __pfx_elf_core_dump+0x10/0x10 [ 3161.238977][T21185] ? mark_lock+0x9a/0x350 [ 3161.243349][T21185] ? mas_next_slot+0xeb2/0xf90 [ 3161.248152][T21185] ? __lock_acquire+0x1345/0x1fd0 [ 3161.253281][T21185] ? rcu_read_lock_any_held+0xb7/0x160 [ 3161.258785][T21185] ? 0xffffffffff600000 [ 3161.262971][T21185] ? getname_kernel+0x140/0x2f0 [ 3161.267872][T21185] do_coredump+0x1baa/0x2b50 [ 3161.272506][T21185] ? get_signal+0xbe1/0x1850 [ 3161.277174][T21185] ? __pfx_do_coredump+0x10/0x10 [ 3161.282207][T21185] ? _raw_spin_unlock_irq+0x23/0x50 [ 3161.287464][T21185] ? lockdep_hardirqs_on+0x98/0x140 [ 3161.292707][T21185] get_signal+0x146a/0x1850 [ 3161.297272][T21185] ? __pfx_get_signal+0x10/0x10 [ 3161.302161][T21185] ? __pfx_force_sig_fault+0x10/0x10 [ 3161.307501][T21185] arch_do_signal_or_restart+0x96/0x860 [ 3161.313108][T21185] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3161.319331][T21185] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3161.325184][T21185] irqentry_exit_to_user_mode+0x78/0x280 [ 3161.330868][T21185] exc_page_fault+0x587/0x870 [ 3161.335608][T21185] asm_exc_page_fault+0x26/0x30 [ 3161.340519][T21185] RIP: 0033:0x7f8ab667ddb1 [ 3161.345055][T21185] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3161.364708][T21185] RSP: 002b:0000000000000380 EFLAGS: 00010217 [ 3161.370879][T21185] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3161.378913][T21185] RDX: 0000000000000000 RSI: 0000000000000380 RDI: 0000000000000000 [ 3161.386933][T21185] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3161.394939][T21185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3161.402953][T21185] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3161.410996][T21185] [ 3161.441010][T21185] memory: usage 306364kB, limit 307200kB, failcnt 124292 [ 3161.448869][T21185] memory+swap: usage 414756kB, limit 9007199254740988kB, failcnt 0 [ 3161.456851][T21185] kmem: usage 44648kB, limit 9007199254740988kB, failcnt 0 [ 3161.464073][T21185] Memory cgroup stats for /syz4: [ 3161.464248][T21185] cache 266735616 [ 3161.516575][T21185] rss 860160 [ 3161.519863][T21185] rss_huge 0 [ 3161.523079][T21185] shmem 266735616 [ 3161.676203][T21185] mapped_file 104603648 [ 3161.680517][T21185] dirty 0 [ 3161.683489][T21185] writeback 0 [ 3161.699859][T21027] bridge0: port 1(bridge_slave_0) entered blocking state [ 3161.716307][T21027] bridge0: port 1(bridge_slave_0) entered disabled state [ 3161.724014][T21027] bridge_slave_0: entered allmulticast mode [ 3161.758762][T21027] bridge_slave_0: entered promiscuous mode [ 3161.856012][T21185] workingset_refault_anon 1926 [ 3161.861202][T21185] workingset_refault_file 0 [ 3161.865728][T21185] swap 110993408 [ 3161.871688][T21185] swapcached 176128 [ 3161.875550][T21185] pgpgin 1450850 [ 3161.883838][T21185] pgpgout 1385477 [ 3161.887901][T21185] pgfault 1194215 [ 3161.891568][T21185] pgmajfault 1263 [ 3161.895235][T21185] inactive_anon 99168256 [ 3161.900357][T21185] active_anon 168308736 [ 3161.904549][T21185] inactive_file 0 [ 3161.908751][T21185] active_file 0 [ 3161.912342][T21185] unevictable 0 [ 3161.915826][T21185] hierarchical_memory_limit 314572800 [ 3161.922005][T21185] hierarchical_memsw_limit 9223372036854771712 [ 3161.928833][T21185] total_cache 266735616 [ 3161.933018][T21185] total_rss 860160 [ 3161.937281][T21185] total_rss_huge 0 [ 3161.941035][T21185] total_shmem 266735616 [ 3161.945213][T21185] total_mapped_file 104603648 [ 3161.951559][T21185] total_dirty 0 [ 3161.955056][T21185] total_writeback 0 [ 3161.959479][T21185] total_workingset_refault_anon 1926 [ 3161.964796][T21185] total_workingset_refault_file 0 [ 3161.970485][T21185] total_swap 110993408 [ 3161.974582][T21185] total_swapcached 176128 [ 3161.979566][T21185] total_pgpgin 1450850 [ 3161.983684][T21185] total_pgpgout 1385477 [ 3161.990608][T21185] total_pgfault 1194215 [ 3161.994808][T21185] total_pgmajfault 1263 [ 3161.999573][T21185] total_inactive_anon 99168256 [ 3162.004378][T21185] total_active_anon 168308736 [ 3162.009739][T21185] total_inactive_file 0 [ 3162.013923][T21185] total_active_file 0 [ 3162.018491][T21185] total_unevictable 0 [ 3162.022516][T21185] anon_cost 0 [ 3162.025827][T21185] file_cost 0 [ 3162.077879][T21185] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21179,uid=0 [ 3162.128551][T21029] bridge0: port 1(bridge_slave_0) entered blocking state [ 3162.135759][T21029] bridge0: port 1(bridge_slave_0) entered disabled state [ 3162.166858][T21029] bridge_slave_0: entered allmulticast mode [ 3162.186792][T21029] bridge_slave_0: entered promiscuous mode [ 3162.254715][T21185] Memory cgroup out of memory: Killed process 21179 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:14208kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3162.486959][T21027] bridge0: port 2(bridge_slave_1) entered blocking state [ 3162.494219][T21027] bridge0: port 2(bridge_slave_1) entered disabled state [ 3162.536377][T21027] bridge_slave_1: entered allmulticast mode [ 3162.544535][T21027] bridge_slave_1: entered promiscuous mode [ 3162.981029][T21029] bridge0: port 2(bridge_slave_1) entered blocking state [ 3163.017712][T21029] bridge0: port 2(bridge_slave_1) entered disabled state [ 3163.025493][T21029] bridge_slave_1: entered allmulticast mode [ 3163.063826][T21029] bridge_slave_1: entered promiscuous mode 14:02:17 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3a6, 0x0, 0x0, 0x0) [ 3163.511989][T21028] bridge0: port 1(bridge_slave_0) entered blocking state [ 3163.529258][T21028] bridge0: port 1(bridge_slave_0) entered disabled state [ 3163.546912][T21028] bridge_slave_0: entered allmulticast mode [ 3163.555516][T21028] bridge_slave_0: entered promiscuous mode [ 3163.580726][T21028] bridge0: port 2(bridge_slave_1) entered blocking state [ 3163.588735][T21028] bridge0: port 2(bridge_slave_1) entered disabled state [ 3163.610733][T21028] bridge_slave_1: entered allmulticast mode [ 3163.619279][T21028] bridge_slave_1: entered promiscuous mode [ 3163.811174][T21027] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3164.078198][T21029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3164.615110][T21027] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3164.806950][T21031] bridge0: port 1(bridge_slave_0) entered blocking state [ 3164.826344][T21031] bridge0: port 1(bridge_slave_0) entered disabled state [ 3164.834095][T21031] bridge_slave_0: entered allmulticast mode [ 3164.843732][T21031] bridge_slave_0: entered promiscuous mode [ 3164.870361][T21031] bridge0: port 2(bridge_slave_1) entered blocking state [ 3164.878423][T21031] bridge0: port 2(bridge_slave_1) entered disabled state [ 3164.885915][T21031] bridge_slave_1: entered allmulticast mode [ 3164.910395][T21031] bridge_slave_1: entered promiscuous mode [ 3164.925011][T21029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3165.217999][T21028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3165.913822][T21027] team0: Port device team_slave_0 added 14:02:20 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3a9, 0x0, 0x0, 0x0) 14:02:21 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3b1, 0x0, 0x0, 0x0) [ 3166.870272][T21029] team0: Port device team_slave_0 added [ 3166.903264][T21028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3166.937790][T21027] team0: Port device team_slave_1 added [ 3167.545371][T21031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3167.572370][T21031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3167.614816][T21029] team0: Port device team_slave_1 added 14:02:23 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3b5, 0x0, 0x0, 0x0) [ 3169.390476][T21029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3169.406155][T21029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3169.463174][T21029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3169.714787][T21028] team0: Port device team_slave_0 added [ 3169.741185][T21027] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3169.758523][T21027] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3169.816553][T21027] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3169.840144][T21027] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3169.856299][T21027] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3169.906403][T21027] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3170.098320][T21029] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3170.105333][T21029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3170.176037][T21029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3170.225060][T21028] team0: Port device team_slave_1 added 14:02:24 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3c3, 0x0, 0x0, 0x0) [ 3170.559378][T21031] team0: Port device team_slave_0 added [ 3170.959954][T21028] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3170.976249][T21028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3171.047346][T21028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3171.211939][T21031] team0: Port device team_slave_1 added [ 3171.399365][T19598] erspan0 (unregistering): left allmulticast mode [ 3171.416005][T19598] erspan0 (unregistering): left promiscuous mode [ 3171.424547][T19598] bridge0: port 3(erspan0) entered disabled state [ 3171.445412][T21028] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3171.458500][T21028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3171.500247][T21028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3171.839182][T21029] hsr_slave_0: entered promiscuous mode [ 3171.862636][T21029] hsr_slave_1: entered promiscuous mode [ 3171.874536][T21029] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3171.891745][T21029] Cannot create hsr debugfs directory 14:02:26 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3cf, 0x0, 0x0, 0x0) [ 3172.582868][T21027] hsr_slave_0: entered promiscuous mode [ 3172.646546][T21027] hsr_slave_1: entered promiscuous mode [ 3172.653756][T21027] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3172.684165][T21027] Cannot create hsr debugfs directory [ 3172.763790][T21031] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3172.775995][T21031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3172.826304][T21031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3172.897270][T21182] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3173.034949][T21182] CPU: 0 PID: 21182 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3173.043718][T21182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3173.053826][T21182] Call Trace: [ 3173.059058][T21182] [ 3173.062020][T21182] dump_stack_lvl+0x1e7/0x2e0 [ 3173.066751][T21182] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3173.071988][T21182] ? __pfx__printk+0x10/0x10 [ 3173.076618][T21182] ? ___ratelimit+0x4c4/0x670 [ 3173.081339][T21182] ? __pfx____ratelimit+0x10/0x10 [ 3173.086415][T21182] dump_header+0xda/0x6a0 [ 3173.090896][T21182] oom_kill_process+0x3a7/0x930 [ 3173.095788][T21182] ? trace_contention_end+0x3c/0x100 [ 3173.101120][T21182] out_of_memory+0xf67/0x1320 [ 3173.105848][T21182] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3173.111539][T21182] ? __pfx___mutex_lock+0x10/0x10 [ 3173.116622][T21182] ? __pfx_out_of_memory+0x10/0x10 [ 3173.121787][T21182] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3173.127375][T21182] ? __pfx_lock_release+0x10/0x10 [ 3173.132448][T21182] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3173.138567][T21182] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3173.143818][T21182] ? mem_cgroup_iter+0x422/0x560 [ 3173.148818][T21182] try_charge_memcg+0xda2/0x18a0 [ 3173.153829][T21182] ? __pfx_try_charge_memcg+0x10/0x10 [ 3173.159255][T21182] ? percpu_ref_tryget+0x14/0x180 [ 3173.164354][T21182] charge_memcg+0xa2/0x160 [ 3173.168821][T21182] __mem_cgroup_charge+0x27/0x80 [ 3173.173813][T21182] shmem_alloc_and_add_folio+0x393/0xde0 [ 3173.179508][T21182] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3173.185800][T21182] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3173.191079][T21182] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3173.196764][T21182] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3173.203147][T21182] shmem_write_begin+0x170/0x4d0 [ 3173.208266][T21182] ? __pfx_shmem_write_begin+0x10/0x10 [ 3173.213812][T21182] ? fault_in_iov_iter_readable+0x236/0x280 [ 3173.219769][T21182] generic_perform_write+0x321/0x640 [ 3173.225111][T21182] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3173.231073][T21182] ? __pfx_generic_perform_write+0x10/0x10 [ 3173.236931][T21182] ? __pfx_generic_write_checks+0x10/0x10 [ 3173.242692][T21182] ? file_update_time+0x2a3/0x3e0 [ 3173.247761][T21182] shmem_file_write_iter+0xfc/0x120 [ 3173.253011][T21182] __kernel_write_iter+0x434/0x8c0 [ 3173.258183][T21182] ? __pfx___kernel_write_iter+0x10/0x10 [ 3173.263873][T21182] ? generic_file_llseek_size+0x34c/0x3b0 [ 3173.269642][T21182] ? iov_iter_bvec+0x4e/0x1b0 [ 3173.274362][T21182] dump_user_range+0x46c/0x910 [ 3173.279177][T21182] ? __pfx_dump_user_range+0x10/0x10 [ 3173.284495][T21182] ? writenote+0x250/0x3b0 [ 3173.288960][T21182] ? kmalloc_trace+0x1d6/0x360 [ 3173.293868][T21182] ? elf_core_dump+0x2e01/0x4630 [ 3173.298933][T21182] ? dump_emit+0x99/0xd0 [ 3173.303214][T21182] elf_core_dump+0x3d5d/0x4630 [ 3173.308051][T21182] ? __pfx_elf_core_dump+0x10/0x10 [ 3173.313205][T21182] ? mark_lock+0x9a/0x350 [ 3173.317571][T21182] ? mas_next_slot+0xeb2/0xf90 [ 3173.322383][T21182] ? __lock_acquire+0x1345/0x1fd0 [ 3173.327514][T21182] ? rcu_read_lock_any_held+0xb7/0x160 [ 3173.333024][T21182] ? 0xffffffffff600000 [ 3173.337214][T21182] ? getname_kernel+0x140/0x2f0 [ 3173.342112][T21182] do_coredump+0x1baa/0x2b50 [ 3173.346746][T21182] ? get_signal+0xbe1/0x1850 [ 3173.351416][T21182] ? __pfx_do_coredump+0x10/0x10 [ 3173.356445][T21182] ? _raw_spin_unlock_irq+0x23/0x50 [ 3173.361685][T21182] ? lockdep_hardirqs_on+0x98/0x140 [ 3173.366932][T21182] get_signal+0x146a/0x1850 [ 3173.371501][T21182] ? __pfx_get_signal+0x10/0x10 [ 3173.376399][T21182] ? __pfx_force_sig_fault+0x10/0x10 [ 3173.381749][T21182] arch_do_signal_or_restart+0x96/0x860 [ 3173.387356][T21182] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3173.393572][T21182] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3173.399484][T21182] irqentry_exit_to_user_mode+0x78/0x280 [ 3173.405204][T21182] exc_page_fault+0x587/0x870 [ 3173.409954][T21182] asm_exc_page_fault+0x26/0x30 [ 3173.414862][T21182] RIP: 0033:0x7f8ab667ddb1 [ 3173.419327][T21182] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3173.439098][T21182] RSP: 002b:0000000000000380 EFLAGS: 00010217 [ 3173.445233][T21182] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3173.453258][T21182] RDX: 0000000000000000 RSI: 0000000000000380 RDI: 0000000000000000 [ 3173.461270][T21182] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3173.469287][T21182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3173.477306][T21182] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3173.485347][T21182] [ 3173.503919][T21182] memory: usage 307200kB, limit 307200kB, failcnt 138935 [ 3173.525488][T21182] memory+swap: usage 417620kB, limit 9007199254740988kB, failcnt 0 [ 3173.533917][T21182] kmem: usage 44896kB, limit 9007199254740988kB, failcnt 0 [ 3173.541538][T21182] Memory cgroup stats for /syz4: [ 3173.541698][T21182] cache 267649024 [ 3173.550991][T21182] rss 724992 [ 3173.556539][T21182] rss_huge 0 [ 3173.559790][T21182] shmem 267649024 [ 3173.563505][T21182] mapped_file 129953792 [ 3173.568499][T21182] dirty 0 [ 3173.571542][T21182] writeback 0 [ 3173.576496][T21182] workingset_refault_anon 2145 [ 3173.581303][T21182] workingset_refault_file 0 [ 3173.585841][T21182] swap 113070080 [ 3173.590103][T21182] swapcached 229376 [ 3173.593957][T21182] pgpgin 1511632 [ 3173.600265][T21182] pgpgout 1446056 [ 3173.603951][T21182] pgfault 1215170 [ 3173.608403][T21182] pgmajfault 1357 [ 3173.612133][T21182] inactive_anon 79929344 [ 3173.617047][T21182] active_anon 188669952 [ 3173.621992][T21182] inactive_file 0 [ 3173.632375][T21182] active_file 0 [ 3173.635883][T21182] unevictable 0 [ 3173.644473][T21182] hierarchical_memory_limit 314572800 [ 3173.650515][T21182] hierarchical_memsw_limit 9223372036854771712 [ 3173.657124][T21182] total_cache 267649024 [ 3173.661307][T21182] total_rss 724992 [ 3173.665051][T21182] total_rss_huge 0 [ 3173.669127][T21182] total_shmem 267649024 [ 3173.672705][T21031] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3173.673292][T21182] total_mapped_file 129953792 [ 3173.685156][T21182] total_dirty 0 [ 3173.688794][T21182] total_writeback 0 [ 3173.692627][T21182] total_workingset_refault_anon 2145 [ 3173.696015][T21031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3173.698706][T21182] total_workingset_refault_file 0 [ 3173.733227][T21182] total_swap 113070080 [ 3173.737946][T21182] total_swapcached 229376 [ 3173.742306][T21182] total_pgpgin 1511632 [ 3173.744522][T21031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3173.747446][T21182] total_pgpgout 1446056 [ 3173.762150][T21182] total_pgfault 1215170 [ 3173.767648][T21182] total_pgmajfault 1357 [ 3173.771845][T21182] total_inactive_anon 79929344 [ 3173.777334][T21182] total_active_anon 188669952 [ 3173.789157][T21182] total_inactive_file 0 [ 3173.793355][T21182] total_active_file 0 [ 3173.797917][T21182] total_unevictable 0 [ 3173.801927][T21182] anon_cost 0 [ 3173.805242][T21182] file_cost 0 [ 3173.810204][T21182] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21206,uid=0 [ 3173.828677][T21182] Memory cgroup out of memory: Killed process 21206 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:18688kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 3173.854646][T21028] hsr_slave_0: entered promiscuous mode [ 3173.959427][T21028] hsr_slave_1: entered promiscuous mode [ 3174.052314][T21028] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3174.060020][T21028] Cannot create hsr debugfs directory [ 3174.286422][T21182] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3174.464330][T21182] CPU: 0 PID: 21182 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3174.473084][T21182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3174.483254][T21182] Call Trace: [ 3174.487142][T21182] [ 3174.490106][T21182] dump_stack_lvl+0x1e7/0x2e0 [ 3174.494916][T21182] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3174.500319][T21182] ? __pfx__printk+0x10/0x10 [ 3174.504926][T21182] ? ___ratelimit+0x4c4/0x670 [ 3174.509633][T21182] ? __pfx____ratelimit+0x10/0x10 [ 3174.514680][T21182] dump_header+0xda/0x6a0 [ 3174.519044][T21182] oom_kill_process+0x3a7/0x930 [ 3174.523915][T21182] ? trace_contention_end+0x3c/0x100 [ 3174.529222][T21182] out_of_memory+0xf67/0x1320 [ 3174.533928][T21182] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3174.539840][T21182] ? __pfx___mutex_lock+0x10/0x10 [ 3174.544891][T21182] ? __pfx_out_of_memory+0x10/0x10 [ 3174.550033][T21182] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3174.555599][T21182] ? __pfx_lock_release+0x10/0x10 [ 3174.560742][T21182] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3174.566836][T21182] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3174.572056][T21182] ? mem_cgroup_iter+0x422/0x560 [ 3174.577018][T21182] try_charge_memcg+0xda2/0x18a0 [ 3174.581993][T21182] ? __pfx_try_charge_memcg+0x10/0x10 [ 3174.587384][T21182] ? percpu_ref_tryget+0x14/0x180 [ 3174.592445][T21182] charge_memcg+0xa2/0x160 [ 3174.596899][T21182] __mem_cgroup_charge+0x27/0x80 [ 3174.601866][T21182] shmem_alloc_and_add_folio+0x393/0xde0 [ 3174.607534][T21182] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3174.613740][T21182] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3174.618981][T21182] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3174.624812][T21182] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3174.631168][T21182] shmem_write_begin+0x170/0x4d0 [ 3174.636132][T21182] ? __pfx_shmem_write_begin+0x10/0x10 [ 3174.641615][T21182] ? fault_in_iov_iter_readable+0x236/0x280 [ 3174.647530][T21182] generic_perform_write+0x321/0x640 [ 3174.652840][T21182] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3174.658771][T21182] ? __pfx_generic_perform_write+0x10/0x10 [ 3174.664600][T21182] ? __pfx_generic_write_checks+0x10/0x10 [ 3174.670340][T21182] ? file_update_time+0x2a3/0x3e0 [ 3174.675391][T21182] shmem_file_write_iter+0xfc/0x120 [ 3174.680605][T21182] __kernel_write_iter+0x434/0x8c0 [ 3174.685744][T21182] ? __pfx___kernel_write_iter+0x10/0x10 [ 3174.691397][T21182] ? generic_file_llseek_size+0x34c/0x3b0 [ 3174.697396][T21182] ? iov_iter_bvec+0x4e/0x1b0 [ 3174.702095][T21182] dump_user_range+0x46c/0x910 [ 3174.706879][T21182] ? __pfx_dump_user_range+0x10/0x10 [ 3174.712201][T21182] ? writenote+0x250/0x3b0 [ 3174.716639][T21182] ? kmalloc_trace+0x1d6/0x360 [ 3174.721423][T21182] ? elf_core_dump+0x2e01/0x4630 [ 3174.726380][T21182] ? dump_emit+0x99/0xd0 [ 3174.730633][T21182] elf_core_dump+0x3d5d/0x4630 [ 3174.735447][T21182] ? __pfx_elf_core_dump+0x10/0x10 [ 3174.740600][T21182] ? mark_lock+0x9a/0x350 [ 3174.744957][T21182] ? mas_next_slot+0xeb2/0xf90 [ 3174.749738][T21182] ? __lock_acquire+0x1345/0x1fd0 [ 3174.754820][T21182] ? rcu_read_lock_any_held+0xb7/0x160 [ 3174.760301][T21182] ? 0xffffffffff600000 [ 3174.764465][T21182] ? getname_kernel+0x140/0x2f0 [ 3174.769343][T21182] do_coredump+0x1baa/0x2b50 [ 3174.773986][T21182] ? get_signal+0xbe1/0x1850 [ 3174.778621][T21182] ? __pfx_do_coredump+0x10/0x10 [ 3174.783608][T21182] ? _raw_spin_unlock_irq+0x23/0x50 [ 3174.788818][T21182] ? lockdep_hardirqs_on+0x98/0x140 [ 3174.794036][T21182] get_signal+0x146a/0x1850 [ 3174.798667][T21182] ? __pfx_get_signal+0x10/0x10 [ 3174.803541][T21182] ? __pfx_force_sig_fault+0x10/0x10 [ 3174.808863][T21182] arch_do_signal_or_restart+0x96/0x860 [ 3174.814429][T21182] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3174.820615][T21182] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3174.826440][T21182] irqentry_exit_to_user_mode+0x78/0x280 [ 3174.832097][T21182] exc_page_fault+0x587/0x870 [ 3174.836798][T21182] asm_exc_page_fault+0x26/0x30 [ 3174.841686][T21182] RIP: 0033:0x7f8ab667ddb1 [ 3174.846110][T21182] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3174.865732][T21182] RSP: 002b:0000000000000380 EFLAGS: 00010217 [ 3174.871814][T21182] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3174.879823][T21182] RDX: 0000000000000000 RSI: 0000000000000380 RDI: 0000000000000000 [ 3174.887806][T21182] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3174.895876][T21182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3174.903856][T21182] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3174.911858][T21182] [ 3175.035750][T21182] memory: usage 307200kB, limit 307200kB, failcnt 139724 [ 3175.047936][T21182] memory+swap: usage 417516kB, limit 9007199254740988kB, failcnt 0 [ 3175.055877][T21182] kmem: usage 44744kB, limit 9007199254740988kB, failcnt 0 [ 3175.096802][T21182] Memory cgroup stats for /syz4: [ 3175.096975][T21182] cache 266817536 [ 3175.105617][T21182] rss 724992 [ 3175.109664][T21182] rss_huge 0 [ 3175.112902][T21182] shmem 266817536 [ 3175.126691][T21182] mapped_file 114319360 [ 3175.130922][T21182] dirty 0 [ 3175.133899][T21182] writeback 0 [ 3175.140314][T21182] workingset_refault_anon 2145 [ 3175.145118][T21182] workingset_refault_file 0 [ 3175.191159][T21182] swap 112963584 [ 3175.194777][T21182] swapcached 225280 [ 3175.253875][T21182] pgpgin 1511999 [ 3175.306176][T21182] pgpgout 1446627 [ 3175.309887][T21182] pgfault 1215353 [ 3175.313556][T21182] pgmajfault 1357 [ 3175.340948][T21031] hsr_slave_0: entered promiscuous mode [ 3175.342287][T21182] inactive_anon 79929344 [ 3175.367138][T21182] active_anon 187834368 [ 3175.371377][T21182] inactive_file 0 [ 3175.375051][T21182] active_file 0 [ 3175.381489][T21031] hsr_slave_1: entered promiscuous mode [ 3175.406279][T21182] unevictable 0 [ 3175.409822][T21182] hierarchical_memory_limit 314572800 [ 3175.415358][T21031] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3175.426066][T21031] Cannot create hsr debugfs directory [ 3175.473699][T21182] hierarchical_memsw_limit 9223372036854771712 [ 3175.502676][T21182] total_cache 266817536 [ 3175.531491][T21182] total_rss 724992 [ 3175.535283][T21182] total_rss_huge 0 [ 3175.576242][T21182] total_shmem 266817536 [ 3175.590612][T21182] total_mapped_file 114319360 [ 3175.595335][T21182] total_dirty 0 [ 3175.626354][T21182] total_writeback 0 [ 3175.630237][T21182] total_workingset_refault_anon 2145 [ 3175.635725][T21182] total_workingset_refault_file 0 [ 3175.686237][T21182] total_swap 112963584 [ 3175.714848][T21182] total_swapcached 225280 [ 3175.719697][T21182] total_pgpgin 1511999 [ 3175.723806][T21182] total_pgpgout 1446627 [ 3175.728573][T21182] total_pgfault 1215353 [ 3175.732766][T21182] total_pgmajfault 1357 [ 3175.737153][T21182] total_inactive_anon 79929344 [ 3175.746046][T21182] total_active_anon 187834368 [ 3175.753118][T21182] total_inactive_file 0 [ 3175.760025][T21182] total_active_file 0 [ 3175.764054][T21182] total_unevictable 0 [ 3175.780808][T21182] anon_cost 0 [ 3175.784153][T21182] file_cost 0 [ 3175.788603][T21182] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21201,uid=0 [ 3175.854957][T21182] Memory cgroup out of memory: Killed process 21201 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:12800kB, UID:0 pgtables:104kB oom_score_adj:1000 14:02:31 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3d1, 0x0, 0x0, 0x0) [ 3179.985464][T19598] hsr_slave_0: left promiscuous mode [ 3180.047781][T19598] hsr_slave_1: left promiscuous mode [ 3180.077299][T19598] batman_adv: batadv0: Removing interface: ªªªªªª [ 3180.220681][T19598] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3180.240048][T19598] bridge_slave_1: left allmulticast mode [ 3180.245753][T19598] bridge_slave_1: left promiscuous mode [ 3180.266897][T19598] bridge0: port 2(bridge_slave_1) entered disabled state [ 3180.297216][T19598] bridge_slave_0: left allmulticast mode [ 3180.302956][T19598] bridge_slave_0: left promiscuous mode [ 3180.316321][T19598] bridge0: port 1(bridge_slave_0) entered disabled state 14:02:38 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3d9, 0x0, 0x0, 0x0) [ 3184.114880][T21256] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3184.266524][T21256] CPU: 1 PID: 21256 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3184.275285][T21256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3184.285380][T21256] Call Trace: [ 3184.288699][T21256] [ 3184.291664][T21256] dump_stack_lvl+0x1e7/0x2e0 [ 3184.296403][T21256] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3184.301658][T21256] ? __pfx__printk+0x10/0x10 [ 3184.306293][T21256] ? ___ratelimit+0x4c4/0x670 [ 3184.311022][T21256] ? __pfx____ratelimit+0x10/0x10 [ 3184.316104][T21256] dump_header+0xda/0x6a0 [ 3184.320484][T21256] oom_kill_process+0x3a7/0x930 [ 3184.325360][T21256] ? trace_contention_end+0x3c/0x100 [ 3184.330666][T21256] out_of_memory+0xf67/0x1320 [ 3184.335365][T21256] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3184.341102][T21256] ? __pfx___mutex_lock+0x10/0x10 [ 3184.346171][T21256] ? __pfx_out_of_memory+0x10/0x10 [ 3184.351322][T21256] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3184.356985][T21256] ? __pfx_lock_release+0x10/0x10 [ 3184.362037][T21256] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3184.368148][T21256] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3184.373483][T21256] ? mem_cgroup_iter+0x422/0x560 [ 3184.378466][T21256] try_charge_memcg+0xda2/0x18a0 [ 3184.383485][T21256] ? __pfx_try_charge_memcg+0x10/0x10 [ 3184.388898][T21256] ? percpu_ref_tryget+0x14/0x180 [ 3184.393984][T21256] charge_memcg+0xa2/0x160 [ 3184.398438][T21256] __mem_cgroup_charge+0x27/0x80 [ 3184.403425][T21256] shmem_alloc_and_add_folio+0x393/0xde0 [ 3184.409107][T21256] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3184.415291][T21256] ? filemap_map_pages+0x1248/0x1830 [ 3184.420622][T21256] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3184.425992][T21256] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3184.431686][T21256] shmem_fault+0x254/0x6f0 [ 3184.436141][T21256] ? __pfx_shmem_fault+0x10/0x10 [ 3184.441098][T21256] ? __pfx_lock_release+0x10/0x10 [ 3184.446145][T21256] ? pte_offset_map_nolock+0x137/0x1f0 [ 3184.451632][T21256] __do_fault+0x135/0x460 [ 3184.455983][T21256] ? __pfx_filemap_map_pages+0x10/0x10 [ 3184.461469][T21256] ? __handle_mm_fault+0x31c8/0x72d0 [ 3184.466772][T21256] __handle_mm_fault+0x49e6/0x72d0 [ 3184.471931][T21256] ? __pfx___handle_mm_fault+0x10/0x10 [ 3184.477414][T21256] ? follow_page_pte+0x28e/0x1910 [ 3184.482461][T21256] ? follow_page_pte+0x760/0x1910 [ 3184.487509][T21256] ? __pfx_lock_release+0x10/0x10 [ 3184.492566][T21256] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3184.497806][T21256] ? follow_page_pte+0x7f2/0x1910 [ 3184.502853][T21256] ? mt_find+0x62d/0x850 [ 3184.507239][T21256] handle_mm_fault+0x3c1/0x8a0 [ 3184.512121][T21256] __get_user_pages+0x6bd/0x1600 [ 3184.517097][T21256] ? get_dump_page+0xe1/0x2f0 [ 3184.521809][T21256] ? __pfx___get_user_pages+0x10/0x10 [ 3184.527298][T21256] ? __kernel_write_iter+0x632/0x8c0 [ 3184.532648][T21256] get_dump_page+0x154/0x2f0 [ 3184.537276][T21256] ? __pfx___kernel_write_iter+0x10/0x10 [ 3184.542955][T21256] ? __pfx_get_dump_page+0x10/0x10 [ 3184.548090][T21256] ? generic_file_llseek_size+0x34c/0x3b0 [ 3184.553832][T21256] ? iov_iter_bvec+0x4e/0x1b0 [ 3184.558530][T21256] dump_user_range+0x126/0x910 [ 3184.563321][T21256] ? __pfx_dump_user_range+0x10/0x10 [ 3184.568625][T21256] ? writenote+0x250/0x3b0 [ 3184.573069][T21256] ? kmalloc_trace+0x1d6/0x360 [ 3184.577856][T21256] ? elf_core_dump+0x2e01/0x4630 [ 3184.582807][T21256] ? dump_emit+0x99/0xd0 [ 3184.587064][T21256] elf_core_dump+0x3d5d/0x4630 [ 3184.591892][T21256] ? __pfx_elf_core_dump+0x10/0x10 [ 3184.597045][T21256] ? mark_lock+0x9a/0x350 [ 3184.601416][T21256] ? mas_next_slot+0xeb2/0xf90 [ 3184.606222][T21256] ? __lock_acquire+0x1345/0x1fd0 [ 3184.611331][T21256] ? rcu_read_lock_any_held+0xb7/0x160 [ 3184.616832][T21256] ? 0xffffffffff600000 [ 3184.621099][T21256] ? getname_kernel+0x140/0x2f0 [ 3184.625999][T21256] do_coredump+0x1baa/0x2b50 [ 3184.630674][T21256] ? get_signal+0xbe1/0x1850 [ 3184.635351][T21256] ? __pfx_do_coredump+0x10/0x10 [ 3184.640362][T21256] ? _raw_spin_unlock_irq+0x23/0x50 [ 3184.645614][T21256] ? lockdep_hardirqs_on+0x98/0x140 [ 3184.650843][T21256] get_signal+0x146a/0x1850 [ 3184.655394][T21256] ? __pfx_get_signal+0x10/0x10 [ 3184.660300][T21256] ? __pfx_force_sig_fault+0x10/0x10 [ 3184.665623][T21256] arch_do_signal_or_restart+0x96/0x860 [ 3184.671210][T21256] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3184.677442][T21256] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3184.683299][T21256] irqentry_exit_to_user_mode+0x78/0x280 [ 3184.688964][T21256] exc_page_fault+0x587/0x870 [ 3184.693669][T21256] asm_exc_page_fault+0x26/0x30 [ 3184.698542][T21256] RIP: 0033:0x7f8ab667ddb1 [ 3184.702974][T21256] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3184.722624][T21256] RSP: 002b:00000000000003a0 EFLAGS: 00010217 [ 3184.728709][T21256] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3184.736693][T21256] RDX: 0000000000000000 RSI: 00000000000003a0 RDI: 0000000000000000 [ 3184.744675][T21256] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3184.752747][T21256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3184.760729][T21256] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3184.768735][T21256] [ 3184.862198][T21256] memory: usage 307200kB, limit 307200kB, failcnt 142689 [ 3184.869945][T21256] memory+swap: usage 417760kB, limit 9007199254740988kB, failcnt 0 [ 3184.880351][T21256] kmem: usage 44304kB, limit 9007199254740988kB, failcnt 0 [ 3184.887945][T21256] Memory cgroup stats for /syz4: [ 3184.888101][T21256] cache 268423168 [ 3184.913388][T21256] rss 675840 [ 3184.924952][T21256] rss_huge 0 [ 3184.928824][T21256] shmem 268423168 [ 3184.932517][T21256] mapped_file 93265920 [ 3184.937003][T21256] dirty 0 [ 3184.939980][T21256] writeback 0 [ 3184.943295][T21256] workingset_refault_anon 2276 [ 3184.948178][T21256] workingset_refault_file 0 [ 3184.952719][T21256] swap 113213440 [ 3185.004234][T21256] swapcached 86016 [ 3185.068244][T21256] pgpgin 1565057 [ 3185.071871][T21256] pgpgout 1499339 [ 3185.075534][T21256] pgfault 1233799 [ 3185.197489][T21256] pgmajfault 1432 [ 3185.201194][T21256] inactive_anon 72790016 [ 3185.205470][T21256] active_anon 195342336 [ 3185.257294][T21256] inactive_file 0 [ 3185.260992][T21256] active_file 0 [ 3185.264482][T21256] unevictable 0 [ 3185.285813][T21256] hierarchical_memory_limit 314572800 [ 3185.300433][T21256] hierarchical_memsw_limit 9223372036854771712 [ 3185.355154][T21256] total_cache 268423168 [ 3185.365545][T21256] total_rss 675840 [ 3185.372184][T21256] total_rss_huge 0 [ 3185.386019][T21256] total_shmem 268423168 [ 3185.390236][T21256] total_mapped_file 93265920 [ 3185.394868][T21256] total_dirty 0 [ 3185.416063][T21256] total_writeback 0 [ 3185.420016][T21256] total_workingset_refault_anon 2276 [ 3185.425379][T21256] total_workingset_refault_file 0 [ 3185.448199][T21256] total_swap 113213440 [ 3185.452425][T21256] total_swapcached 86016 [ 3185.548254][T21256] total_pgpgin 1565057 [ 3185.552400][T21256] total_pgpgout 1499339 [ 3185.616064][T21256] total_pgfault 1233799 [ 3185.620387][T21256] total_pgmajfault 1432 [ 3185.624581][T21256] total_inactive_anon 72790016 [ 3185.736168][T21256] total_active_anon 195342336 [ 3185.740931][T21256] total_inactive_file 0 [ 3185.826019][T21256] total_active_file 0 [ 3185.830085][T21256] total_unevictable 0 [ 3185.834103][T21256] anon_cost 0 [ 3185.909506][T21256] file_cost 0 [ 3185.936126][T21256] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21273,uid=0 [ 3186.093070][T21256] Memory cgroup out of memory: Killed process 21273 (syz-executor.4) total-vm:54508kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:14336kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 3187.527242][ T5111] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 3187.541896][ T5111] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 3187.550690][ T5111] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 3187.560611][ T5111] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 3187.571864][ T5111] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 3187.579936][ T5111] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 14:02:41 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3dd, 0x0, 0x0, 0x0) [ 3188.286857][T21020] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 3188.298589][T21020] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 3188.307005][T21020] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 3188.315210][T21020] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 3188.373458][T21020] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 3188.382600][T21020] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 3188.612010][T21011] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 3188.621762][T21011] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 3188.631598][T21018] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 3188.636208][T21011] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 3188.647068][T21011] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 3188.654421][T21018] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 3188.668630][T21011] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 3188.677170][T21018] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 3188.686175][T21018] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 3188.686398][T21011] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 3188.733105][T21018] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 3188.742083][T21018] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 14:02:43 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3e5, 0x0, 0x0, 0x0) [ 3189.686095][T21018] Bluetooth: hci0: command 0x0409 tx timeout 14:02:44 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3e7, 0x0, 0x0, 0x0) [ 3190.496333][T21018] Bluetooth: hci1: command 0x0409 tx timeout 14:02:44 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3ed, 0x0, 0x0, 0x0) [ 3190.806148][T21020] Bluetooth: hci3: command 0x0409 tx timeout [ 3190.813342][T21018] Bluetooth: hci4: command 0x0409 tx timeout 14:02:45 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3f1, 0x0, 0x0, 0x0) [ 3191.766504][T21018] Bluetooth: hci0: command 0x041b tx timeout 14:02:46 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3f5, 0x0, 0x0, 0x0) [ 3192.566353][T21018] Bluetooth: hci1: command 0x041b tx timeout [ 3192.886346][T21018] Bluetooth: hci4: command 0x041b tx timeout [ 3192.892440][T21018] Bluetooth: hci3: command 0x041b tx timeout 14:02:48 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3f9, 0x0, 0x0, 0x0) [ 3193.846156][T21018] Bluetooth: hci0: command 0x040f tx timeout [ 3194.646416][T21018] Bluetooth: hci1: command 0x040f tx timeout [ 3194.966091][T21018] Bluetooth: hci3: command 0x040f tx timeout [ 3194.972164][T21018] Bluetooth: hci4: command 0x040f tx timeout 14:02:49 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x500, 0x0, 0x0, 0x0) [ 3195.926107][T21018] Bluetooth: hci0: command 0x0419 tx timeout [ 3196.727545][T21018] Bluetooth: hci1: command 0x0419 tx timeout [ 3197.058179][T21018] Bluetooth: hci4: command 0x0419 tx timeout [ 3197.058196][T21020] Bluetooth: hci3: command 0x0419 tx timeout [ 3197.551201][T21321] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3197.635541][T21321] CPU: 1 PID: 21321 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3197.644314][T21321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3197.654418][T21321] Call Trace: [ 3197.657735][T21321] [ 3197.660702][T21321] dump_stack_lvl+0x1e7/0x2e0 [ 3197.665434][T21321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3197.670682][T21321] ? __pfx__printk+0x10/0x10 [ 3197.675316][T21321] ? ___ratelimit+0x4c4/0x670 [ 3197.680042][T21321] ? __pfx____ratelimit+0x10/0x10 [ 3197.685206][T21321] dump_header+0xda/0x6a0 [ 3197.689600][T21321] oom_kill_process+0x3a7/0x930 [ 3197.694498][T21321] ? trace_contention_end+0x3c/0x100 [ 3197.699839][T21321] out_of_memory+0xf67/0x1320 [ 3197.704567][T21321] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3197.710253][T21321] ? __pfx___mutex_lock+0x10/0x10 [ 3197.715426][T21321] ? __pfx_out_of_memory+0x10/0x10 [ 3197.720601][T21321] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3197.726219][T21321] ? __pfx_lock_release+0x10/0x10 [ 3197.731304][T21321] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3197.737688][T21321] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3197.742933][T21321] ? mem_cgroup_iter+0x422/0x560 [ 3197.747901][T21321] try_charge_memcg+0xda2/0x18a0 [ 3197.752881][T21321] ? __pfx_try_charge_memcg+0x10/0x10 [ 3197.758271][T21321] ? percpu_ref_tryget+0x14/0x180 [ 3197.763328][T21321] charge_memcg+0xa2/0x160 [ 3197.767767][T21321] __mem_cgroup_charge+0x27/0x80 [ 3197.772724][T21321] shmem_alloc_and_add_folio+0x393/0xde0 [ 3197.778378][T21321] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3197.784645][T21321] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3197.789884][T21321] ? lockdep_hardirqs_on+0x98/0x140 [ 3197.795101][T21321] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3197.800756][T21321] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3197.807022][T21321] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3197.813631][T21321] shmem_write_begin+0x170/0x4d0 [ 3197.818596][T21321] ? __pfx_shmem_write_begin+0x10/0x10 [ 3197.824078][T21321] ? fault_in_iov_iter_readable+0x236/0x280 [ 3197.829997][T21321] generic_perform_write+0x321/0x640 [ 3197.835308][T21321] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3197.841322][T21321] ? __pfx_generic_perform_write+0x10/0x10 [ 3197.847156][T21321] ? mnt_put_write_access_file+0xc2/0x100 [ 3197.852896][T21321] ? file_update_time+0x3ac/0x3e0 [ 3197.858031][T21321] shmem_file_write_iter+0xfc/0x120 [ 3197.863245][T21321] __kernel_write_iter+0x434/0x8c0 [ 3197.868382][T21321] ? __pfx___kernel_write_iter+0x10/0x10 [ 3197.874033][T21321] ? generic_file_llseek_size+0x34c/0x3b0 [ 3197.879856][T21321] ? iov_iter_bvec+0x4e/0x1b0 [ 3197.884731][T21321] dump_user_range+0x46c/0x910 [ 3197.889520][T21321] ? __pfx_dump_user_range+0x10/0x10 [ 3197.894915][T21321] ? writenote+0x250/0x3b0 [ 3197.899354][T21321] ? kmalloc_trace+0x1d6/0x360 [ 3197.904133][T21321] ? elf_core_dump+0x2e01/0x4630 [ 3197.909090][T21321] ? dump_emit+0x99/0xd0 [ 3197.913345][T21321] elf_core_dump+0x3d5d/0x4630 [ 3197.918235][T21321] ? __pfx_elf_core_dump+0x10/0x10 [ 3197.923358][T21321] ? mark_lock+0x9a/0x350 [ 3197.927780][T21321] ? mas_next_slot+0xeb2/0xf90 [ 3197.932921][T21321] ? __lock_acquire+0x1345/0x1fd0 [ 3197.938003][T21321] ? rcu_read_lock_any_held+0xb7/0x160 [ 3197.943481][T21321] ? 0xffffffffff600000 [ 3197.947645][T21321] ? getname_kernel+0x140/0x2f0 [ 3197.952515][T21321] do_coredump+0x1baa/0x2b50 [ 3197.957122][T21321] ? get_signal+0xbe1/0x1850 [ 3197.961765][T21321] ? __pfx_do_coredump+0x10/0x10 [ 3197.966751][T21321] ? _raw_spin_unlock_irq+0x23/0x50 [ 3197.971970][T21321] ? lockdep_hardirqs_on+0x98/0x140 [ 3197.977193][T21321] get_signal+0x146a/0x1850 [ 3197.981728][T21321] ? __pfx_get_signal+0x10/0x10 [ 3197.986596][T21321] ? __pfx_force_sig_fault+0x10/0x10 [ 3197.991998][T21321] arch_do_signal_or_restart+0x96/0x860 [ 3197.997567][T21321] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3198.003753][T21321] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3198.009585][T21321] irqentry_exit_to_user_mode+0x78/0x280 [ 3198.015755][T21321] exc_page_fault+0x587/0x870 [ 3198.020449][T21321] asm_exc_page_fault+0x26/0x30 [ 3198.025315][T21321] RIP: 0033:0x7f8ab667ddb1 [ 3198.029748][T21321] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3198.049374][T21321] RSP: 002b:00000000000003c0 EFLAGS: 00010217 [ 3198.055462][T21321] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3198.063443][T21321] RDX: 0000000000000000 RSI: 00000000000003c0 RDI: 0000000000000000 [ 3198.071419][T21321] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3198.079400][T21321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3198.087378][T21321] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3198.095379][T21321] [ 3198.155280][T21321] memory: usage 307200kB, limit 307200kB, failcnt 155721 [ 3198.163832][T21321] memory+swap: usage 417720kB, limit 9007199254740988kB, failcnt 0 [ 3198.174377][T21321] kmem: usage 44636kB, limit 9007199254740988kB, failcnt 0 [ 3198.182272][T21321] Memory cgroup stats for /syz4: [ 3198.182433][T21321] cache 267800576 [ 3198.191921][T21321] rss 942080 [ 3198.195267][T21321] rss_huge 0 [ 3198.199112][T21321] shmem 267800576 [ 3198.203369][T21321] mapped_file 123469824 [ 3198.208204][T21321] dirty 0 [ 3198.211305][T21321] writeback 0 [ 3198.214724][T21321] workingset_refault_anon 2515 [ 3198.244610][T21321] workingset_refault_file 0 [ 3198.250229][T21321] swap 113172480 [ 3198.253940][T21321] swapcached 126976 [ 3198.258724][T21321] pgpgin 1633294 [ 3198.262381][T21321] pgpgout 1567653 [ 3198.266667][T21321] pgfault 1258859 [ 3198.270448][T21321] pgmajfault 1549 [ 3198.274210][T21321] inactive_anon 202604544 [ 3198.279365][T21321] active_anon 66260992 [ 3198.283553][T21321] inactive_file 0 [ 3198.287902][T21321] active_file 0 [ 3198.291495][T21321] unevictable 0 [ 3198.295152][T21321] hierarchical_memory_limit 314572800 [ 3198.301363][T21321] hierarchical_memsw_limit 9223372036854771712 [ 3198.308411][T21321] total_cache 267800576 [ 3198.312729][T21321] total_rss 942080 [ 3198.317292][T21321] total_rss_huge 0 [ 3198.321132][T21321] total_shmem 267800576 [ 3198.325392][T21321] total_mapped_file 123469824 [ 3198.339239][T21321] total_dirty 0 [ 3198.342908][T21321] total_writeback 0 [ 3198.349565][T21321] total_workingset_refault_anon 2515 [ 3198.355020][T21321] total_workingset_refault_file 0 [ 3198.360857][T21321] total_swap 113172480 [ 3198.365126][T21321] total_swapcached 126976 [ 3198.370208][T21321] total_pgpgin 1633294 [ 3198.374412][T21321] total_pgpgout 1567653 [ 3198.379266][T21321] total_pgfault 1258859 [ 3198.383603][T21321] total_pgmajfault 1549 [ 3198.388553][T21321] total_inactive_anon 202604544 [ 3198.393585][T21321] total_active_anon 66260992 [ 3198.398840][T21321] total_inactive_file 0 [ 3198.403121][T21321] total_active_file 0 [ 3198.408521][T21321] total_unevictable 0 [ 3198.412685][T21321] anon_cost 0 [ 3198.416724][T21321] file_cost 0 [ 3198.420175][T21321] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21302,uid=0 [ 3198.436996][T21321] Memory cgroup out of memory: Killed process 21302 (syz-executor.4) total-vm:54508kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:18048kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3199.017481][T21362] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3199.124225][T21362] CPU: 1 PID: 21362 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3199.132985][T21362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3199.143097][T21362] Call Trace: [ 3199.146416][T21362] [ 3199.149393][T21362] dump_stack_lvl+0x1e7/0x2e0 [ 3199.154126][T21362] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3199.159378][T21362] ? __pfx__printk+0x10/0x10 [ 3199.164034][T21362] ? ___ratelimit+0x4c4/0x670 [ 3199.168764][T21362] ? __pfx____ratelimit+0x10/0x10 [ 3199.173858][T21362] dump_header+0xda/0x6a0 [ 3199.178245][T21362] oom_kill_process+0x3a7/0x930 [ 3199.183166][T21362] ? trace_contention_end+0x3c/0x100 [ 3199.188531][T21362] out_of_memory+0xf67/0x1320 [ 3199.193271][T21362] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3199.198964][T21362] ? __pfx___mutex_lock+0x10/0x10 [ 3199.204051][T21362] ? __pfx_out_of_memory+0x10/0x10 [ 3199.209225][T21362] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3199.214830][T21362] ? __pfx_lock_release+0x10/0x10 [ 3199.219911][T21362] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3199.226037][T21362] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3199.231293][T21362] ? mem_cgroup_iter+0x422/0x560 [ 3199.236290][T21362] try_charge_memcg+0xda2/0x18a0 [ 3199.241318][T21362] ? __pfx_try_charge_memcg+0x10/0x10 [ 3199.246761][T21362] ? __rcu_read_unlock+0xa0/0x110 [ 3199.251840][T21362] charge_memcg+0xa2/0x160 [ 3199.256314][T21362] __mem_cgroup_charge+0x27/0x80 [ 3199.261304][T21362] shmem_alloc_and_add_folio+0x393/0xde0 [ 3199.266996][T21362] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 14:02:53 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x502, 0x0, 0x0, 0x0) [ 3199.273202][T21362] ? filemap_map_pages+0x1248/0x1830 [ 3199.278547][T21362] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3199.283809][T21362] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3199.289496][T21362] shmem_fault+0x254/0x6f0 [ 3199.293961][T21362] ? __pfx_shmem_fault+0x10/0x10 [ 3199.298942][T21362] ? __pfx_lock_release+0x10/0x10 [ 3199.304041][T21362] ? pte_offset_map_nolock+0x137/0x1f0 [ 3199.309574][T21362] __do_fault+0x135/0x460 [ 3199.313946][T21362] ? __pfx_filemap_map_pages+0x10/0x10 [ 3199.319455][T21362] ? __handle_mm_fault+0x31c8/0x72d0 [ 3199.324779][T21362] __handle_mm_fault+0x49e6/0x72d0 [ 3199.329976][T21362] ? __pfx___handle_mm_fault+0x10/0x10 [ 3199.335488][T21362] ? follow_page_pte+0x28e/0x1910 [ 3199.340557][T21362] ? follow_page_pte+0x760/0x1910 [ 3199.345623][T21362] ? __pfx_lock_release+0x10/0x10 [ 3199.350710][T21362] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3199.355967][T21362] ? follow_page_pte+0x7f2/0x1910 [ 3199.361046][T21362] ? mt_find+0x62d/0x850 [ 3199.365463][T21362] handle_mm_fault+0x3c1/0x8a0 [ 3199.370286][T21362] __get_user_pages+0x6bd/0x1600 [ 3199.375283][T21362] ? get_dump_page+0xe1/0x2f0 [ 3199.380090][T21362] ? __pfx___get_user_pages+0x10/0x10 [ 3199.385528][T21362] ? __kernel_write_iter+0x632/0x8c0 [ 3199.390853][T21362] get_dump_page+0x154/0x2f0 [ 3199.395473][T21362] ? __pfx___kernel_write_iter+0x10/0x10 [ 3199.401226][T21362] ? __pfx_get_dump_page+0x10/0x10 [ 3199.406375][T21362] ? generic_file_llseek_size+0x34c/0x3b0 [ 3199.412203][T21362] ? iov_iter_bvec+0x4e/0x1b0 [ 3199.416900][T21362] dump_user_range+0x126/0x910 [ 3199.421684][T21362] ? __pfx_dump_user_range+0x10/0x10 [ 3199.426981][T21362] ? writenote+0x250/0x3b0 [ 3199.431422][T21362] ? kmalloc_trace+0x1d6/0x360 [ 3199.436202][T21362] ? elf_core_dump+0x2e01/0x4630 [ 3199.441153][T21362] ? dump_emit+0x99/0xd0 [ 3199.445408][T21362] elf_core_dump+0x3d5d/0x4630 [ 3199.450204][T21362] ? __pfx_elf_core_dump+0x10/0x10 [ 3199.455330][T21362] ? mark_lock+0x9a/0x350 [ 3199.459666][T21362] ? mas_next_slot+0xeb2/0xf90 [ 3199.464465][T21362] ? __lock_acquire+0x1345/0x1fd0 [ 3199.469547][T21362] ? rcu_read_lock_any_held+0xb7/0x160 [ 3199.475028][T21362] ? 0xffffffffff600000 [ 3199.479376][T21362] ? getname_kernel+0x140/0x2f0 [ 3199.484255][T21362] do_coredump+0x1baa/0x2b50 [ 3199.488876][T21362] ? get_signal+0xbe1/0x1850 [ 3199.493526][T21362] ? __pfx_do_coredump+0x10/0x10 [ 3199.498604][T21362] ? _raw_spin_unlock_irq+0x23/0x50 [ 3199.503830][T21362] ? lockdep_hardirqs_on+0x98/0x140 [ 3199.509055][T21362] get_signal+0x146a/0x1850 [ 3199.513608][T21362] ? __pfx_get_signal+0x10/0x10 [ 3199.519558][T21362] ? __pfx_force_sig_fault+0x10/0x10 [ 3199.524894][T21362] arch_do_signal_or_restart+0x96/0x860 [ 3199.530481][T21362] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3199.536684][T21362] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3199.542525][T21362] irqentry_exit_to_user_mode+0x78/0x280 [ 3199.548178][T21362] exc_page_fault+0x587/0x870 [ 3199.552879][T21362] asm_exc_page_fault+0x26/0x30 [ 3199.557765][T21362] RIP: 0033:0x7f8ab667ddb1 [ 3199.562196][T21362] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3199.581825][T21362] RSP: 002b:00000000000003f0 EFLAGS: 00010217 [ 3199.587905][T21362] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3199.595888][T21362] RDX: 0000000000000000 RSI: 00000000000003f0 RDI: 0000000000000000 [ 3199.603879][T21362] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3199.611876][T21362] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3199.619970][T21362] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3199.627973][T21362] [ 3199.670803][T21362] memory: usage 307200kB, limit 307200kB, failcnt 156684 [ 3199.777384][T21362] memory+swap: usage 417600kB, limit 9007199254740988kB, failcnt 0 [ 3199.785479][T21362] kmem: usage 44268kB, limit 9007199254740988kB, failcnt 0 [ 3199.913843][T21362] Memory cgroup stats for /syz4: [ 3199.914013][T21362] cache 268173312 [ 3199.956579][T21362] rss 925696 [ 3199.959837][T21362] rss_huge 0 [ 3199.963062][T21362] shmem 268173312 [ 3200.042022][T21362] mapped_file 113614848 [ 3200.066017][T21362] dirty 0 [ 3200.069025][T21362] writeback 0 [ 3200.072336][T21362] workingset_refault_anon 2518 [ 3200.136864][T21362] workingset_refault_file 0 [ 3200.141434][T21362] swap 113049600 [ 3200.145019][T21362] swapcached 126976 [ 3200.210442][T21362] pgpgin 1635033 [ 3200.220249][T21362] pgpgout 1569305 [ 3200.223905][T21362] pgfault 1259350 [ 3200.318177][T21362] pgmajfault 1552 [ 3200.321871][T21362] inactive_anon 196927488 [ 3200.373136][T21362] active_anon 72269824 [ 3200.416045][T21362] inactive_file 0 [ 3200.419754][T21362] active_file 0 [ 3200.423241][T21362] unevictable 0 [ 3200.456628][T21362] hierarchical_memory_limit 314572800 [ 3200.462075][T21362] hierarchical_memsw_limit 9223372036854771712 [ 3200.522365][T21362] total_cache 268173312 [ 3200.596042][T21362] total_rss 925696 [ 3200.599872][T21362] total_rss_huge 0 [ 3200.603616][T21362] total_shmem 268173312 [ 3200.656153][T21362] total_mapped_file 113614848 [ 3200.692942][T21362] total_dirty 0 [ 3200.726715][T21362] total_writeback 0 [ 3200.730586][T21362] total_workingset_refault_anon 2518 [ 3200.779219][T21362] total_workingset_refault_file 0 [ 3200.784394][T21362] total_swap 113049600 [ 3200.843919][T21362] total_swapcached 126976 [ 3200.877639][T21362] total_pgpgin 1635033 [ 3200.881774][T21362] total_pgpgout 1569305 [ 3200.944256][T21362] total_pgfault 1259350 [ 3200.961839][T21362] total_pgmajfault 1552 [ 3200.985431][T21362] total_inactive_anon 196927488 [ 3201.042986][T21362] total_active_anon 72269824 [ 3201.082196][T21362] total_inactive_file 0 [ 3201.098945][T21362] total_active_file 0 [ 3201.102988][T21362] total_unevictable 0 [ 3201.116184][T21362] anon_cost 0 [ 3201.119530][T21362] file_cost 0 [ 3201.122843][T21362] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21278,uid=0 [ 3201.214319][T21362] Memory cgroup out of memory: Killed process 21278 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:15744kB, UID:0 pgtables:124kB oom_score_adj:1000 14:02:56 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x600, 0x0, 0x0, 0x0) 14:02:59 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x700, 0x0, 0x0, 0x0) [ 3205.135202][ T1240] ieee802154 phy0 wpan0: encryption failed: -22 [ 3205.141950][ T1240] ieee802154 phy1 wpan1: encryption failed: -22 [ 3205.767948][T19598] bond2 (unregistering): Released all slaves [ 3205.935808][T19598] bond1 (unregistering): (slave batadv1): Releasing backup interface 14:03:00 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x703, 0x0, 0x0, 0x0) [ 3206.318251][T19598] bond1 (unregistering): Released all slaves [ 3208.419342][T19598] team0 (unregistering): Port device team_slave_1 removed [ 3208.533147][T19598] team0 (unregistering): Port device team_slave_0 removed [ 3208.597032][T19598] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 3208.846667][T19598] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 3209.837775][T19598] bond0 (unregistering): Released all slaves [ 3211.409805][T21348] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3211.420774][T21348] CPU: 1 PID: 21348 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3211.429599][T21348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3211.440055][T21348] Call Trace: [ 3211.443384][T21348] [ 3211.446358][T21348] dump_stack_lvl+0x1e7/0x2e0 [ 3211.451091][T21348] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3211.456336][T21348] ? __pfx__printk+0x10/0x10 [ 3211.460963][T21348] ? ___ratelimit+0x4c4/0x670 [ 3211.465687][T21348] ? __pfx____ratelimit+0x10/0x10 [ 3211.470777][T21348] dump_header+0xda/0x6a0 [ 3211.475167][T21348] oom_kill_process+0x3a7/0x930 [ 3211.480232][T21348] ? trace_contention_end+0x3c/0x100 [ 3211.485545][T21348] out_of_memory+0xf67/0x1320 [ 3211.493458][T21348] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3211.499195][T21348] ? __pfx___mutex_lock+0x10/0x10 [ 3211.504241][T21348] ? __pfx_out_of_memory+0x10/0x10 [ 3211.509379][T21348] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3211.514943][T21348] ? __pfx_lock_release+0x10/0x10 [ 3211.519995][T21348] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3211.526282][T21348] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3211.531510][T21348] ? mem_cgroup_iter+0x422/0x560 [ 3211.536466][T21348] try_charge_memcg+0xda2/0x18a0 [ 3211.541438][T21348] ? __pfx_try_charge_memcg+0x10/0x10 [ 3211.546826][T21348] ? percpu_ref_tryget+0x14/0x180 [ 3211.551882][T21348] charge_memcg+0xa2/0x160 [ 3211.556328][T21348] __mem_cgroup_charge+0x27/0x80 [ 3211.561287][T21348] shmem_alloc_and_add_folio+0x393/0xde0 [ 3211.566940][T21348] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3211.573111][T21348] ? filemap_map_pages+0x1248/0x1830 [ 3211.578426][T21348] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3211.583661][T21348] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3211.589322][T21348] shmem_fault+0x254/0x6f0 [ 3211.593758][T21348] ? __pfx_shmem_fault+0x10/0x10 [ 3211.598857][T21348] ? __pfx_lock_release+0x10/0x10 [ 3211.603920][T21348] ? pte_offset_map_nolock+0x137/0x1f0 [ 3211.609406][T21348] __do_fault+0x135/0x460 [ 3211.613757][T21348] ? __pfx_filemap_map_pages+0x10/0x10 [ 3211.619261][T21348] ? __handle_mm_fault+0x31c8/0x72d0 [ 3211.624561][T21348] __handle_mm_fault+0x49e6/0x72d0 [ 3211.629718][T21348] ? __pfx___handle_mm_fault+0x10/0x10 [ 3211.635197][T21348] ? follow_page_pte+0x28e/0x1910 [ 3211.640241][T21348] ? follow_page_pte+0x760/0x1910 [ 3211.645285][T21348] ? __pfx_lock_release+0x10/0x10 [ 3211.650333][T21348] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3211.655577][T21348] ? follow_page_pte+0x7f2/0x1910 [ 3211.660620][T21348] ? mt_find+0x62d/0x850 [ 3211.664911][T21348] handle_mm_fault+0x3c1/0x8a0 [ 3211.669877][T21348] __get_user_pages+0x6bd/0x1600 [ 3211.674855][T21348] ? get_dump_page+0xe1/0x2f0 [ 3211.679555][T21348] ? __pfx___get_user_pages+0x10/0x10 [ 3211.685208][T21348] ? __kernel_write_iter+0x632/0x8c0 [ 3211.690517][T21348] get_dump_page+0x154/0x2f0 [ 3211.695142][T21348] ? __pfx___kernel_write_iter+0x10/0x10 [ 3211.700793][T21348] ? __pfx_get_dump_page+0x10/0x10 [ 3211.705934][T21348] ? iov_iter_bvec+0x4e/0x1b0 [ 3211.710651][T21348] dump_user_range+0x126/0x910 [ 3211.715439][T21348] ? __pfx_dump_user_range+0x10/0x10 [ 3211.720736][T21348] ? writenote+0x250/0x3b0 [ 3211.725184][T21348] ? kmalloc_trace+0x1d6/0x360 [ 3211.729963][T21348] ? elf_core_dump+0x2e01/0x4630 [ 3211.734918][T21348] ? dump_emit+0x99/0xd0 [ 3211.739183][T21348] elf_core_dump+0x3d5d/0x4630 [ 3211.744003][T21348] ? __pfx_elf_core_dump+0x10/0x10 [ 3211.749129][T21348] ? mark_lock+0x9a/0x350 [ 3211.753465][T21348] ? mas_next_slot+0xeb2/0xf90 [ 3211.758248][T21348] ? __lock_acquire+0x1345/0x1fd0 [ 3211.763329][T21348] ? rcu_read_lock_any_held+0xb7/0x160 [ 3211.768899][T21348] ? 0xffffffffff600000 [ 3211.773065][T21348] ? getname_kernel+0x140/0x2f0 [ 3211.777938][T21348] do_coredump+0x1baa/0x2b50 [ 3211.782550][T21348] ? get_signal+0xbe1/0x1850 [ 3211.787198][T21348] ? __pfx_do_coredump+0x10/0x10 [ 3211.792193][T21348] ? _raw_spin_unlock_irq+0x23/0x50 [ 3211.797491][T21348] ? lockdep_hardirqs_on+0x98/0x140 [ 3211.802713][T21348] get_signal+0x146a/0x1850 [ 3211.807250][T21348] ? __pfx_get_signal+0x10/0x10 [ 3211.812118][T21348] ? __pfx_force_sig_fault+0x10/0x10 [ 3211.817426][T21348] arch_do_signal_or_restart+0x96/0x860 [ 3211.822999][T21348] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3211.829188][T21348] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3211.835019][T21348] irqentry_exit_to_user_mode+0x78/0x280 [ 3211.840679][T21348] exc_page_fault+0x587/0x870 [ 3211.845375][T21348] asm_exc_page_fault+0x26/0x30 [ 3211.850331][T21348] RIP: 0033:0x7f8ab667ddb1 [ 3211.854775][T21348] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3211.874403][T21348] RSP: 002b:00000000000003e0 EFLAGS: 00010217 [ 3211.880486][T21348] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3211.888475][T21348] RDX: 0000000000000000 RSI: 00000000000003e0 RDI: 0000000000000000 [ 3211.896476][T21348] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3211.904569][T21348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3211.912651][T21348] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3211.920651][T21348] [ 3211.953788][T21348] memory: usage 307200kB, limit 307200kB, failcnt 161630 [ 3212.082454][T21348] memory+swap: usage 417692kB, limit 9007199254740988kB, failcnt 0 [ 3212.392525][T21338] chnl_net:caif_netlink_parms(): no params data found [ 3212.547376][T21348] kmem: usage 44456kB, limit 9007199254740988kB, failcnt 0 [ 3212.577922][T21344] chnl_net:caif_netlink_parms(): no params data found [ 3212.596131][T21348] Memory cgroup stats for /syz4: [ 3212.596305][T21348] cache 268124160 [ 3212.605024][T21348] rss 585728 [ 3212.684993][T21348] rss_huge 0 [ 3212.705695][T21332] chnl_net:caif_netlink_parms(): no params data found [ 3212.825802][T21348] shmem 268124160 [ 3212.896108][T21348] mapped_file 88838144 [ 3212.900334][T21348] dirty 0 [ 3212.903293][T21348] writeback 0 [ 3213.016123][T21348] workingset_refault_anon 2701 [ 3213.055774][T21348] workingset_refault_file 0 [ 3213.135303][T21348] swap 113098752 [ 3213.226080][T21348] swapcached 200704 [ 3213.229967][T21348] pgpgin 1696056 [ 3213.233545][T21348] pgpgout 1630377 [ 3213.443968][T21348] pgfault 1283581 [ 3213.518825][T21348] pgmajfault 1656 [ 3213.537598][T21348] inactive_anon 113717248 [ 3213.542001][T21348] active_anon 153993216 [ 3213.613864][T21348] inactive_file 0 [ 3213.626292][T21348] active_file 0 [ 3213.747767][T21348] unevictable 0 [ 3213.751326][T21348] hierarchical_memory_limit 314572800 [ 3213.967113][T21348] hierarchical_memsw_limit 9223372036854771712 [ 3213.973791][T21348] total_cache 268124160 [ 3213.979362][T21348] total_rss 585728 [ 3213.983134][T21348] total_rss_huge 0 [ 3213.987546][T21348] total_shmem 268124160 [ 3213.991955][T21348] total_mapped_file 88838144 [ 3214.000329][T21348] total_dirty 0 [ 3214.003830][T21348] total_writeback 0 [ 3214.008308][T21348] total_workingset_refault_anon 2701 [ 3214.013647][T21348] total_workingset_refault_file 0 [ 3214.024024][T21348] total_swap 113098752 [ 3214.028612][T21348] total_swapcached 200704 [ 3214.032976][T21348] total_pgpgin 1696056 [ 3214.037728][T21348] total_pgpgout 1630377 [ 3214.041932][T21348] total_pgfault 1283581 [ 3214.056043][T21348] total_pgmajfault 1656 [ 3214.060262][T21348] total_inactive_anon 113717248 [ 3214.065145][T21348] total_active_anon 153993216 [ 3214.083584][T21348] total_inactive_file 0 [ 3214.108287][T21348] total_active_file 0 [ 3214.112331][T21348] total_unevictable 0 [ 3214.166371][T21348] anon_cost 0 [ 3214.169730][T21348] file_cost 0 [ 3214.173174][T21348] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21366,uid=0 [ 3214.246058][T21348] Memory cgroup out of memory: Killed process 21366 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:14336kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3214.373635][T21343] chnl_net:caif_netlink_parms(): no params data found [ 3214.449650][T21338] bridge0: port 1(bridge_slave_0) entered blocking state [ 3214.457520][T21338] bridge0: port 1(bridge_slave_0) entered disabled state [ 3214.465171][T21338] bridge_slave_0: entered allmulticast mode [ 3214.478637][T21338] bridge_slave_0: entered promiscuous mode [ 3214.566233][T21338] bridge0: port 2(bridge_slave_1) entered blocking state [ 3214.573452][T21338] bridge0: port 2(bridge_slave_1) entered disabled state [ 3214.581745][T21338] bridge_slave_1: entered allmulticast mode [ 3214.590771][T21338] bridge_slave_1: entered promiscuous mode 14:03:09 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x900, 0x0, 0x0, 0x0) 14:03:10 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x902, 0x0, 0x0, 0x0) [ 3215.965131][T21338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3216.006653][T21344] bridge0: port 1(bridge_slave_0) entered blocking state [ 3216.013846][T21344] bridge0: port 1(bridge_slave_0) entered disabled state [ 3216.048096][T21344] bridge_slave_0: entered allmulticast mode [ 3216.068846][T21344] bridge_slave_0: entered promiscuous mode [ 3216.138274][T21332] bridge0: port 1(bridge_slave_0) entered blocking state [ 3216.145472][T21332] bridge0: port 1(bridge_slave_0) entered disabled state [ 3216.186670][T21332] bridge_slave_0: entered allmulticast mode [ 3216.217254][T21332] bridge_slave_0: entered promiscuous mode [ 3216.249314][T21332] bridge0: port 2(bridge_slave_1) entered blocking state [ 3216.276338][T21332] bridge0: port 2(bridge_slave_1) entered disabled state [ 3216.284218][T21332] bridge_slave_1: entered allmulticast mode [ 3216.327670][T21332] bridge_slave_1: entered promiscuous mode [ 3216.351048][T21338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3216.411060][ T30] oom_reaper: reaped process 21366 (syz-executor.4), now anon-rss:104kB, file-rss:8192kB, shmem-rss:14080kB [ 3216.496529][T21344] bridge0: port 2(bridge_slave_1) entered blocking state [ 3216.503840][T21344] bridge0: port 2(bridge_slave_1) entered disabled state [ 3216.536813][T21344] bridge_slave_1: entered allmulticast mode [ 3216.545379][T21344] bridge_slave_1: entered promiscuous mode [ 3217.583428][T21332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3217.883430][T21332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3218.149926][T21338] team0: Port device team_slave_0 added [ 3218.258013][T21343] bridge0: port 1(bridge_slave_0) entered blocking state [ 3218.265244][T21343] bridge0: port 1(bridge_slave_0) entered disabled state [ 3218.316993][T21343] bridge_slave_0: entered allmulticast mode [ 3218.325687][T21343] bridge_slave_0: entered promiscuous mode [ 3218.360359][T21343] bridge0: port 2(bridge_slave_1) entered blocking state [ 3218.374390][T21343] bridge0: port 2(bridge_slave_1) entered disabled state [ 3218.397123][T21343] bridge_slave_1: entered allmulticast mode [ 3218.433323][T21343] bridge_slave_1: entered promiscuous mode 14:03:12 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xb03, 0x0, 0x0, 0x0) [ 3218.738118][T21332] team0: Port device team_slave_0 added [ 3218.748794][T21338] team0: Port device team_slave_1 added [ 3218.798596][T21344] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3219.155122][T21332] team0: Port device team_slave_1 added [ 3219.407230][T21344] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 14:03:13 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xc00, 0x0, 0x0, 0x0) [ 3219.571138][T21343] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3219.718053][T21338] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3219.725063][T21338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3219.753050][T21338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3219.842564][T21343] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3219.867994][T21332] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3219.875002][T21332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3219.938501][T21332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3219.969909][T21332] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3219.977440][T21332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3220.016317][T21332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3220.058040][T21338] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3220.065050][T21338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3220.107249][T21338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3220.134433][T21344] team0: Port device team_slave_0 added [ 3220.538335][T21343] team0: Port device team_slave_0 added [ 3220.589541][T21344] team0: Port device team_slave_1 added [ 3220.611683][T21343] team0: Port device team_slave_1 added [ 3221.039056][T21344] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3221.076021][T21344] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3221.166407][T21344] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3221.209742][T21344] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3221.226430][T21344] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3221.285975][T21344] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active 14:03:15 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xd00, 0x0, 0x0, 0x0) [ 3221.818011][T21332] hsr_slave_0: entered promiscuous mode [ 3221.967253][T21332] hsr_slave_1: entered promiscuous mode [ 3222.089687][T21343] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3222.106296][T21343] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3222.196161][T21343] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3222.211283][T21343] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3222.226340][T21343] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3222.278464][T21343] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3222.552981][T21338] hsr_slave_0: entered promiscuous mode [ 3222.722128][T21338] hsr_slave_1: entered promiscuous mode [ 3222.906021][T21338] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3222.913649][T21338] Cannot create hsr debugfs directory 14:03:17 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xd01, 0x0, 0x0, 0x0) [ 3225.881580][T21432] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3226.054236][T21432] CPU: 0 PID: 21432 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3226.062992][T21432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3226.073096][T21432] Call Trace: [ 3226.076406][T21432] [ 3226.079377][T21432] dump_stack_lvl+0x1e7/0x2e0 [ 3226.084117][T21432] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3226.089365][T21432] ? __pfx__printk+0x10/0x10 [ 3226.093993][T21432] ? ___ratelimit+0x4c4/0x670 [ 3226.098715][T21432] ? __pfx____ratelimit+0x10/0x10 [ 3226.103796][T21432] dump_header+0xda/0x6a0 [ 3226.108174][T21432] oom_kill_process+0x3a7/0x930 [ 3226.113062][T21432] ? trace_contention_end+0x3c/0x100 [ 3226.118496][T21432] out_of_memory+0xf67/0x1320 [ 3226.123235][T21432] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3226.128923][T21432] ? __pfx___mutex_lock+0x10/0x10 [ 3226.134002][T21432] ? __pfx_out_of_memory+0x10/0x10 [ 3226.139171][T21432] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3226.144766][T21432] ? __pfx_lock_release+0x10/0x10 [ 3226.149923][T21432] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3226.156028][T21432] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3226.161263][T21432] ? mem_cgroup_iter+0x422/0x560 [ 3226.166233][T21432] try_charge_memcg+0xda2/0x18a0 [ 3226.171219][T21432] ? __pfx_try_charge_memcg+0x10/0x10 [ 3226.176613][T21432] ? percpu_ref_tryget+0x14/0x180 [ 3226.181675][T21432] charge_memcg+0xa2/0x160 [ 3226.186129][T21432] __mem_cgroup_charge+0x27/0x80 [ 3226.191086][T21432] shmem_alloc_and_add_folio+0x393/0xde0 [ 3226.196748][T21432] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3226.202939][T21432] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3226.208176][T21432] ? lockdep_hardirqs_on+0x98/0x140 [ 3226.213391][T21432] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3226.219046][T21432] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3226.225303][T21432] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3226.231912][T21432] shmem_write_begin+0x170/0x4d0 [ 3226.236900][T21432] ? __pfx_shmem_write_begin+0x10/0x10 [ 3226.242384][T21432] ? fault_in_iov_iter_readable+0x236/0x280 [ 3226.248305][T21432] generic_perform_write+0x321/0x640 [ 3226.253612][T21432] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3226.259539][T21432] ? __pfx_generic_perform_write+0x10/0x10 [ 3226.265374][T21432] ? mnt_put_write_access_file+0xc2/0x100 [ 3226.271112][T21432] ? file_update_time+0x3ac/0x3e0 [ 3226.276161][T21432] shmem_file_write_iter+0xfc/0x120 [ 3226.281377][T21432] __kernel_write_iter+0x434/0x8c0 [ 3226.291659][T21432] ? __pfx___kernel_write_iter+0x10/0x10 [ 3226.297316][T21432] ? generic_file_llseek_size+0x34c/0x3b0 [ 3226.303126][T21432] ? iov_iter_bvec+0x4e/0x1b0 [ 3226.307827][T21432] dump_user_range+0x46c/0x910 [ 3226.312623][T21432] ? __pfx_dump_user_range+0x10/0x10 [ 3226.317941][T21432] ? writenote+0x250/0x3b0 [ 3226.322414][T21432] ? kmalloc_trace+0x1d6/0x360 [ 3226.327221][T21432] ? elf_core_dump+0x2e01/0x4630 [ 3226.332209][T21432] ? dump_emit+0x99/0xd0 [ 3226.336480][T21432] elf_core_dump+0x3d5d/0x4630 [ 3226.341318][T21432] ? __pfx_elf_core_dump+0x10/0x10 [ 3226.346460][T21432] ? mark_lock+0x9a/0x350 [ 3226.350807][T21432] ? mas_next_slot+0xeb2/0xf90 [ 3226.355595][T21432] ? __lock_acquire+0x1345/0x1fd0 [ 3226.360703][T21432] ? rcu_read_lock_any_held+0xb7/0x160 [ 3226.366202][T21432] ? 0xffffffffff600000 [ 3226.370379][T21432] ? getname_kernel+0x140/0x2f0 [ 3226.375264][T21432] do_coredump+0x1baa/0x2b50 [ 3226.379883][T21432] ? get_signal+0xbe1/0x1850 [ 3226.384523][T21432] ? __pfx_do_coredump+0x10/0x10 [ 3226.389535][T21432] ? _raw_spin_unlock_irq+0x23/0x50 [ 3226.394785][T21432] ? lockdep_hardirqs_on+0x98/0x140 [ 3226.400017][T21432] get_signal+0x146a/0x1850 [ 3226.404566][T21432] ? __pfx_get_signal+0x10/0x10 [ 3226.409439][T21432] ? __pfx_force_sig_fault+0x10/0x10 [ 3226.414753][T21432] arch_do_signal_or_restart+0x96/0x860 [ 3226.420323][T21432] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3226.426510][T21432] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3226.432337][T21432] irqentry_exit_to_user_mode+0x78/0x280 [ 3226.437995][T21432] exc_page_fault+0x587/0x870 [ 3226.442694][T21432] asm_exc_page_fault+0x26/0x30 [ 3226.447570][T21432] RIP: 0033:0x7f8ab667ddb1 [ 3226.452003][T21432] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3226.471639][T21432] RSP: 002b:0000000000000900 EFLAGS: 00010217 [ 3226.477729][T21432] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3226.485722][T21432] RDX: 0000000000000000 RSI: 0000000000000900 RDI: 0000000000000000 [ 3226.493708][T21432] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3226.501786][T21432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3226.509771][T21432] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3226.517787][T21432] [ 3226.668409][T21344] hsr_slave_0: entered promiscuous mode [ 3226.688516][T21344] hsr_slave_1: entered promiscuous mode [ 3226.695716][T21344] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3226.721538][T21344] Cannot create hsr debugfs directory [ 3226.895977][T21432] memory: usage 306496kB, limit 307200kB, failcnt 170242 [ 3226.903074][T21432] memory+swap: usage 417172kB, limit 9007199254740988kB, failcnt 0 [ 3227.026044][T21432] kmem: usage 44780kB, limit 9007199254740988kB, failcnt 0 [ 3227.033336][T21432] Memory cgroup stats for /syz4: [ 3227.033514][T21432] cache 266223616 [ 3227.156093][T21432] rss 802816 [ 3227.196051][T21432] rss_huge 0 [ 3227.306201][T21432] shmem 266223616 [ 3227.319018][T21432] mapped_file 111407104 [ 3227.347132][T21432] dirty 0 [ 3227.368419][T21432] writeback 0 [ 3227.383178][T21343] hsr_slave_0: entered promiscuous mode [ 3227.397210][T21432] workingset_refault_anon 3115 [ 3227.436037][T21432] workingset_refault_file 0 [ 3227.455058][T21343] hsr_slave_1: entered promiscuous mode [ 3227.466185][T21343] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 3227.468870][T21432] swap 112807936 [ 3227.473780][T21343] Cannot create hsr debugfs directory [ 3227.547297][T21432] swapcached 491520 [ 3227.584056][T21432] pgpgin 1739202 [ 3227.598361][T21432] pgpgout 1673855 [ 3227.621114][T21432] pgfault 1299067 [ 3227.636438][T21432] pgmajfault 1853 [ 3227.640135][T21432] inactive_anon 117190656 [ 3227.644495][T21432] active_anon 150118400 [ 3227.686238][T21432] inactive_file 0 [ 3227.689961][T21432] active_file 0 [ 3227.693899][T21432] unevictable 0 [ 3227.746078][T21432] hierarchical_memory_limit 314572800 [ 3227.751567][T21432] hierarchical_memsw_limit 9223372036854771712 [ 3227.815636][T21432] total_cache 266223616 [ 3227.846139][T21432] total_rss 802816 [ 3227.869616][T21432] total_rss_huge 0 [ 3227.896023][T21432] total_shmem 266223616 [ 3227.929396][T21432] total_mapped_file 111407104 [ 3227.960311][T21432] total_dirty 0 [ 3227.988464][T21432] total_writeback 0 [ 3228.012962][T21432] total_workingset_refault_anon 3115 [ 3228.045166][T21432] total_workingset_refault_file 0 [ 3228.066281][T21432] total_swap 112807936 [ 3228.079831][T21432] total_swapcached 491520 [ 3228.109416][T21432] total_pgpgin 1739202 [ 3228.118161][T21432] total_pgpgout 1673855 [ 3228.158366][T21432] total_pgfault 1299067 [ 3228.188356][T21432] total_pgmajfault 1853 [ 3228.224714][T21432] total_inactive_anon 117190656 [ 3228.243697][T21432] total_active_anon 150118400 [ 3228.340721][T21432] total_inactive_file 0 [ 3228.344947][T21432] total_active_file 0 [ 3228.398509][T21432] total_unevictable 0 [ 3228.402585][T21432] anon_cost 0 [ 3228.580682][T21432] file_cost 0 [ 3228.584049][T21432] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21362,uid=0 14:03:22 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xd02, 0x0, 0x0, 0x0) [ 3228.680700][T21432] Memory cgroup out of memory: Killed process 21362 (syz-executor.4) total-vm:54640kB, anon-rss:472kB, file-rss:8192kB, shmem-rss:15872kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3228.918151][T21338] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3229.306271][T21438] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3229.366833][T21438] CPU: 0 PID: 21438 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3229.375596][T21438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3229.385696][T21438] Call Trace: [ 3229.389016][T21438] [ 3229.391988][T21438] dump_stack_lvl+0x1e7/0x2e0 [ 3229.396736][T21438] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3229.401993][T21438] ? __pfx__printk+0x10/0x10 [ 3229.406632][T21438] ? ___ratelimit+0x4c4/0x670 [ 3229.411356][T21438] ? __pfx____ratelimit+0x10/0x10 [ 3229.416443][T21438] dump_header+0xda/0x6a0 [ 3229.420829][T21438] oom_kill_process+0x3a7/0x930 [ 3229.425743][T21438] out_of_memory+0xf67/0x1320 [ 3229.430497][T21438] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3229.436190][T21438] ? __pfx___mutex_lock+0x10/0x10 [ 3229.441280][T21438] ? __pfx_out_of_memory+0x10/0x10 [ 3229.446464][T21438] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3229.452063][T21438] ? __pfx_lock_release+0x10/0x10 [ 3229.457153][T21438] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3229.463273][T21438] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3229.468523][T21438] ? mem_cgroup_iter+0x422/0x560 [ 3229.473750][T21438] try_charge_memcg+0xda2/0x18a0 [ 3229.478780][T21438] ? __pfx_try_charge_memcg+0x10/0x10 [ 3229.484217][T21438] ? percpu_ref_tryget+0x14/0x180 [ 3229.489328][T21438] charge_memcg+0xa2/0x160 [ 3229.493816][T21438] __mem_cgroup_charge+0x27/0x80 [ 3229.498813][T21438] shmem_alloc_and_add_folio+0x393/0xde0 [ 3229.504515][T21438] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3229.510727][T21438] ? filemap_map_pages+0x1248/0x1830 [ 3229.516071][T21438] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3229.521353][T21438] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3229.527077][T21438] shmem_fault+0x254/0x6f0 [ 3229.531560][T21438] ? __pfx_shmem_fault+0x10/0x10 [ 3229.536560][T21438] ? __pfx_lock_release+0x10/0x10 [ 3229.541637][T21438] ? pte_offset_map_nolock+0x137/0x1f0 [ 3229.547164][T21438] __do_fault+0x135/0x460 [ 3229.551549][T21438] ? __pfx_filemap_map_pages+0x10/0x10 [ 3229.557065][T21438] ? __handle_mm_fault+0x31c8/0x72d0 [ 3229.562403][T21438] __handle_mm_fault+0x49e6/0x72d0 [ 3229.567611][T21438] ? __pfx___handle_mm_fault+0x10/0x10 [ 3229.573125][T21438] ? follow_page_pte+0x28e/0x1910 [ 3229.578201][T21438] ? follow_page_pte+0x760/0x1910 [ 3229.583273][T21438] ? __pfx_lock_release+0x10/0x10 [ 3229.588359][T21438] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3229.593614][T21438] ? follow_page_pte+0x7f2/0x1910 [ 3229.598692][T21438] ? mt_find+0x62d/0x850 [ 3229.603004][T21438] handle_mm_fault+0x3c1/0x8a0 [ 3229.607837][T21438] __get_user_pages+0x6bd/0x1600 [ 3229.612837][T21438] ? get_dump_page+0xe1/0x2f0 [ 3229.617561][T21438] ? __pfx___get_user_pages+0x10/0x10 [ 3229.622993][T21438] ? __kernel_write_iter+0x632/0x8c0 [ 3229.628335][T21438] get_dump_page+0x154/0x2f0 [ 3229.632972][T21438] ? __pfx___kernel_write_iter+0x10/0x10 [ 3229.638741][T21438] ? __pfx_get_dump_page+0x10/0x10 [ 3229.643897][T21438] ? generic_file_llseek_size+0x34c/0x3b0 [ 3229.649664][T21438] ? iov_iter_bvec+0x4e/0x1b0 [ 3229.654401][T21438] dump_user_range+0x126/0x910 [ 3229.659223][T21438] ? __pfx_dump_user_range+0x10/0x10 [ 3229.664552][T21438] ? writenote+0x250/0x3b0 [ 3229.669028][T21438] ? kmalloc_trace+0x1d6/0x360 [ 3229.673832][T21438] ? elf_core_dump+0x2e01/0x4630 [ 3229.678815][T21438] ? dump_emit+0x99/0xd0 [ 3229.683108][T21438] elf_core_dump+0x3d5d/0x4630 [ 3229.687943][T21438] ? __pfx_elf_core_dump+0x10/0x10 [ 3229.693093][T21438] ? mark_lock+0x9a/0x350 [ 3229.697469][T21438] ? mas_next_slot+0xeb2/0xf90 [ 3229.702278][T21438] ? __lock_acquire+0x1345/0x1fd0 [ 3229.707404][T21438] ? rcu_read_lock_any_held+0xb7/0x160 [ 3229.712912][T21438] ? 0xffffffffff600000 [ 3229.717105][T21438] ? getname_kernel+0x140/0x2f0 [ 3229.722029][T21438] do_coredump+0x1baa/0x2b50 [ 3229.726674][T21438] ? get_signal+0xbe1/0x1850 [ 3229.731348][T21438] ? __pfx_do_coredump+0x10/0x10 [ 3229.736376][T21438] ? _raw_spin_unlock_irq+0x23/0x50 [ 3229.741711][T21438] ? lockdep_hardirqs_on+0x98/0x140 [ 3229.746970][T21438] get_signal+0x146a/0x1850 [ 3229.751556][T21438] ? __pfx_get_signal+0x10/0x10 [ 3229.756560][T21438] ? __pfx_force_sig_fault+0x10/0x10 [ 3229.761923][T21438] arch_do_signal_or_restart+0x96/0x860 [ 3229.767548][T21438] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3229.773787][T21438] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3229.779653][T21438] irqentry_exit_to_user_mode+0x78/0x280 [ 3229.785434][T21438] exc_page_fault+0x587/0x870 [ 3229.790269][T21438] asm_exc_page_fault+0x26/0x30 [ 3229.795262][T21438] RIP: 0033:0x7f8ab667ddb1 [ 3229.799729][T21438] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3229.819390][T21438] RSP: 002b:0000000000000900 EFLAGS: 00010217 [ 3229.825517][T21438] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3229.833552][T21438] RDX: 0000000000000000 RSI: 0000000000000900 RDI: 0000000000000000 [ 3229.841577][T21438] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3229.849603][T21438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3229.857611][T21438] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3229.865648][T21438] [ 3230.336062][T21438] memory: usage 306976kB, limit 307200kB, failcnt 171399 [ 3230.345770][T21438] memory+swap: usage 410904kB, limit 9007199254740988kB, failcnt 0 [ 3230.627448][T21338] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3230.716170][T21438] kmem: usage 44548kB, limit 9007199254740988kB, failcnt 0 [ 3230.723443][T21438] Memory cgroup stats for /syz4: [ 3230.723616][T21438] cache 267026432 [ 3230.986000][T21438] rss 655360 [ 3231.083693][T21438] rss_huge 0 [ 3231.216112][T21438] shmem 267026432 [ 3231.237527][T21438] mapped_file 101605376 [ 3231.286778][T21438] dirty 0 [ 3231.354175][T21438] writeback 0 14:03:25 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xd03, 0x0, 0x0, 0x0) [ 3231.517328][T21338] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3231.655985][T21438] workingset_refault_anon 3151 [ 3231.660818][T21438] workingset_refault_file 0 [ 3231.665348][T21438] swap 108146688 [ 3231.958799][T21438] swapcached 483328 [ 3231.962679][T21438] pgpgin 1746477 [ 3232.160940][T21438] pgpgout 1681008 [ 3232.164649][T21438] pgfault 1301848 [ 3232.316089][T21438] pgmajfault 1877 [ 3232.319798][T21438] inactive_anon 134492160 [ 3232.324160][T21438] active_anon 133566464 [ 3232.498051][T21338] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 3232.576201][T21438] inactive_file 0 [ 3232.579912][T21438] active_file 0 [ 3232.583404][T21438] unevictable 0 [ 3232.831327][T21438] hierarchical_memory_limit 314572800 [ 3232.893136][T21438] hierarchical_memsw_limit 9223372036854771712 [ 3233.116304][T21438] total_cache 267026432 [ 3233.187165][T21438] total_rss 655360 [ 3233.190953][T21438] total_rss_huge 0 [ 3233.194696][T21438] total_shmem 267026432 [ 3233.435362][T21438] total_mapped_file 101605376 [ 3233.456089][T21438] total_dirty 0 [ 3233.459615][T21438] total_writeback 0 [ 3233.463440][T21438] total_workingset_refault_anon 3151 [ 3233.664937][T21438] total_workingset_refault_file 0 [ 3233.906343][T21438] total_swap 108146688 [ 3233.910481][T21438] total_swapcached 483328 [ 3233.914837][T21438] total_pgpgin 1746477 [ 3234.166036][T21438] total_pgpgout 1681008 [ 3234.446151][T21438] total_pgfault 1301848 [ 3234.566261][T21438] total_pgmajfault 1877 [ 3234.629531][T21438] total_inactive_anon 134492160 [ 3234.817286][T21438] total_active_anon 133566464 14:03:29 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xf02, 0x0, 0x0, 0x0) [ 3235.083505][T21438] total_inactive_file 0 [ 3235.196087][T21438] total_active_file 0 [ 3235.200137][T21438] total_unevictable 0 [ 3235.204152][T21438] anon_cost 0 [ 3235.436116][T21438] file_cost 0 [ 3235.439470][T21438] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21369,uid=0 [ 3236.266051][T21438] Memory cgroup out of memory: Killed process 21369 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:17792kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3236.386242][T21338] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 3236.626905][T21338] netdevsim netdevsim1 netdevsim1: renamed from eth1 14:03:32 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xf03, 0x0, 0x0, 0x0) [ 3238.107496][T21338] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 3238.368173][T21338] netdevsim netdevsim1 netdevsim3: renamed from eth3 14:03:33 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1100, 0x0, 0x0, 0x0) 14:03:35 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1501, 0x0, 0x0, 0x0) 14:03:38 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1502, 0x0, 0x0, 0x0) [ 3246.097480][T21338] 8021q: adding VLAN 0 to HW filter on device bond0 [ 3246.313349][T21338] 8021q: adding VLAN 0 to HW filter on device team0 [ 3246.422289][T29740] bridge0: port 1(bridge_slave_0) entered blocking state [ 3246.429565][T29740] bridge0: port 1(bridge_slave_0) entered forwarding state 14:03:40 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1503, 0x0, 0x0, 0x0) [ 3246.478874][T29740] bridge0: port 2(bridge_slave_1) entered blocking state [ 3246.486125][T29740] bridge0: port 2(bridge_slave_1) entered forwarding state [ 3246.726934][T21338] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 3246.839803][T21338] veth0_vlan: entered promiscuous mode [ 3246.864391][T21338] veth1_vlan: entered promiscuous mode [ 3246.982276][T21338] veth0_macvtap: entered promiscuous mode [ 3247.014393][T21338] veth1_macvtap: entered promiscuous mode [ 3247.114442][T21338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 3247.149033][T21338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3247.160936][T21338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: ªªªªªª [ 3247.171448][T21338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3247.184759][T21338] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 3247.220278][T21338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 3247.248995][T21338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 3247.287955][T21338] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 3247.416356][T21338] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 3247.425128][T21338] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 3247.452878][T21338] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 3247.476068][T21338] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 14:03:43 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1700, 0x0, 0x0, 0x0) 14:03:45 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1701, 0x0, 0x0, 0x0) 14:03:48 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1702, 0x0, 0x0, 0x0) [ 3254.620799][T21018] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 3254.631622][T21018] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 3254.640222][T21018] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 3254.658038][T21018] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 3254.666977][T21018] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 3254.674327][T21018] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 3255.738367][T21011] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 3255.753575][T21011] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 3255.761826][T21011] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 3255.762328][ T5111] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 3255.771093][T21011] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 3255.779979][ T5111] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 3255.784909][T21011] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 3255.792341][ T5111] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 3255.798849][T21011] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 3255.833234][T21018] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 3255.844691][T21018] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 3255.856570][T21018] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 3255.860148][T21011] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 3255.875492][T21011] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 3255.885135][T21011] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 3255.897519][T21011] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 3255.906902][T21018] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 3255.918382][T21018] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 3256.726170][T21018] Bluetooth: hci0: command 0x0409 tx timeout [ 3257.694662][T21575] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3257.846547][T21018] Bluetooth: hci5: command 0x0409 tx timeout [ 3257.926365][T21018] Bluetooth: hci1: command 0x0409 tx timeout [ 3258.006101][T21018] Bluetooth: hci6: command 0x0409 tx timeout [ 3258.199795][T21575] CPU: 0 PID: 21575 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3258.208559][T21575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3258.218654][T21575] Call Trace: [ 3258.221953][T21575] [ 3258.224901][T21575] dump_stack_lvl+0x1e7/0x2e0 [ 3258.229629][T21575] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3258.234871][T21575] ? __pfx__printk+0x10/0x10 [ 3258.239503][T21575] ? ___ratelimit+0x4c4/0x670 [ 3258.244218][T21575] ? __pfx____ratelimit+0x10/0x10 [ 3258.249292][T21575] dump_header+0xda/0x6a0 [ 3258.253661][T21575] oom_kill_process+0x3a7/0x930 [ 3258.258545][T21575] ? trace_contention_end+0x3c/0x100 [ 3258.263871][T21575] out_of_memory+0xf67/0x1320 [ 3258.268599][T21575] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3258.274278][T21575] ? __pfx___mutex_lock+0x10/0x10 [ 3258.279355][T21575] ? __pfx_out_of_memory+0x10/0x10 [ 3258.284514][T21575] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3258.290099][T21575] ? __pfx_lock_release+0x10/0x10 [ 3258.295179][T21575] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3258.301736][T21575] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3258.307059][T21575] ? mem_cgroup_iter+0x422/0x560 [ 3258.312052][T21575] try_charge_memcg+0xda2/0x18a0 [ 3258.317079][T21575] ? __pfx_try_charge_memcg+0x10/0x10 [ 3258.322509][T21575] ? percpu_ref_tryget+0x14/0x180 [ 3258.327624][T21575] charge_memcg+0xa2/0x160 [ 3258.332102][T21575] __mem_cgroup_charge+0x27/0x80 [ 3258.337103][T21575] shmem_alloc_and_add_folio+0x393/0xde0 [ 3258.342806][T21575] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3258.349013][T21575] ? filemap_map_pages+0x1248/0x1830 [ 3258.354359][T21575] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3258.359742][T21575] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3258.365453][T21575] shmem_fault+0x254/0x6f0 [ 3258.369922][T21575] ? __pfx_shmem_fault+0x10/0x10 [ 3258.374914][T21575] ? __pfx_lock_release+0x10/0x10 [ 3258.379988][T21575] ? pte_offset_map_nolock+0x137/0x1f0 [ 3258.385742][T21575] __do_fault+0x135/0x460 [ 3258.390129][T21575] ? __pfx_filemap_map_pages+0x10/0x10 [ 3258.395644][T21575] ? __handle_mm_fault+0x31c8/0x72d0 [ 3258.400989][T21575] __handle_mm_fault+0x49e6/0x72d0 [ 3258.406363][T21575] ? __pfx___handle_mm_fault+0x10/0x10 [ 3258.411873][T21575] ? follow_page_pte+0x28e/0x1910 [ 3258.416952][T21575] ? follow_page_pte+0x760/0x1910 [ 3258.422024][T21575] ? __pfx_lock_release+0x10/0x10 [ 3258.428672][T21575] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3258.433922][T21575] ? follow_page_pte+0x7f2/0x1910 [ 3258.438993][T21575] ? mt_find+0x62d/0x850 [ 3258.443334][T21575] handle_mm_fault+0x3c1/0x8a0 [ 3258.448146][T21575] __get_user_pages+0x6bd/0x1600 [ 3258.453139][T21575] ? get_dump_page+0xe1/0x2f0 [ 3258.458027][T21575] ? __pfx___get_user_pages+0x10/0x10 [ 3258.463432][T21575] ? __kernel_write_iter+0x632/0x8c0 [ 3258.468772][T21575] get_dump_page+0x154/0x2f0 [ 3258.473398][T21575] ? __pfx___kernel_write_iter+0x10/0x10 [ 3258.479104][T21575] ? __pfx_get_dump_page+0x10/0x10 [ 3258.484289][T21575] ? generic_file_llseek_size+0x34c/0x3b0 [ 3258.490055][T21575] ? iov_iter_bvec+0x4e/0x1b0 [ 3258.494979][T21575] dump_user_range+0x126/0x910 [ 3258.499796][T21575] ? __pfx_dump_user_range+0x10/0x10 [ 3258.505168][T21575] ? writenote+0x250/0x3b0 [ 3258.509833][T21575] ? kmalloc_trace+0x1d6/0x360 [ 3258.514636][T21575] ? elf_core_dump+0x2e01/0x4630 [ 3258.519618][T21575] ? dump_emit+0x99/0xd0 [ 3258.523900][T21575] elf_core_dump+0x3d5d/0x4630 [ 3258.528843][T21575] ? __pfx_elf_core_dump+0x10/0x10 [ 3258.534086][T21575] ? mark_lock+0x9a/0x350 [ 3258.538459][T21575] ? mas_next_slot+0xeb2/0xf90 [ 3258.543433][T21575] ? __lock_acquire+0x1345/0x1fd0 [ 3258.548726][T21575] ? rcu_read_lock_any_held+0xb7/0x160 [ 3258.554230][T21575] ? 0xffffffffff600000 [ 3258.558418][T21575] ? getname_kernel+0x140/0x2f0 [ 3258.563329][T21575] do_coredump+0x1baa/0x2b50 [ 3258.567971][T21575] ? get_signal+0xbe1/0x1850 [ 3258.572651][T21575] ? __pfx_do_coredump+0x10/0x10 [ 3258.577683][T21575] ? _raw_spin_unlock_irq+0x23/0x50 [ 3258.582918][T21575] ? lockdep_hardirqs_on+0x98/0x140 [ 3258.588159][T21575] get_signal+0x146a/0x1850 [ 3258.592727][T21575] ? __pfx_get_signal+0x10/0x10 [ 3258.597625][T21575] ? __pfx_force_sig_fault+0x10/0x10 [ 3258.602958][T21575] arch_do_signal_or_restart+0x96/0x860 [ 3258.608552][T21575] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3258.614777][T21575] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3258.620633][T21575] irqentry_exit_to_user_mode+0x78/0x280 [ 3258.626310][T21575] exc_page_fault+0x587/0x870 [ 3258.631042][T21575] asm_exc_page_fault+0x26/0x30 [ 3258.635943][T21575] RIP: 0033:0x7f8ab667ddb1 [ 3258.640397][T21575] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3258.660044][T21575] RSP: 002b:0000000000000f00 EFLAGS: 00010217 [ 3258.666153][T21575] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3258.674162][T21575] RDX: 0000000000000000 RSI: 0000000000000f00 RDI: 0000000000000000 [ 3258.682340][T21575] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3258.690348][T21575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3258.698441][T21575] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3258.706472][T21575] [ 3258.719956][T21575] memory: usage 307200kB, limit 307200kB, failcnt 187053 [ 3258.746784][T21575] memory+swap: usage 417732kB, limit 9007199254740988kB, failcnt 0 [ 3258.766195][T21575] kmem: usage 44768kB, limit 9007199254740988kB, failcnt 0 [ 3258.773441][T21575] Memory cgroup stats for /syz4: [ 3258.773602][T21575] cache 267526144 [ 3258.806130][T21018] Bluetooth: hci0: command 0x041b tx timeout [ 3258.818903][T21575] rss 1093632 [ 3258.822985][T21575] rss_huge 0 [ 3258.846077][T21575] shmem 267526144 [ 3258.849804][T21575] mapped_file 152104960 [ 3258.906810][T21575] dirty 0 [ 3258.909814][T21575] writeback 0 [ 3258.913125][T21575] workingset_refault_anon 3287 [ 3258.996048][T21575] workingset_refault_file 0 [ 3259.000767][T21575] swap 113184768 [ 3259.004354][T21575] swapcached 114688 [ 3259.016188][T21575] pgpgin 1817428 [ 3259.019881][T21575] pgpgout 1751820 [ 3259.036007][T21575] pgfault 1328653 [ 3259.039787][T21575] pgmajfault 1977 [ 3259.043481][T21575] inactive_anon 12873728 [ 3259.056002][T21575] active_anon 255856640 [ 3259.060232][T21575] inactive_file 0 [ 3259.063887][T21575] active_file 0 [ 3259.075960][T21575] unevictable 0 [ 3259.079477][T21575] hierarchical_memory_limit 314572800 [ 3259.097614][T21575] hierarchical_memsw_limit 9223372036854771712 [ 3259.110574][T21575] total_cache 267526144 [ 3259.114782][T21575] total_rss 1093632 [ 3259.126293][T21575] total_rss_huge 0 [ 3259.136243][T21575] total_shmem 267526144 [ 3259.140445][T21575] total_mapped_file 152104960 [ 3259.145147][T21575] total_dirty 0 [ 3259.166029][T21575] total_writeback 0 [ 3259.169975][T21575] total_workingset_refault_anon 3287 [ 3259.175287][T21575] total_workingset_refault_file 0 [ 3259.186010][T21575] total_swap 113184768 [ 3259.190147][T21575] total_swapcached 114688 [ 3259.206133][T21575] total_pgpgin 1817428 [ 3259.210269][T21575] total_pgpgout 1751820 [ 3259.214444][T21575] total_pgfault 1328653 [ 3259.226025][T21575] total_pgmajfault 1977 [ 3259.230252][T21575] total_inactive_anon 12873728 [ 3259.256015][T21575] total_active_anon 255856640 [ 3259.260763][T21575] total_inactive_file 0 [ 3259.264995][T21575] total_active_file 0 [ 3259.276197][T21575] total_unevictable 0 [ 3259.285857][T21575] anon_cost 0 [ 3259.289584][T21575] file_cost 0 [ 3259.292907][T21575] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21428,uid=0 [ 3259.312308][T21575] Memory cgroup out of memory: Killed process 21428 (syz-executor.4) total-vm:54508kB, anon-rss:504kB, file-rss:8192kB, shmem-rss:20096kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3259.923244][T21375] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3259.926787][T21018] Bluetooth: hci5: command 0x041b tx timeout [ 3260.006339][T21018] Bluetooth: hci1: command 0x041b tx timeout [ 3260.086033][T21018] Bluetooth: hci6: command 0x041b tx timeout [ 3260.199618][T21375] CPU: 0 PID: 21375 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3260.208367][T21375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3260.218456][T21375] Call Trace: [ 3260.221767][T21375] [ 3260.224721][T21375] dump_stack_lvl+0x1e7/0x2e0 [ 3260.229451][T21375] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3260.234695][T21375] ? __pfx__printk+0x10/0x10 [ 3260.239314][T21375] ? ___ratelimit+0x4c4/0x670 [ 3260.244034][T21375] ? __pfx____ratelimit+0x10/0x10 [ 3260.249116][T21375] dump_header+0xda/0x6a0 [ 3260.253482][T21375] oom_kill_process+0x3a7/0x930 [ 3260.258381][T21375] out_of_memory+0xf67/0x1320 [ 3260.263102][T21375] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3260.268777][T21375] ? __pfx___mutex_lock+0x10/0x10 [ 3260.273852][T21375] ? __pfx_out_of_memory+0x10/0x10 [ 3260.279012][T21375] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3260.284591][T21375] ? __pfx_lock_release+0x10/0x10 [ 3260.289675][T21375] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3260.295821][T21375] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3260.301068][T21375] ? mem_cgroup_iter+0x422/0x560 [ 3260.306043][T21375] try_charge_memcg+0xda2/0x18a0 [ 3260.311044][T21375] ? __pfx_try_charge_memcg+0x10/0x10 [ 3260.316449][T21375] ? percpu_ref_tryget+0x14/0x180 [ 3260.321545][T21375] charge_memcg+0xa2/0x160 [ 3260.326005][T21375] __mem_cgroup_charge+0x27/0x80 [ 3260.330991][T21375] shmem_alloc_and_add_folio+0x393/0xde0 [ 3260.336676][T21375] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3260.342878][T21375] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3260.348147][T21375] ? lockdep_hardirqs_on+0x98/0x140 [ 3260.353388][T21375] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3260.359062][T21375] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3260.365341][T21375] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3260.372075][T21375] shmem_write_begin+0x170/0x4d0 [ 3260.377161][T21375] ? __pfx_shmem_write_begin+0x10/0x10 [ 3260.382673][T21375] ? fault_in_iov_iter_readable+0x236/0x280 [ 3260.388629][T21375] generic_perform_write+0x321/0x640 [ 3260.393970][T21375] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3260.399928][T21375] ? __pfx_generic_perform_write+0x10/0x10 [ 3260.405814][T21375] ? mnt_put_write_access_file+0xc2/0x100 [ 3260.411591][T21375] ? file_update_time+0x3ac/0x3e0 [ 3260.416663][T21375] shmem_file_write_iter+0xfc/0x120 [ 3260.421908][T21375] __kernel_write_iter+0x434/0x8c0 [ 3260.427088][T21375] ? __pfx___kernel_write_iter+0x10/0x10 [ 3260.432769][T21375] ? generic_file_llseek_size+0x34c/0x3b0 [ 3260.438531][T21375] ? iov_iter_bvec+0x4e/0x1b0 [ 3260.443254][T21375] dump_user_range+0x46c/0x910 [ 3260.448071][T21375] ? __pfx_dump_user_range+0x10/0x10 [ 3260.453390][T21375] ? writenote+0x250/0x3b0 [ 3260.457851][T21375] ? kmalloc_trace+0x1d6/0x360 [ 3260.462658][T21375] ? elf_core_dump+0x2e01/0x4630 [ 3260.467811][T21375] ? dump_emit+0x99/0xd0 [ 3260.472111][T21375] elf_core_dump+0x3d5d/0x4630 [ 3260.476950][T21375] ? __pfx_elf_core_dump+0x10/0x10 [ 3260.482112][T21375] ? mark_lock+0x9a/0x350 [ 3260.486477][T21375] ? mas_next_slot+0xeb2/0xf90 [ 3260.491278][T21375] ? __lock_acquire+0x1345/0x1fd0 [ 3260.496399][T21375] ? rcu_read_lock_any_held+0xb7/0x160 [ 3260.501916][T21375] ? 0xffffffffff600000 [ 3260.506106][T21375] ? getname_kernel+0x140/0x2f0 [ 3260.511005][T21375] do_coredump+0x1baa/0x2b50 [ 3260.515637][T21375] ? get_signal+0xbe1/0x1850 [ 3260.520310][T21375] ? __pfx_do_coredump+0x10/0x10 [ 3260.525331][T21375] ? _raw_spin_unlock_irq+0x23/0x50 [ 3260.530578][T21375] ? lockdep_hardirqs_on+0x98/0x140 [ 3260.535818][T21375] get_signal+0x146a/0x1850 [ 3260.540467][T21375] ? __pfx_get_signal+0x10/0x10 [ 3260.545360][T21375] ? __pfx_force_sig_fault+0x10/0x10 [ 3260.550690][T21375] arch_do_signal_or_restart+0x96/0x860 [ 3260.556288][T21375] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3260.562504][T21375] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3260.568449][T21375] irqentry_exit_to_user_mode+0x78/0x280 [ 3260.574129][T21375] exc_page_fault+0x587/0x870 [ 3260.578850][T21375] asm_exc_page_fault+0x26/0x30 [ 3260.583734][T21375] RIP: 0033:0x7f8ab667ddb1 [ 3260.588193][T21375] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3260.607843][T21375] RSP: 002b:0000000000000600 EFLAGS: 00010217 [ 3260.613942][T21375] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3260.621975][T21375] RDX: 0000000000000000 RSI: 0000000000000600 RDI: 0000000000000000 [ 3260.629991][T21375] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3260.638184][T21375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3260.646204][T21375] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3260.654235][T21375] [ 3260.715955][T21375] memory: usage 307200kB, limit 307200kB, failcnt 187909 [ 3260.729447][T21375] memory+swap: usage 417628kB, limit 9007199254740988kB, failcnt 0 [ 3260.788760][T21375] kmem: usage 44428kB, limit 9007199254740988kB, failcnt 0 [ 3260.886132][T21018] Bluetooth: hci0: command 0x040f tx timeout [ 3260.905287][T21375] Memory cgroup stats for /syz4: [ 3260.905479][T21375] cache 267907072 [ 3260.915479][T21375] rss 1036288 [ 3260.919075][T21375] rss_huge 0 [ 3260.922309][T21375] shmem 267907072 [ 3260.926054][T21375] mapped_file 138440704 [ 3260.930231][T21375] dirty 0 [ 3260.933187][T21375] writeback 0 [ 3260.936530][T21375] workingset_refault_anon 3287 [ 3260.941320][T21375] workingset_refault_file 0 [ 3260.945846][T21375] swap 113078272 [ 3261.046553][T21375] swapcached 114688 [ 3261.050426][T21375] pgpgin 1819696 [ 3261.053999][T21375] pgpgout 1754009 [ 3261.165979][T21375] pgfault 1329381 [ 3261.169676][T21375] pgmajfault 1977 [ 3261.173334][T21375] inactive_anon 12873728 [ 3261.236044][T21375] active_anon 256180224 [ 3261.244688][T21375] inactive_file 0 [ 3261.270349][T21375] active_file 0 [ 3261.273858][T21375] unevictable 0 [ 3261.338697][T21375] hierarchical_memory_limit 314572800 [ 3261.344134][T21375] hierarchical_memsw_limit 9223372036854771712 [ 3261.435299][T21375] total_cache 267907072 [ 3261.476018][T21375] total_rss 1036288 [ 3261.479906][T21375] total_rss_huge 0 [ 3261.483646][T21375] total_shmem 267907072 [ 3261.596032][T21375] total_mapped_file 138440704 [ 3261.600771][T21375] total_dirty 0 [ 3261.604248][T21375] total_writeback 0 [ 3261.786050][T21375] total_workingset_refault_anon 3287 [ 3261.907982][T21375] total_workingset_refault_file 0 [ 3261.913071][T21375] total_swap 113078272 [ 3262.009942][T21018] Bluetooth: hci5: command 0x040f tx timeout [ 3262.018087][T21375] total_swapcached 114688 [ 3262.022472][T21375] total_pgpgin 1819696 [ 3262.086661][T21018] Bluetooth: hci1: command 0x040f tx timeout [ 3262.099238][T21375] total_pgpgout 1754009 [ 3262.103626][T21375] total_pgfault 1329381 [ 3262.169718][T21018] Bluetooth: hci6: command 0x040f tx timeout [ 3262.260765][T21375] total_pgmajfault 1977 [ 3262.264994][T21375] total_inactive_anon 12873728 [ 3262.349556][T21375] total_active_anon 256180224 [ 3262.354319][T21375] total_inactive_file 0 [ 3262.426160][T21375] total_active_file 0 [ 3262.430216][T21375] total_unevictable 0 [ 3262.434227][T21375] anon_cost 0 [ 3262.571592][T21375] file_cost 0 [ 3262.574940][T21375] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21432,uid=0 [ 3262.726539][T21375] Memory cgroup out of memory: Killed process 21432 (syz-executor.4) total-vm:54508kB, anon-rss:504kB, file-rss:8192kB, shmem-rss:18944kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3262.776823][T19598] bridge0: port 2(erspan0) entered disabled state [ 3262.966186][T21018] Bluetooth: hci0: command 0x0419 tx timeout [ 3262.998702][T19598] erspan0 (unregistering): left allmulticast mode [ 3263.005300][T19598] erspan0 (unregistering): left promiscuous mode [ 3263.035365][T19598] bridge0: port 2(erspan0) entered disabled state 14:03:57 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1703, 0x0, 0x0, 0x0) [ 3264.086870][T21018] Bluetooth: hci5: command 0x0419 tx timeout [ 3264.166481][T21018] Bluetooth: hci1: command 0x0419 tx timeout 14:03:58 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1900, 0x0, 0x0, 0x0) [ 3264.246540][T21018] Bluetooth: hci6: command 0x0419 tx timeout [ 3264.966872][ T30] oom_reaper: reaped process 21432 (syz-executor.4), now anon-rss:44kB, file-rss:8192kB, shmem-rss:18944kB [ 3266.583252][ T1240] ieee802154 phy0 wpan0: encryption failed: -22 [ 3266.589692][ T1240] ieee802154 phy1 wpan1: encryption failed: -22 14:04:01 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1901, 0x0, 0x0, 0x0) [ 3267.412944][T21648] chnl_net:caif_netlink_parms(): no params data found 14:04:02 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1902, 0x0, 0x0, 0x0) [ 3269.321622][T21656] chnl_net:caif_netlink_parms(): no params data found [ 3269.343897][T21658] chnl_net:caif_netlink_parms(): no params data found 14:04:03 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1b03, 0x0, 0x0, 0x0) [ 3270.190678][T21657] chnl_net:caif_netlink_parms(): no params data found [ 3270.442911][T21648] bridge0: port 1(bridge_slave_0) entered blocking state [ 3270.451857][T21648] bridge0: port 1(bridge_slave_0) entered disabled state [ 3270.468543][T21648] bridge_slave_0: entered allmulticast mode [ 3270.488509][T21648] bridge_slave_0: entered promiscuous mode [ 3270.511886][T21648] bridge0: port 2(bridge_slave_1) entered blocking state [ 3270.526220][T21648] bridge0: port 2(bridge_slave_1) entered disabled state [ 3270.533955][T21648] bridge_slave_1: entered allmulticast mode [ 3270.565396][T21718] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 3270.569357][T21648] bridge_slave_1: entered promiscuous mode [ 3270.651757][T21718] CPU: 1 PID: 21718 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3270.660602][T21718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3270.670708][T21718] Call Trace: [ 3270.674021][T21718] [ 3270.676985][T21718] dump_stack_lvl+0x1e7/0x2e0 [ 3270.681719][T21718] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3270.686963][T21718] ? __pfx__printk+0x10/0x10 [ 3270.691592][T21718] ? ___ratelimit+0x4c4/0x670 [ 3270.696312][T21718] ? __pfx____ratelimit+0x10/0x10 [ 3270.701375][T21718] dump_header+0xda/0x6a0 [ 3270.705729][T21718] oom_kill_process+0x3a7/0x930 [ 3270.710603][T21718] out_of_memory+0xf67/0x1320 [ 3270.715300][T21718] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3270.720950][T21718] ? __pfx___mutex_lock+0x10/0x10 [ 3270.725997][T21718] ? __pfx_out_of_memory+0x10/0x10 [ 3270.731133][T21718] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3270.736692][T21718] ? __pfx_lock_release+0x10/0x10 [ 3270.741734][T21718] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3270.747824][T21718] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3270.753044][T21718] ? mem_cgroup_iter+0x422/0x560 [ 3270.758012][T21718] try_charge_memcg+0xda2/0x18a0 [ 3270.762998][T21718] ? __pfx_try_charge_memcg+0x10/0x10 [ 3270.768386][T21718] ? percpu_ref_tryget+0x14/0x180 [ 3270.773445][T21718] charge_memcg+0xa2/0x160 [ 3270.777883][T21718] __mem_cgroup_charge+0x27/0x80 [ 3270.782850][T21718] folio_prealloc+0x52/0x170 [ 3270.787477][T21718] do_wp_page+0x1222/0x4c90 [ 3270.792013][T21718] ? __pfx_do_wp_page+0x10/0x10 [ 3270.796881][T21718] ? __pfx_lock_acquire+0x10/0x10 [ 3270.801930][T21718] ? do_raw_spin_lock+0x14e/0x370 [ 3270.806988][T21718] __handle_mm_fault+0x26ad/0x72d0 [ 3270.812143][T21718] ? reacquire_held_locks+0x3eb/0x690 [ 3270.817527][T21718] ? __pfx___handle_mm_fault+0x10/0x10 [ 3270.823008][T21718] ? __pfx_reacquire_held_locks+0x10/0x10 [ 3270.828791][T21718] ? mtree_range_walk+0x6fd/0x8e0 [ 3270.833932][T21718] ? lock_vma_under_rcu+0x18a/0x730 [ 3270.839149][T21718] ? __pfx_lock_release+0x10/0x10 [ 3270.844191][T21718] ? lock_vma_under_rcu+0x2f9/0x730 [ 3270.849429][T21718] ? lock_vma_under_rcu+0x18a/0x730 [ 3270.854658][T21718] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 3270.860223][T21718] handle_mm_fault+0x3c1/0x8a0 [ 3270.865017][T21718] exc_page_fault+0x456/0x870 [ 3270.869715][T21718] asm_exc_page_fault+0x26/0x30 [ 3270.874595][T21718] RIP: 0033:0x7f8ab667a9d3 [ 3270.879025][T21718] Code: 83 02 00 00 e8 7e f7 fd ff e8 f9 03 00 00 41 89 c4 85 c0 0f 85 7e 02 00 00 48 8b 05 97 fd c5 00 c7 05 ad 4b 10 00 01 00 00 00 05 03 09 c6 00 00 00 00 00 c7 05 99 fd c5 00 00 00 00 00 48 83 [ 3270.898731][T21718] RSP: 002b:00007f8ab68cfc60 EFLAGS: 00010246 [ 3270.904820][T21718] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f8ab667ae0d [ 3270.912812][T21718] RDX: 0000000000000000 RSI: 0000000000000018 RDI: 0000555555c98760 [ 3270.920799][T21718] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 3270.928779][T21718] R10: 0000555555c98750 R11: 0000000000000246 R12: 0000000000000000 [ 3270.936761][T21718] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001 [ 3270.944757][T21718] [ 3271.000384][T21718] memory: usage 307200kB, limit 307200kB, failcnt 193846 [ 3271.126336][T21718] memory+swap: usage 417416kB, limit 9007199254740988kB, failcnt 0 [ 3271.212812][T21718] kmem: usage 44528kB, limit 9007199254740988kB, failcnt 0 [ 3271.267514][T21718] Memory cgroup stats for /syz4: [ 3271.267677][T21718] cache 267616256 [ 3271.385484][T21718] rss 774144 [ 3271.400806][T21718] rss_huge 0 [ 3271.404130][T21718] shmem 267616256 [ 3271.476052][T21718] mapped_file 172208128 [ 3271.501762][T21718] dirty 0 [ 3271.527030][T21718] writeback 0 [ 3271.562218][T21718] workingset_refault_anon 3367 [ 3271.616586][T21718] workingset_refault_file 0 [ 3271.677594][T21718] swap 113192960 [ 3271.733536][T21718] swapcached 106496 [ 3271.767300][T21718] pgpgin 1849518 [ 3271.816077][T21718] pgpgout 1783912 [ 3271.819780][T21718] pgfault 1342773 [ 3271.823440][T21718] pgmajfault 2019 [ 3271.864135][T21718] inactive_anon 112566272 [ 3271.887203][T21718] active_anon 155619328 [ 3271.888943][T21656] bridge0: port 1(bridge_slave_0) entered blocking state [ 3271.916100][T21656] bridge0: port 1(bridge_slave_0) entered disabled state [ 3271.923791][T21656] bridge_slave_0: entered allmulticast mode [ 3271.930773][T21718] inactive_file 0 [ 3271.934501][T21718] active_file 0 [ 3271.951557][T21656] bridge_slave_0: entered promiscuous mode [ 3272.056615][T21718] unevictable 0 [ 3272.060153][T21718] hierarchical_memory_limit 314572800 [ 3272.065569][T21718] hierarchical_memsw_limit 9223372036854771712 [ 3272.072539][T21718] total_cache 267616256 [ 3272.077093][T21718] total_rss 774144 [ 3272.080856][T21718] total_rss_huge 0 [ 3272.084606][T21718] total_shmem 267616256 [ 3272.089515][T21718] total_mapped_file 172208128 [ 3272.094235][T21718] total_dirty 0 [ 3272.140184][T21718] total_writeback 0 [ 3272.144074][T21718] total_workingset_refault_anon 3367 [ 3272.150482][T21718] total_workingset_refault_file 0 [ 3272.155564][T21718] total_swap 113192960 [ 3272.161358][T21718] total_swapcached 106496 [ 3272.176119][T21718] total_pgpgin 1849518 [ 3272.187150][T21718] total_pgpgout 1783912 [ 3272.191553][T21718] total_pgfault 1342773 [ 3272.195750][T21718] total_pgmajfault 2019 [ 3272.200715][T21718] total_inactive_anon 112566272 [ 3272.205616][T21718] total_active_anon 155619328 [ 3272.211009][T21718] total_inactive_file 0 [ 3272.215209][T21718] total_active_file 0 [ 3272.231322][T21648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3272.261957][T21648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3272.306012][T21718] total_unevictable 0 [ 3272.331826][T21718] anon_cost 0 [ 3272.335173][T21718] file_cost 0 [ 3272.348277][T21656] bridge0: port 2(bridge_slave_1) entered blocking state [ 3272.355806][T21656] bridge0: port 2(bridge_slave_1) entered disabled state [ 3272.364267][T21656] bridge_slave_1: entered allmulticast mode [ 3272.373813][T21656] bridge_slave_1: entered promiscuous mode [ 3272.466813][T21718] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21504,uid=0 [ 3272.667711][T21718] Memory cgroup out of memory: Killed process 21504 (syz-executor.4) total-vm:54508kB, anon-rss:504kB, file-rss:8192kB, shmem-rss:19840kB, UID:0 pgtables:124kB oom_score_adj:1000 14:04:07 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1d00, 0x0, 0x0, 0x0) [ 3273.006129][T21713] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3273.054570][T21658] bridge0: port 1(bridge_slave_0) entered blocking state [ 3273.076626][T21658] bridge0: port 1(bridge_slave_0) entered disabled state [ 3273.084580][T21658] bridge_slave_0: entered allmulticast mode [ 3273.106033][T21713] CPU: 1 PID: 21713 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3273.108616][T21658] bridge_slave_0: entered promiscuous mode [ 3273.114760][T21713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3273.130663][T21713] Call Trace: [ 3273.133965][T21713] [ 3273.136933][T21713] dump_stack_lvl+0x1e7/0x2e0 [ 3273.141653][T21713] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3273.146902][T21713] ? __pfx__printk+0x10/0x10 [ 3273.151545][T21713] ? ___ratelimit+0x4c4/0x670 [ 3273.156264][T21713] ? __pfx____ratelimit+0x10/0x10 [ 3273.161331][T21713] dump_header+0xda/0x6a0 [ 3273.165707][T21713] oom_kill_process+0x3a7/0x930 [ 3273.170599][T21713] out_of_memory+0xf67/0x1320 [ 3273.175324][T21713] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3273.181006][T21713] ? __pfx___mutex_lock+0x10/0x10 [ 3273.186087][T21713] ? __pfx_out_of_memory+0x10/0x10 [ 3273.191251][T21713] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3273.196837][T21713] ? __pfx_lock_release+0x10/0x10 [ 3273.201903][T21713] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3273.208013][T21713] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3273.213259][T21713] ? mem_cgroup_iter+0x422/0x560 [ 3273.218247][T21713] try_charge_memcg+0xda2/0x18a0 [ 3273.223219][T21713] ? __bpf_prog_dev_bound_init+0x3d8/0x630 [ 3273.229098][T21713] ? __pfx_try_charge_memcg+0x10/0x10 [ 3273.234535][T21713] ? percpu_ref_tryget+0x14/0x180 [ 3273.239633][T21713] charge_memcg+0xa2/0x160 [ 3273.244102][T21713] __mem_cgroup_charge+0x27/0x80 [ 3273.249100][T21713] shmem_alloc_and_add_folio+0x393/0xde0 [ 3273.254777][T21713] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3273.260982][T21713] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3273.266254][T21713] ? lockdep_hardirqs_on+0x98/0x140 [ 3273.271581][T21713] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3273.277260][T21713] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3273.283533][T21713] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3273.290174][T21713] shmem_write_begin+0x170/0x4d0 [ 3273.295155][T21713] ? __pfx_shmem_write_begin+0x10/0x10 [ 3273.300664][T21713] ? fault_in_iov_iter_readable+0x236/0x280 [ 3273.306609][T21713] generic_perform_write+0x321/0x640 [ 3273.312554][T21713] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3273.318499][T21713] ? __pfx_generic_perform_write+0x10/0x10 [ 3273.324441][T21713] ? mnt_put_write_access_file+0xc2/0x100 [ 3273.330198][T21713] ? file_update_time+0x3ac/0x3e0 [ 3273.335272][T21713] shmem_file_write_iter+0xfc/0x120 [ 3273.340528][T21713] __kernel_write_iter+0x434/0x8c0 [ 3273.345698][T21713] ? __pfx___kernel_write_iter+0x10/0x10 [ 3273.351377][T21713] ? generic_file_llseek_size+0x34c/0x3b0 [ 3273.357148][T21713] ? iov_iter_bvec+0x4e/0x1b0 [ 3273.361883][T21713] dump_user_range+0x46c/0x910 [ 3273.366706][T21713] ? __pfx_dump_user_range+0x10/0x10 [ 3273.372030][T21713] ? writenote+0x250/0x3b0 [ 3273.376494][T21713] ? kmalloc_trace+0x1d6/0x360 [ 3273.381317][T21713] ? elf_core_dump+0x2e01/0x4630 [ 3273.386288][T21713] ? dump_emit+0x99/0xd0 [ 3273.390554][T21713] elf_core_dump+0x3d5d/0x4630 [ 3273.395371][T21713] ? __pfx_elf_core_dump+0x10/0x10 [ 3273.400526][T21713] ? mark_lock+0x9a/0x350 [ 3273.404893][T21713] ? mas_next_slot+0xeb2/0xf90 [ 3273.409694][T21713] ? __lock_acquire+0x1345/0x1fd0 [ 3273.414822][T21713] ? rcu_read_lock_any_held+0xb7/0x160 [ 3273.420320][T21713] ? 0xffffffffff600000 [ 3273.424507][T21713] ? getname_kernel+0x140/0x2f0 [ 3273.429401][T21713] do_coredump+0x1baa/0x2b50 [ 3273.434121][T21713] ? get_signal+0xbe1/0x1850 [ 3273.438796][T21713] ? __pfx_do_coredump+0x10/0x10 [ 3273.443828][T21713] ? _raw_spin_unlock_irq+0x23/0x50 [ 3273.449065][T21713] ? lockdep_hardirqs_on+0x98/0x140 [ 3273.454314][T21713] get_signal+0x146a/0x1850 [ 3273.458870][T21713] ? __pfx_get_signal+0x10/0x10 [ 3273.463774][T21713] ? __pfx_force_sig_fault+0x10/0x10 [ 3273.469275][T21713] arch_do_signal_or_restart+0x96/0x860 [ 3273.474863][T21713] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3273.481078][T21713] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3273.486932][T21713] irqentry_exit_to_user_mode+0x78/0x280 [ 3273.492616][T21713] exc_page_fault+0x587/0x870 [ 3273.497524][T21713] asm_exc_page_fault+0x26/0x30 [ 3273.502418][T21713] RIP: 0033:0x7f8ab667ddb1 [ 3273.506869][T21713] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3273.526537][T21713] RSP: 002b:0000000000001900 EFLAGS: 00010217 [ 3273.532825][T21713] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3273.541008][T21713] RDX: 0000000000000000 RSI: 0000000000001900 RDI: 0000000000000000 [ 3273.549105][T21713] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3273.557118][T21713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3273.565208][T21713] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3273.573236][T21713] [ 3273.984645][T21656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3273.996138][T21713] memory: usage 306704kB, limit 307200kB, failcnt 196556 [ 3274.006485][T21658] bridge0: port 2(bridge_slave_1) entered blocking state [ 3274.013653][T21658] bridge0: port 2(bridge_slave_1) entered disabled state [ 3274.027981][T21658] bridge_slave_1: entered allmulticast mode [ 3274.041762][T21658] bridge_slave_1: entered promiscuous mode [ 3274.048077][T21713] memory+swap: usage 406276kB, limit 9007199254740988kB, failcnt 0 [ 3274.068508][T21648] team0: Port device team_slave_0 added [ 3274.124343][T21656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3274.166071][T21713] kmem: usage 44612kB, limit 9007199254740988kB, failcnt 0 [ 3274.259014][T21713] Memory cgroup stats for /syz4: [ 3274.259184][T21713] cache 267878400 [ 3274.369329][T21713] rss 712704 14:04:08 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1d01, 0x0, 0x0, 0x0) [ 3274.456345][T21713] rss_huge 0 [ 3274.472113][T21713] shmem 267878400 [ 3274.484760][T21713] mapped_file 151318528 [ 3274.531442][T21648] team0: Port device team_slave_1 added [ 3274.567029][T21713] dirty 0 [ 3274.570023][T21713] writeback 0 [ 3274.573323][T21713] workingset_refault_anon 3376 [ 3274.670809][T21713] workingset_refault_file 0 [ 3274.716290][T21713] swap 103239680 [ 3274.719995][T21713] swapcached 106496 [ 3274.723835][T21713] pgpgin 1861694 [ 3274.758984][T21657] bridge0: port 1(bridge_slave_0) entered blocking state [ 3274.776168][T21713] pgpgout 1796095 [ 3274.776185][T21657] bridge0: port 1(bridge_slave_0) entered disabled state [ 3274.779920][T21713] pgfault 1348254 [ 3274.779932][T21713] pgmajfault 2028 [ 3274.797961][T21657] bridge_slave_0: entered allmulticast mode [ 3274.816918][T21657] bridge_slave_0: entered promiscuous mode [ 3274.886011][T21713] inactive_anon 127504384 [ 3274.890444][T21713] active_anon 140181504 [ 3274.894623][T21713] inactive_file 0 [ 3274.966658][T21713] active_file 0 [ 3274.970178][T21713] unevictable 0 [ 3274.973652][T21713] hierarchical_memory_limit 314572800 [ 3275.076251][T21713] hierarchical_memsw_limit 9223372036854771712 [ 3275.147525][T21713] total_cache 267878400 [ 3275.174839][T21658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3275.196319][T21713] total_rss 712704 [ 3275.231272][T21713] total_rss_huge 0 [ 3275.316040][T21713] total_shmem 267878400 [ 3275.330899][T21713] total_mapped_file 151318528 [ 3275.380193][T21648] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 3275.390685][T21648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 3275.436037][T21713] total_dirty 0 [ 3275.447864][T21648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 3275.458636][T21713] total_writeback 0 [ 3275.473950][T21713] total_workingset_refault_anon 3376 [ 3275.481804][T21648] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 3275.489009][T21648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. 14:04:09 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x1f00, 0x0, 0x0, 0x0) [ 3275.536084][T21648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 3275.557651][T21657] bridge0: port 2(bridge_slave_1) entered blocking state [ 3275.564860][T21657] bridge0: port 2(bridge_slave_1) entered disabled state [ 3275.596935][T21657] bridge_slave_1: entered allmulticast mode [ 3275.626014][T21713] total_workingset_refault_file 0 [ 3275.626851][T21657] bridge_slave_1: entered promiscuous mode [ 3275.631085][T21713] total_swap 103239680 [ 3275.631098][T21713] total_swapcached 106496 [ 3275.786555][T21713] total_pgpgin 1861694 [ 3275.836030][T21713] total_pgpgout 1796095 [ 3275.866207][T21713] total_pgfault 1348254 [ 3275.885210][T21656] team0: Port device team_slave_0 added [ 3275.929858][T21713] total_pgmajfault 2028 [ 3275.942247][T21658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 3275.976441][T21713] total_inactive_anon 127504384 [ 3276.036128][T21713] total_active_anon 140181504 [ 3276.043203][T21713] total_inactive_file 0 [ 3276.065157][T21657] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 3276.066003][T21713] total_active_file 0 [ 3276.232713][T21713] total_unevictable 0 [ 3276.265177][T21713] anon_cost 0 [ 3276.289300][T21713] file_cost 0 [ 3276.308666][T19598] hsr_slave_0: left promiscuous mode [ 3276.332037][T21713] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21463,uid=0 [ 3276.362643][T19598] hsr_slave_1: left promiscuous mode [ 3276.441837][T19598] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3276.475601][T19598] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3276.514705][T19598] bridge_slave_1: left allmulticast mode [ 3276.526306][T19598] bridge_slave_1: left promiscuous mode [ 3276.532158][T19598] bridge0: port 2(bridge_slave_1) entered disabled state [ 3276.540357][T21713] Memory cgroup out of memory: Killed process 21463 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:19072kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3276.602265][T19598] bridge_slave_0: left allmulticast mode [ 3276.608270][T19598] bridge_slave_0: left promiscuous mode [ 3276.614115][T19598] bridge0: port 1(bridge_slave_0) entered disabled state [ 3276.797465][T19598] hsr_slave_0: left promiscuous mode [ 3277.188933][T19598] hsr_slave_1: left promiscuous mode [ 3277.385235][T21749] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3277.630336][T19598] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3277.645335][T21749] CPU: 1 PID: 21749 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3277.654058][T21749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3277.664137][T21749] Call Trace: [ 3277.667423][T21749] [ 3277.670448][T21749] dump_stack_lvl+0x1e7/0x2e0 [ 3277.675152][T21749] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3277.680367][T21749] ? __pfx__printk+0x10/0x10 [ 3277.684967][T21749] ? ___ratelimit+0x4c4/0x670 [ 3277.689660][T21749] ? __pfx____ratelimit+0x10/0x10 [ 3277.694710][T21749] dump_header+0xda/0x6a0 [ 3277.699063][T21749] oom_kill_process+0x3a7/0x930 [ 3277.703934][T21749] out_of_memory+0xf67/0x1320 [ 3277.708633][T21749] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3277.714276][T21749] ? __pfx___mutex_lock+0x10/0x10 [ 3277.719324][T21749] ? __pfx_out_of_memory+0x10/0x10 [ 3277.724457][T21749] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3277.730884][T21749] ? __pfx_lock_release+0x10/0x10 [ 3277.735937][T21749] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3277.742019][T21749] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3277.747234][T21749] ? mem_cgroup_iter+0x422/0x560 [ 3277.752192][T21749] try_charge_memcg+0xda2/0x18a0 [ 3277.757163][T21749] ? __pfx_try_charge_memcg+0x10/0x10 [ 3277.762548][T21749] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 3277.768289][T21749] ? __pfx_lock_release+0x10/0x10 [ 3277.773334][T21749] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3277.779338][T21749] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 3277.785066][T21749] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 3277.790888][T21749] obj_cgroup_charge+0x389/0x630 [ 3277.795848][T21749] ? obj_cgroup_charge+0x121/0x630 [ 3277.800998][T21749] ? __pfx_obj_cgroup_charge+0x10/0x10 [ 3277.806481][T21749] ? kmem_cache_alloc+0x4f/0x340 [ 3277.811434][T21749] ? __pfx___might_resched+0x10/0x10 [ 3277.816730][T21749] ? __local_bh_enable_ip+0x168/0x200 [ 3277.822128][T21749] ? preempt_count_add+0x93/0x190 [ 3277.827176][T21749] __memcg_slab_pre_alloc_hook+0x28d/0x2b0 [ 3277.833015][T21749] ? alloc_pid+0xa0/0xc50 [ 3277.837357][T21749] kmem_cache_alloc+0x202/0x340 [ 3277.842227][T21749] alloc_pid+0xa0/0xc50 [ 3277.846405][T21749] ? copy_thread+0x631/0x980 [ 3277.851029][T21749] copy_process+0x2299/0x3fc0 [ 3277.855735][T21749] ? copy_process+0x9c3/0x3fc0 [ 3277.860528][T21749] ? __pfx_copy_process+0x10/0x10 [ 3277.865565][T21749] ? __might_fault+0xc5/0x120 [ 3277.870265][T21749] ? __asan_memset+0x23/0x50 [ 3277.874885][T21749] kernel_clone+0x21d/0x8d0 [ 3277.879407][T21749] ? __pfx_kernel_clone+0x10/0x10 [ 3277.884459][T21749] __se_sys_clone3+0x2cb/0x350 [ 3277.889241][T21749] ? __pfx___se_sys_clone3+0x10/0x10 [ 3277.894566][T21749] ? do_syscall_64+0x108/0x240 [ 3277.899352][T21749] ? do_syscall_64+0xb4/0x240 [ 3277.904049][T21749] do_syscall_64+0xf9/0x240 [ 3277.908572][T21749] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 3277.914484][T21749] RIP: 0033:0x7f8ab66a9b99 [ 3277.918918][T21749] Code: ff ff eb d2 e8 f8 62 fd ff 0f 1f 84 00 00 00 00 00 b8 ea ff ff ff 48 85 ff 74 2c 48 85 d2 74 27 49 89 c8 b8 b3 01 00 00 0f 05 <48> 85 c0 7c 18 74 01 c3 31 ed 48 83 e4 f0 4c 89 c7 ff d2 48 89 c7 [ 3277.938540][T21749] RSP: 002b:00007f8ab68cf918 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 3277.946969][T21749] RAX: ffffffffffffffda RBX: 00007f8ab6652270 RCX: 00007f8ab66a9b99 [ 3277.954955][T21749] RDX: 00007f8ab6652270 RSI: 0000000000000058 RDI: 00007f8ab68cf960 [ 3277.963039][T21749] RBP: 00007f8ab744e6c0 R08: 00007f8ab744e6c0 R09: 00007f8ab68cfa47 [ 3277.971043][T21749] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffb0 [ 3277.979036][T21749] R13: 000000000000000b R14: 00007f8ab68cf960 R15: 00007f8ab68cfa48 [ 3277.987047][T21749] [ 3278.107100][T19598] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3278.179700][T19598] bridge_slave_1: left allmulticast mode [ 3278.185420][T19598] bridge_slave_1: left promiscuous mode [ 3278.187761][T21749] memory: usage 300640kB, limit 307200kB, failcnt 200405 [ 3278.196283][T19598] bridge0: port 2(bridge_slave_1) entered disabled state [ 3278.225182][T21749] memory+swap: usage 411172kB, limit 9007199254740988kB, failcnt 0 [ 3278.227081][T19598] bridge_slave_0: left allmulticast mode [ 3278.246193][T19598] bridge_slave_0: left promiscuous mode [ 3278.252041][T19598] bridge0: port 1(bridge_slave_0) entered disabled state [ 3278.268016][T21749] kmem: usage 44604kB, limit 9007199254740988kB, failcnt 0 [ 3278.297134][T19598] hsr_slave_0: left promiscuous mode [ 3278.300256][T21749] Memory cgroup stats for [ 3278.305057][T19598] hsr_slave_1: left promiscuous mode [ 3278.309585][T21749] /syz4: [ 3278.328476][T19598] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3278.347483][T19598] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3278.361904][T19598] bridge_slave_1: left allmulticast mode [ 3278.370198][T21749] cache 260419584 [ 3278.386050][T19598] bridge_slave_1: left promiscuous mode [ 3278.391857][T19598] bridge0: port 2(bridge_slave_1) entered disabled state [ 3278.405723][T21749] rss 888832 [ 3278.410244][T19598] bridge_slave_0: left allmulticast mode [ 3278.425986][T19598] bridge_slave_0: left promiscuous mode [ 3278.431758][T19598] bridge0: port 1(bridge_slave_0) entered disabled state [ 3278.439711][T21749] rss_huge 0 [ 3278.442942][T21749] shmem 260419584 [ 3278.465997][T19598] hsr_slave_0: left promiscuous mode [ 3278.473087][T21749] mapped_file 151400448 [ 3278.478023][T19598] hsr_slave_1: left promiscuous mode [ 3278.488561][T19598] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3278.499294][T19598] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3278.523494][T19598] bridge_slave_1: left allmulticast mode [ 3278.529775][T19598] bridge_slave_1: left promiscuous mode [ 3278.535566][T19598] bridge0: port 2(bridge_slave_1) entered disabled state [ 3278.542940][T21749] dirty 0 [ 3278.557452][T21749] writeback 0 [ 3278.560803][T21749] workingset_refault_anon 3376 [ 3278.565583][T21749] workingset_refault_file 0 [ 3278.579842][T19598] bridge_slave_0: left allmulticast mode [ 3278.585549][T19598] bridge_slave_0: left promiscuous mode [ 3278.596405][T19598] bridge0: port 1(bridge_slave_0) entered disabled state [ 3278.616025][T21749] swap 113061888 [ 3278.619623][T21749] swapcached 114688 [ 3278.623495][T21749] pgpgin 1872536 [ 3278.670676][T21749] pgpgout 1808713 [ 3278.702448][T21749] pgfault 1352180 [ 3278.706669][T21749] pgmajfault 2028 [ 3278.710432][T21749] inactive_anon 88924160 [ 3278.719736][T19598] hsr_slave_0: left promiscuous mode [ 3278.728587][T19598] hsr_slave_1: left promiscuous mode [ 3278.734867][T19598] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3278.745112][T21749] active_anon 172466176 [ 3278.754064][T19598] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3278.768289][T19598] bridge_slave_0: left allmulticast mode [ 3278.773992][T19598] bridge_slave_0: left promiscuous mode [ 3278.782448][T21749] inactive_file 0 [ 3278.790161][T19598] bridge0: port 1(bridge_slave_0) entered disabled state [ 3278.799197][T21749] active_file 0 [ 3278.807680][T21749] unevictable 0 [ 3278.814626][T21749] hierarchical_memory_limit 314572800 [ 3278.827512][T21749] hierarchical_memsw_limit 9223372036854771712 [ 3278.841235][T21749] total_cache 260419584 [ 3278.850045][T21749] total_rss 888832 [ 3278.875758][T21749] total_rss_huge 0 [ 3278.913854][T21749] total_shmem 260419584 [ 3278.937889][T21749] total_mapped_file 151400448 [ 3278.962693][T21749] total_dirty 0 [ 3278.983484][T21749] total_writeback 0 [ 3279.010616][T21749] total_workingset_refault_anon 3376 [ 3279.058408][T21749] total_workingset_refault_file 0 [ 3279.076019][T21749] total_swap 113061888 [ 3279.080143][T21749] total_swapcached 114688 [ 3279.097729][T21749] total_pgpgin 1872536 [ 3279.101854][T21749] total_pgpgout 1808713 [ 3279.126160][T21749] total_pgfault 1352180 [ 3279.158659][T21749] total_pgmajfault 2028 [ 3279.162872][T21749] total_inactive_anon 88924160 [ 3279.198854][T21749] total_active_anon 172466176 [ 3279.203608][T21749] total_inactive_file 0 [ 3279.236255][T21749] total_active_file 0 [ 3279.240347][T21749] total_unevictable 0 [ 3279.244351][T21749] anon_cost 0 [ 3279.248036][T21749] file_cost 0 [ 3279.251602][T21749] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21575,uid=0 [ 3279.306114][T21749] Memory cgroup out of memory: Killed process 21575 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:17664kB, UID:0 pgtables:120kB oom_score_adj:1000 14:04:13 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2000, 0x0, 0x0, 0x0) [ 3279.537327][T21456] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3279.636182][T21456] CPU: 1 PID: 21456 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3279.644922][T21456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3279.655098][T21456] Call Trace: [ 3279.658413][T21456] [ 3279.661366][T21456] dump_stack_lvl+0x1e7/0x2e0 [ 3279.666087][T21456] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3279.671327][T21456] ? __pfx__printk+0x10/0x10 [ 3279.675947][T21456] ? ___ratelimit+0x4c4/0x670 [ 3279.680658][T21456] ? __pfx____ratelimit+0x10/0x10 [ 3279.685722][T21456] dump_header+0xda/0x6a0 [ 3279.690094][T21456] oom_kill_process+0x3a7/0x930 [ 3279.694985][T21456] out_of_memory+0xf67/0x1320 [ 3279.699713][T21456] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3279.705392][T21456] ? __pfx___mutex_lock+0x10/0x10 [ 3279.710437][T21456] ? __pfx_out_of_memory+0x10/0x10 [ 3279.715567][T21456] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3279.721142][T21456] ? __pfx_lock_release+0x10/0x10 [ 3279.726182][T21456] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3279.732271][T21456] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3279.737485][T21456] ? mem_cgroup_iter+0x422/0x560 [ 3279.742446][T21456] try_charge_memcg+0xda2/0x18a0 [ 3279.747420][T21456] ? __pfx_try_charge_memcg+0x10/0x10 [ 3279.752810][T21456] ? percpu_ref_tryget+0x14/0x180 [ 3279.757880][T21456] charge_memcg+0xa2/0x160 [ 3279.762318][T21456] __mem_cgroup_charge+0x27/0x80 [ 3279.767274][T21456] shmem_alloc_and_add_folio+0x393/0xde0 [ 3279.772932][T21456] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3279.779103][T21456] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3279.784335][T21456] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3279.789992][T21456] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3279.796346][T21456] shmem_write_begin+0x170/0x4d0 [ 3279.801298][T21456] ? __pfx_shmem_write_begin+0x10/0x10 [ 3279.806773][T21456] ? fault_in_iov_iter_readable+0x236/0x280 [ 3279.812705][T21456] generic_perform_write+0x321/0x640 [ 3279.818007][T21456] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3279.823924][T21456] ? __pfx_generic_perform_write+0x10/0x10 [ 3279.829751][T21456] ? __pfx_generic_write_checks+0x10/0x10 [ 3279.835482][T21456] ? file_update_time+0x2a3/0x3e0 [ 3279.840528][T21456] shmem_file_write_iter+0xfc/0x120 [ 3279.845735][T21456] __kernel_write_iter+0x434/0x8c0 [ 3279.850879][T21456] ? __pfx___kernel_write_iter+0x10/0x10 [ 3279.856532][T21456] ? generic_file_llseek_size+0x34c/0x3b0 [ 3279.862269][T21456] ? iov_iter_bvec+0x4e/0x1b0 [ 3279.866967][T21456] dump_user_range+0x46c/0x910 [ 3279.871755][T21456] ? __pfx_dump_user_range+0x10/0x10 [ 3279.877078][T21456] ? writenote+0x250/0x3b0 [ 3279.881516][T21456] ? kmalloc_trace+0x1d6/0x360 [ 3279.886287][T21456] ? elf_core_dump+0x2e01/0x4630 [ 3279.891234][T21456] ? dump_emit+0x99/0xd0 [ 3279.895487][T21456] elf_core_dump+0x3d5d/0x4630 [ 3279.900289][T21456] ? __pfx_elf_core_dump+0x10/0x10 [ 3279.905416][T21456] ? mark_lock+0x9a/0x350 [ 3279.909759][T21456] ? mas_next_slot+0xeb2/0xf90 [ 3279.914539][T21456] ? __lock_acquire+0x1345/0x1fd0 [ 3279.919624][T21456] ? rcu_read_lock_any_held+0xb7/0x160 [ 3279.925101][T21456] ? 0xffffffffff600000 [ 3279.929262][T21456] ? getname_kernel+0x140/0x2f0 [ 3279.934131][T21456] do_coredump+0x1baa/0x2b50 [ 3279.938739][T21456] ? get_signal+0xbe1/0x1850 [ 3279.943375][T21456] ? __pfx_do_coredump+0x10/0x10 [ 3279.948371][T21456] ? _raw_spin_unlock_irq+0x23/0x50 [ 3279.953585][T21456] ? lockdep_hardirqs_on+0x98/0x140 [ 3279.958803][T21456] get_signal+0x146a/0x1850 [ 3279.963338][T21456] ? __pfx_get_signal+0x10/0x10 [ 3279.968206][T21456] ? __pfx_force_sig_fault+0x10/0x10 [ 3279.973512][T21456] arch_do_signal_or_restart+0x96/0x860 [ 3279.979078][T21456] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3279.985257][T21456] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3279.991079][T21456] irqentry_exit_to_user_mode+0x78/0x280 [ 3279.996738][T21456] exc_page_fault+0x587/0x870 [ 3280.001432][T21456] asm_exc_page_fault+0x26/0x30 [ 3280.006295][T21456] RIP: 0033:0x7f8ab667ddb1 [ 3280.010718][T21456] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3280.030331][T21456] RSP: 002b:0000000000000b00 EFLAGS: 00010217 [ 3280.036410][T21456] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3280.044389][T21456] RDX: 0000000000000000 RSI: 0000000000000b00 RDI: 0000000000000000 [ 3280.052369][T21456] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3280.060362][T21456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3280.068372][T21456] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3280.076388][T21456] [ 3280.115683][T21456] memory: usage 301844kB, limit 307200kB, failcnt 201058 [ 3280.146041][T21456] memory+swap: usage 405004kB, limit 9007199254740988kB, failcnt 0 [ 3280.153999][T21456] kmem: usage 44312kB, limit 9007199254740988kB, failcnt 0 [ 3280.247001][T21456] Memory cgroup stats for /syz4: [ 3280.247177][T21456] cache 262508544 [ 3280.255804][T21456] rss 860160 [ 3280.416609][T21456] rss_huge 0 [ 3280.419894][T21456] shmem 262508544 [ 3280.423554][T21456] mapped_file 145567744 [ 3280.485464][T21456] dirty 0 [ 3280.516343][T21456] writeback 0 [ 3280.567327][T21456] workingset_refault_anon 3379 [ 3280.627751][T21456] workingset_refault_file 0 [ 3280.698766][T21456] swap 105660416 [ 3280.826159][T21456] swapcached 61440 [ 3280.866046][T21456] pgpgin 1879157 [ 3280.956326][T21456] pgpgout 1814844 14:04:15 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2100, 0x0, 0x0, 0x0) [ 3280.981590][T21456] pgfault 1354831 [ 3281.056252][T21456] pgmajfault 2031 [ 3281.060031][T21456] inactive_anon 70311936 [ 3281.064286][T21456] active_anon 192028672 [ 3281.246177][T21456] inactive_file 0 [ 3281.250179][T21456] active_file 0 [ 3281.253661][T21456] unevictable 0 [ 3281.309793][T21456] hierarchical_memory_limit 314572800 [ 3281.396326][T21456] hierarchical_memsw_limit 9223372036854771712 [ 3281.402546][T21456] total_cache 262508544 [ 3281.476260][T21456] total_rss 860160 [ 3281.480131][T21456] total_rss_huge 0 [ 3281.483868][T21456] total_shmem 262508544 [ 3281.596209][T21456] total_mapped_file 145567744 [ 3281.600950][T21456] total_dirty 0 [ 3281.604435][T21456] total_writeback 0 [ 3281.765692][T21456] total_workingset_refault_anon 3379 [ 3281.771725][T21456] total_workingset_refault_file 0 [ 3281.778744][T21456] total_swap 105660416 [ 3281.782922][T21456] total_swapcached 61440 [ 3281.831161][T21456] total_pgpgin 1879157 [ 3281.835304][T21456] total_pgpgout 1814844 [ 3281.948598][T21456] total_pgfault 1354831 [ 3282.013410][T21456] total_pgmajfault 2031 [ 3282.066191][T21456] total_inactive_anon 70311936 [ 3282.071255][T21456] total_active_anon 192028672 [ 3282.146190][T21456] total_inactive_file 0 [ 3282.166310][T21456] total_active_file 0 [ 3282.170584][T21456] total_unevictable 0 [ 3282.174594][T21456] anon_cost 0 [ 3282.276168][T21456] file_cost 0 [ 3282.346475][T21456] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21549,uid=0 [ 3282.426184][T21456] Memory cgroup out of memory: Killed process 21549 (syz-executor.4) total-vm:54640kB, anon-rss:508kB, file-rss:8192kB, shmem-rss:18432kB, UID:0 pgtables:124kB oom_score_adj:1000 14:04:17 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2101, 0x0, 0x0, 0x0) [ 3284.729536][ T30] oom_reaper: reaped process 21549 (syz-executor.4), now anon-rss:140kB, file-rss:8192kB, shmem-rss:16256kB [ 3284.755718][T21580] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3284.842527][T21580] CPU: 0 PID: 21580 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3284.851275][T21580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3284.861386][T21580] Call Trace: [ 3284.864699][T21580] [ 3284.867662][T21580] dump_stack_lvl+0x1e7/0x2e0 [ 3284.872401][T21580] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3284.877663][T21580] ? __pfx__printk+0x10/0x10 [ 3284.882288][T21580] ? ___ratelimit+0x4c4/0x670 [ 3284.887014][T21580] ? __pfx____ratelimit+0x10/0x10 [ 3284.892079][T21580] dump_header+0xda/0x6a0 [ 3284.896460][T21580] oom_kill_process+0x3a7/0x930 [ 3284.901344][T21580] ? trace_contention_end+0x3c/0x100 [ 3284.906762][T21580] out_of_memory+0xf67/0x1320 [ 3284.911492][T21580] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3284.917159][T21580] ? __pfx___mutex_lock+0x10/0x10 [ 3284.922235][T21580] ? __pfx_out_of_memory+0x10/0x10 [ 3284.927398][T21580] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3284.932993][T21580] ? __pfx_lock_release+0x10/0x10 [ 3284.938060][T21580] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3284.944168][T21580] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3284.949408][T21580] ? mem_cgroup_iter+0x422/0x560 [ 3284.954386][T21580] try_charge_memcg+0xda2/0x18a0 [ 3284.959388][T21580] ? __pfx_try_charge_memcg+0x10/0x10 [ 3284.964799][T21580] ? percpu_ref_tryget+0x14/0x180 [ 3284.969975][T21580] charge_memcg+0xa2/0x160 [ 3284.974433][T21580] __mem_cgroup_charge+0x27/0x80 [ 3284.979502][T21580] shmem_alloc_and_add_folio+0x393/0xde0 [ 3284.985190][T21580] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3284.991391][T21580] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3284.996680][T21580] ? lockdep_hardirqs_on+0x98/0x140 [ 3285.001945][T21580] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3285.007728][T21580] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3285.014010][T21580] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3285.020655][T21580] shmem_write_begin+0x170/0x4d0 [ 3285.025639][T21580] ? __pfx_shmem_write_begin+0x10/0x10 [ 3285.031152][T21580] ? fault_in_iov_iter_readable+0x236/0x280 [ 3285.037091][T21580] generic_perform_write+0x321/0x640 [ 3285.042420][T21580] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3285.048371][T21580] ? __pfx_generic_perform_write+0x10/0x10 [ 3285.054219][T21580] ? mnt_put_write_access_file+0xc2/0x100 [ 3285.059972][T21580] ? file_update_time+0x3ac/0x3e0 [ 3285.065040][T21580] shmem_file_write_iter+0xfc/0x120 [ 3285.070272][T21580] __kernel_write_iter+0x434/0x8c0 [ 3285.075439][T21580] ? __pfx___kernel_write_iter+0x10/0x10 [ 3285.081119][T21580] ? generic_file_llseek_size+0x34c/0x3b0 [ 3285.086884][T21580] ? iov_iter_bvec+0x4e/0x1b0 [ 3285.091608][T21580] dump_user_range+0x46c/0x910 [ 3285.096421][T21580] ? __pfx_dump_user_range+0x10/0x10 [ 3285.101742][T21580] ? writenote+0x250/0x3b0 [ 3285.106200][T21580] ? kmalloc_trace+0x1d6/0x360 [ 3285.110998][T21580] ? elf_core_dump+0x2e01/0x4630 [ 3285.115985][T21580] ? dump_emit+0x99/0xd0 [ 3285.120260][T21580] elf_core_dump+0x3d5d/0x4630 [ 3285.125093][T21580] ? __pfx_elf_core_dump+0x10/0x10 [ 3285.130243][T21580] ? mark_lock+0x9a/0x350 [ 3285.134603][T21580] ? mas_next_slot+0xeb2/0xf90 [ 3285.139410][T21580] ? __lock_acquire+0x1345/0x1fd0 [ 3285.144530][T21580] ? rcu_read_lock_any_held+0xb7/0x160 [ 3285.150128][T21580] ? 0xffffffffff600000 [ 3285.154310][T21580] ? getname_kernel+0x140/0x2f0 [ 3285.159213][T21580] do_coredump+0x1baa/0x2b50 [ 3285.163866][T21580] ? get_signal+0xbe1/0x1850 [ 3285.168540][T21580] ? __pfx_do_coredump+0x10/0x10 [ 3285.173562][T21580] ? _raw_spin_unlock_irq+0x23/0x50 [ 3285.178800][T21580] ? lockdep_hardirqs_on+0x98/0x140 [ 3285.184042][T21580] get_signal+0x146a/0x1850 [ 3285.188614][T21580] ? __pfx_get_signal+0x10/0x10 [ 3285.193518][T21580] ? __pfx_force_sig_fault+0x10/0x10 [ 3285.198857][T21580] arch_do_signal_or_restart+0x96/0x860 [ 3285.204463][T21580] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3285.210677][T21580] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3285.216528][T21580] irqentry_exit_to_user_mode+0x78/0x280 [ 3285.222215][T21580] exc_page_fault+0x587/0x870 [ 3285.227028][T21580] asm_exc_page_fault+0x26/0x30 [ 3285.231923][T21580] RIP: 0033:0x7f8ab667ddb1 [ 3285.236377][T21580] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3285.256016][T21580] RSP: 002b:0000000000001100 EFLAGS: 00010217 [ 3285.262121][T21580] RAX: 0000000000000000 RBX: 00007f8ab67ac120 RCX: 00007f8ab667dda9 [ 3285.270142][T21580] RDX: 0000000000000000 RSI: 0000000000001100 RDI: 0000000000000000 [ 3285.278166][T21580] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3285.286162][T21580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3285.294166][T21580] R13: 000000000000006e R14: 00007f8ab67ac120 R15: 00007f8ab68cfa48 [ 3285.302232][T21580] [ 3285.556510][T21580] memory: usage 303644kB, limit 307200kB, failcnt 206029 [ 3285.637489][T21580] memory+swap: usage 416260kB, limit 9007199254740988kB, failcnt 0 [ 3285.645735][T21580] kmem: usage 44720kB, limit 9007199254740988kB, failcnt 0 [ 3285.666291][T21580] Memory cgroup stats for /syz4: [ 3285.666454][T21580] cache 266256384 [ 3285.675179][T21580] rss 937984 [ 3285.679081][T21580] rss_huge 0 [ 3285.686895][T21580] shmem 266256384 [ 3285.708260][T21580] mapped_file 132681728 [ 3285.716606][T21580] dirty 0 [ 3285.723311][T21580] writeback 0 [ 3285.749814][T21580] workingset_refault_anon 3440 [ 3285.754641][T21580] workingset_refault_file 0 [ 3285.759348][T21580] swap 113221632 [ 3285.762921][T21580] swapcached 77824 [ 3285.769303][T21580] pgpgin 1899899 [ 3285.772901][T21580] pgpgout 1834620 [ 3285.784773][T21580] pgfault 1363048 [ 3285.788615][T21580] pgmajfault 2069 [ 3285.792276][T21580] inactive_anon 83415040 [ 3285.817257][T21580] active_anon 183705600 [ 3285.821467][T21580] inactive_file 0 [ 3285.825122][T21580] active_file 0 [ 3285.845949][T21580] unevictable 0 [ 3285.849469][T21580] hierarchical_memory_limit 314572800 [ 3285.854859][T21580] hierarchical_memsw_limit 9223372036854771712 [ 3285.886010][T21580] total_cache 266256384 [ 3285.890312][T21580] total_rss 937984 [ 3285.894061][T21580] total_rss_huge 0 [ 3285.915988][T21580] total_shmem 266256384 [ 3285.920194][T21580] total_mapped_file 132681728 [ 3285.924884][T21580] total_dirty 0 [ 3285.961229][T21580] total_writeback 0 [ 3285.965092][T21580] total_workingset_refault_anon 3440 [ 3286.025440][T21580] total_workingset_refault_file 0 [ 3286.035954][T21580] total_swap 113221632 [ 3286.040090][T21580] total_swapcached 77824 [ 3286.044359][T21580] total_pgpgin 1899899 [ 3286.107975][T21580] total_pgpgout 1834620 [ 3286.112203][T21580] total_pgfault 1363048 [ 3286.136066][T21580] total_pgmajfault 2069 [ 3286.141552][T21580] total_inactive_anon 83415040 [ 3286.147056][T21580] total_active_anon 183705600 [ 3286.151755][T21580] total_inactive_file 0 [ 3286.176197][T21580] total_active_file 0 [ 3286.181383][T21580] total_unevictable 0 [ 3286.185402][T21580] anon_cost 0 [ 3286.203200][T21580] file_cost 0 [ 3286.227165][T21580] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21610,uid=0 [ 3286.266016][T21580] Memory cgroup out of memory: Killed process 21610 (syz-executor.4) total-vm:54640kB, anon-rss:368kB, file-rss:8192kB, shmem-rss:15360kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3286.640939][T21740] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3286.808793][T21740] CPU: 1 PID: 21740 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3286.817540][T21740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3286.827634][T21740] Call Trace: [ 3286.830944][T21740] [ 3286.833900][T21740] dump_stack_lvl+0x1e7/0x2e0 [ 3286.838713][T21740] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3286.844040][T21740] ? __pfx__printk+0x10/0x10 [ 3286.848672][T21740] ? ___ratelimit+0x4c4/0x670 [ 3286.853406][T21740] ? __pfx____ratelimit+0x10/0x10 [ 3286.858485][T21740] dump_header+0xda/0x6a0 [ 3286.862868][T21740] oom_kill_process+0x3a7/0x930 [ 3286.867802][T21740] ? trace_contention_end+0x3c/0x100 [ 3286.873150][T21740] out_of_memory+0xf67/0x1320 [ 3286.877877][T21740] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3286.883631][T21740] ? __pfx___mutex_lock+0x10/0x10 [ 3286.888701][T21740] ? __pfx_out_of_memory+0x10/0x10 [ 3286.893862][T21740] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3286.899452][T21740] ? __pfx_lock_release+0x10/0x10 [ 3286.904535][T21740] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3286.910650][T21740] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3286.915897][T21740] ? mem_cgroup_iter+0x422/0x560 [ 3286.920888][T21740] try_charge_memcg+0xda2/0x18a0 [ 3286.925908][T21740] ? __pfx_try_charge_memcg+0x10/0x10 [ 3286.931314][T21740] ? percpu_ref_tryget+0x14/0x180 [ 3286.936412][T21740] charge_memcg+0xa2/0x160 [ 3286.941143][T21740] __mem_cgroup_charge+0x27/0x80 [ 3286.946136][T21740] shmem_alloc_and_add_folio+0x393/0xde0 [ 3286.951817][T21740] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3286.958022][T21740] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3286.963297][T21740] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3286.968981][T21740] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3286.975361][T21740] shmem_write_begin+0x170/0x4d0 [ 3286.980376][T21740] ? __pfx_shmem_write_begin+0x10/0x10 [ 3286.985898][T21740] ? fault_in_iov_iter_readable+0x236/0x280 [ 3286.991924][T21740] generic_perform_write+0x321/0x640 [ 3286.997251][T21740] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3287.003203][T21740] ? __pfx_generic_perform_write+0x10/0x10 [ 3287.009062][T21740] ? __pfx_generic_write_checks+0x10/0x10 [ 3287.014830][T21740] ? file_update_time+0x2a3/0x3e0 [ 3287.019912][T21740] shmem_file_write_iter+0xfc/0x120 [ 3287.025152][T21740] __kernel_write_iter+0x434/0x8c0 [ 3287.030322][T21740] ? __pfx___kernel_write_iter+0x10/0x10 [ 3287.036011][T21740] ? dump_user_range+0x562/0x910 [ 3287.040980][T21740] ? dump_user_range+0x579/0x910 [ 3287.045945][T21740] ? iov_iter_bvec+0x4e/0x1b0 [ 3287.050667][T21740] dump_user_range+0x46c/0x910 [ 3287.055483][T21740] ? __pfx_dump_user_range+0x10/0x10 [ 3287.060808][T21740] ? writenote+0x250/0x3b0 [ 3287.065269][T21740] ? kmalloc_trace+0x1d6/0x360 [ 3287.070158][T21740] ? elf_core_dump+0x2e01/0x4630 [ 3287.075223][T21740] ? dump_emit+0x99/0xd0 [ 3287.079500][T21740] elf_core_dump+0x3d5d/0x4630 [ 3287.084333][T21740] ? __pfx_elf_core_dump+0x10/0x10 [ 3287.089479][T21740] ? mark_lock+0x9a/0x350 [ 3287.093840][T21740] ? mas_next_slot+0xeb2/0xf90 [ 3287.098644][T21740] ? __lock_acquire+0x1345/0x1fd0 [ 3287.103794][T21740] ? rcu_read_lock_any_held+0xb7/0x160 [ 3287.109299][T21740] ? 0xffffffffff600000 [ 3287.113489][T21740] ? getname_kernel+0x140/0x2f0 [ 3287.118396][T21740] do_coredump+0x1baa/0x2b50 [ 3287.123028][T21740] ? get_signal+0xbe1/0x1850 [ 3287.127696][T21740] ? __pfx_do_coredump+0x10/0x10 [ 3287.132717][T21740] ? _raw_spin_unlock_irq+0x23/0x50 [ 3287.137959][T21740] ? lockdep_hardirqs_on+0x98/0x140 [ 3287.143207][T21740] get_signal+0x146a/0x1850 [ 3287.147879][T21740] ? __pfx_get_signal+0x10/0x10 [ 3287.152802][T21740] ? __pfx_force_sig_fault+0x10/0x10 [ 3287.158144][T21740] arch_do_signal_or_restart+0x96/0x860 [ 3287.163836][T21740] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3287.170068][T21740] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3287.175923][T21740] irqentry_exit_to_user_mode+0x78/0x280 [ 3287.181597][T21740] exc_page_fault+0x587/0x870 [ 3287.186338][T21740] asm_exc_page_fault+0x26/0x30 [ 3287.191251][T21740] RIP: 0033:0x7f8ab667ddb1 [ 3287.195709][T21740] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3287.215366][T21740] RSP: 002b:0000000000001b00 EFLAGS: 00010217 [ 3287.221487][T21740] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3287.229495][T21740] RDX: 0000000000000000 RSI: 0000000000001b00 RDI: 0000000000000000 [ 3287.237514][T21740] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3287.245617][T21740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3287.253626][T21740] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3287.261663][T21740] [ 3287.687112][T21740] memory: usage 306364kB, limit 307200kB, failcnt 207375 [ 3287.694218][T21740] memory+swap: usage 416392kB, limit 9007199254740988kB, failcnt 0 [ 3287.703335][T21740] kmem: usage 44576kB, limit 9007199254740988kB, failcnt 0 [ 3287.711101][T21740] Memory cgroup stats for /syz4: [ 3287.711288][T21740] cache 266403840 [ 3287.755962][T21740] rss 901120 [ 3287.759252][T21740] rss_huge 0 [ 3287.762476][T21740] shmem 266403840 [ 3287.826185][T21740] mapped_file 110956544 [ 3287.830417][T21740] dirty 0 [ 3287.833380][T21740] writeback 0 [ 3287.935966][T21740] workingset_refault_anon 3443 [ 3287.940801][T21740] workingset_refault_file 0 [ 3287.945332][T21740] swap 112685056 [ 3287.974926][T21740] swapcached 81920 [ 3288.065977][T21740] pgpgin 1907665 [ 3288.069592][T21740] pgpgout 1842386 [ 3288.073252][T21740] pgfault 1366632 [ 3288.150082][T21740] pgmajfault 2072 [ 3288.189288][T21740] inactive_anon 171085824 [ 3288.196559][T21740] active_anon 96030720 [ 3288.269327][T21740] inactive_file 0 [ 3288.286185][T21740] active_file 0 [ 3288.290682][T21740] unevictable 0 [ 3288.316294][T21740] hierarchical_memory_limit 314572800 [ 3288.321817][T21740] hierarchical_memsw_limit 9223372036854771712 [ 3288.377035][T21740] total_cache 266403840 [ 3288.381265][T21740] total_rss 901120 [ 3288.385015][T21740] total_rss_huge 0 [ 3288.396268][T21740] total_shmem 266403840 [ 3288.400484][T21740] total_mapped_file 110956544 [ 3288.405192][T21740] total_dirty 0 [ 3288.458839][T21740] total_writeback 0 [ 3288.462773][T21740] total_workingset_refault_anon 3443 [ 3288.526220][T21740] total_workingset_refault_file 0 [ 3288.531303][T21740] total_swap 112685056 [ 3288.535394][T21740] total_swapcached 81920 [ 3288.587170][T21740] total_pgpgin 1907665 [ 3288.591295][T21740] total_pgpgout 1842386 [ 3288.595468][T21740] total_pgfault 1366632 [ 3288.745970][T21740] total_pgmajfault 2072 [ 3288.750188][T21740] total_inactive_anon 171085824 [ 3288.755060][T21740] total_active_anon 96030720 [ 3288.855968][T21740] total_inactive_file 0 [ 3288.860187][T21740] total_active_file 0 [ 3288.864188][T21740] total_unevictable 0 [ 3288.976087][T21740] anon_cost 0 [ 3288.979442][T21740] file_cost 0 [ 3288.982756][T21740] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21740,uid=0 [ 3289.126732][T21740] Memory cgroup out of memory: Killed process 21740 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:13696kB, UID:0 pgtables:104kB oom_score_adj:1000 14:04:23 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2302, 0x0, 0x0, 0x0) 14:04:24 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2303, 0x0, 0x0, 0x0) [ 3291.137722][T21761] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3291.350159][T21761] CPU: 0 PID: 21761 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3291.358897][T21761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3291.368985][T21761] Call Trace: [ 3291.372293][T21761] [ 3291.375247][T21761] dump_stack_lvl+0x1e7/0x2e0 [ 3291.379962][T21761] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3291.385205][T21761] ? __pfx__printk+0x10/0x10 [ 3291.389805][T21761] ? ___ratelimit+0x4c4/0x670 [ 3291.394500][T21761] ? __pfx____ratelimit+0x10/0x10 [ 3291.399546][T21761] dump_header+0xda/0x6a0 [ 3291.403894][T21761] oom_kill_process+0x3a7/0x930 [ 3291.408759][T21761] ? trace_contention_end+0x3c/0x100 [ 3291.414058][T21761] out_of_memory+0xf67/0x1320 [ 3291.418757][T21761] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3291.424402][T21761] ? __pfx___mutex_lock+0x10/0x10 [ 3291.429442][T21761] ? __pfx_out_of_memory+0x10/0x10 [ 3291.434592][T21761] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3291.440183][T21761] ? __pfx_lock_release+0x10/0x10 [ 3291.445221][T21761] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3291.451312][T21761] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3291.456616][T21761] ? mem_cgroup_iter+0x422/0x560 [ 3291.461572][T21761] try_charge_memcg+0xda2/0x18a0 [ 3291.466635][T21761] ? __pfx_try_charge_memcg+0x10/0x10 [ 3291.472131][T21761] ? percpu_ref_tryget+0x14/0x180 [ 3291.477215][T21761] charge_memcg+0xa2/0x160 [ 3291.481671][T21761] __mem_cgroup_charge+0x27/0x80 [ 3291.486637][T21761] shmem_alloc_and_add_folio+0x393/0xde0 [ 3291.492291][T21761] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3291.498460][T21761] ? filemap_map_pages+0x1248/0x1830 [ 3291.503768][T21761] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3291.509011][T21761] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3291.514671][T21761] shmem_fault+0x254/0x6f0 [ 3291.519195][T21761] ? __pfx_shmem_fault+0x10/0x10 [ 3291.524148][T21761] ? __pfx_lock_release+0x10/0x10 [ 3291.529191][T21761] ? pte_offset_map_nolock+0x137/0x1f0 [ 3291.534681][T21761] __do_fault+0x135/0x460 [ 3291.539027][T21761] ? __pfx_filemap_map_pages+0x10/0x10 [ 3291.544621][T21761] ? __handle_mm_fault+0x31c8/0x72d0 [ 3291.549921][T21761] __handle_mm_fault+0x49e6/0x72d0 [ 3291.555077][T21761] ? __pfx___handle_mm_fault+0x10/0x10 [ 3291.560555][T21761] ? follow_page_pte+0x28e/0x1910 [ 3291.565593][T21761] ? follow_page_pte+0x760/0x1910 [ 3291.570633][T21761] ? __pfx_lock_release+0x10/0x10 [ 3291.575678][T21761] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3291.580916][T21761] ? follow_page_pte+0x7f2/0x1910 [ 3291.585965][T21761] ? mt_find+0x62d/0x850 [ 3291.590252][T21761] handle_mm_fault+0x3c1/0x8a0 [ 3291.595037][T21761] __get_user_pages+0x6bd/0x1600 [ 3291.600006][T21761] ? get_dump_page+0xe1/0x2f0 [ 3291.604700][T21761] ? __pfx___get_user_pages+0x10/0x10 [ 3291.610090][T21761] ? __kernel_write_iter+0x632/0x8c0 [ 3291.615400][T21761] get_dump_page+0x154/0x2f0 [ 3291.620003][T21761] ? __pfx___kernel_write_iter+0x10/0x10 [ 3291.625649][T21761] ? __pfx_get_dump_page+0x10/0x10 [ 3291.630774][T21761] ? generic_file_llseek_size+0x34c/0x3b0 [ 3291.636526][T21761] ? iov_iter_bvec+0x4e/0x1b0 [ 3291.641220][T21761] dump_user_range+0x126/0x910 [ 3291.646004][T21761] ? __pfx_dump_user_range+0x10/0x10 [ 3291.651309][T21761] ? writenote+0x250/0x3b0 [ 3291.655742][T21761] ? kmalloc_trace+0x1d6/0x360 [ 3291.660514][T21761] ? elf_core_dump+0x2e01/0x4630 [ 3291.665465][T21761] ? dump_emit+0x99/0xd0 [ 3291.669732][T21761] elf_core_dump+0x3d5d/0x4630 [ 3291.674530][T21761] ? __pfx_elf_core_dump+0x10/0x10 [ 3291.679653][T21761] ? mark_lock+0x9a/0x350 [ 3291.683986][T21761] ? mas_next_slot+0xeb2/0xf90 [ 3291.688779][T21761] ? __lock_acquire+0x1345/0x1fd0 [ 3291.693862][T21761] ? rcu_read_lock_any_held+0xb7/0x160 [ 3291.699385][T21761] ? 0xffffffffff600000 [ 3291.703555][T21761] ? getname_kernel+0x140/0x2f0 [ 3291.708427][T21761] do_coredump+0x1baa/0x2b50 [ 3291.713046][T21761] ? get_signal+0xbe1/0x1850 [ 3291.717680][T21761] ? __pfx_do_coredump+0x10/0x10 [ 3291.722674][T21761] ? _raw_spin_unlock_irq+0x23/0x50 [ 3291.727895][T21761] ? lockdep_hardirqs_on+0x98/0x140 [ 3291.733110][T21761] get_signal+0x146a/0x1850 [ 3291.737649][T21761] ? __pfx_get_signal+0x10/0x10 [ 3291.742516][T21761] ? __pfx_force_sig_fault+0x10/0x10 [ 3291.747823][T21761] arch_do_signal_or_restart+0x96/0x860 [ 3291.753409][T21761] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3291.759595][T21761] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3291.765417][T21761] irqentry_exit_to_user_mode+0x78/0x280 [ 3291.771069][T21761] exc_page_fault+0x587/0x870 [ 3291.775770][T21761] asm_exc_page_fault+0x26/0x30 [ 3291.780637][T21761] RIP: 0033:0x7f8ab667ddb1 [ 3291.785062][T21761] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3291.804791][T21761] RSP: 002b:0000000000002100 EFLAGS: 00010217 [ 3291.810881][T21761] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3291.818867][T21761] RDX: 0000000000000000 RSI: 0000000000002100 RDI: 0000000000000000 [ 3291.826868][T21761] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3291.834863][T21761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3291.842850][T21761] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3291.850853][T21761] [ 3291.974816][T21761] memory: usage 307200kB, limit 307200kB, failcnt 210034 [ 3291.986194][T21761] memory+swap: usage 417812kB, limit 9007199254740988kB, failcnt 0 [ 3291.994135][T21761] kmem: usage 44660kB, limit 9007199254740988kB, failcnt 0 [ 3292.052019][T21761] Memory cgroup stats for /syz4: [ 3292.052172][T21761] cache 268029952 [ 3292.107262][T21761] rss 679936 [ 3292.110604][T21761] rss_huge 0 [ 3292.113825][T21761] shmem 268029952 [ 3292.228864][T21761] mapped_file 106360832 [ 3292.233090][T21761] dirty 0 [ 3292.282443][T21761] writeback 0 [ 3292.285799][T21761] workingset_refault_anon 3446 [ 3292.366091][T21761] workingset_refault_file 0 [ 3292.396331][T21761] swap 113266688 [ 3292.400018][T21761] swapcached 32768 [ 3292.448198][T21761] pgpgin 1930032 [ 3292.451889][T21761] pgpgout 1864407 [ 3292.455564][T21761] pgfault 1374510 [ 3292.506170][T21761] pgmajfault 2075 [ 3292.509886][T21761] inactive_anon 194019328 [ 3292.514560][T21761] active_anon 74719232 [ 3292.578419][T21761] inactive_file 0 [ 3292.582117][T21761] active_file 0 [ 3292.585593][T21761] unevictable 0 [ 3292.627381][T21761] hierarchical_memory_limit 314572800 [ 3292.632847][T21761] hierarchical_memsw_limit 9223372036854771712 [ 3292.669125][T21761] total_cache 268029952 [ 3292.673348][T21761] total_rss 679936 [ 3292.695981][T21761] total_rss_huge 0 [ 3292.699756][T21761] total_shmem 268029952 [ 3292.703939][T21761] total_mapped_file 106360832 [ 3292.796125][T21761] total_dirty 0 [ 3292.799638][T21761] total_writeback 0 [ 3292.803467][T21761] total_workingset_refault_anon 3446 [ 3292.856043][T21761] total_workingset_refault_file 0 [ 3292.877419][T21761] total_swap 113266688 [ 3292.881565][T21761] total_swapcached 32768 [ 3292.936173][T21761] total_pgpgin 1930032 [ 3292.940304][T21761] total_pgpgout 1864407 [ 3292.944660][T21761] total_pgfault 1374510 [ 3292.996277][T21761] total_pgmajfault 2075 [ 3293.000501][T21761] total_inactive_anon 194019328 [ 3293.005371][T21761] total_active_anon 74719232 [ 3293.067395][T21761] total_inactive_file 0 [ 3293.071664][T21761] total_active_file 0 [ 3293.075672][T21761] total_unevictable 0 [ 3293.086212][T21761] anon_cost 0 [ 3293.089548][T21761] file_cost 0 [ 3293.092859][T21761] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21669,uid=0 [ 3293.166141][T21761] Memory cgroup out of memory: OOM victim 21669 (syz-executor.4) is already exiting. Skip killing the task 14:04:27 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2503, 0x0, 0x0, 0x0) [ 3293.606398][T21438] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3293.866422][T21438] CPU: 0 PID: 21438 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3293.875185][T21438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3293.885267][T21438] Call Trace: [ 3293.888594][T21438] [ 3293.891561][T21438] dump_stack_lvl+0x1e7/0x2e0 [ 3293.896298][T21438] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3293.901538][T21438] ? __pfx__printk+0x10/0x10 [ 3293.906162][T21438] ? ___ratelimit+0x4c4/0x670 [ 3293.910883][T21438] ? __pfx____ratelimit+0x10/0x10 [ 3293.915949][T21438] dump_header+0xda/0x6a0 [ 3293.920322][T21438] oom_kill_process+0x3a7/0x930 [ 3293.925215][T21438] out_of_memory+0xf67/0x1320 [ 3293.929941][T21438] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3293.935698][T21438] ? __pfx___mutex_lock+0x10/0x10 [ 3293.940780][T21438] ? __pfx_out_of_memory+0x10/0x10 [ 3293.945949][T21438] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3293.951534][T21438] ? __pfx_lock_release+0x10/0x10 [ 3293.956691][T21438] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3293.962794][T21438] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3293.968033][T21438] ? mem_cgroup_iter+0x422/0x560 [ 3293.973014][T21438] try_charge_memcg+0xda2/0x18a0 [ 3293.978112][T21438] ? __pfx_try_charge_memcg+0x10/0x10 [ 3293.983612][T21438] ? percpu_ref_tryget+0x14/0x180 [ 3293.988702][T21438] charge_memcg+0xa2/0x160 [ 3293.993165][T21438] __mem_cgroup_charge+0x27/0x80 [ 3293.998147][T21438] shmem_alloc_and_add_folio+0x393/0xde0 [ 3294.003837][T21438] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3294.010038][T21438] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3294.015294][T21438] ? lockdep_hardirqs_on+0x98/0x140 [ 3294.020528][T21438] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3294.026197][T21438] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3294.032475][T21438] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3294.039111][T21438] shmem_write_begin+0x170/0x4d0 [ 3294.044091][T21438] ? __pfx_shmem_write_begin+0x10/0x10 [ 3294.049597][T21438] ? fault_in_iov_iter_readable+0x236/0x280 [ 3294.055528][T21438] generic_perform_write+0x321/0x640 [ 3294.060856][T21438] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3294.066801][T21438] ? __pfx_generic_perform_write+0x10/0x10 [ 3294.072655][T21438] ? mnt_put_write_access_file+0xc2/0x100 [ 3294.078522][T21438] ? file_update_time+0x3ac/0x3e0 [ 3294.083587][T21438] shmem_file_write_iter+0xfc/0x120 [ 3294.088825][T21438] __kernel_write_iter+0x434/0x8c0 [ 3294.094073][T21438] ? __pfx___kernel_write_iter+0x10/0x10 [ 3294.099755][T21438] ? dump_user_range+0x47c/0x910 [ 3294.104727][T21438] ? iov_iter_bvec+0x4e/0x1b0 [ 3294.109448][T21438] dump_user_range+0x46c/0x910 [ 3294.114258][T21438] ? __pfx_dump_user_range+0x10/0x10 [ 3294.119581][T21438] ? writenote+0x250/0x3b0 [ 3294.124035][T21438] ? kmalloc_trace+0x1d6/0x360 [ 3294.128832][T21438] ? elf_core_dump+0x2e01/0x4630 [ 3294.133804][T21438] ? dump_emit+0x99/0xd0 [ 3294.138083][T21438] elf_core_dump+0x3d5d/0x4630 [ 3294.142914][T21438] ? __pfx_elf_core_dump+0x10/0x10 [ 3294.148069][T21438] ? mark_lock+0x9a/0x350 [ 3294.152434][T21438] ? mas_next_slot+0xeb2/0xf90 [ 3294.157250][T21438] ? __lock_acquire+0x1345/0x1fd0 [ 3294.162362][T21438] ? rcu_read_lock_any_held+0xb7/0x160 [ 3294.167866][T21438] ? 0xffffffffff600000 [ 3294.172049][T21438] ? getname_kernel+0x140/0x2f0 [ 3294.176947][T21438] do_coredump+0x1baa/0x2b50 [ 3294.181593][T21438] ? get_signal+0xbe1/0x1850 [ 3294.186259][T21438] ? __pfx_do_coredump+0x10/0x10 [ 3294.191275][T21438] ? _raw_spin_unlock_irq+0x23/0x50 [ 3294.196506][T21438] ? lockdep_hardirqs_on+0x98/0x140 [ 3294.201746][T21438] get_signal+0x146a/0x1850 [ 3294.206315][T21438] ? __pfx_get_signal+0x10/0x10 [ 3294.211203][T21438] ? __pfx_force_sig_fault+0x10/0x10 [ 3294.216532][T21438] arch_do_signal_or_restart+0x96/0x860 [ 3294.222115][T21438] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3294.228326][T21438] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3294.234171][T21438] irqentry_exit_to_user_mode+0x78/0x280 [ 3294.239932][T21438] exc_page_fault+0x587/0x870 [ 3294.244705][T21438] asm_exc_page_fault+0x26/0x30 [ 3294.249598][T21438] RIP: 0033:0x7f8ab667ddb1 [ 3294.254126][T21438] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3294.273783][T21438] RSP: 002b:0000000000000900 EFLAGS: 00010217 [ 3294.279892][T21438] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3294.287893][T21438] RDX: 0000000000000000 RSI: 0000000000000900 RDI: 0000000000000000 [ 3294.295888][T21438] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3294.304234][T21438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3294.312233][T21438] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3294.320243][T21438] [ 3294.597530][T21438] memory: usage 307200kB, limit 307200kB, failcnt 211504 [ 3294.692923][T21438] memory+swap: usage 412232kB, limit 9007199254740988kB, failcnt 0 [ 3294.757178][T21438] kmem: usage 44588kB, limit 9007199254740988kB, failcnt 0 [ 3294.788490][T21438] Memory cgroup stats for /syz4: [ 3294.788676][T21438] cache 267907072 [ 3294.906126][T21438] rss 618496 [ 3294.947390][T21438] rss_huge 0 [ 3295.006248][T21438] shmem 267907072 [ 3295.066045][T21438] mapped_file 92475392 [ 3295.147190][T21438] dirty 0 [ 3295.186106][T21438] writeback 0 [ 3295.200984][T21438] workingset_refault_anon 3536 14:04:29 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2902, 0x0, 0x0, 0x0) [ 3295.247492][T21438] workingset_refault_file 0 [ 3295.297222][T21438] swap 105795584 [ 3295.320858][T21438] swapcached 94208 [ 3295.416186][T21438] pgpgin 1942353 [ 3295.419802][T21438] pgpgout 1876773 [ 3295.423456][T21438] pgfault 1377991 [ 3295.576345][T21438] pgmajfault 2141 [ 3295.580050][T21438] inactive_anon 129110016 [ 3295.584580][T21438] active_anon 136802304 [ 3295.676216][T21438] inactive_file 0 [ 3295.726087][T21438] active_file 0 [ 3295.768788][T21438] unevictable 0 [ 3295.790247][T21438] hierarchical_memory_limit 314572800 14:04:30 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x2d01, 0x0, 0x0, 0x0) [ 3295.866088][T21438] hierarchical_memsw_limit 9223372036854771712 [ 3295.976293][T21438] total_cache 267907072 [ 3295.980511][T21438] total_rss 618496 [ 3295.984272][T21438] total_rss_huge 0 [ 3296.147154][T21438] total_shmem 267907072 [ 3296.151415][T21438] total_mapped_file 92475392 [ 3296.246110][T21438] total_dirty 0 [ 3296.283144][T21438] total_writeback 0 [ 3296.318944][T21438] total_workingset_refault_anon 3536 [ 3296.347687][T21438] total_workingset_refault_file 0 [ 3296.383173][T21438] total_swap 105795584 [ 3296.402799][T21438] total_swapcached 94208 [ 3296.526052][T21438] total_pgpgin 1942353 [ 3296.559450][T21438] total_pgpgout 1876773 [ 3296.630243][T21438] total_pgfault 1377991 14:04:30 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3103, 0x0, 0x0, 0x0) [ 3296.720524][T21438] total_pgmajfault 2141 [ 3296.724755][T21438] total_inactive_anon 129110016 [ 3296.864556][T21438] total_active_anon 136802304 [ 3296.979677][T21438] total_inactive_file 0 [ 3296.983895][T21438] total_active_file 0 [ 3297.090332][T21438] total_unevictable 0 [ 3297.094378][T21438] anon_cost 0 [ 3297.189022][T21438] file_cost 0 [ 3297.192379][T21438] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21744,uid=0 [ 3297.468538][T21438] Memory cgroup out of memory: Killed process 21744 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:13184kB, UID:0 pgtables:104kB oom_score_adj:1000 14:04:32 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3503, 0x0, 0x0, 0x0) 14:04:32 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3702, 0x0, 0x0, 0x0) 14:04:33 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x3902, 0x0, 0x0, 0x0) 14:04:34 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x4000, 0x0, 0x0, 0x0) 14:04:35 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x4100, 0x0, 0x0, 0x0) 14:04:36 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x4503, 0x0, 0x0, 0x0) 14:04:37 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x4702, 0x0, 0x0, 0x0) 14:04:37 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x4b03, 0x0, 0x0, 0x0) 14:04:39 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x5502, 0x0, 0x0, 0x0) 14:04:40 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x5d02, 0x0, 0x0, 0x0) 14:04:41 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x6103, 0x0, 0x0, 0x0) [ 3307.537237][T21788] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3307.636094][T21788] CPU: 1 PID: 21788 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3307.644840][T21788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3307.654934][T21788] Call Trace: [ 3307.658244][T21788] [ 3307.661196][T21788] dump_stack_lvl+0x1e7/0x2e0 [ 3307.665952][T21788] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3307.671215][T21788] ? __pfx__printk+0x10/0x10 [ 3307.675845][T21788] ? ___ratelimit+0x4c4/0x670 [ 3307.680583][T21788] ? __pfx____ratelimit+0x10/0x10 [ 3307.685663][T21788] dump_header+0xda/0x6a0 [ 3307.690039][T21788] oom_kill_process+0x3a7/0x930 [ 3307.694928][T21788] ? trace_contention_end+0x3c/0x100 [ 3307.700269][T21788] out_of_memory+0xf67/0x1320 [ 3307.704982][T21788] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3307.710634][T21788] ? __pfx___mutex_lock+0x10/0x10 [ 3307.715693][T21788] ? __pfx_out_of_memory+0x10/0x10 [ 3307.720835][T21788] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3307.726414][T21788] ? __pfx_lock_release+0x10/0x10 [ 3307.731467][T21788] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3307.737552][T21788] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3307.742766][T21788] ? mem_cgroup_iter+0x422/0x560 [ 3307.747739][T21788] try_charge_memcg+0xda2/0x18a0 [ 3307.752711][T21788] ? __pfx_try_charge_memcg+0x10/0x10 [ 3307.758094][T21788] ? percpu_ref_tryget+0x14/0x180 [ 3307.763155][T21788] charge_memcg+0xa2/0x160 [ 3307.767597][T21788] __mem_cgroup_charge+0x27/0x80 [ 3307.772590][T21788] shmem_alloc_and_add_folio+0x393/0xde0 [ 3307.778504][T21788] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3307.784683][T21788] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3307.789915][T21788] ? lockdep_hardirqs_on+0x98/0x140 [ 3307.795244][T21788] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3307.800891][T21788] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3307.807148][T21788] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3307.813758][T21788] shmem_write_begin+0x170/0x4d0 [ 3307.818721][T21788] ? __pfx_shmem_write_begin+0x10/0x10 [ 3307.824208][T21788] ? fault_in_iov_iter_readable+0x236/0x280 [ 3307.830141][T21788] generic_perform_write+0x321/0x640 [ 3307.835455][T21788] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3307.841379][T21788] ? __pfx_generic_perform_write+0x10/0x10 [ 3307.847212][T21788] ? mnt_put_write_access_file+0xc2/0x100 [ 3307.852950][T21788] ? file_update_time+0x3ac/0x3e0 [ 3307.857993][T21788] shmem_file_write_iter+0xfc/0x120 [ 3307.863204][T21788] __kernel_write_iter+0x434/0x8c0 [ 3307.868339][T21788] ? __pfx___kernel_write_iter+0x10/0x10 [ 3307.873994][T21788] ? generic_file_llseek_size+0x34c/0x3b0 [ 3307.879751][T21788] ? iov_iter_bvec+0x4e/0x1b0 [ 3307.884884][T21788] dump_user_range+0x46c/0x910 [ 3307.889716][T21788] ? __pfx_dump_user_range+0x10/0x10 [ 3307.895024][T21788] ? writenote+0x250/0x3b0 [ 3307.899460][T21788] ? kmalloc_trace+0x1d6/0x360 [ 3307.904239][T21788] ? elf_core_dump+0x2e01/0x4630 [ 3307.909359][T21788] ? dump_emit+0x99/0xd0 [ 3307.913613][T21788] elf_core_dump+0x3d5d/0x4630 [ 3307.918414][T21788] ? __pfx_elf_core_dump+0x10/0x10 [ 3307.923547][T21788] ? mark_lock+0x9a/0x350 [ 3307.927886][T21788] ? mas_next_slot+0xeb2/0xf90 [ 3307.932674][T21788] ? __lock_acquire+0x1345/0x1fd0 [ 3307.937759][T21788] ? rcu_read_lock_any_held+0xb7/0x160 [ 3307.943237][T21788] ? 0xffffffffff600000 [ 3307.947401][T21788] ? getname_kernel+0x140/0x2f0 [ 3307.952283][T21788] do_coredump+0x1baa/0x2b50 [ 3307.956891][T21788] ? get_signal+0xbe1/0x1850 [ 3307.961525][T21788] ? __pfx_do_coredump+0x10/0x10 [ 3307.966514][T21788] ? _raw_spin_unlock_irq+0x23/0x50 [ 3307.971723][T21788] ? lockdep_hardirqs_on+0x98/0x140 [ 3307.976941][T21788] get_signal+0x146a/0x1850 [ 3307.981478][T21788] ? __pfx_get_signal+0x10/0x10 [ 3307.986351][T21788] ? __pfx_force_sig_fault+0x10/0x10 [ 3307.991684][T21788] arch_do_signal_or_restart+0x96/0x860 [ 3307.997339][T21788] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3308.003528][T21788] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3308.009351][T21788] irqentry_exit_to_user_mode+0x78/0x280 [ 3308.015016][T21788] exc_page_fault+0x587/0x870 [ 3308.019713][T21788] asm_exc_page_fault+0x26/0x30 [ 3308.024586][T21788] RIP: 0033:0x7f8ab667ddb1 [ 3308.029012][T21788] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3308.048644][T21788] RSP: 002b:0000000000003700 EFLAGS: 00010217 [ 3308.054725][T21788] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3308.062724][T21788] RDX: 0000000000000000 RSI: 0000000000003700 RDI: 0000000000000000 [ 3308.070719][T21788] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3308.078706][T21788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3308.086692][T21788] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3308.094691][T21788] [ 3308.126826][T21788] memory: usage 307200kB, limit 307200kB, failcnt 216382 [ 3308.134133][T21788] memory+swap: usage 417744kB, limit 9007199254740988kB, failcnt 0 [ 3308.181205][T21788] kmem: usage 45292kB, limit 9007199254740988kB, failcnt 0 [ 3308.280919][T21788] Memory cgroup stats for /syz4: [ 3308.281123][T21788] cache 266731520 [ 3308.355970][T21788] rss 1253376 [ 3308.374830][T21788] rss_huge 0 [ 3308.449224][T21788] shmem 266731520 [ 3308.506007][T21788] mapped_file 135491584 [ 3308.510342][T21788] dirty 0 [ 3308.533424][T21788] writeback 0 [ 3308.581077][T21788] workingset_refault_anon 3815 [ 3308.588238][T21788] workingset_refault_file 0 [ 3308.592787][T21788] swap 113197056 [ 3308.597133][T21788] swapcached 102400 [ 3308.600968][T21788] pgpgin 2019713 [ 3308.604529][T21788] pgpgout 1954236 [ 3308.609100][T21788] pgfault 1406475 [ 3308.612766][T21788] pgmajfault 2336 [ 3308.616924][T21788] inactive_anon 136540160 [ 3308.621367][T21788] active_anon 130342912 [ 3308.625540][T21788] inactive_file 0 [ 3308.629995][T21788] active_file 0 [ 3308.633494][T21788] unevictable 0 [ 3308.637524][T21788] hierarchical_memory_limit 314572800 [ 3308.642926][T21788] hierarchical_memsw_limit 9223372036854771712 [ 3308.661354][T21788] total_cache 266731520 [ 3308.665561][T21788] total_rss 1253376 [ 3308.776036][T21788] total_rss_huge 0 [ 3308.785587][T21788] total_shmem 266731520 [ 3308.821343][T21788] total_mapped_file 135491584 [ 3308.852544][T21788] total_dirty 0 [ 3308.899666][T21788] total_writeback 0 [ 3308.946282][T21788] total_workingset_refault_anon 3815 [ 3308.996127][T21788] total_workingset_refault_file 0 [ 3309.024673][T21788] total_swap 113197056 [ 3309.057503][T21788] total_swapcached 102400 [ 3309.109643][T21788] total_pgpgin 2019713 [ 3309.159431][T21788] total_pgpgout 1954236 [ 3309.207491][T21788] total_pgfault 1406475 [ 3309.316073][T21788] total_pgmajfault 2336 [ 3309.320415][T21788] total_inactive_anon 136540160 [ 3309.346164][T21788] total_active_anon 130342912 [ 3309.350977][T21788] total_inactive_file 0 [ 3309.355160][T21788] total_active_file 0 [ 3309.447513][T21788] total_unevictable 0 [ 3309.451566][T21788] anon_cost 0 [ 3309.454869][T21788] file_cost 0 [ 3309.458652][T21788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21758,uid=0 [ 3309.474500][T21788] Memory cgroup out of memory: Killed process 21758 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:9344kB, UID:0 pgtables:124kB oom_score_adj:1000 14:04:49 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x6503, 0x0, 0x0, 0x0) 14:04:50 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x6900, 0x0, 0x0, 0x0) [ 3316.709424][T21825] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3316.929931][T21825] CPU: 0 PID: 21825 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3316.938682][T21825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3316.948773][T21825] Call Trace: [ 3316.952082][T21825] [ 3316.955049][T21825] dump_stack_lvl+0x1e7/0x2e0 [ 3316.959785][T21825] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3316.965031][T21825] ? __pfx__printk+0x10/0x10 [ 3316.969664][T21825] ? ___ratelimit+0x4c4/0x670 [ 3316.974398][T21825] ? __pfx____ratelimit+0x10/0x10 [ 3316.979468][T21825] dump_header+0xda/0x6a0 [ 3316.983857][T21825] oom_kill_process+0x3a7/0x930 [ 3316.988749][T21825] ? trace_contention_end+0x3c/0x100 [ 3316.994103][T21825] out_of_memory+0xf67/0x1320 [ 3316.998861][T21825] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3317.004551][T21825] ? __pfx___mutex_lock+0x10/0x10 [ 3317.009627][T21825] ? __pfx_out_of_memory+0x10/0x10 [ 3317.014791][T21825] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3317.020380][T21825] ? __pfx_lock_release+0x10/0x10 [ 3317.025460][T21825] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3317.031582][T21825] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3317.036832][T21825] ? mem_cgroup_iter+0x422/0x560 [ 3317.041822][T21825] try_charge_memcg+0xda2/0x18a0 [ 3317.046836][T21825] ? __pfx_try_charge_memcg+0x10/0x10 [ 3317.052256][T21825] ? percpu_ref_tryget+0x14/0x180 [ 3317.057348][T21825] charge_memcg+0xa2/0x160 [ 3317.061821][T21825] __mem_cgroup_charge+0x27/0x80 [ 3317.066825][T21825] shmem_alloc_and_add_folio+0x393/0xde0 [ 3317.072508][T21825] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3317.078707][T21825] ? filemap_map_pages+0x1248/0x1830 [ 3317.084048][T21825] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3317.089331][T21825] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3317.095030][T21825] shmem_fault+0x254/0x6f0 [ 3317.099504][T21825] ? __pfx_shmem_fault+0x10/0x10 [ 3317.104476][T21825] ? __pfx_lock_release+0x10/0x10 [ 3317.109541][T21825] ? pte_offset_map_nolock+0x137/0x1f0 [ 3317.115052][T21825] __do_fault+0x135/0x460 [ 3317.119427][T21825] ? __pfx_filemap_map_pages+0x10/0x10 [ 3317.124932][T21825] ? __handle_mm_fault+0x31c8/0x72d0 [ 3317.130261][T21825] __handle_mm_fault+0x49e6/0x72d0 [ 3317.135455][T21825] ? __pfx___handle_mm_fault+0x10/0x10 [ 3317.140965][T21825] ? follow_page_pte+0x28e/0x1910 [ 3317.146218][T21825] ? follow_page_pte+0x760/0x1910 [ 3317.151297][T21825] ? __pfx_lock_release+0x10/0x10 [ 3317.156377][T21825] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3317.161630][T21825] ? follow_page_pte+0x7f2/0x1910 [ 3317.166700][T21825] ? mt_find+0x62d/0x850 [ 3317.171034][T21825] handle_mm_fault+0x3c1/0x8a0 [ 3317.175850][T21825] __get_user_pages+0x6bd/0x1600 [ 3317.180846][T21825] ? get_dump_page+0xe1/0x2f0 [ 3317.185581][T21825] ? __pfx___get_user_pages+0x10/0x10 [ 3317.191001][T21825] ? __kernel_write_iter+0x632/0x8c0 [ 3317.196338][T21825] get_dump_page+0x154/0x2f0 [ 3317.200975][T21825] ? __pfx___kernel_write_iter+0x10/0x10 [ 3317.206662][T21825] ? __pfx_get_dump_page+0x10/0x10 [ 3317.211828][T21825] ? generic_file_llseek_size+0x34c/0x3b0 [ 3317.217602][T21825] ? iov_iter_bvec+0x4e/0x1b0 [ 3317.222332][T21825] dump_user_range+0x126/0x910 [ 3317.227148][T21825] ? __pfx_dump_user_range+0x10/0x10 [ 3317.232483][T21825] ? writenote+0x250/0x3b0 [ 3317.236953][T21825] ? kmalloc_trace+0x1d6/0x360 [ 3317.241754][T21825] ? elf_core_dump+0x2e01/0x4630 [ 3317.246814][T21825] ? dump_emit+0x99/0xd0 [ 3317.251094][T21825] elf_core_dump+0x3d5d/0x4630 [ 3317.255924][T21825] ? __pfx_elf_core_dump+0x10/0x10 [ 3317.261106][T21825] ? mark_lock+0x9a/0x350 [ 3317.265469][T21825] ? mas_next_slot+0xeb2/0xf90 [ 3317.270280][T21825] ? __lock_acquire+0x1345/0x1fd0 [ 3317.275400][T21825] ? rcu_read_lock_any_held+0xb7/0x160 [ 3317.280908][T21825] ? 0xffffffffff600000 [ 3317.285101][T21825] ? getname_kernel+0x140/0x2f0 [ 3317.290001][T21825] do_coredump+0x1baa/0x2b50 [ 3317.294659][T21825] ? get_signal+0xbe1/0x1850 [ 3317.299340][T21825] ? __pfx_do_coredump+0x10/0x10 [ 3317.304366][T21825] ? _raw_spin_unlock_irq+0x23/0x50 [ 3317.309605][T21825] ? lockdep_hardirqs_on+0x98/0x140 [ 3317.314856][T21825] get_signal+0x146a/0x1850 [ 3317.319422][T21825] ? __pfx_get_signal+0x10/0x10 [ 3317.324320][T21825] ? __might_fault+0xa9/0x120 [ 3317.329057][T21825] arch_do_signal_or_restart+0x96/0x860 [ 3317.334657][T21825] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3317.340969][T21825] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3317.346832][T21825] irqentry_exit_to_user_mode+0x78/0x280 [ 3317.352513][T21825] exc_page_fault+0x587/0x870 [ 3317.357251][T21825] asm_exc_page_fault+0x26/0x30 [ 3317.362146][T21825] RIP: 0033:0x7f8ab667ddb1 [ 3317.366617][T21825] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3317.386269][T21825] RSP: 002b:0000000000006500 EFLAGS: 00010217 [ 3317.392391][T21825] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3317.400584][T21825] RDX: 0000000000000000 RSI: 0000000000006500 RDI: 0000000000000000 [ 3317.408597][T21825] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3317.416608][T21825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3317.424700][T21825] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3317.432989][T21825] [ 3317.526236][T21825] memory: usage 304748kB, limit 307200kB, failcnt 219744 [ 3317.533374][T21825] memory+swap: usage 413680kB, limit 9007199254740988kB, failcnt 0 [ 3317.585957][T21825] kmem: usage 44964kB, limit 9007199254740988kB, failcnt 0 [ 3317.593269][T21825] Memory cgroup stats for /syz4: [ 3317.593441][T21825] cache 263667712 [ 3317.656439][T21825] rss 901120 [ 3317.659708][T21825] rss_huge 0 [ 3317.662930][T21825] shmem 263667712 [ 3317.746186][T21825] mapped_file 87470080 [ 3317.750319][T21825] dirty 0 [ 3317.753273][T21825] writeback 0 [ 3317.839290][T21825] workingset_refault_anon 4051 [ 3317.906200][T21825] workingset_refault_file 0 [ 3317.911086][T21825] swap 112533504 [ 3317.914652][T21825] swapcached 331776 [ 3317.995990][T21825] pgpgin 2072757 [ 3317.999789][T21825] pgpgout 2008085 [ 3318.003442][T21825] pgfault 1429363 [ 3318.065964][T21825] pgmajfault 2439 [ 3318.069670][T21825] inactive_anon 108425216 [ 3318.074040][T21825] active_anon 156123136 [ 3318.155973][T21825] inactive_file 0 [ 3318.159733][T21825] active_file 0 [ 3318.219503][T21825] unevictable 0 [ 3318.223041][T21825] hierarchical_memory_limit 314572800 [ 3318.276011][T21825] hierarchical_memsw_limit 9223372036854771712 [ 3318.282235][T21825] total_cache 263667712 [ 3318.337535][T21825] total_rss 901120 [ 3318.341326][T21825] total_rss_huge 0 [ 3318.345068][T21825] total_shmem 263667712 [ 3318.436304][T21825] total_mapped_file 87470080 [ 3318.441874][T21825] total_dirty 0 [ 3318.445383][T21825] total_writeback 0 [ 3318.507554][T21825] total_workingset_refault_anon 4051 [ 3318.512905][T21825] total_workingset_refault_file 0 [ 3318.585964][T21825] total_swap 112533504 [ 3318.590102][T21825] total_swapcached 331776 [ 3318.594457][T21825] total_pgpgin 2072757 [ 3318.706186][T21825] total_pgpgout 2008085 [ 3318.710405][T21825] total_pgfault 1429363 [ 3318.714578][T21825] total_pgmajfault 2439 [ 3318.796349][T21825] total_inactive_anon 108425216 [ 3318.801610][T21825] total_active_anon 156123136 [ 3318.876080][T21825] total_inactive_file 0 [ 3318.880306][T21825] total_active_file 0 [ 3318.884308][T21825] total_unevictable 0 [ 3318.947152][T21825] anon_cost 0 [ 3318.950506][T21825] file_cost 0 [ 3318.953815][T21825] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21754,uid=0 [ 3318.978802][T21825] Memory cgroup out of memory: Killed process 21754 (syz-executor.4) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:14464kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3321.296673][ T5111] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 3321.308541][ T5111] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 3321.319167][ T5111] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 3321.327934][ T5111] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 3321.335617][ T5111] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 3321.344204][ T5111] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 14:04:56 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x6b03, 0x0, 0x0, 0x0) [ 3321.970192][ T5111] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 3321.980532][ T5111] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 3321.988952][ T5111] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 3322.008068][ T5111] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 3322.015932][ T5111] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 3322.026231][ T5111] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 3322.677340][ T5111] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 3322.688596][ T5111] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 3322.696721][ T5111] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 3322.704877][ T5111] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 3322.712796][ T5111] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 3322.721384][ T5111] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 3322.895675][ T5111] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 3322.907774][ T5111] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 3322.916166][ T5111] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 3322.927426][ T5111] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 3322.947542][ T5111] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 3322.955058][ T5111] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 3323.446452][T21018] Bluetooth: hci3: command 0x0409 tx timeout [ 3324.086818][T21018] Bluetooth: hci4: command 0x0409 tx timeout [ 3324.806755][T21018] Bluetooth: hci7: command 0x0409 tx timeout 14:04:59 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x6d00, 0x0, 0x0, 0x0) [ 3325.046572][T21018] Bluetooth: hci8: command 0x0409 tx timeout [ 3325.526210][T21018] Bluetooth: hci3: command 0x041b tx timeout 14:04:59 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x6d02, 0x0, 0x0, 0x0) [ 3326.166186][T21018] Bluetooth: hci4: command 0x041b tx timeout [ 3326.675557][T21846] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3326.781014][T21846] CPU: 0 PID: 21846 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3326.789773][T21846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3326.799879][T21846] Call Trace: [ 3326.803197][T21846] [ 3326.806164][T21846] dump_stack_lvl+0x1e7/0x2e0 [ 3326.810904][T21846] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3326.816161][T21846] ? __pfx__printk+0x10/0x10 [ 3326.820798][T21846] ? ___ratelimit+0x4c4/0x670 [ 3326.825703][T21846] ? __pfx____ratelimit+0x10/0x10 [ 3326.830766][T21846] dump_header+0xda/0x6a0 [ 3326.835123][T21846] oom_kill_process+0x3a7/0x930 [ 3326.839990][T21846] ? trace_contention_end+0x3c/0x100 [ 3326.845290][T21846] out_of_memory+0xf67/0x1320 [ 3326.849989][T21846] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3326.855636][T21846] ? __pfx___mutex_lock+0x10/0x10 [ 3326.860772][T21846] ? __pfx_out_of_memory+0x10/0x10 [ 3326.865915][T21846] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3326.871480][T21846] ? __pfx_lock_release+0x10/0x10 [ 3326.876525][T21846] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3326.882610][T21846] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3326.887832][T21846] ? mem_cgroup_iter+0x422/0x560 [ 3326.892797][T21846] try_charge_memcg+0xda2/0x18a0 [ 3326.897774][T21846] ? __pfx_try_charge_memcg+0x10/0x10 [ 3326.903162][T21846] ? percpu_ref_tryget+0x14/0x180 [ 3326.908222][T21846] charge_memcg+0xa2/0x160 [ 3326.912660][T21846] __mem_cgroup_charge+0x27/0x80 [ 3326.917715][T21846] shmem_alloc_and_add_folio+0x393/0xde0 [ 3326.923551][T21846] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3326.929730][T21846] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3326.934972][T21846] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3326.940624][T21846] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3326.946976][T21846] shmem_write_begin+0x170/0x4d0 [ 3326.951934][T21846] ? __pfx_shmem_write_begin+0x10/0x10 [ 3326.957454][T21846] ? fault_in_iov_iter_readable+0x236/0x280 [ 3326.963368][T21846] generic_perform_write+0x321/0x640 [ 3326.968675][T21846] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3326.974612][T21846] ? __pfx_generic_perform_write+0x10/0x10 [ 3326.980528][T21846] ? __pfx_generic_write_checks+0x10/0x10 [ 3326.986266][T21846] ? file_update_time+0x2a3/0x3e0 [ 3326.991326][T21846] shmem_file_write_iter+0xfc/0x120 [ 3326.996555][T21846] __kernel_write_iter+0x434/0x8c0 [ 3327.001693][T21846] ? __pfx___kernel_write_iter+0x10/0x10 [ 3327.007351][T21846] ? generic_file_llseek_size+0x34c/0x3b0 [ 3327.013090][T21846] ? iov_iter_bvec+0x4e/0x1b0 [ 3327.017797][T21846] dump_user_range+0x46c/0x910 [ 3327.022585][T21846] ? __pfx_dump_user_range+0x10/0x10 [ 3327.027893][T21846] ? writenote+0x250/0x3b0 [ 3327.032333][T21846] ? kmalloc_trace+0x1d6/0x360 [ 3327.037113][T21846] ? elf_core_dump+0x2e01/0x4630 [ 3327.042059][T21846] ? dump_emit+0x99/0xd0 [ 3327.046318][T21846] elf_core_dump+0x3d5d/0x4630 [ 3327.051120][T21846] ? __pfx_elf_core_dump+0x10/0x10 [ 3327.056247][T21846] ? mark_lock+0x9a/0x350 [ 3327.060585][T21846] ? mas_next_slot+0xeb2/0xf90 [ 3327.065541][T21846] ? __lock_acquire+0x1345/0x1fd0 [ 3327.070622][T21846] ? rcu_read_lock_any_held+0xb7/0x160 [ 3327.076099][T21846] ? 0xffffffffff600000 [ 3327.080277][T21846] ? getname_kernel+0x140/0x2f0 [ 3327.085153][T21846] do_coredump+0x1baa/0x2b50 [ 3327.089763][T21846] ? get_signal+0xbe1/0x1850 [ 3327.094399][T21846] ? __pfx_do_coredump+0x10/0x10 [ 3327.099390][T21846] ? _raw_spin_unlock_irq+0x23/0x50 [ 3327.104604][T21846] ? lockdep_hardirqs_on+0x98/0x140 [ 3327.109822][T21846] get_signal+0x146a/0x1850 [ 3327.114538][T21846] ? __pfx_get_signal+0x10/0x10 [ 3327.119406][T21846] ? __pfx_force_sig_fault+0x10/0x10 [ 3327.124717][T21846] arch_do_signal_or_restart+0x96/0x860 [ 3327.130457][T21846] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3327.136644][T21846] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3327.142470][T21846] irqentry_exit_to_user_mode+0x78/0x280 [ 3327.148118][T21846] exc_page_fault+0x587/0x870 [ 3327.152817][T21846] asm_exc_page_fault+0x26/0x30 [ 3327.157689][T21846] RIP: 0033:0x7f8ab667ddb1 [ 3327.162115][T21846] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3327.181749][T21846] RSP: 002b:0000000000006b00 EFLAGS: 00010217 [ 3327.187853][T21846] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3327.195877][T21846] RDX: 0000000000000000 RSI: 0000000000006b00 RDI: 0000000000000000 [ 3327.203960][T21846] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3327.211948][T21846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3327.219929][T21846] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3327.227933][T21846] [ 3327.242231][T21018] Bluetooth: hci7: command 0x041b tx timeout [ 3327.242241][ T5111] Bluetooth: hci8: command 0x041b tx timeout [ 3327.314898][T21846] memory: usage 306768kB, limit 307200kB, failcnt 224789 [ 3327.336826][T21846] memory+swap: usage 416004kB, limit 9007199254740988kB, failcnt 0 [ 3327.450892][T21846] kmem: usage 44892kB, limit 9007199254740988kB, failcnt 0 [ 3327.466169][T21846] Memory cgroup stats for /syz4: [ 3327.466348][T21846] cache 262893568 [ 3327.475252][T21846] rss 614400 [ 3327.499567][T21846] rss_huge 0 [ 3327.502839][T21846] shmem 262893568 [ 3327.508293][T21846] mapped_file 106885120 [ 3327.513255][T21846] dirty 0 [ 3327.516804][T21846] writeback 0 [ 3327.520126][T21846] workingset_refault_anon 4184 [ 3327.524930][T21846] workingset_refault_file 0 [ 3327.530886][T21846] swap 113106944 [ 3327.535195][T21846] swapcached 192512 [ 3327.540930][T21846] pgpgin 2117929 [ 3327.547447][T21846] pgpgout 2053550 [ 3327.551115][T21846] pgfault 1443079 [ 3327.554766][T21846] pgmajfault 2497 [ 3327.566070][T21846] inactive_anon 169041920 [ 3327.576479][T21846] active_anon 94420992 [ 3327.580586][T21846] inactive_file 0 [ 3327.586772][T21846] active_file 0 [ 3327.590272][T21846] unevictable 0 [ 3327.593746][T21846] hierarchical_memory_limit 314572800 [ 3327.601703][T21846] hierarchical_memsw_limit 9223372036854771712 [ 3327.607975][ T5111] Bluetooth: hci3: command 0x040f tx timeout [ 3327.626073][T21846] total_cache 262893568 [ 3327.632523][T21846] total_rss 614400 [ 3327.646650][T21846] total_rss_huge 0 [ 3327.650425][T21846] total_shmem 262893568 [ 3327.654593][T21846] total_mapped_file 106885120 [ 3327.705990][T21846] total_dirty 0 [ 3327.716612][T21846] total_writeback 0 [ 3327.720473][T21846] total_workingset_refault_anon 4184 [ 3327.754220][T21846] total_workingset_refault_file 0 [ 3327.766982][T21846] total_swap 113106944 [ 3327.771134][T21846] total_swapcached 192512 [ 3327.775488][T21846] total_pgpgin 2117929 [ 3327.825004][T21846] total_pgpgout 2053550 [ 3327.830732][T21846] total_pgfault 1443079 [ 3327.835616][T21846] total_pgmajfault 2497 [ 3327.851615][T21846] total_inactive_anon 169041920 [ 3327.863281][T21846] total_active_anon 94420992 [ 3327.871379][T21846] total_inactive_file 0 [ 3327.875575][T21846] total_active_file 0 [ 3327.886247][T21846] total_unevictable 0 [ 3327.892656][T21846] anon_cost 0 [ 3327.903963][T19598] hsr_slave_0: left promiscuous mode [ 3327.913810][T19598] hsr_slave_1: left promiscuous mode [ 3327.922234][T19598] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 3327.930119][T21846] file_cost 0 [ 3327.933450][T21846] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21818,uid=0 [ 3327.949871][T19598] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3327.958415][T21846] Memory cgroup out of memory: Killed process 21818 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:16256kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3327.979779][T19598] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 3327.988311][T19598] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3328.011538][ T1240] ieee802154 phy0 wpan0: encryption failed: -22 [ 3328.014559][T19598] bridge_slave_0: left allmulticast mode [ 3328.018134][ T1240] ieee802154 phy1 wpan1: encryption failed: -22 [ 3328.046200][T19598] bridge_slave_0: left promiscuous mode [ 3328.052013][T19598] bridge0: port 1(bridge_slave_0) entered disabled state [ 3328.247252][ T5111] Bluetooth: hci4: command 0x040f tx timeout [ 3328.296412][T21814] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3328.376129][T21814] CPU: 1 PID: 21814 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3328.384892][T21814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3328.394991][T21814] Call Trace: [ 3328.398381][T21814] [ 3328.401348][T21814] dump_stack_lvl+0x1e7/0x2e0 [ 3328.406082][T21814] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3328.411321][T21814] ? __pfx__printk+0x10/0x10 [ 3328.415947][T21814] ? ___ratelimit+0x4c4/0x670 [ 3328.420671][T21814] ? __pfx____ratelimit+0x10/0x10 [ 3328.425750][T21814] dump_header+0xda/0x6a0 [ 3328.430140][T21814] oom_kill_process+0x3a7/0x930 [ 3328.435047][T21814] out_of_memory+0xf67/0x1320 [ 3328.439793][T21814] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3328.445471][T21814] ? __pfx___mutex_lock+0x10/0x10 [ 3328.450547][T21814] ? __pfx_out_of_memory+0x10/0x10 [ 3328.455715][T21814] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3328.461680][T21814] ? __pfx_lock_release+0x10/0x10 [ 3328.466764][T21814] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3328.472884][T21814] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3328.478152][T21814] ? mem_cgroup_iter+0x422/0x560 [ 3328.483147][T21814] try_charge_memcg+0xda2/0x18a0 [ 3328.488136][T21814] ? __bpf_map_offload_destroy+0x2d8/0x340 [ 3328.494009][T21814] ? __pfx_try_charge_memcg+0x10/0x10 [ 3328.499415][T21814] ? percpu_ref_tryget+0x14/0x180 [ 3328.504511][T21814] charge_memcg+0xa2/0x160 [ 3328.509084][T21814] __mem_cgroup_charge+0x27/0x80 [ 3328.514073][T21814] shmem_alloc_and_add_folio+0x393/0xde0 [ 3328.519755][T21814] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3328.525946][T21814] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 3328.531899][T21814] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 3328.538282][T21814] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3328.543553][T21814] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3328.549244][T21814] shmem_fault+0x254/0x6f0 [ 3328.553706][T21814] ? __pfx_shmem_fault+0x10/0x10 [ 3328.558680][T21814] ? __pfx_lock_release+0x10/0x10 [ 3328.563739][T21814] ? pte_offset_map_nolock+0x137/0x1f0 [ 3328.569252][T21814] __do_fault+0x135/0x460 [ 3328.573628][T21814] ? __pfx_filemap_map_pages+0x10/0x10 [ 3328.579129][T21814] ? __handle_mm_fault+0x31c8/0x72d0 [ 3328.584461][T21814] __handle_mm_fault+0x49e6/0x72d0 [ 3328.589651][T21814] ? __pfx___handle_mm_fault+0x10/0x10 [ 3328.595149][T21814] ? follow_page_pte+0x28e/0x1910 [ 3328.600319][T21814] ? follow_page_pte+0x760/0x1910 [ 3328.605387][T21814] ? __pfx_lock_release+0x10/0x10 [ 3328.610473][T21814] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3328.615720][T21814] ? follow_page_pte+0x7f2/0x1910 [ 3328.620791][T21814] ? mt_find+0x62d/0x850 [ 3328.625112][T21814] handle_mm_fault+0x3c1/0x8a0 [ 3328.629922][T21814] __get_user_pages+0x6bd/0x1600 [ 3328.634916][T21814] ? get_dump_page+0xe1/0x2f0 [ 3328.639642][T21814] ? __pfx___get_user_pages+0x10/0x10 [ 3328.645076][T21814] ? __kernel_write_iter+0x632/0x8c0 [ 3328.650409][T21814] get_dump_page+0x154/0x2f0 [ 3328.655035][T21814] ? __pfx___kernel_write_iter+0x10/0x10 [ 3328.660707][T21814] ? __pfx_get_dump_page+0x10/0x10 [ 3328.665862][T21814] ? generic_file_llseek_size+0x34c/0x3b0 [ 3328.671715][T21814] ? iov_iter_bvec+0x4e/0x1b0 [ 3328.676450][T21814] dump_user_range+0x126/0x910 [ 3328.681285][T21814] ? __pfx_dump_user_range+0x10/0x10 [ 3328.686601][T21814] ? writenote+0x250/0x3b0 [ 3328.691063][T21814] ? kmalloc_trace+0x1d6/0x360 [ 3328.695858][T21814] ? elf_core_dump+0x2e01/0x4630 [ 3328.700825][T21814] ? dump_emit+0x99/0xd0 [ 3328.705094][T21814] elf_core_dump+0x3d5d/0x4630 [ 3328.709921][T21814] ? __pfx_elf_core_dump+0x10/0x10 [ 3328.715068][T21814] ? mark_lock+0x9a/0x350 [ 3328.719441][T21814] ? mas_next_slot+0xeb2/0xf90 [ 3328.724249][T21814] ? __lock_acquire+0x1345/0x1fd0 [ 3328.729379][T21814] ? rcu_read_lock_any_held+0xb7/0x160 [ 3328.734894][T21814] ? 0xffffffffff600000 [ 3328.739082][T21814] ? getname_kernel+0x140/0x2f0 [ 3328.743986][T21814] do_coredump+0x1baa/0x2b50 [ 3328.748628][T21814] ? get_signal+0xbe1/0x1850 [ 3328.753294][T21814] ? __pfx_do_coredump+0x10/0x10 [ 3328.758449][T21814] ? _raw_spin_unlock_irq+0x23/0x50 [ 3328.763709][T21814] ? lockdep_hardirqs_on+0x98/0x140 [ 3328.769154][T21814] get_signal+0x146a/0x1850 [ 3328.773731][T21814] ? __pfx_get_signal+0x10/0x10 [ 3328.778662][T21814] ? __pfx_force_sig_fault+0x10/0x10 [ 3328.784005][T21814] arch_do_signal_or_restart+0x96/0x860 [ 3328.789615][T21814] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3328.795830][T21814] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3328.801678][T21814] irqentry_exit_to_user_mode+0x78/0x280 [ 3328.807448][T21814] exc_page_fault+0x587/0x870 [ 3328.812174][T21814] asm_exc_page_fault+0x26/0x30 [ 3328.817067][T21814] RIP: 0033:0x7f8ab667ddb1 [ 3328.821526][T21814] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3328.841171][T21814] RSP: 002b:0000000000005500 EFLAGS: 00010217 [ 3328.847278][T21814] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3328.855296][T21814] RDX: 0000000000000000 RSI: 0000000000005500 RDI: 0000000000000000 [ 3328.863316][T21814] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3328.871328][T21814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3328.879337][T21814] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3328.887376][T21814] 14:05:03 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x6d03, 0x0, 0x0, 0x0) [ 3329.091514][T21814] memory: usage 307200kB, limit 307200kB, failcnt 226086 [ 3329.206156][T21814] memory+swap: usage 416188kB, limit 9007199254740988kB, failcnt 0 [ 3329.214113][T21814] kmem: usage 44636kB, limit 9007199254740988kB, failcnt 0 [ 3329.286247][ T5111] Bluetooth: hci8: command 0x040f tx timeout [ 3329.287449][T21018] Bluetooth: hci7: command 0x040f tx timeout [ 3329.442589][T21814] Memory cgroup stats for /syz4: [ 3329.442793][T21814] cache 265613312 [ 3329.486610][T21814] rss 614400 [ 3329.489875][T21814] rss_huge 0 [ 3329.493107][T21814] shmem 265613312 [ 3329.515006][T19598] hsr_slave_0: left promiscuous mode [ 3329.586262][T21814] mapped_file 88371200 [ 3329.603705][T21814] dirty 0 [ 3329.626536][T19598] hsr_slave_1: left promiscuous mode [ 3329.652160][T21814] writeback 0 [ 3329.674775][T21814] workingset_refault_anon 4190 [ 3329.686215][T21018] Bluetooth: hci3: command 0x0419 tx timeout [ 3329.715355][T21814] workingset_refault_file 0 [ 3329.726697][T19598] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 3329.749428][T19598] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 3329.760223][T19598] bridge_slave_1: left allmulticast mode [ 3329.766589][T19598] bridge_slave_1: left promiscuous mode [ 3329.772350][T19598] bridge0: port 2(bridge_slave_1) entered disabled state [ 3329.816289][T21814] swap 113143808 [ 3329.866354][T21814] swapcached 155648 [ 3329.897411][T21814] pgpgin 2125578 [ 3329.907934][T19598] bridge_slave_0: left allmulticast mode [ 3329.913623][T19598] bridge_slave_0: left promiscuous mode [ 3329.916464][T21814] pgpgout 2060544 [ 3329.926209][T19598] bridge0: port 1(bridge_slave_0) entered disabled state [ 3329.936263][T21814] pgfault 1445641 [ 3330.076211][T21814] pgmajfault 2503 [ 3330.079912][T21814] inactive_anon 115929088 [ 3330.084270][T21814] active_anon 150163456 [ 3330.217232][T21814] inactive_file 0 [ 3330.220928][T21814] active_file 0 [ 3330.224407][T21814] unevictable 0 [ 3330.335928][T21018] Bluetooth: hci4: command 0x0419 tx timeout [ 3330.366230][T21814] hierarchical_memory_limit 314572800 [ 3330.371673][T21814] hierarchical_memsw_limit 9223372036854771712 [ 3330.624864][T21814] total_cache 265613312 [ 3330.629532][T21814] total_rss 614400 [ 3330.633291][T21814] total_rss_huge 0 [ 3330.687255][T21814] total_shmem 265613312 [ 3330.717181][T21814] total_mapped_file 88371200 [ 3330.757747][T21814] total_dirty 0 [ 3330.796045][T21814] total_writeback 0 [ 3330.866029][T21814] total_workingset_refault_anon 4190 [ 3330.892121][T21814] total_workingset_refault_file 0 [ 3330.916043][T21814] total_swap 113143808 [ 3330.961246][T21814] total_swapcached 155648 [ 3330.977438][T21814] total_pgpgin 2125578 [ 3330.997270][T21814] total_pgpgout 2060544 [ 3331.001857][T19598] dummy0: left promiscuous mode [ 3331.012850][T19598] veth0: left promiscuous mode [ 3331.018427][T19598] veth1: left promiscuous mode [ 3331.024969][T19598] batadv0: left promiscuous mode [ 3331.061701][T19598] bond_slave_0: left promiscuous mode [ 3331.067718][T19598] bond_slave_1: left promiscuous mode [ 3331.195990][T21814] total_pgfault 1445641 [ 3331.226109][T21814] total_pgmajfault 2503 [ 3331.262502][T19598] veth1_macvtap: left promiscuous mode [ 3331.276155][T19598] veth0_macvtap: left promiscuous mode [ 3331.281903][T19598] veth1_vlan: left promiscuous mode [ 3331.287951][T21814] total_inactive_anon 115929088 [ 3331.292837][T21814] total_active_anon 150163456 [ 3331.356452][T21814] total_inactive_file 0 [ 3331.360685][T21814] total_active_file 0 [ 3331.364680][T21814] total_unevictable 0 [ 3331.369848][T21018] Bluetooth: hci8: command 0x0419 tx timeout [ 3331.369857][ T5111] Bluetooth: hci7: command 0x0419 tx timeout 14:05:05 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x6f00, 0x0, 0x0, 0x0) [ 3331.466259][T21814] anon_cost 0 [ 3331.586021][T21814] file_cost 0 [ 3331.589377][T21814] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21776,uid=0 [ 3331.776227][T21814] Memory cgroup out of memory: Killed process 21776 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:9216kB, shmem-rss:12160kB, UID:0 pgtables:132kB oom_score_adj:1000 14:05:06 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x6f02, 0x0, 0x0, 0x0) [ 3332.168321][T21829] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3332.286241][T21829] CPU: 1 PID: 21829 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3332.295004][T21829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3332.305092][T21829] Call Trace: [ 3332.308408][T21829] [ 3332.311351][T21829] dump_stack_lvl+0x1e7/0x2e0 [ 3332.316064][T21829] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3332.321384][T21829] ? __pfx__printk+0x10/0x10 [ 3332.326017][T21829] ? ___ratelimit+0x4c4/0x670 [ 3332.330747][T21829] ? __pfx____ratelimit+0x10/0x10 [ 3332.335810][T21829] dump_header+0xda/0x6a0 [ 3332.340268][T21829] oom_kill_process+0x3a7/0x930 [ 3332.345164][T21829] out_of_memory+0xf67/0x1320 [ 3332.349900][T21829] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3332.355573][T21829] ? __pfx___mutex_lock+0x10/0x10 [ 3332.360662][T21829] ? __pfx_out_of_memory+0x10/0x10 [ 3332.365828][T21829] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3332.371412][T21829] ? __pfx_lock_release+0x10/0x10 [ 3332.376505][T21829] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3332.382636][T21829] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3332.387874][T21829] ? mem_cgroup_iter+0x422/0x560 [ 3332.392847][T21829] try_charge_memcg+0xda2/0x18a0 [ 3332.397863][T21829] ? __pfx_try_charge_memcg+0x10/0x10 [ 3332.403275][T21829] ? percpu_ref_tryget+0x14/0x180 [ 3332.408369][T21829] charge_memcg+0xa2/0x160 [ 3332.412838][T21829] __mem_cgroup_charge+0x27/0x80 [ 3332.417823][T21829] shmem_alloc_and_add_folio+0x393/0xde0 [ 3332.423501][T21829] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3332.429699][T21829] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3332.434972][T21829] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3332.440756][T21829] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3332.447155][T21829] shmem_write_begin+0x170/0x4d0 [ 3332.452151][T21829] ? __pfx_shmem_write_begin+0x10/0x10 [ 3332.457662][T21829] ? fault_in_iov_iter_readable+0x236/0x280 [ 3332.463603][T21829] generic_perform_write+0x321/0x640 [ 3332.468929][T21829] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3332.474877][T21829] ? __pfx_generic_perform_write+0x10/0x10 [ 3332.480732][T21829] ? __pfx_generic_write_checks+0x10/0x10 [ 3332.486498][T21829] ? file_update_time+0x2a3/0x3e0 [ 3332.491570][T21829] shmem_file_write_iter+0xfc/0x120 [ 3332.496824][T21829] __kernel_write_iter+0x434/0x8c0 [ 3332.502000][T21829] ? __pfx___kernel_write_iter+0x10/0x10 [ 3332.507687][T21829] ? generic_file_llseek_size+0x34c/0x3b0 [ 3332.513452][T21829] ? iov_iter_bvec+0x4e/0x1b0 [ 3332.518187][T21829] dump_user_range+0x46c/0x910 [ 3332.523011][T21829] ? __pfx_dump_user_range+0x10/0x10 [ 3332.528339][T21829] ? writenote+0x250/0x3b0 [ 3332.532803][T21829] ? kmalloc_trace+0x1d6/0x360 [ 3332.537605][T21829] ? elf_core_dump+0x2e01/0x4630 [ 3332.542577][T21829] ? dump_emit+0x99/0xd0 [ 3332.546942][T21829] elf_core_dump+0x3d5d/0x4630 [ 3332.551778][T21829] ? __pfx_elf_core_dump+0x10/0x10 [ 3332.556927][T21829] ? mark_lock+0x9a/0x350 [ 3332.561470][T21829] ? mas_next_slot+0xeb2/0xf90 [ 3332.566282][T21829] ? __lock_acquire+0x1345/0x1fd0 [ 3332.571575][T21829] ? rcu_read_lock_any_held+0xb7/0x160 [ 3332.577080][T21829] ? 0xffffffffff600000 [ 3332.581268][T21829] ? getname_kernel+0x140/0x2f0 [ 3332.586164][T21829] do_coredump+0x1baa/0x2b50 [ 3332.590810][T21829] ? get_signal+0xbe1/0x1850 [ 3332.595480][T21829] ? __pfx_do_coredump+0x10/0x10 [ 3332.600516][T21829] ? _raw_spin_unlock_irq+0x23/0x50 [ 3332.605749][T21829] ? lockdep_hardirqs_on+0x98/0x140 [ 3332.610983][T21829] get_signal+0x146a/0x1850 [ 3332.615544][T21829] ? __pfx_get_signal+0x10/0x10 [ 3332.620441][T21829] ? __pfx_force_sig_fault+0x10/0x10 [ 3332.625957][T21829] arch_do_signal_or_restart+0x96/0x860 [ 3332.631550][T21829] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3332.637770][T21829] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3332.643622][T21829] irqentry_exit_to_user_mode+0x78/0x280 [ 3332.649303][T21829] exc_page_fault+0x587/0x870 [ 3332.654027][T21829] asm_exc_page_fault+0x26/0x30 [ 3332.658921][T21829] RIP: 0033:0x7f8ab667ddb1 [ 3332.663364][T21829] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3332.683008][T21829] RSP: 002b:0000000000006900 EFLAGS: 00010217 [ 3332.689121][T21829] RAX: 0000000000000000 RBX: 00007f8ab67ac050 RCX: 00007f8ab667dda9 [ 3332.697128][T21829] RDX: 0000000000000000 RSI: 0000000000006900 RDI: 0000000000000000 [ 3332.705128][T21829] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3332.713127][T21829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3332.721133][T21829] R13: 000000000000006e R14: 00007f8ab67ac050 R15: 00007f8ab68cfa48 [ 3332.729163][T21829] [ 3332.989704][T21829] memory: usage 301612kB, limit 307200kB, failcnt 226907 [ 3333.082969][T21829] memory+swap: usage 401652kB, limit 9007199254740988kB, failcnt 0 [ 3333.236156][T21829] kmem: usage 44524kB, limit 9007199254740988kB, failcnt 0 [ 3333.356101][T21829] Memory cgroup stats for /syz4: [ 3333.356263][T21829] cache 267673600 [ 3333.396129][T21829] rss 786432 [ 3333.453075][T21829] rss_huge 0 [ 3333.492018][T21829] shmem 267673600 14:05:07 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7002, 0x0, 0x0, 0x0) [ 3333.570706][T21829] mapped_file 89329664 [ 3333.596606][T21829] dirty 0 [ 3333.599616][T21829] writeback 4096 [ 3333.603207][T21829] workingset_refault_anon 4253 [ 3333.664352][T21829] workingset_refault_file 0 [ 3333.721573][T21829] swap 102256640 [ 3333.725184][T21829] swapcached 77824 [ 3333.766658][T21829] pgpgin 2141446 [ 3333.786707][T21829] pgpgout 2075873 [ 3333.790406][T21829] pgfault 1450898 [ 3333.794066][T21829] pgmajfault 2551 [ 3333.885990][T21829] inactive_anon 99885056 [ 3333.890428][T21829] active_anon 168054784 [ 3333.894605][T21829] inactive_file 0 [ 3334.036029][T21829] active_file 0 [ 3334.039575][T21829] unevictable 0 [ 3334.043052][T21829] hierarchical_memory_limit 314572800 [ 3334.156216][T21829] hierarchical_memsw_limit 9223372036854771712 [ 3334.162450][T21829] total_cache 267673600 [ 3334.276107][T21829] total_rss 786432 [ 3334.323976][T21829] total_rss_huge 0 [ 3334.355512][T21829] total_shmem 267673600 [ 3334.469664][T21829] total_mapped_file 89329664 [ 3334.575279][T21829] total_dirty 0 [ 3334.621143][T21829] total_writeback 4096 [ 3334.661813][T21829] total_workingset_refault_anon 4253 [ 3334.776782][T21829] total_workingset_refault_file 0 [ 3334.806052][T21829] total_swap 102256640 [ 3334.899195][T21829] total_swapcached 77824 [ 3334.918606][T21829] total_pgpgin 2141446 [ 3334.967261][T21829] total_pgpgout 2075873 [ 3335.060764][T21829] total_pgfault 1450898 [ 3335.100997][T21829] total_pgmajfault 2551 [ 3335.170146][T21829] total_inactive_anon 99885056 [ 3335.266097][T21829] total_active_anon 168054784 14:05:09 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7402, 0x0, 0x0, 0x0) [ 3335.317409][T21829] total_inactive_file 0 [ 3335.356258][T21829] total_active_file 0 [ 3335.360315][T21829] total_unevictable 0 [ 3335.364314][T21829] anon_cost 0 [ 3335.436469][T21829] file_cost 0 [ 3335.439822][T21829] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21825,uid=0 [ 3335.697468][T21829] Memory cgroup out of memory: Killed process 21825 (syz-executor.4) total-vm:54640kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:17280kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 3336.457042][T21768] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3336.640648][T21768] CPU: 0 PID: 21768 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3336.649503][T21768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3336.659601][T21768] Call Trace: [ 3336.662915][T21768] [ 3336.665882][T21768] dump_stack_lvl+0x1e7/0x2e0 [ 3336.670614][T21768] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3336.675860][T21768] ? __pfx__printk+0x10/0x10 [ 3336.680493][T21768] ? ___ratelimit+0x4c4/0x670 [ 3336.685215][T21768] ? __pfx____ratelimit+0x10/0x10 [ 3336.690296][T21768] dump_header+0xda/0x6a0 [ 3336.694691][T21768] oom_kill_process+0x3a7/0x930 [ 3336.699581][T21768] ? trace_contention_end+0x3c/0x100 [ 3336.704910][T21768] out_of_memory+0xf67/0x1320 [ 3336.709641][T21768] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3336.715324][T21768] ? __pfx___mutex_lock+0x10/0x10 [ 3336.720402][T21768] ? __pfx_out_of_memory+0x10/0x10 [ 3336.725564][T21768] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3336.731153][T21768] ? __pfx_lock_release+0x10/0x10 14:05:10 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7500, 0x0, 0x0, 0x0) [ 3336.736223][T21768] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3336.742333][T21768] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3336.747586][T21768] ? mem_cgroup_iter+0x422/0x560 [ 3336.752580][T21768] try_charge_memcg+0xda2/0x18a0 [ 3336.757602][T21768] ? __pfx_try_charge_memcg+0x10/0x10 [ 3336.763021][T21768] ? percpu_ref_tryget+0x14/0x180 [ 3336.768216][T21768] charge_memcg+0xa2/0x160 [ 3336.772693][T21768] __mem_cgroup_charge+0x27/0x80 [ 3336.777687][T21768] shmem_alloc_and_add_folio+0x393/0xde0 [ 3336.783374][T21768] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3336.790120][T21768] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3336.795384][T21768] ? lockdep_hardirqs_on+0x98/0x140 [ 3336.800640][T21768] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3336.806314][T21768] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3336.812597][T21768] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3336.819328][T21768] shmem_write_begin+0x170/0x4d0 [ 3336.824321][T21768] ? __pfx_shmem_write_begin+0x10/0x10 [ 3336.829834][T21768] ? fault_in_iov_iter_readable+0x236/0x280 [ 3336.835773][T21768] generic_perform_write+0x321/0x640 [ 3336.841106][T21768] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3336.847061][T21768] ? __pfx_generic_perform_write+0x10/0x10 [ 3336.852921][T21768] ? mnt_put_write_access_file+0xc2/0x100 [ 3336.858693][T21768] ? file_update_time+0x3ac/0x3e0 [ 3336.863764][T21768] shmem_file_write_iter+0xfc/0x120 [ 3336.869000][T21768] __kernel_write_iter+0x434/0x8c0 [ 3336.874169][T21768] ? __pfx___kernel_write_iter+0x10/0x10 [ 3336.879861][T21768] ? dump_user_range+0x562/0x910 [ 3336.884872][T21768] ? dump_user_range+0x583/0x910 [ 3336.889855][T21768] ? iov_iter_bvec+0x4e/0x1b0 [ 3336.894666][T21768] dump_user_range+0x46c/0x910 [ 3336.899486][T21768] ? __pfx_dump_user_range+0x10/0x10 [ 3336.904819][T21768] ? writenote+0x250/0x3b0 [ 3336.909292][T21768] ? kmalloc_trace+0x1d6/0x360 [ 3336.914102][T21768] ? elf_core_dump+0x2e01/0x4630 [ 3336.919074][T21768] ? dump_emit+0x99/0xd0 [ 3336.923357][T21768] elf_core_dump+0x3d5d/0x4630 [ 3336.928189][T21768] ? __pfx_elf_core_dump+0x10/0x10 [ 3336.933339][T21768] ? mark_lock+0x9a/0x350 [ 3336.937705][T21768] ? mas_next_slot+0xeb2/0xf90 [ 3336.942519][T21768] ? __lock_acquire+0x1345/0x1fd0 [ 3336.947651][T21768] ? rcu_read_lock_any_held+0xb7/0x160 [ 3336.953162][T21768] ? 0xffffffffff600000 [ 3336.957354][T21768] ? getname_kernel+0x140/0x2f0 [ 3336.962260][T21768] do_coredump+0x1baa/0x2b50 [ 3336.966897][T21768] ? get_signal+0xbe1/0x1850 [ 3336.971569][T21768] ? __pfx_do_coredump+0x10/0x10 [ 3336.976600][T21768] ? _raw_spin_unlock_irq+0x23/0x50 [ 3336.981840][T21768] ? lockdep_hardirqs_on+0x98/0x140 [ 3336.987091][T21768] get_signal+0x146a/0x1850 [ 3336.991721][T21768] ? __pfx_get_signal+0x10/0x10 [ 3336.996622][T21768] ? __pfx_force_sig_fault+0x10/0x10 [ 3337.001982][T21768] arch_do_signal_or_restart+0x96/0x860 [ 3337.007580][T21768] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3337.013800][T21768] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3337.019656][T21768] irqentry_exit_to_user_mode+0x78/0x280 [ 3337.025334][T21768] exc_page_fault+0x587/0x870 [ 3337.030065][T21768] asm_exc_page_fault+0x26/0x30 [ 3337.034960][T21768] RIP: 0033:0x7f8ab667ddb1 [ 3337.039410][T21768] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3337.059063][T21768] RSP: 002b:0000000000002300 EFLAGS: 00010217 [ 3337.065168][T21768] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3337.073178][T21768] RDX: 0000000000000000 RSI: 0000000000002300 RDI: 0000000000000000 [ 3337.081188][T21768] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3337.089190][T21768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3337.097197][T21768] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3337.105241][T21768] [ 3337.186142][T21768] memory: usage 300796kB, limit 307200kB, failcnt 231159 [ 3337.286183][T21768] memory+swap: usage 411576kB, limit 9007199254740988kB, failcnt 0 [ 3337.536020][T21768] kmem: usage 44732kB, limit 9007199254740988kB, failcnt 0 [ 3337.543287][T21768] Memory cgroup stats for /syz4: [ 3337.543463][T21768] cache 253218816 14:05:11 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7503, 0x0, 0x0, 0x0) [ 3337.836298][T21768] rss 950272 [ 3337.839563][T21768] rss_huge 0 [ 3337.842789][T21768] shmem 253218816 [ 3338.036172][T21768] mapped_file 80719872 [ 3338.040678][T21768] dirty 0 [ 3338.043644][T21768] writeback 12288 [ 3338.083008][T21768] workingset_refault_anon 4284 [ 3338.186564][T21768] workingset_refault_file 0 [ 3338.236059][T21768] swap 112128000 [ 3338.306816][T21768] swapcached 102400 [ 3338.358266][T21768] pgpgin 2160289 [ 3338.398246][T21768] pgpgout 2097983 [ 3338.616613][T21768] pgfault 1458063 [ 3338.620326][T21768] pgmajfault 2570 [ 3338.623987][T21768] inactive_anon 151810048 14:05:13 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7702, 0x0, 0x0, 0x0) [ 3338.976348][T21768] active_anon 101093376 [ 3338.980577][T21768] inactive_file 0 [ 3338.984244][T21768] active_file 0 [ 3339.252671][T21768] unevictable 0 [ 3339.261608][T21768] hierarchical_memory_limit 314572800 [ 3339.387983][T21768] hierarchical_memsw_limit 9223372036854771712 [ 3339.394284][T21768] total_cache 253218816 [ 3339.497755][T21768] total_rss 950272 [ 3339.501567][T21768] total_rss_huge 0 [ 3339.505322][T21768] total_shmem 253218816 14:05:13 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7900, 0x0, 0x0, 0x0) [ 3339.706338][T21768] total_mapped_file 80719872 [ 3339.711017][T21768] total_dirty 0 [ 3339.714501][T21768] total_writeback 12288 [ 3339.866642][T21768] total_workingset_refault_anon 4284 [ 3339.871987][T21768] total_workingset_refault_file 0 [ 3340.006237][T21768] total_swap 112128000 [ 3340.050098][T21768] total_swapcached 102400 [ 3340.166446][T21768] total_pgpgin 2160289 [ 3340.226010][T21768] total_pgpgout 2097983 [ 3340.326077][T21768] total_pgfault 1458063 [ 3340.436478][T21768] total_pgmajfault 2570 [ 3340.486018][T21768] total_inactive_anon 151810048 [ 3340.596301][T21768] total_active_anon 101093376 [ 3340.601045][T21768] total_inactive_file 0 [ 3340.605248][T21768] total_active_file 0 14:05:15 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7b02, 0x0, 0x0, 0x0) [ 3340.911318][T21768] total_unevictable 0 [ 3341.056609][T21768] anon_cost 0 [ 3341.059961][T21768] file_cost 0 [ 3341.063267][T21768] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21798,uid=0 [ 3341.596129][T21768] Memory cgroup out of memory: Killed process 21798 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:7168kB, UID:0 pgtables:132kB oom_score_adj:1000 14:05:16 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7b03, 0x0, 0x0, 0x0) [ 3342.455312][T21788] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3342.775987][T21788] CPU: 0 PID: 21788 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3342.784911][T21788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3342.795000][T21788] Call Trace: [ 3342.798304][T21788] [ 3342.801259][T21788] dump_stack_lvl+0x1e7/0x2e0 [ 3342.805980][T21788] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3342.811243][T21788] ? __pfx__printk+0x10/0x10 [ 3342.815867][T21788] ? ___ratelimit+0x4c4/0x670 [ 3342.820591][T21788] ? __pfx____ratelimit+0x10/0x10 [ 3342.825665][T21788] dump_header+0xda/0x6a0 [ 3342.830040][T21788] oom_kill_process+0x3a7/0x930 [ 3342.834920][T21788] ? trace_contention_end+0x3c/0x100 [ 3342.840247][T21788] out_of_memory+0xf67/0x1320 [ 3342.844984][T21788] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3342.850656][T21788] ? __pfx___mutex_lock+0x10/0x10 [ 3342.855705][T21788] ? __pfx_out_of_memory+0x10/0x10 [ 3342.860838][T21788] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3342.866404][T21788] ? __pfx_lock_release+0x10/0x10 [ 3342.871447][T21788] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3342.877532][T21788] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3342.882742][T21788] ? mem_cgroup_iter+0x422/0x560 [ 3342.887703][T21788] try_charge_memcg+0xda2/0x18a0 [ 3342.892712][T21788] ? __pfx_try_charge_memcg+0x10/0x10 [ 3342.898217][T21788] ? percpu_ref_tryget+0x14/0x180 [ 3342.903282][T21788] charge_memcg+0xa2/0x160 [ 3342.907729][T21788] __mem_cgroup_charge+0x27/0x80 [ 3342.912679][T21788] shmem_alloc_and_add_folio+0x393/0xde0 [ 3342.918342][T21788] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3342.924515][T21788] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3342.929749][T21788] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3342.935397][T21788] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3342.941749][T21788] shmem_write_begin+0x170/0x4d0 [ 3342.946889][T21788] ? __pfx_shmem_write_begin+0x10/0x10 [ 3342.952370][T21788] ? fault_in_iov_iter_readable+0x236/0x280 [ 3342.958291][T21788] generic_perform_write+0x321/0x640 [ 3342.963595][T21788] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3342.969613][T21788] ? __pfx_generic_perform_write+0x10/0x10 [ 3342.975438][T21788] ? __pfx_generic_write_checks+0x10/0x10 [ 3342.981173][T21788] ? file_update_time+0x2a3/0x3e0 [ 3342.986216][T21788] shmem_file_write_iter+0xfc/0x120 [ 3342.991433][T21788] __kernel_write_iter+0x434/0x8c0 [ 3342.996573][T21788] ? __pfx___kernel_write_iter+0x10/0x10 [ 3343.002225][T21788] ? generic_file_llseek_size+0x34c/0x3b0 [ 3343.007979][T21788] ? iov_iter_bvec+0x4e/0x1b0 [ 3343.012675][T21788] dump_user_range+0x46c/0x910 [ 3343.017470][T21788] ? __pfx_dump_user_range+0x10/0x10 [ 3343.022763][T21788] ? writenote+0x250/0x3b0 [ 3343.027197][T21788] ? kmalloc_trace+0x1d6/0x360 [ 3343.031974][T21788] ? elf_core_dump+0x2e01/0x4630 [ 3343.036919][T21788] ? dump_emit+0x99/0xd0 [ 3343.041166][T21788] elf_core_dump+0x3d5d/0x4630 [ 3343.045965][T21788] ? __pfx_elf_core_dump+0x10/0x10 [ 3343.051086][T21788] ? mark_lock+0x9a/0x350 [ 3343.055424][T21788] ? mas_next_slot+0xeb2/0xf90 [ 3343.060222][T21788] ? __lock_acquire+0x1345/0x1fd0 [ 3343.065316][T21788] ? rcu_read_lock_any_held+0xb7/0x160 [ 3343.070800][T21788] ? 0xffffffffff600000 [ 3343.074970][T21788] ? getname_kernel+0x140/0x2f0 [ 3343.079840][T21788] do_coredump+0x1baa/0x2b50 [ 3343.084448][T21788] ? get_signal+0xbe1/0x1850 [ 3343.089081][T21788] ? __pfx_do_coredump+0x10/0x10 [ 3343.094065][T21788] ? _raw_spin_unlock_irq+0x23/0x50 [ 3343.099276][T21788] ? lockdep_hardirqs_on+0x98/0x140 [ 3343.104503][T21788] get_signal+0x146a/0x1850 [ 3343.109130][T21788] ? __pfx_get_signal+0x10/0x10 [ 3343.113997][T21788] ? __pfx_force_sig_fault+0x10/0x10 [ 3343.119323][T21788] arch_do_signal_or_restart+0x96/0x860 [ 3343.124981][T21788] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3343.131171][T21788] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3343.137092][T21788] irqentry_exit_to_user_mode+0x78/0x280 [ 3343.142743][T21788] exc_page_fault+0x587/0x870 [ 3343.147443][T21788] asm_exc_page_fault+0x26/0x30 [ 3343.152320][T21788] RIP: 0033:0x7f8ab667ddb1 [ 3343.156746][T21788] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3343.176446][T21788] RSP: 002b:0000000000003700 EFLAGS: 00010217 [ 3343.182538][T21788] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3343.190529][T21788] RDX: 0000000000000000 RSI: 0000000000003700 RDI: 0000000000000000 [ 3343.198520][T21788] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3343.206506][T21788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3343.214490][T21788] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3343.222486][T21788] [ 3343.347795][T21788] memory: usage 305148kB, limit 307200kB, failcnt 232441 [ 3343.354881][T21788] memory+swap: usage 415396kB, limit 9007199254740988kB, failcnt 0 [ 3343.363207][T21788] kmem: usage 44928kB, limit 9007199254740988kB, failcnt 0 [ 3343.375013][T21788] Memory cgroup stats for /syz4: [ 3343.375189][T21788] cache 264814592 [ 3343.384418][T21788] rss 917504 [ 3343.388012][T21788] rss_huge 0 [ 3343.391245][T21788] shmem 264814592 [ 3343.394898][T21788] mapped_file 77045760 [ 3343.399752][T21788] dirty 0 [ 3343.402825][T21788] writeback 8192 [ 3343.407137][T21788] workingset_refault_anon 4301 [ 3343.412036][T21788] workingset_refault_file 0 [ 3343.416879][T21788] swap 113033216 [ 3343.420470][T21788] swapcached 61440 [ 3343.424217][T21788] pgpgin 2187871 [ 3343.429092][T21788] pgpgout 2122903 [ 3343.432762][T21788] pgfault 1469192 [ 3343.437107][T21788] pgmajfault 2576 [ 3343.440784][T21788] inactive_anon 95760384 [ 3343.445051][T21788] active_anon 168235008 [ 3343.516228][T21788] inactive_file 0 [ 3343.519924][T21788] active_file 0 [ 3343.523411][T21788] unevictable 0 [ 3343.674253][T21788] hierarchical_memory_limit 314572800 [ 3343.736118][T21788] hierarchical_memsw_limit 9223372036854771712 [ 3343.826123][T21788] total_cache 264814592 [ 3343.830386][T21788] total_rss 917504 [ 3343.834137][T21788] total_rss_huge 0 [ 3343.916245][T21788] total_shmem 264814592 [ 3343.920556][T21788] total_mapped_file 77045760 [ 3343.925165][T21788] total_dirty 0 [ 3344.007454][T21788] total_writeback 8192 [ 3344.050089][T21788] total_workingset_refault_anon 4301 14:05:18 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7d00, 0x0, 0x0, 0x0) [ 3344.117269][T21788] total_workingset_refault_file 0 [ 3344.173329][T21788] total_swap 113033216 [ 3344.223830][T21788] total_swapcached 61440 [ 3344.286237][T21788] total_pgpgin 2187871 [ 3344.290375][T21788] total_pgpgout 2122903 [ 3344.294553][T21788] total_pgfault 1469192 [ 3344.506255][T21788] total_pgmajfault 2576 [ 3344.596264][T21788] total_inactive_anon 95760384 [ 3344.686097][T21788] total_active_anon 168235008 [ 3344.746225][T21788] total_inactive_file 0 [ 3344.750445][T21788] total_active_file 0 [ 3344.754446][T21788] total_unevictable 0 [ 3344.836000][T21788] anon_cost 0 [ 3344.839536][T21788] file_cost 0 [ 3344.842859][T21788] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21861,uid=0 [ 3345.006494][T21788] Memory cgroup out of memory: Killed process 21861 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8144kB, shmem-rss:11136kB, UID:0 pgtables:108kB oom_score_adj:1000 14:05:19 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7d01, 0x0, 0x0, 0x0) [ 3346.259093][T21894] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3346.508079][T21894] CPU: 0 PID: 21894 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3346.516831][T21894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3346.526928][T21894] Call Trace: [ 3346.530239][T21894] [ 3346.533194][T21894] dump_stack_lvl+0x1e7/0x2e0 [ 3346.537926][T21894] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3346.543172][T21894] ? __pfx__printk+0x10/0x10 [ 3346.547800][T21894] ? ___ratelimit+0x4c4/0x670 [ 3346.552610][T21894] ? __pfx____ratelimit+0x10/0x10 [ 3346.557685][T21894] dump_header+0xda/0x6a0 [ 3346.562066][T21894] oom_kill_process+0x3a7/0x930 [ 3346.566976][T21894] out_of_memory+0xf67/0x1320 [ 3346.571700][T21894] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3346.577374][T21894] ? __pfx___mutex_lock+0x10/0x10 [ 3346.582446][T21894] ? __pfx_out_of_memory+0x10/0x10 [ 3346.587611][T21894] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3346.593194][T21894] ? __pfx_lock_release+0x10/0x10 [ 3346.598260][T21894] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3346.604366][T21894] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3346.609605][T21894] ? mem_cgroup_iter+0x422/0x560 [ 3346.614584][T21894] try_charge_memcg+0xda2/0x18a0 [ 3346.619588][T21894] ? __pfx_try_charge_memcg+0x10/0x10 [ 3346.625038][T21894] ? percpu_ref_tryget+0x14/0x180 [ 3346.630134][T21894] charge_memcg+0xa2/0x160 [ 3346.634681][T21894] __mem_cgroup_charge+0x27/0x80 [ 3346.639752][T21894] folio_prealloc+0x52/0x170 [ 3346.644381][T21894] do_wp_page+0x1222/0x4c90 [ 3346.648943][T21894] ? __pfx_do_wp_page+0x10/0x10 [ 3346.653853][T21894] ? __pfx_lock_acquire+0x10/0x10 [ 3346.658930][T21894] ? do_raw_spin_lock+0x14e/0x370 [ 3346.664006][T21894] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3346.670385][T21894] __handle_mm_fault+0x26ad/0x72d0 [ 3346.675654][T21894] ? reacquire_held_locks+0x3eb/0x690 [ 3346.681056][T21894] ? __pfx___handle_mm_fault+0x10/0x10 [ 3346.686581][T21894] ? __pfx_reacquire_held_locks+0x10/0x10 [ 3346.692355][T21894] ? mtree_range_walk+0x6fd/0x8e0 [ 3346.697416][T21894] ? lock_vma_under_rcu+0x18a/0x730 [ 3346.702939][T21894] ? __pfx_lock_release+0x10/0x10 [ 3346.708029][T21894] ? lock_vma_under_rcu+0x2f9/0x730 [ 3346.713291][T21894] ? lock_vma_under_rcu+0x18a/0x730 [ 3346.718619][T21894] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 3346.724211][T21894] handle_mm_fault+0x3c1/0x8a0 [ 3346.729031][T21894] exc_page_fault+0x456/0x870 [ 3346.733751][T21894] asm_exc_page_fault+0x26/0x30 [ 3346.738645][T21894] RIP: 0033:0x7f8ab6637543 [ 3346.743091][T21894] Code: 8b 4c 24 40 c6 40 20 01 89 48 24 8b 4c 24 4c 44 89 68 28 44 89 50 2c 89 48 78 40 88 7c 1a 04 8b 5c 24 44 4c 89 3d 2d 4a 17 00 <89> 98 80 00 00 00 0f 1f 80 00 00 00 00 48 8b 94 2c a0 01 00 00 48 [ 3346.762740][T21894] RSP: 002b:00007f8ab68cfb30 EFLAGS: 00010246 [ 3346.768857][T21894] RAX: 00007f8ab67abf80 RBX: 0000000000000000 RCX: 0000000000000000 [ 3346.776873][T21894] RDX: 00007f8ab67abff8 RSI: 00007f8ab67abf88 RDI: 0000000000000000 [ 3346.784884][T21894] RBP: 0000000000000000 R08: 0000000000000000 R09: 00007f8ab67abf8c [ 3346.792897][T21894] R10: 0000000000000006 R11: 0000000000000246 R12: 00007f8ab67abf80 [ 3346.800905][T21894] R13: 0000000000000a0b R14: 0000000000000000 R15: 00007f8ab67abf80 [ 3346.808946][T21894] [ 3347.466851][T21894] memory: usage 305116kB, limit 307200kB, failcnt 234468 [ 3347.474137][T21894] memory+swap: usage 415464kB, limit 9007199254740988kB, failcnt 0 [ 3347.606749][T21894] kmem: usage 45204kB, limit 9007199254740988kB, failcnt 0 [ 3347.614042][T21894] Memory cgroup stats for /syz4: [ 3347.614221][T21894] cache 265945088 [ 3347.766101][T21894] rss 765952 [ 3347.806081][T21894] rss_huge 0 [ 3347.826475][T21894] shmem 265945088 [ 3347.886142][T21894] mapped_file 60194816 [ 3347.926034][T21894] dirty 0 [ 3347.938867][T21894] writeback 0 [ 3347.981235][T21894] workingset_refault_anon 4525 [ 3348.070097][T21894] workingset_refault_file 0 [ 3348.074766][T21894] swap 112013312 [ 3348.115238][T21894] swapcached 327680 [ 3348.139749][T21894] pgpgin 2208479 [ 3348.196049][T21894] pgpgout 2143264 [ 3348.199754][T21894] pgfault 1478258 [ 3348.203408][T21894] pgmajfault 2669 [ 3348.356363][T21894] inactive_anon 157175808 [ 3348.361137][T21894] active_anon 109547520 [ 3348.365336][T21894] inactive_file 0 [ 3348.515563][T21894] active_file 0 [ 3348.523917][T21894] unevictable 0 [ 3348.556130][T21894] hierarchical_memory_limit 314572800 [ 3348.596146][T21894] hierarchical_memsw_limit 9223372036854771712 [ 3348.626302][T21894] total_cache 265945088 [ 3348.630803][T21894] total_rss 765952 [ 3348.634547][T21894] total_rss_huge 0 [ 3348.747426][T21894] total_shmem 265945088 [ 3348.751650][T21894] total_mapped_file 60194816 [ 3348.826295][T21894] total_dirty 0 [ 3348.848267][T21894] total_writeback 0 [ 3348.886565][T21894] total_workingset_refault_anon 4525 [ 3348.927977][T21894] total_workingset_refault_file 0 [ 3348.976158][T21894] total_swap 112013312 [ 3349.016115][T21894] total_swapcached 327680 [ 3349.041974][T21894] total_pgpgin 2208479 [ 3349.077515][T21894] total_pgpgout 2143264 [ 3349.096097][T21894] total_pgfault 1478258 [ 3349.116159][T21894] total_pgmajfault 2669 [ 3349.136385][T21894] total_inactive_anon 157175808 [ 3349.166358][T21894] total_active_anon 109547520 [ 3349.187444][T21894] total_inactive_file 0 [ 3349.236347][T21894] total_active_file 0 [ 3349.247278][T21894] total_unevictable 0 [ 3349.266349][T21894] anon_cost 0 [ 3349.276580][T21894] file_cost 0 [ 3349.286581][T21894] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21858,uid=0 [ 3349.346399][T21894] Memory cgroup out of memory: Killed process 21858 (syz-executor.4) total-vm:54508kB, anon-rss:388kB, file-rss:8192kB, shmem-rss:9728kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3349.739486][T21889] syz-executor.4 invoked oom-killer: gfp_mask=0x400cc0(GFP_KERNEL_ACCOUNT), order=0, oom_score_adj=1000 14:05:24 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7d02, 0x0, 0x0, 0x0) [ 3349.958013][T21889] CPU: 0 PID: 21889 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3349.966759][T21889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3349.976848][T21889] Call Trace: [ 3349.980245][T21889] [ 3349.983212][T21889] dump_stack_lvl+0x1e7/0x2e0 [ 3349.987945][T21889] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3349.993188][T21889] ? __pfx__printk+0x10/0x10 [ 3349.997818][T21889] ? ___ratelimit+0x4c4/0x670 [ 3350.002541][T21889] ? __pfx____ratelimit+0x10/0x10 [ 3350.007629][T21889] dump_header+0xda/0x6a0 [ 3350.012004][T21889] oom_kill_process+0x3a7/0x930 [ 3350.016887][T21889] ? trace_contention_end+0x3c/0x100 [ 3350.022214][T21889] out_of_memory+0xf67/0x1320 [ 3350.026940][T21889] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3350.032621][T21889] ? __pfx___mutex_lock+0x10/0x10 [ 3350.037704][T21889] ? __pfx_out_of_memory+0x10/0x10 [ 3350.042877][T21889] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3350.048459][T21889] ? __pfx_lock_release+0x10/0x10 [ 3350.053523][T21889] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3350.059667][T21889] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3350.064906][T21889] ? mem_cgroup_iter+0x422/0x560 [ 3350.069892][T21889] try_charge_memcg+0xda2/0x18a0 [ 3350.074907][T21889] ? __pfx_try_charge_memcg+0x10/0x10 [ 3350.080319][T21889] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 3350.086078][T21889] ? __pfx_lock_release+0x10/0x10 [ 3350.091156][T21889] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3350.097193][T21889] ? get_mem_cgroup_from_objcg+0x19/0x150 [ 3350.102953][T21889] ? get_mem_cgroup_from_objcg+0x13b/0x150 [ 3350.108798][T21889] obj_cgroup_charge+0x389/0x630 [ 3350.113786][T21889] ? obj_cgroup_charge+0x121/0x630 [ 3350.118964][T21889] ? __pfx_obj_cgroup_charge+0x10/0x10 [ 3350.124475][T21889] ? kmem_cache_alloc_lru+0x52/0x350 [ 3350.129803][T21889] ? __pfx___might_resched+0x10/0x10 [ 3350.135138][T21889] __memcg_slab_pre_alloc_hook+0x28d/0x2b0 [ 3350.141003][T21889] ? xas_nomem+0x141/0x1f0 [ 3350.145460][T21889] kmem_cache_alloc_lru+0x204/0x350 [ 3350.150708][T21889] xas_nomem+0x141/0x1f0 [ 3350.154998][T21889] shmem_add_to_page_cache+0x961/0x1830 [ 3350.160617][T21889] ? __pfx_shmem_add_to_page_cache+0x10/0x10 [ 3350.166640][T21889] ? percpu_ref_put+0x19/0x180 [ 3350.171452][T21889] shmem_alloc_and_add_folio+0x46d/0xde0 [ 3350.177153][T21889] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3350.183350][T21889] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3350.188661][T21889] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3350.194334][T21889] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3350.200708][T21889] shmem_write_begin+0x170/0x4d0 [ 3350.205699][T21889] ? __pfx_shmem_write_begin+0x10/0x10 [ 3350.211216][T21889] ? fault_in_iov_iter_readable+0x236/0x280 [ 3350.217153][T21889] generic_perform_write+0x321/0x640 [ 3350.222487][T21889] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3350.228445][T21889] ? __pfx_generic_perform_write+0x10/0x10 [ 3350.234305][T21889] ? __pfx_generic_write_checks+0x10/0x10 [ 3350.240071][T21889] ? file_update_time+0x2a3/0x3e0 [ 3350.245139][T21889] shmem_file_write_iter+0xfc/0x120 [ 3350.250390][T21889] __kernel_write_iter+0x434/0x8c0 [ 3350.255553][T21889] ? __pfx___kernel_write_iter+0x10/0x10 [ 3350.261241][T21889] ? iov_iter_bvec+0x4e/0x1b0 [ 3350.265963][T21889] dump_user_range+0x46c/0x910 [ 3350.270773][T21889] ? __pfx_dump_user_range+0x10/0x10 [ 3350.276095][T21889] ? writenote+0x250/0x3b0 [ 3350.280569][T21889] ? kmalloc_trace+0x1d6/0x360 [ 3350.285373][T21889] ? elf_core_dump+0x2e01/0x4630 [ 3350.290348][T21889] ? dump_emit+0x99/0xd0 [ 3350.294652][T21889] elf_core_dump+0x3d5d/0x4630 [ 3350.299489][T21889] ? __pfx_elf_core_dump+0x10/0x10 [ 3350.304637][T21889] ? mark_lock+0x9a/0x350 [ 3350.309007][T21889] ? mas_next_slot+0xeb2/0xf90 [ 3350.313816][T21889] ? __lock_acquire+0x1345/0x1fd0 [ 3350.318943][T21889] ? rcu_read_lock_any_held+0xb7/0x160 [ 3350.324453][T21889] ? 0xffffffffff600000 [ 3350.328673][T21889] ? getname_kernel+0x140/0x2f0 [ 3350.333585][T21889] do_coredump+0x1baa/0x2b50 [ 3350.338212][T21889] ? get_signal+0xbe1/0x1850 [ 3350.342883][T21889] ? __pfx_do_coredump+0x10/0x10 [ 3350.347920][T21889] ? _raw_spin_unlock_irq+0x23/0x50 [ 3350.353163][T21889] ? lockdep_hardirqs_on+0x98/0x140 [ 3350.358406][T21889] get_signal+0x146a/0x1850 [ 3350.363239][T21889] ? __pfx_get_signal+0x10/0x10 [ 3350.368159][T21889] ? __pfx_force_sig_fault+0x10/0x10 [ 3350.373500][T21889] arch_do_signal_or_restart+0x96/0x860 [ 3350.379107][T21889] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3350.385327][T21889] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3350.391183][T21889] irqentry_exit_to_user_mode+0x78/0x280 [ 3350.396866][T21889] exc_page_fault+0x587/0x870 [ 3350.401681][T21889] asm_exc_page_fault+0x26/0x30 [ 3350.406570][T21889] RIP: 0033:0x7f8ab667ddb1 [ 3350.411026][T21889] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3350.430769][T21889] RSP: 002b:0000000000007b00 EFLAGS: 00010217 [ 3350.436893][T21889] RAX: 0000000000000000 RBX: 00007f8ab67ac050 RCX: 00007f8ab667dda9 [ 3350.444983][T21889] RDX: 0000000000000000 RSI: 0000000000007b00 RDI: 0000000000000000 [ 3350.453069][T21889] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3350.461072][T21889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3350.469080][T21889] R13: 000000000000006e R14: 00007f8ab67ac050 R15: 00007f8ab68cfa48 [ 3350.477116][T21889] [ 3350.610082][T21889] memory: usage 305668kB, limit 307200kB, failcnt 236650 [ 3350.654904][T21889] memory+swap: usage 415856kB, limit 9007199254740988kB, failcnt 0 [ 3350.726395][T21889] kmem: usage 44664kB, limit 9007199254740988kB, failcnt 0 [ 3350.733666][T21889] Memory cgroup stats for /syz4: [ 3350.733839][T21889] cache 266735616 [ 3350.775972][T21889] rss 540672 [ 3350.794401][T21889] rss_huge 0 [ 3350.806101][T21889] shmem 266735616 [ 3350.809792][T21889] mapped_file 51015680 [ 3350.813889][T21889] dirty 0 [ 3350.890809][T21889] writeback 0 [ 3350.894154][T21889] workingset_refault_anon 4538 [ 3350.956038][T21889] workingset_refault_file 0 [ 3350.960615][T21889] swap 112664576 [ 3350.964183][T21889] swapcached 290816 [ 3351.006687][T21889] pgpgin 2217541 [ 3351.010302][T21889] pgpgout 2152212 [ 3351.013960][T21889] pgfault 1479883 [ 3351.068128][T21889] pgmajfault 2678 [ 3351.071832][T21889] inactive_anon 177434624 [ 3351.085922][T21889] active_anon 90128384 [ 3351.105364][T21889] inactive_file 0 [ 3351.126326][T21889] active_file 0 [ 3351.136221][T21889] unevictable 0 [ 3351.139736][T21889] hierarchical_memory_limit 314572800 [ 3351.145131][T21889] hierarchical_memsw_limit 9223372036854771712 [ 3351.216530][T21889] total_cache 266735616 [ 3351.220747][T21889] total_rss 540672 [ 3351.224507][T21889] total_rss_huge 0 [ 3351.279353][T21889] total_shmem 266735616 [ 3351.283573][T21889] total_mapped_file 51015680 [ 3351.316094][T21889] total_dirty 0 [ 3351.319636][T21889] total_writeback 0 [ 3351.323494][T21889] total_workingset_refault_anon 4538 [ 3351.371794][T21889] total_workingset_refault_file 0 [ 3351.387708][T21889] total_swap 112664576 [ 3351.391831][T21889] total_swapcached 290816 [ 3351.436219][T21889] total_pgpgin 2217541 [ 3351.440350][T21889] total_pgpgout 2152212 [ 3351.444525][T21889] total_pgfault 1479883 [ 3351.505283][T21889] total_pgmajfault 2678 [ 3351.515947][T21889] total_inactive_anon 177434624 [ 3351.520859][T21889] total_active_anon 90128384 [ 3351.525473][T21889] total_inactive_file 0 [ 3351.576402][T21889] total_active_file 0 [ 3351.596127][T21889] total_unevictable 0 [ 3351.600174][T21889] anon_cost 0 [ 3351.603499][T21889] file_cost 0 [ 3351.656219][T21889] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21875,uid=0 [ 3351.696277][T21889] Memory cgroup out of memory: Killed process 21875 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:10880kB, UID:0 pgtables:108kB oom_score_adj:1000 14:05:27 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7d03, 0x0, 0x0, 0x0) 14:05:29 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7f01, 0x0, 0x0, 0x0) 14:05:30 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x7f03, 0x0, 0x0, 0x0) 14:05:32 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8100, 0x0, 0x0, 0x0) 14:05:33 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8103, 0x0, 0x0, 0x0) 14:05:34 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8302, 0x0, 0x0, 0x0) 14:05:35 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8500, 0x0, 0x0, 0x0) 14:05:36 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8501, 0x0, 0x0, 0x0) 14:05:37 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8502, 0x0, 0x0, 0x0) 14:05:38 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8503, 0x0, 0x0, 0x0) 14:05:40 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8703, 0x0, 0x0, 0x0) 14:05:41 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8903, 0x0, 0x0, 0x0) 14:05:41 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8b01, 0x0, 0x0, 0x0) 14:05:42 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8b02, 0x0, 0x0, 0x0) 14:05:44 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8b03, 0x0, 0x0, 0x0) 14:05:45 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8d00, 0x0, 0x0, 0x0) 14:05:48 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8d03, 0x0, 0x0, 0x0) 14:05:49 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8f00, 0x0, 0x0, 0x0) [ 3376.764332][T21914] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3376.916104][T21914] CPU: 1 PID: 21914 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3376.924861][T21914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3376.934973][T21914] Call Trace: [ 3376.938284][T21914] [ 3376.941244][T21914] dump_stack_lvl+0x1e7/0x2e0 [ 3376.945983][T21914] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3376.951229][T21914] ? __pfx__printk+0x10/0x10 [ 3376.955850][T21914] ? ___ratelimit+0x4c4/0x670 [ 3376.960568][T21914] ? __pfx____ratelimit+0x10/0x10 [ 3376.965618][T21914] dump_header+0xda/0x6a0 [ 3376.969991][T21914] oom_kill_process+0x3a7/0x930 [ 3376.974895][T21914] ? trace_contention_end+0x3c/0x100 [ 3376.980244][T21914] out_of_memory+0xf67/0x1320 [ 3376.984976][T21914] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3376.990649][T21914] ? __pfx___mutex_lock+0x10/0x10 [ 3376.995698][T21914] ? __pfx_out_of_memory+0x10/0x10 [ 3377.000868][T21914] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3377.006424][T21914] ? __pfx_lock_release+0x10/0x10 [ 3377.011465][T21914] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3377.017570][T21914] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3377.022800][T21914] ? mem_cgroup_iter+0x422/0x560 [ 3377.027762][T21914] try_charge_memcg+0xda2/0x18a0 [ 3377.032739][T21914] ? __pfx_try_charge_memcg+0x10/0x10 [ 3377.038215][T21914] ? percpu_ref_tryget+0x14/0x180 [ 3377.043290][T21914] charge_memcg+0xa2/0x160 [ 3377.047744][T21914] __mem_cgroup_charge+0x27/0x80 [ 3377.052722][T21914] shmem_alloc_and_add_folio+0x393/0xde0 [ 3377.058408][T21914] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3377.064599][T21914] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3377.069857][T21914] ? lockdep_hardirqs_on+0x98/0x140 [ 3377.075091][T21914] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3377.080850][T21914] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3377.087120][T21914] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3377.093736][T21914] shmem_write_begin+0x170/0x4d0 [ 3377.098714][T21914] ? __pfx_shmem_write_begin+0x10/0x10 [ 3377.104203][T21914] ? fault_in_iov_iter_readable+0x236/0x280 [ 3377.110120][T21914] generic_perform_write+0x321/0x640 [ 3377.115426][T21914] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3377.121444][T21914] ? __pfx_generic_perform_write+0x10/0x10 [ 3377.127280][T21914] ? mnt_put_write_access_file+0xc2/0x100 [ 3377.133018][T21914] ? file_update_time+0x3ac/0x3e0 [ 3377.138061][T21914] shmem_file_write_iter+0xfc/0x120 [ 3377.143274][T21914] __kernel_write_iter+0x434/0x8c0 [ 3377.148414][T21914] ? __pfx___kernel_write_iter+0x10/0x10 [ 3377.154068][T21914] ? dump_user_range+0x562/0x910 [ 3377.159010][T21914] ? dump_user_range+0x583/0x910 [ 3377.164097][T21914] ? iov_iter_bvec+0x4e/0x1b0 [ 3377.168828][T21914] dump_user_range+0x46c/0x910 [ 3377.173627][T21914] ? __pfx_dump_user_range+0x10/0x10 [ 3377.178931][T21914] ? writenote+0x250/0x3b0 [ 3377.183379][T21914] ? kmalloc_trace+0x1d6/0x360 [ 3377.188169][T21914] ? elf_core_dump+0x2e01/0x4630 [ 3377.193119][T21914] ? dump_emit+0x99/0xd0 [ 3377.197383][T21914] elf_core_dump+0x3d5d/0x4630 [ 3377.202181][T21914] ? __pfx_elf_core_dump+0x10/0x10 [ 3377.207304][T21914] ? mark_lock+0x9a/0x350 [ 3377.211642][T21914] ? mas_next_slot+0xeb2/0xf90 [ 3377.216422][T21914] ? __lock_acquire+0x1345/0x1fd0 [ 3377.221502][T21914] ? rcu_read_lock_any_held+0xb7/0x160 [ 3377.227004][T21914] ? 0xffffffffff600000 [ 3377.231187][T21914] ? getname_kernel+0x140/0x2f0 [ 3377.236075][T21914] do_coredump+0x1baa/0x2b50 [ 3377.240772][T21914] ? get_signal+0xbe1/0x1850 [ 3377.245413][T21914] ? __pfx_do_coredump+0x10/0x10 [ 3377.250401][T21914] ? _raw_spin_unlock_irq+0x23/0x50 [ 3377.255612][T21914] ? lockdep_hardirqs_on+0x98/0x140 [ 3377.260825][T21914] get_signal+0x146a/0x1850 [ 3377.265363][T21914] ? __pfx_get_signal+0x10/0x10 [ 3377.270227][T21914] ? __pfx_force_sig_fault+0x10/0x10 [ 3377.275542][T21914] arch_do_signal_or_restart+0x96/0x860 [ 3377.281191][T21914] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3377.287371][T21914] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3377.293192][T21914] irqentry_exit_to_user_mode+0x78/0x280 [ 3377.298841][T21914] exc_page_fault+0x587/0x870 [ 3377.303540][T21914] asm_exc_page_fault+0x26/0x30 [ 3377.308406][T21914] RIP: 0033:0x7f8ab667ddb1 [ 3377.312836][T21914] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3377.332553][T21914] RSP: 002b:0000000000008100 EFLAGS: 00010217 [ 3377.338981][T21914] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3377.347063][T21914] RDX: 0000000000000000 RSI: 0000000000008100 RDI: 0000000000000000 [ 3377.355069][T21914] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3377.363071][T21914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3377.371064][T21914] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3377.379068][T21914] [ 3377.398034][T21914] memory: usage 307200kB, limit 307200kB, failcnt 262101 [ 3377.418125][T21914] memory+swap: usage 417772kB, limit 9007199254740988kB, failcnt 0 [ 3377.442541][T21914] kmem: usage 44688kB, limit 9007199254740988kB, failcnt 0 [ 3377.456747][T21914] Memory cgroup stats for /syz4: [ 3377.456914][T21914] cache 268062720 [ 3377.469146][T21914] rss 679936 [ 3377.472387][T21914] rss_huge 0 [ 3377.475605][T21914] shmem 268062720 [ 3377.497378][T21914] mapped_file 177651712 [ 3377.501608][T21914] dirty 0 [ 3377.504592][T21914] writeback 0 [ 3377.521858][T21914] workingset_refault_anon 5066 [ 3377.537523][T21914] workingset_refault_file 0 [ 3377.542081][T21914] swap 113225728 [ 3377.545652][T21914] swapcached 73728 [ 3377.566118][T21914] pgpgin 2373346 [ 3377.569726][T21914] pgpgout 2307718 [ 3377.573388][T21914] pgfault 1536177 [ 3377.589927][T21914] pgmajfault 2962 [ 3377.593629][T21914] inactive_anon 157777920 [ 3377.608792][T21914] active_anon 111034368 [ 3377.612999][T21914] inactive_file 0 [ 3377.616774][T21914] active_file 0 [ 3377.620273][T21914] unevictable 0 [ 3377.624109][T21914] hierarchical_memory_limit 314572800 [ 3377.629864][T21914] hierarchical_memsw_limit 9223372036854771712 [ 3377.636135][T21914] total_cache 268062720 [ 3377.640438][T21914] total_rss 679936 [ 3377.644185][T21914] total_rss_huge 0 [ 3377.648081][T21914] total_shmem 268062720 [ 3377.652271][T21914] total_mapped_file 177651712 [ 3377.657697][T21914] total_dirty 0 [ 3377.661199][T21914] total_writeback 0 [ 3377.665024][T21914] total_workingset_refault_anon 5066 [ 3377.671120][T21914] total_workingset_refault_file 0 [ 3377.676704][T21914] total_swap 113225728 [ 3377.680925][T21914] total_swapcached 73728 [ 3377.685294][T21914] total_pgpgin 2373346 [ 3377.699969][T21914] total_pgpgout 2307718 [ 3377.704302][T21914] total_pgfault 1536177 [ 3377.709300][T21914] total_pgmajfault 2962 [ 3377.713608][T21914] total_inactive_anon 157777920 [ 3377.720486][T21914] total_active_anon 111034368 [ 3377.725292][T21914] total_inactive_file 0 [ 3377.730078][T21914] total_active_file 0 [ 3377.734189][T21914] total_unevictable 0 [ 3377.738763][T21914] anon_cost 0 [ 3377.742178][T21914] file_cost 0 [ 3377.745577][T21914] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21904,uid=0 [ 3377.762027][T21914] Memory cgroup out of memory: Killed process 21904 (syz-executor.4) total-vm:54508kB, anon-rss:424kB, file-rss:8192kB, shmem-rss:20096kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3377.890940][T21914] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3378.006189][T21914] CPU: 1 PID: 21914 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3378.014971][T21914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3378.025073][T21914] Call Trace: [ 3378.028392][T21914] [ 3378.031360][T21914] dump_stack_lvl+0x1e7/0x2e0 [ 3378.036099][T21914] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3378.041346][T21914] ? __pfx__printk+0x10/0x10 [ 3378.045983][T21914] ? ___ratelimit+0x4c4/0x670 [ 3378.050709][T21914] ? __pfx____ratelimit+0x10/0x10 [ 3378.055795][T21914] dump_header+0xda/0x6a0 [ 3378.060179][T21914] oom_kill_process+0x3a7/0x930 [ 3378.065088][T21914] ? trace_contention_end+0x3c/0x100 [ 3378.070501][T21914] out_of_memory+0xf67/0x1320 [ 3378.075198][T21914] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3378.080858][T21914] ? __pfx___mutex_lock+0x10/0x10 [ 3378.085909][T21914] ? __pfx_out_of_memory+0x10/0x10 [ 3378.091044][T21914] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3378.096610][T21914] ? __pfx_lock_release+0x10/0x10 [ 3378.101655][T21914] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3378.107743][T21914] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3378.112959][T21914] ? mem_cgroup_iter+0x422/0x560 [ 3378.117914][T21914] try_charge_memcg+0xda2/0x18a0 [ 3378.122891][T21914] ? __pfx_try_charge_memcg+0x10/0x10 [ 3378.128277][T21914] ? percpu_ref_tryget+0x14/0x180 [ 3378.133331][T21914] charge_memcg+0xa2/0x160 [ 3378.137780][T21914] __mem_cgroup_charge+0x27/0x80 [ 3378.142740][T21914] shmem_alloc_and_add_folio+0x393/0xde0 [ 3378.148393][T21914] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3378.154573][T21914] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3378.159805][T21914] ? lockdep_hardirqs_on+0x98/0x140 [ 3378.165019][T21914] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3378.170764][T21914] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3378.177022][T21914] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3378.183634][T21914] shmem_write_begin+0x170/0x4d0 [ 3378.188599][T21914] ? __pfx_shmem_write_begin+0x10/0x10 [ 3378.194082][T21914] ? fault_in_iov_iter_readable+0x236/0x280 [ 3378.200000][T21914] generic_perform_write+0x321/0x640 [ 3378.205305][T21914] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3378.211239][T21914] ? __pfx_generic_perform_write+0x10/0x10 [ 3378.217069][T21914] ? mnt_put_write_access_file+0xc2/0x100 [ 3378.222807][T21914] ? file_update_time+0x3ac/0x3e0 [ 3378.227851][T21914] shmem_file_write_iter+0xfc/0x120 [ 3378.233065][T21914] __kernel_write_iter+0x434/0x8c0 [ 3378.238204][T21914] ? __pfx___kernel_write_iter+0x10/0x10 [ 3378.243858][T21914] ? dump_user_range+0x562/0x910 [ 3378.248805][T21914] ? dump_user_range+0x583/0x910 [ 3378.253754][T21914] ? iov_iter_bvec+0x4e/0x1b0 [ 3378.258456][T21914] dump_user_range+0x46c/0x910 [ 3378.263244][T21914] ? __pfx_dump_user_range+0x10/0x10 [ 3378.268541][T21914] ? writenote+0x250/0x3b0 [ 3378.272977][T21914] ? kmalloc_trace+0x1d6/0x360 [ 3378.277751][T21914] ? elf_core_dump+0x2e01/0x4630 [ 3378.282712][T21914] ? dump_emit+0x99/0xd0 [ 3378.286997][T21914] elf_core_dump+0x3d5d/0x4630 [ 3378.291798][T21914] ? __pfx_elf_core_dump+0x10/0x10 [ 3378.296925][T21914] ? mark_lock+0x9a/0x350 [ 3378.301264][T21914] ? mas_next_slot+0xeb2/0xf90 [ 3378.306044][T21914] ? __lock_acquire+0x1345/0x1fd0 [ 3378.311126][T21914] ? rcu_read_lock_any_held+0xb7/0x160 [ 3378.316607][T21914] ? 0xffffffffff600000 [ 3378.320769][T21914] ? getname_kernel+0x140/0x2f0 [ 3378.325650][T21914] do_coredump+0x1baa/0x2b50 [ 3378.330262][T21914] ? get_signal+0xbe1/0x1850 [ 3378.334896][T21914] ? __pfx_do_coredump+0x10/0x10 [ 3378.339886][T21914] ? _raw_spin_unlock_irq+0x23/0x50 [ 3378.345104][T21914] ? lockdep_hardirqs_on+0x98/0x140 [ 3378.350320][T21914] get_signal+0x146a/0x1850 [ 3378.354859][T21914] ? __pfx_get_signal+0x10/0x10 [ 3378.359729][T21914] ? __pfx_force_sig_fault+0x10/0x10 [ 3378.365037][T21914] arch_do_signal_or_restart+0x96/0x860 [ 3378.370609][T21914] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3378.376800][T21914] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3378.382628][T21914] irqentry_exit_to_user_mode+0x78/0x280 [ 3378.388281][T21914] exc_page_fault+0x587/0x870 [ 3378.392995][T21914] asm_exc_page_fault+0x26/0x30 [ 3378.397866][T21914] RIP: 0033:0x7f8ab667ddb1 [ 3378.402294][T21914] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3378.422001][T21914] RSP: 002b:0000000000008100 EFLAGS: 00010217 [ 3378.428084][T21914] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3378.436070][T21914] RDX: 0000000000000000 RSI: 0000000000008100 RDI: 0000000000000000 [ 3378.444071][T21914] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3378.452071][T21914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3378.460065][T21914] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3378.468073][T21914] [ 3378.614676][T21914] memory: usage 307200kB, limit 307200kB, failcnt 262672 [ 3378.746447][T21914] memory+swap: usage 416544kB, limit 9007199254740988kB, failcnt 0 14:05:53 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8f01, 0x0, 0x0, 0x0) [ 3378.810944][T21914] kmem: usage 44764kB, limit 9007199254740988kB, failcnt 0 [ 3378.929668][T21914] Memory cgroup stats for /syz4: [ 3378.929838][T21914] cache 268066816 [ 3378.976602][T21914] rss 757760 [ 3378.979868][T21914] rss_huge 0 [ 3378.983101][T21914] shmem 268066816 [ 3379.059418][T21914] mapped_file 163172352 [ 3379.063636][T21914] dirty 0 [ 3379.085542][T21914] writeback 0 [ 3379.104712][T21914] workingset_refault_anon 5075 [ 3379.146091][T21914] workingset_refault_file 0 [ 3379.167225][T21914] swap 113102848 [ 3379.181376][T21914] swapcached 73728 [ 3379.204357][T21914] pgpgin 2376044 [ 3379.296433][T21914] pgpgout 2310396 [ 3379.336089][T21914] pgfault 1536747 [ 3379.349371][T21914] pgmajfault 2967 [ 3379.378757][T21914] inactive_anon 153387008 [ 3379.467409][T21914] active_anon 115503104 [ 3379.495496][T21914] inactive_file 0 [ 3379.529007][T21914] active_file 0 [ 3379.549709][T21914] unevictable 0 [ 3379.608063][T21914] hierarchical_memory_limit 314572800 [ 3379.616317][T21914] hierarchical_memsw_limit 9223372036854771712 [ 3379.622543][T21914] total_cache 268066816 [ 3379.706153][T21914] total_rss 757760 [ 3379.709948][T21914] total_rss_huge 0 [ 3379.713705][T21914] total_shmem 268066816 [ 3379.766327][T21914] total_mapped_file 163172352 [ 3379.816321][T21914] total_dirty 0 [ 3379.819855][T21914] total_writeback 0 [ 3379.823698][T21914] total_workingset_refault_anon 5075 [ 3379.926136][T21914] total_workingset_refault_file 0 [ 3379.931306][T21914] total_swap 113102848 [ 3379.946058][T21914] total_swapcached 73728 [ 3379.950383][T21914] total_pgpgin 2376044 [ 3380.007762][T21914] total_pgpgout 2310396 [ 3380.056325][T21914] total_pgfault 1536747 [ 3380.060547][T21914] total_pgmajfault 2967 [ 3380.140433][T21914] total_inactive_anon 153387008 [ 3380.186260][T21914] total_active_anon 115503104 [ 3380.191014][T21914] total_inactive_file 0 [ 3380.195201][T21914] total_active_file 0 [ 3380.236236][T21914] total_unevictable 0 [ 3380.240380][T21914] anon_cost 0 [ 3380.243692][T21914] file_cost 0 [ 3380.307538][T21914] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21907,uid=0 [ 3380.464781][T21914] Memory cgroup out of memory: Killed process 21907 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:19968kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3381.296147][T21025] Bluetooth: hci5: command 0x0406 tx timeout [ 3381.302238][T21025] Bluetooth: hci1: command 0x0406 tx timeout [ 3381.309523][ T8350] Bluetooth: hci0: command 0x0406 tx timeout [ 3381.315587][ T8350] Bluetooth: hci6: command 0x0406 tx timeout [ 3381.801318][T21921] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3381.993542][T21921] CPU: 0 PID: 21921 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3382.002292][T21921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3382.013077][T21921] Call Trace: [ 3382.016390][T21921] [ 3382.019346][T21921] dump_stack_lvl+0x1e7/0x2e0 [ 3382.024070][T21921] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3382.029398][T21921] ? __pfx__printk+0x10/0x10 [ 3382.034019][T21921] ? ___ratelimit+0x4c4/0x670 [ 3382.038758][T21921] ? __pfx____ratelimit+0x10/0x10 [ 3382.043824][T21921] dump_header+0xda/0x6a0 [ 3382.048200][T21921] oom_kill_process+0x3a7/0x930 [ 3382.053082][T21921] ? trace_contention_end+0x3c/0x100 [ 3382.058401][T21921] out_of_memory+0xf67/0x1320 [ 3382.063099][T21921] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3382.068750][T21921] ? __pfx___mutex_lock+0x10/0x10 [ 3382.073796][T21921] ? __pfx_out_of_memory+0x10/0x10 [ 3382.078937][T21921] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3382.084498][T21921] ? __pfx_lock_release+0x10/0x10 [ 3382.089576][T21921] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3382.095673][T21921] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3382.100892][T21921] ? mem_cgroup_iter+0x422/0x560 [ 3382.105861][T21921] try_charge_memcg+0xda2/0x18a0 [ 3382.110823][T21921] ? bpf_raw_tp_link_attach+0x348/0x6d0 [ 3382.116413][T21921] ? __pfx_try_charge_memcg+0x10/0x10 [ 3382.121976][T21921] ? percpu_ref_tryget+0x14/0x180 [ 3382.127039][T21921] charge_memcg+0xa2/0x160 [ 3382.131504][T21921] __mem_cgroup_charge+0x27/0x80 [ 3382.136466][T21921] shmem_alloc_and_add_folio+0x393/0xde0 [ 3382.142131][T21921] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3382.148313][T21921] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3382.153557][T21921] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3382.159223][T21921] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3382.165585][T21921] shmem_write_begin+0x170/0x4d0 [ 3382.170566][T21921] ? __pfx_shmem_write_begin+0x10/0x10 [ 3382.176042][T21921] ? fault_in_iov_iter_readable+0x236/0x280 [ 3382.181972][T21921] generic_perform_write+0x321/0x640 [ 3382.187290][T21921] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3382.193226][T21921] ? __pfx_generic_perform_write+0x10/0x10 [ 3382.199057][T21921] ? __pfx_generic_write_checks+0x10/0x10 [ 3382.204817][T21921] ? file_update_time+0x2a3/0x3e0 [ 3382.209893][T21921] shmem_file_write_iter+0xfc/0x120 [ 3382.215112][T21921] __kernel_write_iter+0x434/0x8c0 [ 3382.220271][T21921] ? __pfx___kernel_write_iter+0x10/0x10 [ 3382.225943][T21921] ? generic_file_llseek_size+0x34c/0x3b0 [ 3382.231697][T21921] ? iov_iter_bvec+0x4e/0x1b0 [ 3382.236405][T21921] dump_user_range+0x46c/0x910 [ 3382.241355][T21921] ? __pfx_dump_user_range+0x10/0x10 [ 3382.246748][T21921] ? writenote+0x250/0x3b0 [ 3382.251204][T21921] ? kmalloc_trace+0x1d6/0x360 [ 3382.256004][T21921] ? elf_core_dump+0x2e01/0x4630 [ 3382.260970][T21921] ? dump_emit+0x99/0xd0 [ 3382.265320][T21921] elf_core_dump+0x3d5d/0x4630 [ 3382.270131][T21921] ? __pfx_elf_core_dump+0x10/0x10 [ 3382.275283][T21921] ? mark_lock+0x9a/0x350 [ 3382.279648][T21921] ? mas_next_slot+0xeb2/0xf90 [ 3382.284430][T21921] ? __lock_acquire+0x1345/0x1fd0 [ 3382.289519][T21921] ? rcu_read_lock_any_held+0xb7/0x160 [ 3382.294998][T21921] ? 0xffffffffff600000 [ 3382.299164][T21921] ? getname_kernel+0x140/0x2f0 [ 3382.304039][T21921] do_coredump+0x1baa/0x2b50 [ 3382.308654][T21921] ? get_signal+0xbe1/0x1850 [ 3382.313295][T21921] ? __pfx_do_coredump+0x10/0x10 [ 3382.318285][T21921] ? _raw_spin_unlock_irq+0x23/0x50 [ 3382.323499][T21921] ? lockdep_hardirqs_on+0x98/0x140 [ 3382.328718][T21921] get_signal+0x146a/0x1850 [ 3382.333259][T21921] ? __pfx_get_signal+0x10/0x10 [ 3382.338129][T21921] ? __pfx_force_sig_fault+0x10/0x10 [ 3382.343440][T21921] arch_do_signal_or_restart+0x96/0x860 [ 3382.349029][T21921] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3382.355231][T21921] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3382.361097][T21921] irqentry_exit_to_user_mode+0x78/0x280 [ 3382.366765][T21921] exc_page_fault+0x587/0x870 [ 3382.371466][T21921] asm_exc_page_fault+0x26/0x30 [ 3382.376337][T21921] RIP: 0033:0x7f8ab667ddb1 [ 3382.380766][T21921] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3382.400387][T21921] RSP: 002b:0000000000008500 EFLAGS: 00010217 [ 3382.406477][T21921] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3382.414489][T21921] RDX: 0000000000000000 RSI: 0000000000008500 RDI: 0000000000000000 [ 3382.422742][T21921] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3382.430814][T21921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3382.438792][T21921] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3382.446788][T21921] [ 3382.603149][T21921] memory: usage 307200kB, limit 307200kB, failcnt 263997 [ 3382.610436][T21921] memory+swap: usage 417528kB, limit 9007199254740988kB, failcnt 0 [ 3382.618468][T21921] kmem: usage 44740kB, limit 9007199254740988kB, failcnt 0 [ 3382.625691][T21921] Memory cgroup stats for /syz4: [ 3382.625986][T21921] cache 267362304 [ 3382.635048][T21921] rss 823296 [ 3382.638404][T21921] rss_huge 0 [ 3382.641893][T21921] shmem 267362304 [ 3382.645634][T21921] mapped_file 153878528 [ 3382.650191][T21921] dirty 0 [ 3382.653258][T21921] writeback 0 [ 3382.656759][T21921] workingset_refault_anon 5075 [ 3382.661945][T21921] workingset_refault_file 0 [ 3382.736241][T21921] swap 113238016 [ 3382.854292][T21921] swapcached 61440 [ 3382.905979][T21921] pgpgin 2388952 [ 3382.909590][T21921] pgpgout 2323414 [ 3382.913347][T21921] pgfault 1542284 [ 3383.131235][T21921] pgmajfault 2967 [ 3383.134936][T21921] inactive_anon 184279040 [ 3383.217163][T21921] active_anon 83374080 [ 3383.221307][T21921] inactive_file 0 [ 3383.268132][T21921] active_file 0 [ 3383.271651][T21921] unevictable 0 [ 3383.275129][T21921] hierarchical_memory_limit 314572800 [ 3383.342011][T21921] hierarchical_memsw_limit 9223372036854771712 [ 3383.405910][T21921] total_cache 267362304 [ 3383.410137][T21921] total_rss 823296 [ 3383.413875][T21921] total_rss_huge 0 [ 3383.516531][T21921] total_shmem 267362304 [ 3383.520752][T21921] total_mapped_file 153878528 [ 3383.525474][T21921] total_dirty 0 [ 3383.637668][T21921] total_writeback 0 [ 3383.641541][T21921] total_workingset_refault_anon 5075 [ 3383.826204][T21921] total_workingset_refault_file 0 [ 3383.831330][T21921] total_swap 113238016 [ 3383.835422][T21921] total_swapcached 61440 [ 3384.015953][T21921] total_pgpgin 2388952 [ 3384.020101][T21921] total_pgpgout 2323414 [ 3384.024286][T21921] total_pgfault 1542284 [ 3384.166492][T21921] total_pgmajfault 2967 [ 3384.170708][T21921] total_inactive_anon 184279040 [ 3384.175582][T21921] total_active_anon 83374080 [ 3384.334555][T21921] total_inactive_file 0 [ 3384.376167][T21921] total_active_file 0 [ 3384.380228][T21921] total_unevictable 0 [ 3384.384241][T21921] anon_cost 0 [ 3384.606261][T21921] file_cost 0 [ 3384.609614][T21921] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21911,uid=0 14:05:58 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x8f03, 0x0, 0x0, 0x0) [ 3384.757891][T21921] Memory cgroup out of memory: Killed process 21911 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:12416kB, UID:0 pgtables:124kB oom_score_adj:1000 14:05:59 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x9100, 0x0, 0x0, 0x0) 14:06:01 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x9302, 0x0, 0x0, 0x0) [ 3387.611249][T21901] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3387.948945][T21020] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 3387.965067][T21020] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 3387.981200][T21020] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 3388.016397][T21020] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 3388.036572][T21020] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 3388.046147][T21020] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 3388.574196][T21901] CPU: 0 PID: 21901 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3388.582968][T21901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3388.593070][T21901] Call Trace: [ 3388.596389][T21901] [ 3388.599352][T21901] dump_stack_lvl+0x1e7/0x2e0 [ 3388.604080][T21901] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3388.609327][T21901] ? __pfx__printk+0x10/0x10 [ 3388.613982][T21901] ? ___ratelimit+0x4c4/0x670 [ 3388.618702][T21901] ? __pfx____ratelimit+0x10/0x10 [ 3388.623780][T21901] dump_header+0xda/0x6a0 [ 3388.628159][T21901] oom_kill_process+0x3a7/0x930 [ 3388.633048][T21901] ? trace_contention_end+0x3c/0x100 [ 3388.638378][T21901] out_of_memory+0xf67/0x1320 [ 3388.643099][T21901] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3388.648797][T21901] ? __pfx___mutex_lock+0x10/0x10 [ 3388.653871][T21901] ? __pfx_out_of_memory+0x10/0x10 [ 3388.659030][T21901] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3388.664595][T21901] ? __pfx_lock_release+0x10/0x10 [ 3388.669641][T21901] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3388.675733][T21901] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3388.680954][T21901] ? mem_cgroup_iter+0x422/0x560 [ 3388.685912][T21901] try_charge_memcg+0xda2/0x18a0 [ 3388.690888][T21901] ? __pfx_try_charge_memcg+0x10/0x10 [ 3388.696278][T21901] ? percpu_ref_tryget+0x14/0x180 [ 3388.701340][T21901] charge_memcg+0xa2/0x160 [ 3388.705780][T21901] __mem_cgroup_charge+0x27/0x80 [ 3388.710740][T21901] shmem_alloc_and_add_folio+0x393/0xde0 [ 3388.716397][T21901] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3388.722572][T21901] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3388.727894][T21901] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3388.733545][T21901] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3388.739901][T21901] shmem_write_begin+0x170/0x4d0 [ 3388.744867][T21901] ? __pfx_shmem_write_begin+0x10/0x10 [ 3388.750351][T21901] ? fault_in_iov_iter_readable+0x236/0x280 [ 3388.756272][T21901] generic_perform_write+0x321/0x640 [ 3388.761585][T21901] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3388.767506][T21901] ? __pfx_generic_perform_write+0x10/0x10 [ 3388.773332][T21901] ? __pfx_generic_write_checks+0x10/0x10 [ 3388.779068][T21901] ? file_update_time+0x2a3/0x3e0 [ 3388.784119][T21901] shmem_file_write_iter+0xfc/0x120 [ 3388.789334][T21901] __kernel_write_iter+0x434/0x8c0 [ 3388.794483][T21901] ? __pfx___kernel_write_iter+0x10/0x10 [ 3388.800140][T21901] ? dump_user_range+0x18e/0x910 [ 3388.805088][T21901] ? dump_user_range+0x201/0x910 [ 3388.810047][T21901] ? iov_iter_bvec+0x4e/0x1b0 [ 3388.814743][T21901] dump_user_range+0x46c/0x910 [ 3388.819541][T21901] ? __pfx_dump_user_range+0x10/0x10 [ 3388.824838][T21901] ? writenote+0x250/0x3b0 [ 3388.829379][T21901] ? kmalloc_trace+0x1d6/0x360 [ 3388.834158][T21901] ? elf_core_dump+0x2e01/0x4630 [ 3388.839116][T21901] ? dump_emit+0x99/0xd0 [ 3388.843374][T21901] elf_core_dump+0x3d5d/0x4630 [ 3388.848173][T21901] ? __pfx_elf_core_dump+0x10/0x10 [ 3388.853299][T21901] ? mark_lock+0x9a/0x350 [ 3388.857637][T21901] ? mas_next_slot+0xeb2/0xf90 [ 3388.862419][T21901] ? __lock_acquire+0x1345/0x1fd0 [ 3388.867506][T21901] ? rcu_read_lock_any_held+0xb7/0x160 [ 3388.873012][T21901] ? 0xffffffffff600000 [ 3388.877178][T21901] ? getname_kernel+0x140/0x2f0 [ 3388.882051][T21901] do_coredump+0x1baa/0x2b50 [ 3388.886665][T21901] ? get_signal+0xbe1/0x1850 [ 3388.891305][T21901] ? __pfx_do_coredump+0x10/0x10 [ 3388.896299][T21901] ? _raw_spin_unlock_irq+0x23/0x50 [ 3388.901513][T21901] ? lockdep_hardirqs_on+0x98/0x140 [ 3388.906729][T21901] get_signal+0x146a/0x1850 [ 3388.911272][T21901] ? __pfx_get_signal+0x10/0x10 [ 3388.916147][T21901] ? __pfx_force_sig_fault+0x10/0x10 [ 3388.921588][T21901] arch_do_signal_or_restart+0x96/0x860 [ 3388.927185][T21901] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3388.933393][T21901] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3388.939232][T21901] irqentry_exit_to_user_mode+0x78/0x280 [ 3388.944887][T21901] exc_page_fault+0x587/0x870 [ 3388.949601][T21901] asm_exc_page_fault+0x26/0x30 [ 3388.954476][T21901] RIP: 0033:0x7f8ab667ddb1 [ 3388.958907][T21901] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3388.978630][T21901] RSP: 002b:0000000000007d00 EFLAGS: 00010217 [ 3388.984712][T21901] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3388.992697][T21901] RDX: 0000000000000000 RSI: 0000000000007d00 RDI: 0000000000000000 [ 3389.000767][T21901] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3389.008751][T21901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3389.016734][T21901] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3389.024817][T21901] [ 3389.182274][T21018] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 3389.191958][T21018] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 3389.200983][T21018] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 3389.209965][T21018] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 3389.220205][T21018] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 3389.227887][T21018] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 3389.466483][ T1240] ieee802154 phy0 wpan0: encryption failed: -22 [ 3389.472876][ T1240] ieee802154 phy1 wpan1: encryption failed: -22 [ 3389.666290][T21901] memory: usage 298196kB, limit 307200kB, failcnt 266624 [ 3389.673409][T21901] memory+swap: usage 407760kB, limit 9007199254740988kB, failcnt 0 [ 3389.971129][T21901] kmem: usage 44556kB, limit 9007199254740988kB, failcnt 0 [ 3390.137061][T21901] Memory cgroup stats for /syz4: [ 3390.137241][T21901] cache 264830976 [ 3390.167140][T21020] Bluetooth: hci9: command 0x0409 tx timeout [ 3390.258811][T21018] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 3390.268941][T21018] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 3390.278351][T21018] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 3390.286855][T21018] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 3390.294684][T21018] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 3390.302582][T21018] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 3390.445917][T21901] rss 618496 [ 3390.449194][T21901] rss_huge 0 [ 3390.452427][T21901] shmem 264830976 [ 3390.626139][T21901] mapped_file 122810368 [ 3390.630361][T21901] dirty 0 [ 3390.633319][T21901] writeback 0 [ 3390.786128][T21901] workingset_refault_anon 5109 [ 3390.790961][T21901] workingset_refault_file 0 [ 3390.795486][T21901] swap 111661056 [ 3390.965972][T21901] swapcached 57344 [ 3390.969837][T21901] pgpgin 2416783 [ 3391.016407][T21901] pgpgout 2351963 [ 3391.117754][T21901] pgfault 1552854 [ 3391.121449][T21901] pgmajfault 2979 [ 3391.125106][T21901] inactive_anon 138567680 [ 3391.297849][T21020] Bluetooth: hci10: command 0x0409 tx timeout [ 3391.475902][T21901] active_anon 123662336 [ 3391.480134][T21901] inactive_file 0 [ 3391.483795][T21901] active_file 0 [ 3391.645721][T21018] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 3391.656271][T21018] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 3391.664619][T21018] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 3391.673534][T21018] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 3391.684075][T21018] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 3391.692053][T21018] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 3391.787749][T21901] unevictable 0 [ 3391.791275][T21901] hierarchical_memory_limit 314572800 [ 3391.946272][T21901] hierarchical_memsw_limit 9223372036854771712 [ 3392.056009][T21901] total_cache 264830976 [ 3392.060231][T21901] total_rss 618496 [ 3392.063981][T21901] total_rss_huge 0 [ 3392.256781][T21020] Bluetooth: hci9: command 0x041b tx timeout [ 3392.263064][T21901] total_shmem 264830976 [ 3392.386489][T21901] total_mapped_file 122810368 [ 3392.391245][T21901] total_dirty 0 [ 3392.394739][T21901] total_writeback 0 [ 3392.406274][T21020] Bluetooth: hci11: command 0x0409 tx timeout [ 3392.666109][T21901] total_workingset_refault_anon 5109 [ 3392.671480][T21901] total_workingset_refault_file 0 [ 3392.896097][T21901] total_swap 111661056 [ 3392.900241][T21901] total_swapcached 57344 [ 3392.904522][T21901] total_pgpgin 2416783 [ 3393.059032][T21901] total_pgpgout 2351963 [ 3393.126321][T21901] total_pgfault 1552854 [ 3393.130541][T21901] total_pgmajfault 2979 [ 3393.134723][T21901] total_inactive_anon 138567680 [ 3393.333352][T21901] total_active_anon 123662336 [ 3393.366201][T21020] Bluetooth: hci10: command 0x041b tx timeout [ 3393.501583][T21901] total_inactive_file 0 [ 3393.505827][T21901] total_active_file 0 [ 3393.580303][T21901] total_unevictable 0 [ 3393.584344][T21901] anon_cost 0 [ 3393.752734][T21901] file_cost 0 [ 3393.766450][T21020] Bluetooth: hci12: command 0x0409 tx timeout [ 3393.797249][T21901] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21925,uid=0 [ 3394.049433][T21901] Memory cgroup out of memory: Killed process 21925 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:8960kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 3394.315605][T21921] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3394.327219][T21020] Bluetooth: hci9: command 0x040f tx timeout [ 3394.496062][T21020] Bluetooth: hci11: command 0x041b tx timeout [ 3394.535986][T21921] CPU: 1 PID: 21921 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3394.544824][T21921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3394.555001][T21921] Call Trace: [ 3394.558309][T21921] [ 3394.561274][T21921] dump_stack_lvl+0x1e7/0x2e0 [ 3394.566005][T21921] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3394.571257][T21921] ? __pfx__printk+0x10/0x10 [ 3394.575889][T21921] ? ___ratelimit+0x4c4/0x670 [ 3394.580628][T21921] ? __pfx____ratelimit+0x10/0x10 [ 3394.585702][T21921] dump_header+0xda/0x6a0 [ 3394.590086][T21921] oom_kill_process+0x3a7/0x930 [ 3394.595511][T21921] out_of_memory+0xf67/0x1320 [ 3394.600234][T21921] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3394.605895][T21921] ? __pfx___mutex_lock+0x10/0x10 [ 3394.610945][T21921] ? __pfx_out_of_memory+0x10/0x10 [ 3394.616080][T21921] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3394.621640][T21921] ? __pfx_lock_release+0x10/0x10 [ 3394.626683][T21921] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3394.632773][T21921] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3394.637986][T21921] ? mem_cgroup_iter+0x422/0x560 [ 3394.642942][T21921] try_charge_memcg+0xda2/0x18a0 [ 3394.647909][T21921] ? bpf_raw_tp_link_attach+0x348/0x6d0 [ 3394.653485][T21921] ? __pfx_try_charge_memcg+0x10/0x10 [ 3394.658872][T21921] ? percpu_ref_tryget+0x14/0x180 [ 3394.663931][T21921] charge_memcg+0xa2/0x160 [ 3394.668378][T21921] __mem_cgroup_charge+0x27/0x80 [ 3394.673335][T21921] shmem_alloc_and_add_folio+0x393/0xde0 [ 3394.678992][T21921] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3394.685172][T21921] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3394.690427][T21921] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3394.696086][T21921] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3394.702440][T21921] shmem_write_begin+0x170/0x4d0 [ 3394.707401][T21921] ? __pfx_shmem_write_begin+0x10/0x10 [ 3394.712882][T21921] ? fault_in_iov_iter_readable+0x236/0x280 [ 3394.718799][T21921] generic_perform_write+0x321/0x640 [ 3394.724369][T21921] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3394.730291][T21921] ? __pfx_generic_perform_write+0x10/0x10 [ 3394.736123][T21921] ? __pfx_generic_write_checks+0x10/0x10 [ 3394.741857][T21921] ? file_update_time+0x2a3/0x3e0 [ 3394.746899][T21921] shmem_file_write_iter+0xfc/0x120 [ 3394.752109][T21921] __kernel_write_iter+0x434/0x8c0 [ 3394.757253][T21921] ? __pfx___kernel_write_iter+0x10/0x10 [ 3394.762906][T21921] ? generic_file_llseek_size+0x34c/0x3b0 [ 3394.768647][T21921] ? iov_iter_bvec+0x4e/0x1b0 [ 3394.773348][T21921] dump_user_range+0x46c/0x910 [ 3394.778141][T21921] ? __pfx_dump_user_range+0x10/0x10 [ 3394.783445][T21921] ? writenote+0x250/0x3b0 [ 3394.787881][T21921] ? kmalloc_trace+0x1d6/0x360 [ 3394.792654][T21921] ? elf_core_dump+0x2e01/0x4630 [ 3394.797688][T21921] ? dump_emit+0x99/0xd0 [ 3394.801939][T21921] elf_core_dump+0x3d5d/0x4630 [ 3394.806738][T21921] ? __pfx_elf_core_dump+0x10/0x10 [ 3394.811863][T21921] ? mark_lock+0x9a/0x350 [ 3394.816218][T21921] ? mas_next_slot+0xeb2/0xf90 [ 3394.821000][T21921] ? __lock_acquire+0x1345/0x1fd0 [ 3394.826081][T21921] ? rcu_read_lock_any_held+0xb7/0x160 [ 3394.831562][T21921] ? 0xffffffffff600000 [ 3394.835727][T21921] ? getname_kernel+0x140/0x2f0 [ 3394.840599][T21921] do_coredump+0x1baa/0x2b50 [ 3394.845207][T21921] ? get_signal+0xbe1/0x1850 [ 3394.849886][T21921] ? __pfx_do_coredump+0x10/0x10 [ 3394.854877][T21921] ? _raw_spin_unlock_irq+0x23/0x50 [ 3394.860092][T21921] ? lockdep_hardirqs_on+0x98/0x140 [ 3394.865308][T21921] get_signal+0x146a/0x1850 [ 3394.869850][T21921] ? __pfx_get_signal+0x10/0x10 [ 3394.874719][T21921] ? __pfx_force_sig_fault+0x10/0x10 [ 3394.880060][T21921] arch_do_signal_or_restart+0x96/0x860 [ 3394.885636][T21921] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3394.891823][T21921] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3394.897651][T21921] irqentry_exit_to_user_mode+0x78/0x280 [ 3394.903302][T21921] exc_page_fault+0x587/0x870 [ 3394.908005][T21921] asm_exc_page_fault+0x26/0x30 [ 3394.912873][T21921] RIP: 0033:0x7f8ab667ddb1 [ 3394.917298][T21921] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3394.936915][T21921] RSP: 002b:0000000000008500 EFLAGS: 00010217 [ 3394.942992][T21921] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3394.951061][T21921] RDX: 0000000000000000 RSI: 0000000000008500 RDI: 0000000000000000 [ 3394.959063][T21921] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3394.967057][T21921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3394.975066][T21921] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3394.983078][T21921] [ 3395.058649][T21921] memory: usage 307200kB, limit 307200kB, failcnt 269098 [ 3395.065754][T21921] memory+swap: usage 417512kB, limit 9007199254740988kB, failcnt 0 [ 3395.157117][T21921] kmem: usage 44612kB, limit 9007199254740988kB, failcnt 0 [ 3395.164399][T21921] Memory cgroup stats for /syz4: [ 3395.164576][T21921] cache 267825152 [ 3395.196245][T21921] rss 430080 [ 3395.206925][T21921] rss_huge 0 [ 3395.210217][T21921] shmem 267825152 [ 3395.213888][T21921] mapped_file 78954496 [ 3395.246028][T21921] dirty 0 [ 3395.249025][T21921] writeback 0 [ 3395.252330][T21921] workingset_refault_anon 5263 [ 3395.295919][T21921] workingset_refault_file 0 [ 3395.300510][T21921] swap 109043712 [ 3395.304078][T21921] swapcached 188416 [ 3395.356899][T21921] pgpgin 2441215 [ 3395.360518][T21921] pgpgout 2375678 [ 3395.364171][T21921] pgfault 1561549 [ 3395.399859][T21921] pgmajfault 3051 [ 3395.416290][T21921] inactive_anon 158760960 [ 3395.420696][T21921] active_anon 109588480 [ 3395.424891][T21921] inactive_file 0 [ 3395.450256][T21020] Bluetooth: hci10: command 0x040f tx timeout [ 3395.496252][T21921] active_file 0 [ 3395.499794][T21921] unevictable 0 [ 3395.503283][T21921] hierarchical_memory_limit 314572800 [ 3395.605916][T21921] hierarchical_memsw_limit 9223372036854771712 [ 3395.612260][T21921] total_cache 267825152 [ 3395.646436][T21921] total_rss 430080 [ 3395.650218][T21921] total_rss_huge 0 [ 3395.653959][T21921] total_shmem 267825152 [ 3395.685990][T21921] total_mapped_file 78954496 [ 3395.698180][T21921] total_dirty 0 [ 3395.701702][T21921] total_writeback 0 [ 3395.705528][T21921] total_workingset_refault_anon 5263 [ 3395.736230][T21921] total_workingset_refault_file 0 [ 3395.741334][T21921] total_swap 109043712 [ 3395.745431][T21921] total_swapcached 188416 [ 3395.786519][T21921] total_pgpgin 2441215 [ 3395.790727][T21921] total_pgpgout 2375678 [ 3395.796621][T21921] total_pgfault 1561549 [ 3395.800915][T21921] total_pgmajfault 3051 [ 3395.805098][T21921] total_inactive_anon 158760960 [ 3395.846863][T21020] Bluetooth: hci12: command 0x041b tx timeout [ 3395.856563][T21921] total_active_anon 109588480 [ 3395.861294][T21921] total_inactive_file 0 [ 3395.865478][T21921] total_active_file 0 [ 3395.883832][T21921] total_unevictable 0 [ 3395.897873][T21921] anon_cost 0 [ 3395.901219][T21921] file_cost 0 [ 3395.904525][T21921] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21928,uid=0 [ 3395.920905][T21921] Memory cgroup out of memory: Killed process 21928 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:9984kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3396.406544][T21020] Bluetooth: hci9: command 0x0419 tx timeout [ 3396.566024][T21020] Bluetooth: hci11: command 0x040f tx timeout 14:06:11 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x9500, 0x0, 0x0, 0x0) [ 3397.534305][T21020] Bluetooth: hci10: command 0x0419 tx timeout [ 3397.926007][T21020] Bluetooth: hci12: command 0x040f tx timeout [ 3398.009098][ T30] oom_reaper: reaped process 21928 (syz-executor.4), now anon-rss:28kB, file-rss:8192kB, shmem-rss:7680kB [ 3398.041414][T21946] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3398.051827][T21946] CPU: 0 PID: 21946 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3398.060542][T21946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3398.070635][T21946] Call Trace: [ 3398.073958][T21946] [ 3398.076917][T21946] dump_stack_lvl+0x1e7/0x2e0 [ 3398.081624][T21946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3398.086849][T21946] ? __pfx__printk+0x10/0x10 [ 3398.091455][T21946] ? ___ratelimit+0x4c4/0x670 [ 3398.096170][T21946] ? __pfx____ratelimit+0x10/0x10 [ 3398.101217][T21946] dump_header+0xda/0x6a0 [ 3398.105569][T21946] oom_kill_process+0x3a7/0x930 [ 3398.110438][T21946] ? trace_contention_end+0x3c/0x100 [ 3398.115740][T21946] out_of_memory+0xf67/0x1320 [ 3398.120443][T21946] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3398.126093][T21946] ? __pfx___mutex_lock+0x10/0x10 [ 3398.131138][T21946] ? __pfx_out_of_memory+0x10/0x10 [ 3398.136289][T21946] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3398.141853][T21946] ? __pfx_lock_release+0x10/0x10 [ 3398.146900][T21946] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3398.152984][T21946] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3398.158196][T21946] ? mem_cgroup_iter+0x422/0x560 [ 3398.163156][T21946] try_charge_memcg+0xda2/0x18a0 [ 3398.168134][T21946] ? __pfx_try_charge_memcg+0x10/0x10 [ 3398.173523][T21946] ? percpu_ref_tryget+0x14/0x180 [ 3398.178581][T21946] charge_memcg+0xa2/0x160 [ 3398.183020][T21946] __mem_cgroup_charge+0x27/0x80 [ 3398.187985][T21946] shmem_alloc_and_add_folio+0x393/0xde0 [ 3398.193647][T21946] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3398.199824][T21946] ? filemap_map_pages+0x1248/0x1830 [ 3398.205131][T21946] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3398.210374][T21946] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3398.216036][T21946] shmem_fault+0x254/0x6f0 [ 3398.220927][T21946] ? __pfx_shmem_fault+0x10/0x10 [ 3398.225902][T21946] ? __pfx_lock_release+0x10/0x10 [ 3398.230974][T21946] ? pte_offset_map_nolock+0x137/0x1f0 [ 3398.236483][T21946] __do_fault+0x135/0x460 [ 3398.240836][T21946] ? __pfx_filemap_map_pages+0x10/0x10 [ 3398.246337][T21946] ? __handle_mm_fault+0x31c8/0x72d0 [ 3398.251647][T21946] __handle_mm_fault+0x49e6/0x72d0 [ 3398.256807][T21946] ? __pfx___handle_mm_fault+0x10/0x10 [ 3398.262293][T21946] ? follow_page_pte+0x28e/0x1910 [ 3398.267340][T21946] ? follow_page_pte+0x760/0x1910 [ 3398.272384][T21946] ? __pfx_lock_release+0x10/0x10 [ 3398.277434][T21946] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3398.282662][T21946] ? follow_page_pte+0x7f2/0x1910 [ 3398.287717][T21946] ? mt_find+0x62d/0x850 [ 3398.292009][T21946] handle_mm_fault+0x3c1/0x8a0 [ 3398.296800][T21946] __get_user_pages+0x6bd/0x1600 [ 3398.301767][T21946] ? get_dump_page+0xe1/0x2f0 [ 3398.306462][T21946] ? __pfx___get_user_pages+0x10/0x10 [ 3398.311861][T21946] ? __kernel_write_iter+0x632/0x8c0 [ 3398.317174][T21946] get_dump_page+0x154/0x2f0 [ 3398.321781][T21946] ? __pfx___kernel_write_iter+0x10/0x10 [ 3398.327432][T21946] ? __pfx_get_dump_page+0x10/0x10 [ 3398.332563][T21946] ? dump_user_range+0x583/0x910 [ 3398.337515][T21946] ? dump_user_range+0x597/0x910 [ 3398.342470][T21946] ? iov_iter_bvec+0x4e/0x1b0 [ 3398.347185][T21946] dump_user_range+0x126/0x910 [ 3398.351982][T21946] ? __pfx_dump_user_range+0x10/0x10 [ 3398.357287][T21946] ? writenote+0x250/0x3b0 [ 3398.361745][T21946] ? kmalloc_trace+0x1d6/0x360 [ 3398.366535][T21946] ? elf_core_dump+0x2e01/0x4630 [ 3398.371491][T21946] ? dump_emit+0x99/0xd0 [ 3398.375768][T21946] elf_core_dump+0x3d5d/0x4630 [ 3398.380677][T21946] ? __pfx_elf_core_dump+0x10/0x10 [ 3398.385815][T21946] ? mark_lock+0x9a/0x350 [ 3398.390176][T21946] ? mas_next_slot+0xeb2/0xf90 [ 3398.394988][T21946] ? __lock_acquire+0x1345/0x1fd0 [ 3398.400097][T21946] ? rcu_read_lock_any_held+0xb7/0x160 [ 3398.405617][T21946] ? 0xffffffffff600000 [ 3398.409796][T21946] ? getname_kernel+0x140/0x2f0 [ 3398.414764][T21946] do_coredump+0x1baa/0x2b50 [ 3398.419387][T21946] ? get_signal+0xbe1/0x1850 [ 3398.424023][T21946] ? __pfx_do_coredump+0x10/0x10 [ 3398.429019][T21946] ? _raw_spin_unlock_irq+0x23/0x50 [ 3398.434237][T21946] ? lockdep_hardirqs_on+0x98/0x140 [ 3398.439458][T21946] get_signal+0x146a/0x1850 [ 3398.444009][T21946] ? __pfx_get_signal+0x10/0x10 [ 3398.448881][T21946] ? __pfx_force_sig_fault+0x10/0x10 [ 3398.454194][T21946] arch_do_signal_or_restart+0x96/0x860 [ 3398.459764][T21946] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3398.465950][T21946] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3398.471805][T21946] irqentry_exit_to_user_mode+0x78/0x280 [ 3398.477453][T21946] exc_page_fault+0x587/0x870 [ 3398.482153][T21946] asm_exc_page_fault+0x26/0x30 [ 3398.487043][T21946] RIP: 0033:0x7f8ab667ddb1 [ 3398.491472][T21946] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3398.511099][T21946] RSP: 002b:0000000000008b00 EFLAGS: 00010217 [ 3398.517185][T21946] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3398.525260][T21946] RDX: 0000000000000000 RSI: 0000000000008b00 RDI: 0000000000000000 [ 3398.533241][T21946] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3398.541223][T21946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3398.549204][T21946] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3398.557196][T21946] [ 3398.605937][T21946] memory: usage 307200kB, limit 307200kB, failcnt 271148 [ 3398.613046][T21946] memory+swap: usage 417680kB, limit 9007199254740988kB, failcnt 0 [ 3398.646173][T21020] Bluetooth: hci11: command 0x0419 tx timeout [ 3398.693317][T21946] kmem: usage 44360kB, limit 9007199254740988kB, failcnt 0 [ 3398.701045][T21946] Memory cgroup stats for /syz4: [ 3398.701207][T21946] cache 268410880 [ 3398.710743][T21946] rss 352256 [ 3398.713978][T21946] rss_huge 0 [ 3398.717801][T21946] shmem 268410880 [ 3398.721472][T21946] mapped_file 79564800 [ 3398.725563][T21946] dirty 0 [ 3398.729194][T21946] writeback 0 [ 3398.732509][T21946] workingset_refault_anon 5266 [ 3398.737791][T21946] workingset_refault_file 0 [ 3398.742323][T21946] swap 113131520 [ 3398.746598][T21946] swapcached 69632 [ 3398.750351][T21946] pgpgin 2452021 [ 3398.753913][T21946] pgpgout 2386344 [ 3398.758260][T21946] pgfault 1564830 [ 3398.761919][T21946] pgmajfault 3054 [ 3398.765572][T21946] inactive_anon 103149568 [ 3398.770908][T21946] active_anon 165339136 [ 3398.775101][T21946] inactive_file 0 [ 3398.795900][T21946] active_file 0 [ 3398.799547][T21946] unevictable 0 [ 3398.803036][T21946] hierarchical_memory_limit 314572800 [ 3398.855921][T21946] hierarchical_memsw_limit 9223372036854771712 [ 3398.862158][T21946] total_cache 268410880 [ 3398.915991][T21946] total_rss 352256 [ 3398.919805][T21946] total_rss_huge 0 [ 3398.923544][T21946] total_shmem 268410880 [ 3398.983406][T21946] total_mapped_file 79564800 [ 3399.014546][T21946] total_dirty 0 [ 3399.036668][T21946] total_writeback 0 [ 3399.040537][T21946] total_workingset_refault_anon 5266 [ 3399.081372][T21946] total_workingset_refault_file 0 [ 3399.101587][T21946] total_swap 113131520 [ 3399.105737][T21946] total_swapcached 69632 [ 3399.138140][T21946] total_pgpgin 2452021 [ 3399.142633][T21946] total_pgpgout 2386344 [ 3399.158141][T21946] total_pgfault 1564830 [ 3399.162352][T21946] total_pgmajfault 3054 [ 3399.177032][T21946] total_inactive_anon 103149568 [ 3399.182196][T21946] total_active_anon 165339136 [ 3399.193095][T21946] total_inactive_file 0 [ 3399.206197][T21946] total_active_file 0 [ 3399.210242][T21946] total_unevictable 0 [ 3399.225616][T21946] anon_cost 0 [ 3399.230231][T21946] file_cost 0 [ 3399.233559][T21946] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21967,uid=0 [ 3399.275975][T21946] Memory cgroup out of memory: Killed process 21967 (syz-executor.4) total-vm:54508kB, anon-rss:524kB, file-rss:8192kB, shmem-rss:10624kB, UID:0 pgtables:100kB oom_score_adj:1000 [ 3400.006165][T21020] Bluetooth: hci12: command 0x0419 tx timeout 14:06:14 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x9501, 0x0, 0x0, 0x0) 14:06:15 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x9503, 0x0, 0x0, 0x0) 14:06:16 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x9700, 0x0, 0x0, 0x0) 14:06:17 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x9703, 0x0, 0x0, 0x0) 14:06:18 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x9902, 0x0, 0x0, 0x0) 14:06:18 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x9903, 0x0, 0x0, 0x0) 14:06:19 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x9d00, 0x0, 0x0, 0x0) 14:06:20 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x9d02, 0x0, 0x0, 0x0) 14:06:21 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0x9f03, 0x0, 0x0, 0x0) 14:06:22 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xa103, 0x0, 0x0, 0x0) 14:06:24 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xa502, 0x0, 0x0, 0x0) 14:06:24 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xa503, 0x0, 0x0, 0x0) 14:06:26 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xa603, 0x0, 0x0, 0x0) 14:06:27 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xa702, 0x0, 0x0, 0x0) 14:06:28 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xa903, 0x0, 0x0, 0x0) [ 3414.881952][T22037] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3415.080280][T22037] CPU: 1 PID: 22037 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3415.089030][T22037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3415.099144][T22037] Call Trace: [ 3415.102458][T22037] [ 3415.105423][T22037] dump_stack_lvl+0x1e7/0x2e0 [ 3415.110165][T22037] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3415.115409][T22037] ? __pfx__printk+0x10/0x10 [ 3415.120056][T22037] ? ___ratelimit+0x4c4/0x670 [ 3415.124786][T22037] ? __pfx____ratelimit+0x10/0x10 [ 3415.129881][T22037] dump_header+0xda/0x6a0 [ 3415.134265][T22037] oom_kill_process+0x3a7/0x930 [ 3415.139176][T22037] ? trace_contention_end+0x3c/0x100 [ 3415.144588][T22037] out_of_memory+0xf67/0x1320 [ 3415.149336][T22037] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3415.155027][T22037] ? __pfx___mutex_lock+0x10/0x10 [ 3415.160117][T22037] ? __pfx_out_of_memory+0x10/0x10 [ 3415.165289][T22037] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3415.170877][T22037] ? __pfx_lock_release+0x10/0x10 [ 3415.175961][T22037] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3415.182083][T22037] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3415.187343][T22037] ? mem_cgroup_iter+0x422/0x560 [ 3415.192338][T22037] try_charge_memcg+0xda2/0x18a0 [ 3415.197364][T22037] ? __pfx_try_charge_memcg+0x10/0x10 [ 3415.202782][T22037] ? percpu_ref_tryget+0x14/0x180 [ 3415.207881][T22037] charge_memcg+0xa2/0x160 [ 3415.212521][T22037] __mem_cgroup_charge+0x27/0x80 [ 3415.217510][T22037] shmem_alloc_and_add_folio+0x393/0xde0 [ 3415.223461][T22037] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3415.229674][T22037] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3415.234954][T22037] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3415.240637][T22037] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3415.247116][T22037] shmem_write_begin+0x170/0x4d0 [ 3415.252114][T22037] ? __pfx_shmem_write_begin+0x10/0x10 [ 3415.257646][T22037] ? fault_in_iov_iter_readable+0x236/0x280 [ 3415.263592][T22037] generic_perform_write+0x321/0x640 [ 3415.268921][T22037] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3415.274874][T22037] ? __pfx_generic_perform_write+0x10/0x10 [ 3415.280733][T22037] ? __pfx_generic_write_checks+0x10/0x10 [ 3415.286496][T22037] ? file_update_time+0x2a3/0x3e0 [ 3415.291563][T22037] shmem_file_write_iter+0xfc/0x120 [ 3415.296807][T22037] __kernel_write_iter+0x434/0x8c0 [ 3415.301978][T22037] ? __pfx___kernel_write_iter+0x10/0x10 [ 3415.307665][T22037] ? generic_file_llseek_size+0x34c/0x3b0 [ 3415.313447][T22037] ? iov_iter_bvec+0x4e/0x1b0 [ 3415.318170][T22037] dump_user_range+0x46c/0x910 [ 3415.322990][T22037] ? __pfx_dump_user_range+0x10/0x10 [ 3415.328314][T22037] ? writenote+0x250/0x3b0 [ 3415.332784][T22037] ? kmalloc_trace+0x1d6/0x360 [ 3415.337691][T22037] ? elf_core_dump+0x2e01/0x4630 [ 3415.342678][T22037] ? dump_emit+0x99/0xd0 [ 3415.346962][T22037] elf_core_dump+0x3d5d/0x4630 [ 3415.351808][T22037] ? __pfx_elf_core_dump+0x10/0x10 [ 3415.356966][T22037] ? mark_lock+0x9a/0x350 [ 3415.361331][T22037] ? mas_next_slot+0xeb2/0xf90 [ 3415.366148][T22037] ? __lock_acquire+0x1345/0x1fd0 [ 3415.371315][T22037] ? rcu_read_lock_any_held+0xb7/0x160 [ 3415.376858][T22037] ? 0xffffffffff600000 [ 3415.381058][T22037] ? getname_kernel+0x140/0x2f0 [ 3415.385990][T22037] do_coredump+0x1baa/0x2b50 [ 3415.390640][T22037] ? get_signal+0xbe1/0x1850 [ 3415.395318][T22037] ? __pfx_do_coredump+0x10/0x10 [ 3415.400359][T22037] ? _raw_spin_unlock_irq+0x23/0x50 [ 3415.405615][T22037] ? lockdep_hardirqs_on+0x98/0x140 [ 3415.410863][T22037] get_signal+0x146a/0x1850 [ 3415.415432][T22037] ? __pfx_get_signal+0x10/0x10 [ 3415.420330][T22037] ? __pfx_force_sig_fault+0x10/0x10 [ 3415.425668][T22037] arch_do_signal_or_restart+0x96/0x860 [ 3415.431349][T22037] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3415.437569][T22037] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3415.443516][T22037] irqentry_exit_to_user_mode+0x78/0x280 [ 3415.449197][T22037] exc_page_fault+0x587/0x870 [ 3415.453925][T22037] asm_exc_page_fault+0x26/0x30 [ 3415.458830][T22037] RIP: 0033:0x7f8ab667ddb1 [ 3415.463280][T22037] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3415.483024][T22037] RSP: 002b:000000000000a600 EFLAGS: 00010217 [ 3415.489150][T22037] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3415.497174][T22037] RDX: 0000000000000000 RSI: 000000000000a600 RDI: 0000000000000000 [ 3415.505215][T22037] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3415.513236][T22037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3415.521262][T22037] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3415.529300][T22037] [ 3415.562535][T22037] memory: usage 307200kB, limit 307200kB, failcnt 280216 [ 3415.569873][T22037] memory+swap: usage 417704kB, limit 9007199254740988kB, failcnt 0 [ 3415.578023][T22037] kmem: usage 45140kB, limit 9007199254740988kB, failcnt 0 [ 3415.585266][T22037] Memory cgroup stats for /syz4: [ 3415.585435][T22037] cache 266616832 [ 3415.596860][T22037] rss 1593344 [ 3415.600188][T22037] rss_huge 0 [ 3415.603430][T22037] shmem 266616832 [ 3415.621610][T22037] mapped_file 146653184 [ 3415.626307][T22037] dirty 0 [ 3415.629383][T22037] writeback 0 [ 3415.632781][T22037] workingset_refault_anon 5580 [ 3415.638603][T22037] workingset_refault_file 0 [ 3415.643242][T22037] swap 113156096 [ 3415.647815][T22037] swapcached 143360 [ 3415.651749][T22037] pgpgin 2550742 [ 3415.655418][T22037] pgpgout 2485227 [ 3415.659797][T22037] pgfault 1603853 [ 3415.663555][T22037] pgmajfault 3176 [ 3415.667842][T22037] inactive_anon 191873024 [ 3415.672306][T22037] active_anon 76476416 [ 3415.677076][T22037] inactive_file 0 [ 3415.680842][T22037] active_file 0 [ 3415.684440][T22037] unevictable 0 [ 3415.690504][T22037] hierarchical_memory_limit 314572800 [ 3415.703116][T22037] hierarchical_memsw_limit 9223372036854771712 [ 3415.718558][T22037] total_cache 266616832 [ 3415.728296][T22037] total_rss 1593344 [ 3415.733839][T22037] total_rss_huge 0 [ 3415.738559][T22037] total_shmem 266616832 [ 3415.742854][T22037] total_mapped_file 146653184 [ 3415.748283][T22037] total_dirty 0 [ 3415.751888][T22037] total_writeback 0 [ 3415.755806][T22037] total_workingset_refault_anon 5580 [ 3415.761775][T22037] total_workingset_refault_file 0 [ 3415.767665][T22037] total_swap 113156096 [ 3415.771886][T22037] total_swapcached 143360 [ 3415.776824][T22037] total_pgpgin 2550742 [ 3415.781047][T22037] total_pgpgout 2485227 [ 3415.785312][T22037] total_pgfault 1603853 [ 3415.790351][T22037] total_pgmajfault 3176 [ 3415.794633][T22037] total_inactive_anon 191873024 [ 3415.800315][T22037] total_active_anon 76476416 [ 3415.805054][T22037] total_inactive_file 0 [ 3415.809851][T22037] total_active_file 0 [ 3415.813957][T22037] total_unevictable 0 [ 3415.819796][T22037] anon_cost 0 [ 3415.823209][T22037] file_cost 0 [ 3415.827542][T22037] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21991,uid=0 [ 3415.843627][T22037] Memory cgroup out of memory: Killed process 21991 (syz-executor.4) total-vm:54508kB, anon-rss:504kB, file-rss:8192kB, shmem-rss:19712kB, UID:0 pgtables:124kB oom_score_adj:1000 [ 3416.413236][T22019] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3416.615393][T22019] CPU: 1 PID: 22019 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3416.624140][T22019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3416.634235][T22019] Call Trace: [ 3416.637560][T22019] [ 3416.640560][T22019] dump_stack_lvl+0x1e7/0x2e0 [ 3416.645301][T22019] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3416.650548][T22019] ? __pfx__printk+0x10/0x10 [ 3416.655180][T22019] ? ___ratelimit+0x4c4/0x670 [ 3416.659906][T22019] ? __pfx____ratelimit+0x10/0x10 [ 3416.664979][T22019] dump_header+0xda/0x6a0 [ 3416.669363][T22019] oom_kill_process+0x3a7/0x930 [ 3416.674262][T22019] ? trace_contention_end+0x3c/0x100 [ 3416.679581][T22019] out_of_memory+0xf67/0x1320 [ 3416.684291][T22019] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3416.689943][T22019] ? __pfx___mutex_lock+0x10/0x10 [ 3416.694992][T22019] ? __pfx_out_of_memory+0x10/0x10 [ 3416.700130][T22019] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3416.705690][T22019] ? __pfx_lock_release+0x10/0x10 [ 3416.710738][T22019] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3416.716831][T22019] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3416.722050][T22019] ? mem_cgroup_iter+0x422/0x560 [ 3416.727011][T22019] try_charge_memcg+0xda2/0x18a0 [ 3416.731985][T22019] ? __pfx_try_charge_memcg+0x10/0x10 [ 3416.737372][T22019] ? percpu_ref_tryget+0x14/0x180 [ 3416.742434][T22019] charge_memcg+0xa2/0x160 [ 3416.746875][T22019] __mem_cgroup_charge+0x27/0x80 [ 3416.751832][T22019] shmem_alloc_and_add_folio+0x393/0xde0 [ 3416.757485][T22019] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3416.763660][T22019] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3416.768896][T22019] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3416.774551][T22019] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3416.780904][T22019] shmem_write_begin+0x170/0x4d0 [ 3416.785870][T22019] ? __pfx_shmem_write_begin+0x10/0x10 [ 3416.791350][T22019] ? fault_in_iov_iter_readable+0x236/0x280 [ 3416.797269][T22019] generic_perform_write+0x321/0x640 [ 3416.802581][T22019] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3416.808505][T22019] ? __pfx_generic_perform_write+0x10/0x10 [ 3416.814328][T22019] ? __pfx_generic_write_checks+0x10/0x10 [ 3416.820069][T22019] ? file_update_time+0x2a3/0x3e0 [ 3416.825112][T22019] shmem_file_write_iter+0xfc/0x120 [ 3416.830409][T22019] __kernel_write_iter+0x434/0x8c0 [ 3416.835546][T22019] ? __pfx___kernel_write_iter+0x10/0x10 [ 3416.841203][T22019] ? generic_file_llseek_size+0x34c/0x3b0 [ 3416.846945][T22019] ? iov_iter_bvec+0x4e/0x1b0 [ 3416.851643][T22019] dump_user_range+0x46c/0x910 [ 3416.856432][T22019] ? __pfx_dump_user_range+0x10/0x10 [ 3416.861818][T22019] ? writenote+0x250/0x3b0 [ 3416.866257][T22019] ? kmalloc_trace+0x1d6/0x360 [ 3416.871031][T22019] ? elf_core_dump+0x2e01/0x4630 [ 3416.875979][T22019] ? dump_emit+0x99/0xd0 [ 3416.880231][T22019] elf_core_dump+0x3d5d/0x4630 [ 3416.885200][T22019] ? __pfx_elf_core_dump+0x10/0x10 [ 3416.890324][T22019] ? mark_lock+0x9a/0x350 [ 3416.894678][T22019] ? mas_next_slot+0xeb2/0xf90 [ 3416.899470][T22019] ? __lock_acquire+0x1345/0x1fd0 [ 3416.904546][T22019] ? rcu_read_lock_any_held+0xb7/0x160 [ 3416.910025][T22019] ? 0xffffffffff600000 [ 3416.914187][T22019] ? getname_kernel+0x140/0x2f0 [ 3416.919152][T22019] do_coredump+0x1baa/0x2b50 [ 3416.923759][T22019] ? get_signal+0xbe1/0x1850 [ 3416.928390][T22019] ? __pfx_do_coredump+0x10/0x10 [ 3416.933378][T22019] ? _raw_spin_unlock_irq+0x23/0x50 [ 3416.938587][T22019] ? lockdep_hardirqs_on+0x98/0x140 [ 3416.943824][T22019] get_signal+0x146a/0x1850 [ 3416.948445][T22019] ? __pfx_get_signal+0x10/0x10 [ 3416.953314][T22019] ? __pfx_force_sig_fault+0x10/0x10 [ 3416.958620][T22019] arch_do_signal_or_restart+0x96/0x860 [ 3416.964196][T22019] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3416.970382][T22019] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3416.976206][T22019] irqentry_exit_to_user_mode+0x78/0x280 [ 3416.981861][T22019] exc_page_fault+0x587/0x870 [ 3416.986574][T22019] asm_exc_page_fault+0x26/0x30 [ 3416.991444][T22019] RIP: 0033:0x7f8ab667ddb1 [ 3416.996217][T22019] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3417.015859][T22019] RSP: 002b:0000000000009d00 EFLAGS: 00010217 [ 3417.021947][T22019] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3417.029930][T22019] RDX: 0000000000000000 RSI: 0000000000009d00 RDI: 0000000000000000 [ 3417.037908][T22019] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3417.045888][T22019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3417.053870][T22019] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3417.061862][T22019] [ 3417.133668][T22019] memory: usage 307200kB, limit 307200kB, failcnt 281196 [ 3417.148798][T22019] memory+swap: usage 417608kB, limit 9007199254740988kB, failcnt 0 [ 3417.165075][T22019] kmem: usage 44992kB, limit 9007199254740988kB, failcnt 0 [ 3417.173081][T22019] Memory cgroup stats for /syz4: [ 3417.173259][T22019] cache 266784768 [ 3417.196280][T22019] rss 1576960 [ 3417.201973][T22019] rss_huge 0 [ 3417.214624][T22019] shmem 266784768 [ 3417.230044][T22019] mapped_file 131674112 [ 3417.243420][T22019] dirty 0 [ 3417.253689][T22019] writeback 0 [ 3417.275650][T22019] workingset_refault_anon 5580 [ 3417.306292][T22019] workingset_refault_file 0 [ 3417.316166][T22019] swap 113057792 [ 3417.326163][T22019] swapcached 139264 [ 3417.346260][T22019] pgpgin 2551609 [ 3417.356292][T22019] pgpgout 2486057 [ 3417.366214][T22019] pgfault 1604078 [ 3417.376228][T22019] pgmajfault 3176 [ 3417.388556][T22019] inactive_anon 191873024 [ 3417.406654][T22019] active_anon 76611584 [ 3417.416272][T22019] inactive_file 0 [ 3417.436188][T22019] active_file 0 [ 3417.440003][T22019] unevictable 0 [ 3417.456125][T22019] hierarchical_memory_limit 314572800 [ 3417.469674][T22019] hierarchical_memsw_limit 9223372036854771712 [ 3417.488876][T22019] total_cache 266784768 [ 3417.507242][T22019] total_rss 1576960 [ 3417.516498][T22019] total_rss_huge 0 [ 3417.526141][T22019] total_shmem 266784768 [ 3417.546222][T22019] total_mapped_file 131674112 [ 3417.556220][T22019] total_dirty 0 [ 3417.566115][T22019] total_writeback 0 [ 3417.576030][T22019] total_workingset_refault_anon 5580 [ 3417.596097][T22019] total_workingset_refault_file 0 [ 3417.609420][T22019] total_swap 113057792 [ 3417.626611][T22019] total_swapcached 139264 [ 3417.646542][T22019] total_pgpgin 2551609 [ 3417.656118][T22019] total_pgpgout 2486057 [ 3417.668620][T22019] total_pgfault 1604078 [ 3417.689503][T22019] total_pgmajfault 3176 [ 3417.727122][T22019] total_inactive_anon 191873024 [ 3417.736225][T22019] total_active_anon 76611584 [ 3417.760326][T22019] total_inactive_file 0 [ 3417.769202][T22019] total_active_file 0 [ 3417.777876][T22019] total_unevictable 0 [ 3417.786206][T22019] anon_cost 0 [ 3417.793031][T22019] file_cost 0 [ 3417.801021][T22019] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21995,uid=0 [ 3417.851611][T22019] Memory cgroup out of memory: Killed process 21995 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:18176kB, UID:0 pgtables:120kB oom_score_adj:1000 14:06:32 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xab01, 0x0, 0x0, 0x0) 14:06:32 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xad00, 0x0, 0x0, 0x0) [ 3418.885196][T22009] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3419.088552][T22009] CPU: 0 PID: 22009 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3419.097301][T22009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3419.107391][T22009] Call Trace: [ 3419.110700][T22009] [ 3419.113653][T22009] dump_stack_lvl+0x1e7/0x2e0 [ 3419.118378][T22009] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3419.123619][T22009] ? __pfx__printk+0x10/0x10 [ 3419.128244][T22009] ? ___ratelimit+0x4c4/0x670 [ 3419.132977][T22009] ? __pfx____ratelimit+0x10/0x10 [ 3419.138044][T22009] dump_header+0xda/0x6a0 [ 3419.142423][T22009] oom_kill_process+0x3a7/0x930 [ 3419.147324][T22009] ? trace_contention_end+0x3c/0x100 [ 3419.152665][T22009] out_of_memory+0xf67/0x1320 [ 3419.157391][T22009] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3419.163062][T22009] ? __pfx___mutex_lock+0x10/0x10 [ 3419.168147][T22009] ? __pfx_out_of_memory+0x10/0x10 [ 3419.173308][T22009] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3419.178909][T22009] ? __pfx_lock_release+0x10/0x10 [ 3419.183981][T22009] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3419.190084][T22009] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3419.195327][T22009] ? mem_cgroup_iter+0x422/0x560 [ 3419.200316][T22009] try_charge_memcg+0xda2/0x18a0 [ 3419.205322][T22009] ? __pfx_try_charge_memcg+0x10/0x10 [ 3419.210918][T22009] ? percpu_ref_tryget+0x14/0x180 [ 3419.216030][T22009] charge_memcg+0xa2/0x160 [ 3419.220494][T22009] __mem_cgroup_charge+0x27/0x80 [ 3419.225470][T22009] shmem_alloc_and_add_folio+0x393/0xde0 [ 3419.231151][T22009] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3419.237356][T22009] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3419.242619][T22009] ? lockdep_hardirqs_on+0x98/0x140 [ 3419.247870][T22009] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3419.253547][T22009] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 3419.259831][T22009] ? __pfx_seqcount_lockdep_reader_access+0x10/0x10 [ 3419.266486][T22009] shmem_write_begin+0x170/0x4d0 [ 3419.271558][T22009] ? __pfx_shmem_write_begin+0x10/0x10 [ 3419.277065][T22009] ? fault_in_iov_iter_readable+0x236/0x280 [ 3419.283002][T22009] generic_perform_write+0x321/0x640 [ 3419.288332][T22009] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3419.294277][T22009] ? __pfx_generic_perform_write+0x10/0x10 [ 3419.300126][T22009] ? mnt_put_write_access_file+0xc2/0x100 [ 3419.306172][T22009] ? file_update_time+0x3ac/0x3e0 [ 3419.311236][T22009] shmem_file_write_iter+0xfc/0x120 [ 3419.316467][T22009] __kernel_write_iter+0x434/0x8c0 [ 3419.321651][T22009] ? __pfx___kernel_write_iter+0x10/0x10 [ 3419.327346][T22009] ? iov_iter_bvec+0x4e/0x1b0 [ 3419.332083][T22009] dump_user_range+0x46c/0x910 [ 3419.336895][T22009] ? __pfx_dump_user_range+0x10/0x10 [ 3419.342243][T22009] ? writenote+0x250/0x3b0 [ 3419.346708][T22009] ? kmalloc_trace+0x1d6/0x360 [ 3419.351510][T22009] ? elf_core_dump+0x2e01/0x4630 [ 3419.356482][T22009] ? dump_emit+0x99/0xd0 [ 3419.360763][T22009] elf_core_dump+0x3d5d/0x4630 [ 3419.365604][T22009] ? __pfx_elf_core_dump+0x10/0x10 [ 3419.370761][T22009] ? mark_lock+0x9a/0x350 [ 3419.375208][T22009] ? mas_next_slot+0xeb2/0xf90 [ 3419.380033][T22009] ? __lock_acquire+0x1345/0x1fd0 [ 3419.385163][T22009] ? rcu_read_lock_any_held+0xb7/0x160 [ 3419.390664][T22009] ? 0xffffffffff600000 [ 3419.394854][T22009] ? getname_kernel+0x140/0x2f0 [ 3419.399764][T22009] do_coredump+0x1baa/0x2b50 [ 3419.404412][T22009] ? get_signal+0xbe1/0x1850 [ 3419.409098][T22009] ? __pfx_do_coredump+0x10/0x10 [ 3419.414129][T22009] ? _raw_spin_unlock_irq+0x23/0x50 [ 3419.419382][T22009] ? lockdep_hardirqs_on+0x98/0x140 [ 3419.424629][T22009] get_signal+0x146a/0x1850 [ 3419.429195][T22009] ? __pfx_get_signal+0x10/0x10 [ 3419.434090][T22009] ? __pfx_force_sig_fault+0x10/0x10 [ 3419.439436][T22009] arch_do_signal_or_restart+0x96/0x860 [ 3419.445037][T22009] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3419.451253][T22009] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3419.457107][T22009] irqentry_exit_to_user_mode+0x78/0x280 [ 3419.462805][T22009] exc_page_fault+0x587/0x870 [ 3419.467548][T22009] asm_exc_page_fault+0x26/0x30 [ 3419.472449][T22009] RIP: 0033:0x7f8ab667ddb1 [ 3419.476899][T22009] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3419.496542][T22009] RSP: 002b:0000000000009900 EFLAGS: 00010217 [ 3419.502627][T22009] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3419.510609][T22009] RDX: 0000000000000000 RSI: 0000000000009900 RDI: 0000000000000000 [ 3419.518603][T22009] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3419.526594][T22009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3419.534579][T22009] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3419.542578][T22009] [ 3419.586317][T22009] memory: usage 307200kB, limit 307200kB, failcnt 283311 [ 3419.593592][T22009] memory+swap: usage 417476kB, limit 9007199254740988kB, failcnt 0 [ 3419.656048][T22009] kmem: usage 44812kB, limit 9007199254740988kB, failcnt 0 [ 3419.663307][T22009] Memory cgroup stats for /syz4: [ 3419.663490][T22009] cache 266072064 [ 3419.716046][T22009] rss 1499136 [ 3419.719393][T22009] rss_huge 0 [ 3419.722614][T22009] shmem 266072064 [ 3419.805433][T22009] mapped_file 128471040 [ 3419.826190][T22009] dirty 0 [ 3419.829183][T22009] writeback 0 [ 3419.832492][T22009] workingset_refault_anon 5662 [ 3419.926179][T22009] workingset_refault_file 0 [ 3419.930765][T22009] swap 112922624 [ 3419.934351][T22009] swapcached 258048 [ 3419.997946][T22009] pgpgin 2562677 [ 3420.001563][T22009] pgpgout 2497290 [ 3420.005228][T22009] pgfault 1607345 [ 3420.056995][T22009] pgmajfault 3213 [ 3420.060700][T22009] inactive_anon 161853440 [ 3420.065053][T22009] active_anon 105971712 [ 3420.096230][T22009] inactive_file 0 [ 3420.116040][T22009] active_file 0 [ 3420.119785][T22009] unevictable 0 [ 3420.123277][T22009] hierarchical_memory_limit 314572800 [ 3420.176099][T22009] hierarchical_memsw_limit 9223372036854771712 [ 3420.194427][T22009] total_cache 266072064 [ 3420.216214][T22009] total_rss 1499136 [ 3420.220093][T22009] total_rss_huge 0 [ 3420.223832][T22009] total_shmem 266072064 [ 3420.326165][T22009] total_mapped_file 128471040 [ 3420.330911][T22009] total_dirty 0 [ 3420.334408][T22009] total_writeback 0 [ 3420.418093][T22009] total_workingset_refault_anon 5662 [ 3420.423453][T22009] total_workingset_refault_file 0 [ 3420.497662][T22009] total_swap 112922624 [ 3420.501795][T22009] total_swapcached 258048 [ 3420.536095][T22009] total_pgpgin 2562677 [ 3420.540228][T22009] total_pgpgout 2497290 [ 3420.544407][T22009] total_pgfault 1607345 [ 3420.575992][T22009] total_pgmajfault 3213 [ 3420.580208][T22009] total_inactive_anon 161853440 [ 3420.585075][T22009] total_active_anon 105971712 [ 3420.652567][T22009] total_inactive_file 0 [ 3420.665896][T22009] total_active_file 0 [ 3420.669943][T22009] total_unevictable 0 [ 3420.673961][T22009] anon_cost 0 [ 3420.736135][T22009] file_cost 0 [ 3420.739488][T22009] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=22009,uid=0 [ 3420.836431][T22009] Memory cgroup out of memory: Killed process 22009 (syz-executor.4) total-vm:54640kB, anon-rss:516kB, file-rss:8192kB, shmem-rss:15104kB, UID:0 pgtables:108kB oom_score_adj:1000 [ 3421.607878][T21949] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 3421.792222][T21949] CPU: 1 PID: 21949 Comm: syz-executor.4 Not tainted 6.8.0-rc3-syzkaller #0 [ 3421.800976][T21949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3421.811087][T21949] Call Trace: [ 3421.814406][T21949] [ 3421.817362][T21949] dump_stack_lvl+0x1e7/0x2e0 [ 3421.822099][T21949] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3421.827333][T21949] ? __pfx__printk+0x10/0x10 [ 3421.831957][T21949] ? ___ratelimit+0x4c4/0x670 [ 3421.836704][T21949] ? __pfx____ratelimit+0x10/0x10 [ 3421.841783][T21949] dump_header+0xda/0x6a0 [ 3421.846161][T21949] oom_kill_process+0x3a7/0x930 [ 3421.851047][T21949] ? trace_contention_end+0x3c/0x100 [ 3421.856367][T21949] out_of_memory+0xf67/0x1320 [ 3421.861088][T21949] ? mem_cgroup_out_of_memory+0xf7/0x3b0 [ 3421.866761][T21949] ? __pfx___mutex_lock+0x10/0x10 [ 3421.871844][T21949] ? __pfx_out_of_memory+0x10/0x10 [ 3421.877027][T21949] mem_cgroup_out_of_memory+0x263/0x3b0 [ 3421.882618][T21949] ? __pfx_lock_release+0x10/0x10 [ 3421.887697][T21949] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 3421.893817][T21949] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3421.899042][T21949] ? mem_cgroup_iter+0x422/0x560 [ 3421.903997][T21949] try_charge_memcg+0xda2/0x18a0 [ 3421.908974][T21949] ? __pfx_try_charge_memcg+0x10/0x10 [ 3421.914366][T21949] ? percpu_ref_tryget+0x14/0x180 [ 3421.919436][T21949] charge_memcg+0xa2/0x160 [ 3421.923871][T21949] __mem_cgroup_charge+0x27/0x80 [ 3421.928832][T21949] shmem_alloc_and_add_folio+0x393/0xde0 [ 3421.934483][T21949] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 3421.940820][T21949] shmem_get_folio_gfp+0x7c3/0x1ef0 [ 3421.946084][T21949] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 3421.951746][T21949] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3421.958126][T21949] shmem_write_begin+0x170/0x4d0 [ 3421.963099][T21949] ? __pfx_shmem_write_begin+0x10/0x10 [ 3421.968605][T21949] ? fault_in_iov_iter_readable+0x236/0x280 [ 3421.974614][T21949] generic_perform_write+0x321/0x640 [ 3421.979923][T21949] ? ktime_get_coarse_real_ts64+0x10b/0x120 [ 3421.985861][T21949] ? __pfx_generic_perform_write+0x10/0x10 [ 3421.991705][T21949] ? __pfx_generic_write_checks+0x10/0x10 [ 3421.997442][T21949] ? file_update_time+0x2a3/0x3e0 [ 3422.002497][T21949] shmem_file_write_iter+0xfc/0x120 [ 3422.007715][T21949] __kernel_write_iter+0x434/0x8c0 [ 3422.012853][T21949] ? __pfx___kernel_write_iter+0x10/0x10 [ 3422.018507][T21949] ? dump_user_range+0x2b7/0x910 [ 3422.023464][T21949] ? iov_iter_bvec+0x4e/0x1b0 [ 3422.028162][T21949] dump_user_range+0x46c/0x910 [ 3422.032965][T21949] ? __pfx_dump_user_range+0x10/0x10 [ 3422.038263][T21949] ? writenote+0x250/0x3b0 [ 3422.042707][T21949] ? kmalloc_trace+0x1d6/0x360 [ 3422.047491][T21949] ? elf_core_dump+0x2e01/0x4630 [ 3422.052446][T21949] ? dump_emit+0x99/0xd0 [ 3422.056704][T21949] elf_core_dump+0x3d5d/0x4630 [ 3422.061503][T21949] ? __pfx_elf_core_dump+0x10/0x10 [ 3422.066632][T21949] ? mark_lock+0x9a/0x350 [ 3422.070967][T21949] ? mas_next_slot+0xeb2/0xf90 [ 3422.075745][T21949] ? __lock_acquire+0x1345/0x1fd0 [ 3422.080837][T21949] ? rcu_read_lock_any_held+0xb7/0x160 [ 3422.086334][T21949] ? 0xffffffffff600000 [ 3422.090502][T21949] ? getname_kernel+0x140/0x2f0 [ 3422.095372][T21949] do_coredump+0x1baa/0x2b50 [ 3422.100412][T21949] ? get_signal+0xbe1/0x1850 [ 3422.105051][T21949] ? __pfx_do_coredump+0x10/0x10 [ 3422.110048][T21949] ? _raw_spin_unlock_irq+0x23/0x50 [ 3422.115268][T21949] ? lockdep_hardirqs_on+0x98/0x140 [ 3422.120508][T21949] get_signal+0x146a/0x1850 [ 3422.125042][T21949] ? __pfx_get_signal+0x10/0x10 [ 3422.129910][T21949] ? __pfx_force_sig_fault+0x10/0x10 [ 3422.135230][T21949] arch_do_signal_or_restart+0x96/0x860 [ 3422.140799][T21949] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3422.146990][T21949] ? irqentry_exit_to_user_mode+0x52/0x280 [ 3422.152829][T21949] irqentry_exit_to_user_mode+0x78/0x280 [ 3422.158493][T21949] exc_page_fault+0x587/0x870 [ 3422.163203][T21949] asm_exc_page_fault+0x26/0x30 [ 3422.168082][T21949] RIP: 0033:0x7f8ab667ddb1 [ 3422.172515][T21949] Code: c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 3422.192136][T21949] RSP: 002b:0000000000008b00 EFLAGS: 00010217 [ 3422.198665][T21949] RAX: 0000000000000000 RBX: 00007f8ab67abf80 RCX: 00007f8ab667dda9 [ 3422.206649][T21949] RDX: 0000000000000000 RSI: 0000000000008b00 RDI: 0000000000000000 [ 3422.214637][T21949] RBP: 00007f8ab66ca47a R08: 0000000000000000 R09: 0000000000000000 [ 3422.222616][T21949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3422.230597][T21949] R13: 000000000000000b R14: 00007f8ab67abf80 R15: 00007f8ab68cfa48 [ 3422.238611][T21949] [ 3422.465743][T21949] memory: usage 307200kB, limit 307200kB, failcnt 285167 [ 3422.554566][T21949] memory+swap: usage 417580kB, limit 9007199254740988kB, failcnt 0 [ 3422.606227][T21949] kmem: usage 44872kB, limit 9007199254740988kB, failcnt 0 [ 3422.613499][T21949] Memory cgroup stats for /syz4: [ 3422.613660][T21949] cache 266866688 [ 3422.746391][T21949] rss 1359872 [ 3422.836097][T21949] rss_huge 0 [ 3422.839386][T21949] shmem 266866688 [ 3422.843053][T21949] mapped_file 121806848 [ 3422.926131][T21949] dirty 0 [ 3422.929138][T21949] writeback 0 [ 3422.932468][T21949] workingset_refault_anon 5710 [ 3423.007366][T21949] workingset_refault_file 0 [ 3423.026210][T21949] swap 113029120 [ 3423.029904][T21949] swapcached 270336 [ 3423.033817][T21949] pgpgin 2571673 [ 3423.038541][T21949] pgpgout 2506121 [ 3423.042323][T21949] pgfault 1611089 [ 3423.046731][T21949] pgmajfault 3230 [ 3423.050499][T21949] inactive_anon 175681536 [ 3423.054976][T21949] active_anon 92807168 [ 3423.108868][T21949] inactive_file 0 [ 3423.140212][T21949] active_file 0 [ 3423.193486][T21949] unevictable 0 [ 3423.208417][T21949] hierarchical_memory_limit 314572800 [ 3423.253942][T21949] hierarchical_memsw_limit 9223372036854771712 [ 3423.307078][T21949] total_cache 266866688 [ 3423.330430][T21949] total_rss 1359872 [ 3423.334290][T21949] total_rss_huge 0 [ 3423.396602][T21949] total_shmem 266866688 [ 3423.400837][T21949] total_mapped_file 121806848 [ 3423.405539][T21949] total_dirty 0 [ 3423.468557][T21949] total_writeback 0 [ 3423.522678][T21949] total_workingset_refault_anon 5710 [ 3423.626350][T21949] total_workingset_refault_file 0 [ 3423.631458][T21949] total_swap 113029120 [ 3423.635554][T21949] total_swapcached 270336 [ 3423.795881][T21949] total_pgpgin 2571673 [ 3423.800032][T21949] total_pgpgout 2506121 [ 3423.804206][T21949] total_pgfault 1611089 [ 3423.887406][T21949] total_pgmajfault 3230 [ 3423.891938][T21949] total_inactive_anon 175681536 [ 3424.016582][T21949] total_active_anon 92807168 [ 3424.021241][T21949] total_inactive_file 0 [ 3424.025427][T21949] total_active_file 0 14:06:38 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xb103, 0x0, 0x0, 0x0) [ 3424.217368][T21949] total_unevictable 0 [ 3424.236470][T21949] anon_cost 0 [ 3424.256052][T21949] file_cost 0 [ 3424.259417][T21949] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=21999,uid=0 [ 3424.445667][T21949] Memory cgroup out of memory: Killed process 21999 (syz-executor.4) total-vm:54640kB, anon-rss:496kB, file-rss:8192kB, shmem-rss:11264kB, UID:0 pgtables:108kB oom_score_adj:1000 14:06:38 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xb502, 0x0, 0x0, 0x0) [ 3425.286262][ T29] INFO: task dhcpcd:4735 blocked for more than 143 seconds. [ 3425.293616][ T29] Not tainted 6.8.0-rc3-syzkaller #0 [ 3425.317301][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3425.336342][ T29] task:dhcpcd state:D stack:20952 pid:4735 tgid:4735 ppid:4734 flags:0x00004002 [ 3425.356256][ T29] Call Trace: [ 3425.359611][ T29] [ 3425.362575][ T29] __schedule+0x17d1/0x49f0 [ 3425.367340][ T29] ? __pfx___schedule+0x10/0x10 [ 3425.372264][ T29] ? __pfx_lock_release+0x10/0x10 [ 3425.378938][ T29] ? __mutex_trylock_common+0x91/0x2e0 [ 3425.384473][ T29] ? schedule+0x8e/0x260 [ 3425.391640][ T29] schedule+0x149/0x260 [ 3425.398483][ T29] schedule_preempt_disabled+0x13/0x30 [ 3425.405580][ T29] __mutex_lock+0x6a3/0xd70 [ 3425.412508][ T29] ? __mutex_lock+0x526/0xd70 [ 3425.419622][ T29] ? netlink_dump+0xde/0xc80 [ 3425.424322][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 3425.432267][ T29] ? do_syscall_64+0xf9/0x240 [ 3425.440976][ T29] netlink_dump+0xde/0xc80 [ 3425.445464][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3425.454313][ T29] ? __pfx_netlink_dump+0x10/0x10 [ 3425.462128][ T29] ? netlink_recvmsg+0x60a/0x11d0 [ 3425.468725][ T29] ? __kasan_slab_free+0x46/0x70 [ 3425.473717][ T29] ? kmem_cache_free+0x102/0x2a0 [ 3425.481645][ T29] netlink_recvmsg+0x6b9/0x11d0 [ 3425.488156][ T29] ? __pfx_netlink_recvmsg+0x10/0x10 [ 3425.496402][ T29] ? __pfx_aa_sk_perm+0x10/0x10 [ 3425.501331][ T29] ? __pfx___might_resched+0x10/0x10 [ 3425.509565][ T29] ? aa_sock_msg_perm+0x91/0x160 [ 3425.514574][ T29] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 3425.524081][ T29] ? security_socket_recvmsg+0x90/0xb0 [ 3425.531761][ T29] ? __pfx_netlink_recvmsg+0x10/0x10 [ 3425.545897][ T29] sock_recvmsg+0x22f/0x280 [ 3425.550471][ T29] ____sys_recvmsg+0x1db/0x470 [ 3425.555288][ T29] ? __pfx_____sys_recvmsg+0x10/0x10 [ 3425.562928][ T29] __sys_recvmsg+0x2f0/0x3e0 [ 3425.576148][ T29] ? __pfx_lock_release+0x10/0x10 [ 3425.581229][ T29] ? __pfx___sys_recvmsg+0x10/0x10 [ 3425.586567][ T29] ? restore_fpregs_from_fpstate+0x100/0x250 [ 3425.592605][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3425.601138][ T29] ? do_syscall_64+0x108/0x240 [ 3425.608630][ T29] ? do_syscall_64+0xb4/0x240 [ 3425.613366][ T29] do_syscall_64+0xf9/0x240 [ 3425.622077][ T29] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 3425.631418][ T29] RIP: 0033:0x7fe2ebd3291e [ 3425.639227][ T29] RSP: 002b:00007ffd81917b08 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 3425.651625][ T29] RAX: ffffffffffffffda RBX: 00007ffd81918c30 RCX: 00007fe2ebd3291e [ 3425.663660][ T29] RDX: 0000000000000000 RSI: 00007ffd81918b50 RDI: 0000000000000012 [ 3425.676657][ T29] RBP: 00007ffd81918bc0 R08: 0000000000000000 R09: 0000000000400000 [ 3425.684683][ T29] R10: 0000000000000101 R11: 0000000000000246 R12: 0000000000000f00 [ 3425.701001][ T29] R13: 00007ffd81918b34 R14: 00007ffd81918b50 R15: 00007ffd81918b40 [ 3425.712995][ T29] [ 3425.727324][ T29] INFO: task kworker/1:6:6434 blocked for more than 143 seconds. [ 3425.735178][ T29] Not tainted 6.8.0-rc3-syzkaller #0 [ 3425.749226][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3425.761727][ T29] task:kworker/1:6 state:D stack:22192 pid:6434 tgid:6434 ppid:2 flags:0x00004000 [ 3425.784997][ T29] Workqueue: events switchdev_deferred_process_work [ 3425.795698][ T29] Call Trace: [ 3425.800556][ T29] [ 3425.803537][ T29] __schedule+0x17d1/0x49f0 [ 3425.811050][ T29] ? __pfx___schedule+0x10/0x10 [ 3425.817413][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3425.823461][ T29] ? __pfx_lock_release+0x10/0x10 [ 3425.833378][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 3425.840190][ T29] ? lockdep_hardirqs_on+0x98/0x140 [ 3425.845455][ T29] ? schedule+0x8e/0x260 [ 3425.852578][ T29] schedule+0x149/0x260 [ 3425.858355][ T29] schedule_preempt_disabled+0x13/0x30 [ 3425.863888][ T29] __mutex_lock+0x6a3/0xd70 [ 3425.877248][ T29] ? __mutex_lock+0x526/0xd70 [ 3425.882006][ T29] ? switchdev_deferred_process_work+0xe/0x20 [ 3425.891069][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 3425.900048][ T29] ? process_scheduled_works+0x825/0x1420 [ 3425.908519][ T29] switchdev_deferred_process_work+0xe/0x20 [ 3425.914476][ T29] process_scheduled_works+0x913/0x1420 [ 3425.925219][ T29] ? __pfx_process_scheduled_works+0x10/0x10 [ 3425.935908][ T29] ? assign_work+0x364/0x3d0 [ 3425.940580][ T29] worker_thread+0xa5f/0x1000 [ 3425.945332][ T29] ? __pfx_worker_thread+0x10/0x10 [ 3425.956459][ T29] kthread+0x2ef/0x390 [ 3425.960588][ T29] ? __pfx_worker_thread+0x10/0x10 [ 3425.965752][ T29] ? __pfx_kthread+0x10/0x10 [ 3425.976441][ T29] ret_from_fork+0x4b/0x80 [ 3425.980930][ T29] ? __pfx_kthread+0x10/0x10 [ 3425.985560][ T29] ret_from_fork_asm+0x1b/0x30 [ 3425.995782][ T29] [ 3426.014323][ T29] INFO: task kworker/0:3:3062 blocked for more than 144 seconds. [ 3426.025813][ T29] Not tainted 6.8.0-rc3-syzkaller #0 [ 3426.032198][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3426.055915][ T29] task:kworker/0:3 state:D stack:24536 pid:3062 tgid:3062 ppid:2 flags:0x00004000 [ 3426.066567][ T29] Workqueue: ipv6_addrconf addrconf_dad_work [ 3426.072632][ T29] Call Trace: [ 3426.080307][ T29] [ 3426.084684][ T29] __schedule+0x17d1/0x49f0 [ 3426.095921][ T29] ? __pfx___schedule+0x10/0x10 [ 3426.100849][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3426.107460][ T29] ? __pfx_lock_release+0x10/0x10 [ 3426.112637][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 3426.122083][ T29] ? lockdep_hardirqs_on+0x98/0x140 [ 3426.131159][ T29] ? schedule+0x8e/0x260 [ 3426.135468][ T29] schedule+0x149/0x260 [ 3426.145911][ T29] schedule_preempt_disabled+0x13/0x30 [ 3426.151436][ T29] __mutex_lock+0x6a3/0xd70 [ 3426.165949][ T29] ? mark_lock+0x9a/0x350 [ 3426.170353][ T29] ? __mutex_lock+0x526/0xd70 [ 3426.175086][ T29] ? addrconf_dad_work+0xd0/0x16f0 [ 3426.181338][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 3426.195912][ T29] addrconf_dad_work+0xd0/0x16f0 [ 3426.200934][ T29] ? __pfx_addrconf_dad_work+0x10/0x10 [ 3426.207149][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3426.213560][ T29] ? process_scheduled_works+0x825/0x1420 [ 3426.225880][ T29] process_scheduled_works+0x913/0x1420 [ 3426.231520][ T29] ? __pfx_process_scheduled_works+0x10/0x10 [ 3426.243995][ T29] ? assign_work+0x364/0x3d0 [ 3426.255887][ T29] worker_thread+0xa5f/0x1000 [ 3426.260656][ T29] ? __pfx_worker_thread+0x10/0x10 [ 3426.265815][ T29] kthread+0x2ef/0x390 [ 3426.270810][ T29] ? __pfx_worker_thread+0x10/0x10 [ 3426.280925][ T29] ? __pfx_kthread+0x10/0x10 [ 3426.285562][ T29] ret_from_fork+0x4b/0x80 [ 3426.295088][ T29] ? __pfx_kthread+0x10/0x10 [ 3426.302469][ T29] ret_from_fork_asm+0x1b/0x30 [ 3426.311104][ T29] [ 3426.326230][ T29] INFO: task kworker/0:5:3905 blocked for more than 144 seconds. [ 3426.334013][ T29] Not tainted 6.8.0-rc3-syzkaller #0 [ 3426.346358][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3426.355078][ T29] task:kworker/0:5 state:D stack:24176 pid:3905 tgid:3905 ppid:2 flags:0x00004000 [ 3426.377697][ T29] Workqueue: events linkwatch_event [ 3426.383052][ T29] Call Trace: [ 3426.386457][ T29] [ 3426.389422][ T29] __schedule+0x17d1/0x49f0 [ 3426.393987][ T29] ? __pfx___schedule+0x10/0x10 [ 3426.399731][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3426.405772][ T29] ? __pfx_lock_release+0x10/0x10 [ 3426.416180][ T29] ? schedule+0x8e/0x260 [ 3426.420483][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 3426.426486][ T29] ? schedule+0x8e/0x260 [ 3426.430775][ T29] schedule+0x149/0x260 [ 3426.435056][ T29] schedule_preempt_disabled+0x13/0x30 [ 3426.446597][ T29] __mutex_lock+0x6a3/0xd70 [ 3426.451173][ T29] ? __mutex_lock+0x526/0xd70 [ 3426.456792][ T29] ? linkwatch_event+0xe/0x60 [ 3426.461544][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 3426.470825][ T29] ? process_scheduled_works+0x825/0x1420 14:06:40 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xb503, 0x0, 0x0, 0x0) [ 3426.479555][ T29] linkwatch_event+0xe/0x60 [ 3426.484126][ T29] process_scheduled_works+0x913/0x1420 [ 3426.495418][ T29] ? __pfx_process_scheduled_works+0x10/0x10 [ 3426.503347][ T29] ? assign_work+0x364/0x3d0 [ 3426.509566][ T29] worker_thread+0xa5f/0x1000 [ 3426.514339][ T29] ? __pfx_worker_thread+0x10/0x10 [ 3426.529371][ T29] kthread+0x2ef/0x390 [ 3426.533682][ T29] ? __pfx_worker_thread+0x10/0x10 [ 3426.539663][ T29] ? __pfx_kthread+0x10/0x10 [ 3426.544307][ T29] ret_from_fork+0x4b/0x80 [ 3426.556226][ T29] ? __pfx_kthread+0x10/0x10 [ 3426.560883][ T29] ret_from_fork_asm+0x1b/0x30 [ 3426.565707][ T29] [ 3426.569484][ T29] INFO: task kworker/1:7:21200 blocked for more than 144 seconds. [ 3426.597336][ T29] Not tainted 6.8.0-rc3-syzkaller #0 [ 3426.603202][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3426.615168][ T29] task:kworker/1:7 state:D stack:25520 pid:21200 tgid:21200 ppid:2 flags:0x00004000 [ 3426.626102][ T29] Workqueue: ipv6_addrconf addrconf_verify_work [ 3426.632421][ T29] Call Trace: [ 3426.635723][ T29] [ 3426.665006][ T29] __schedule+0x17d1/0x49f0 [ 3426.675921][ T29] ? __pfx___schedule+0x10/0x10 [ 3426.680842][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3426.695907][ T29] ? __pfx_lock_release+0x10/0x10 [ 3426.701016][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 3426.726090][ T29] ? lockdep_hardirqs_on+0x98/0x140 [ 3426.731387][ T29] ? schedule+0x8e/0x260 [ 3426.735671][ T29] schedule+0x149/0x260 [ 3426.756112][ T29] schedule_preempt_disabled+0x13/0x30 [ 3426.761661][ T29] __mutex_lock+0x6a3/0xd70 [ 3426.775952][ T29] ? __mutex_lock+0x526/0xd70 [ 3426.780699][ T29] ? addrconf_verify_work+0x19/0x30 [ 3426.786409][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 3426.791484][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3426.797646][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3426.804305][ T29] ? process_scheduled_works+0x825/0x1420 [ 3426.820451][ T29] addrconf_verify_work+0x19/0x30 [ 3426.825586][ T29] process_scheduled_works+0x913/0x1420 [ 3426.831344][ T29] ? __pfx_process_scheduled_works+0x10/0x10 [ 3426.838302][ T29] ? assign_work+0x364/0x3d0 [ 3426.842963][ T29] worker_thread+0xa5f/0x1000 [ 3426.856132][ T29] ? __pfx_worker_thread+0x10/0x10 [ 3426.861314][ T29] kthread+0x2ef/0x390 [ 3426.865429][ T29] ? __pfx_worker_thread+0x10/0x10 [ 3426.875923][ T29] ? __pfx_kthread+0x10/0x10 [ 3426.880606][ T29] ret_from_fork+0x4b/0x80 [ 3426.885068][ T29] ? __pfx_kthread+0x10/0x10 [ 3426.897699][ T29] ret_from_fork_asm+0x1b/0x30 [ 3426.902547][ T29] [ 3426.928768][ T29] INFO: task syz-executor.0:21648 blocked for more than 145 seconds. [ 3426.946101][ T29] Not tainted 6.8.0-rc3-syzkaller #0 [ 3426.952059][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3426.961622][ T29] task:syz-executor.0 state:D stack:20984 pid:21648 tgid:21648 ppid:1 flags:0x00004006 [ 3426.985926][ T29] Call Trace: [ 3426.989279][ T29] [ 3426.992240][ T29] __schedule+0x17d1/0x49f0 [ 3426.997284][ T29] ? __pfx___schedule+0x10/0x10 [ 3427.002440][ T29] ? __pfx_lock_release+0x10/0x10 [ 3427.009116][ T29] ? __mutex_trylock_common+0x91/0x2e0 [ 3427.014662][ T29] ? schedule+0x8e/0x260 [ 3427.025939][ T29] schedule+0x149/0x260 [ 3427.030166][ T29] schedule_preempt_disabled+0x13/0x30 [ 3427.035671][ T29] __mutex_lock+0x6a3/0xd70 [ 3427.046698][ T29] ? __mutex_lock+0x526/0xd70 [ 3427.051470][ T29] ? rtnetlink_rcv_msg+0x82c/0x1040 [ 3427.059598][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 3427.064697][ T29] rtnetlink_rcv_msg+0x82c/0x1040 [ 3427.083734][ T29] ? rtnetlink_rcv_msg+0x208/0x1040 [ 3427.096786][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 3427.102319][ T29] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 3427.136225][ T29] ? __pfx_validate_chain+0x10/0x10 [ 3427.141521][ T29] ? __pfx_validate_chain+0x10/0x10 [ 3427.165913][ T29] ? mark_lock+0x9a/0x350 [ 3427.170346][ T29] ? __pfx_validate_chain+0x10/0x10 [ 3427.175598][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 3427.195981][ T29] ? mark_lock+0x9a/0x350 [ 3427.200448][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 3427.205552][ T29] netlink_rcv_skb+0x1e3/0x430 [ 3427.226020][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 3427.231680][ T29] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 3427.245941][ T29] ? netlink_deliver_tap+0x2e/0x1b0 [ 3427.251234][ T29] netlink_unicast+0x7ea/0x980 [ 3427.265921][ T29] ? __pfx_netlink_unicast+0x10/0x10 [ 3427.271290][ T29] ? __virt_addr_valid+0x44e/0x520 [ 3427.286613][ T29] ? __phys_addr_symbol+0x2f/0x70 [ 3427.291715][ T29] ? __check_object_size+0x4bb/0xa00 [ 3427.307157][ T29] ? bpf_lsm_netlink_send+0x9/0x10 [ 3427.312429][ T29] netlink_sendmsg+0xa3b/0xd70 [ 3427.326007][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 3427.331435][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3427.342841][ T29] ? aa_sock_msg_perm+0x91/0x160 [ 3427.356131][ T29] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3427.361484][ T29] ? security_socket_sendmsg+0x87/0xb0 [ 3427.367609][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 3427.376323][ T29] __sock_sendmsg+0x221/0x270 [ 3427.383790][ T29] __sys_sendto+0x3a4/0x4f0 [ 3427.391330][ T29] ? __pfx___sys_sendto+0x10/0x10 [ 3427.399111][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3427.405530][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3427.418784][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3427.425175][ T29] __x64_sys_sendto+0xde/0x100 [ 3427.437760][ T29] do_syscall_64+0xf9/0x240 [ 3427.442325][ T29] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 3427.455924][ T29] RIP: 0033:0x7fc67e27fa9c [ 3427.460505][ T29] RSP: 002b:00007fc67e4cf610 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 3427.469388][ T29] RAX: ffffffffffffffda RBX: 00007fc67eed4620 RCX: 00007fc67e27fa9c [ 3427.485899][ T29] RDX: 0000000000000020 RSI: 00007fc67eed4670 RDI: 0000000000000003 [ 3427.494068][ T29] RBP: 0000000000000000 R08: 00007fc67e4cf664 R09: 000000000000000c [ 3427.503614][ T29] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 3427.515981][ T29] R13: 0000000000000000 R14: 00007fc67eed4670 R15: 0000000000000000 [ 3427.524090][ T29] [ 3427.529780][ T29] INFO: task syz-executor.1:21656 blocked for more than 145 seconds. [ 3427.545898][ T29] Not tainted 6.8.0-rc3-syzkaller #0 [ 3427.551740][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3427.564655][ T29] task:syz-executor.1 state:D stack:20984 pid:21656 tgid:21656 ppid:1 flags:0x00004006 [ 3427.586147][ T29] Call Trace: [ 3427.589472][ T29] [ 3427.592432][ T29] __schedule+0x17d1/0x49f0 [ 3427.597819][ T29] ? __pfx___schedule+0x10/0x10 [ 3427.602727][ T29] ? __pfx_lock_release+0x10/0x10 [ 3427.613359][ T29] ? __mutex_trylock_common+0x91/0x2e0 [ 3427.621598][ T29] ? schedule+0x8e/0x260 [ 3427.637387][ T29] schedule+0x149/0x260 [ 3427.641613][ T29] schedule_preempt_disabled+0x13/0x30 [ 3427.647423][ T29] __mutex_lock+0x6a3/0xd70 [ 3427.651975][ T29] ? __mutex_lock+0x526/0xd70 [ 3427.665946][ T29] ? rtnetlink_rcv_msg+0x82c/0x1040 [ 3427.671222][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 3427.676743][ T29] rtnetlink_rcv_msg+0x82c/0x1040 [ 3427.682012][ T29] ? rtnetlink_rcv_msg+0x208/0x1040 [ 3427.695884][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 3427.701421][ T29] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 3427.708434][ T29] ? __pfx_validate_chain+0x10/0x10 [ 3427.713678][ T29] ? __pfx_validate_chain+0x10/0x10 [ 3427.726878][ T29] ? mark_lock+0x9a/0x350 [ 3427.731373][ T29] ? __pfx_validate_chain+0x10/0x10 [ 3427.738293][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 3427.745673][ T29] ? mark_lock+0x9a/0x350 [ 3427.752876][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 3427.760485][ T29] netlink_rcv_skb+0x1e3/0x430 [ 3427.765313][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 3427.774845][ T29] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 3427.782913][ T29] ? netlink_deliver_tap+0x2e/0x1b0 [ 3427.789862][ T29] netlink_unicast+0x7ea/0x980 [ 3427.794690][ T29] ? __pfx_netlink_unicast+0x10/0x10 [ 3427.806159][ T29] ? __virt_addr_valid+0x44e/0x520 [ 3427.811339][ T29] ? __phys_addr_symbol+0x2f/0x70 14:06:42 executing program 4: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000c6a000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f00002a0000/0x4000)=nil) syz_clone(0x0, 0x0, 0xb702, 0x0, 0x0, 0x0) [ 3427.820658][ T29] ? __check_object_size+0x4bb/0xa00 [ 3427.829814][ T29] ? bpf_lsm_netlink_send+0x9/0x10 [ 3427.835001][ T29] netlink_sendmsg+0xa3b/0xd70 [ 3427.847146][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 3427.852488][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3427.866425][ T29] ? aa_sock_msg_perm+0x91/0x160 [ 3427.871437][ T29] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3427.881763][ T29] ? security_socket_sendmsg+0x87/0xb0 [ 3427.888124][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 3427.893454][ T29] __sock_sendmsg+0x221/0x270 [ 3427.906524][ T29] __sys_sendto+0x3a4/0x4f0 [ 3427.911100][ T29] ? __pfx___sys_sendto+0x10/0x10 [ 3427.917171][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3427.923664][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3427.941040][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3427.947976][ T29] __x64_sys_sendto+0xde/0x100 [ 3427.952795][ T29] do_syscall_64+0xf9/0x240 [ 3427.967254][ T29] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 3427.973226][ T29] RIP: 0033:0x7f07a4a7fa9c [ 3427.978680][ T29] RSP: 002b:00007f07a4ccf610 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 3427.997595][ T29] RAX: ffffffffffffffda RBX: 00007f07a56d4620 RCX: 00007f07a4a7fa9c [ 3428.005625][ T29] RDX: 0000000000000028 RSI: 00007f07a56d4670 RDI: 0000000000000003 [ 3428.014944][ T29] RBP: 0000000000000000 R08: 00007f07a4ccf664 R09: 000000000000000c [ 3428.036171][ T29] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 3428.044317][ T29] R13: 0000000000000000 R14: 00007f07a56d4670 R15: 0000000000000000 [ 3428.066047][ T29] [ 3428.069171][ T29] INFO: task syz-executor.2:21658 blocked for more than 146 seconds. [ 3428.078872][ T29] Not tainted 6.8.0-rc3-syzkaller #0 [ 3428.084718][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3428.106028][ T29] task:syz-executor.2 state:D stack:20984 pid:21658 tgid:21658 ppid:1 flags:0x00004006 [ 3428.125904][ T29] Call Trace: [ 3428.129277][ T29] [ 3428.132243][ T29] __schedule+0x17d1/0x49f0 [ 3428.156213][ T29] ? __pfx___schedule+0x10/0x10 [ 3428.161140][ T29] ? __pfx_lock_release+0x10/0x10 [ 3428.183901][ T29] ? __mutex_trylock_common+0x91/0x2e0 [ 3428.196057][ T29] ? schedule+0x8e/0x260 [ 3428.200369][ T29] schedule+0x149/0x260 [ 3428.204571][ T29] schedule_preempt_disabled+0x13/0x30 [ 3428.225964][ T29] __mutex_lock+0x6a3/0xd70 [ 3428.230550][ T29] ? __mutex_lock+0x526/0xd70 [ 3428.235279][ T29] ? rtnetlink_rcv_msg+0x82c/0x1040 [ 3428.255909][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 3428.261039][ T29] rtnetlink_rcv_msg+0x82c/0x1040 [ 3428.275955][ T29] ? rtnetlink_rcv_msg+0x208/0x1040 [ 3428.281225][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 3428.287290][ T29] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 3428.293496][ T29] ? __pfx_validate_chain+0x10/0x10 [ 3428.300318][ T29] ? __pfx_validate_chain+0x10/0x10 [ 3428.305587][ T29] ? mark_lock+0x9a/0x350 [ 3428.310235][ T29] ? __pfx_validate_chain+0x10/0x10 [ 3428.315479][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 3428.320854][ T29] ? mark_lock+0x9a/0x350 [ 3428.325234][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 3428.330606][ T29] netlink_rcv_skb+0x1e3/0x430 [ 3428.335428][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 3428.341251][ T29] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 3428.346842][ T29] ? netlink_deliver_tap+0x2e/0x1b0 [ 3428.352180][ T29] netlink_unicast+0x7ea/0x980 [ 3428.357341][ T29] ? __pfx_netlink_unicast+0x10/0x10 [ 3428.362675][ T29] ? __virt_addr_valid+0x44e/0x520 [ 3428.368147][ T29] ? __phys_addr_symbol+0x2f/0x70 [ 3428.373219][ T29] ? __check_object_size+0x4bb/0xa00 [ 3428.379011][ T29] ? bpf_lsm_netlink_send+0x9/0x10 [ 3428.384178][ T29] netlink_sendmsg+0xa3b/0xd70 [ 3428.396140][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 3428.401523][ T29] ? aa_sock_msg_perm+0x91/0x160 [ 3428.408215][ T29] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3428.413560][ T29] ? security_socket_sendmsg+0x87/0xb0 [ 3428.425897][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 3428.431239][ T29] __sock_sendmsg+0x221/0x270 [ 3428.442570][ T29] __sys_sendto+0x3a4/0x4f0 [ 3428.447369][ T29] ? __pfx___sys_sendto+0x10/0x10 [ 3428.452467][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3428.465884][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3428.472416][ T29] __x64_sys_sendto+0xde/0x100 [ 3428.485993][ T29] do_syscall_64+0xf9/0x240 [ 3428.490596][ T29] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 3428.496911][ T29] RIP: 0033:0x7f08e8a7fa9c [ 3428.501530][ T29] RSP: 002b:00007f08e8ccf630 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 3428.517097][ T29] RAX: ffffffffffffffda RBX: 00007f08e96d4620 RCX: 00007f08e8a7fa9c [ 3428.525420][ T29] RDX: 0000000000000068 RSI: 00007f08e96d4670 RDI: 0000000000000003 [ 3428.547861][ T29] RBP: 0000000000000000 R08: 00007f08e8ccf684 R09: 000000000000000c [ 3428.556182][ T29] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 3428.564202][ T29] R13: 0000000000000000 R14: 00007f08e96d4670 R15: 0000000000000000 [ 3428.585944][ T29] [ 3428.589150][ T29] INFO: task syz-executor.3:21657 blocked for more than 146 seconds. [ 3428.598273][ T29] Not tainted 6.8.0-rc3-syzkaller #0 [ 3428.604271][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 3428.627070][ T29] task:syz-executor.3 state:D stack:20984 pid:21657 tgid:21657 ppid:1 flags:0x00004006 [ 3428.637616][ T29] Call Trace: [ 3428.640932][ T29] [ 3428.643899][ T29] __schedule+0x17d1/0x49f0 [ 3428.655914][ T29] ? __pfx___schedule+0x10/0x10 [ 3428.660853][ T29] ? __pfx_lock_release+0x10/0x10 [ 3428.675974][ T29] ? __mutex_trylock_common+0x91/0x2e0 [ 3428.681528][ T29] ? schedule+0x8e/0x260 [ 3428.686315][ T29] schedule+0x149/0x260 [ 3428.690524][ T29] schedule_preempt_disabled+0x13/0x30 [ 3428.705954][ T29] __mutex_lock+0x6a3/0xd70 [ 3428.710541][ T29] ? __mutex_lock+0x526/0xd70 [ 3428.715266][ T29] ? rtnetlink_rcv_msg+0x82c/0x1040 [ 3428.726260][ T29] ? __pfx___mutex_lock+0x10/0x10 [ 3428.731383][ T29] rtnetlink_rcv_msg+0x82c/0x1040 [ 3428.746285][ T29] ? rtnetlink_rcv_msg+0x208/0x1040 [ 3428.751562][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 3428.765955][ T29] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 3428.772201][ T29] ? __pfx_validate_chain+0x10/0x10 [ 3428.789593][ T29] ? __pfx_validate_chain+0x10/0x10 [ 3428.794882][ T29] ? mark_lock+0x9a/0x350 [ 3428.799573][ T29] ? __pfx_validate_chain+0x10/0x10 [ 3428.804824][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 3428.813319][ T29] ? mark_lock+0x9a/0x350 [ 3428.820195][ T29] ? __lock_acquire+0x1345/0x1fd0 [ 3428.825313][ T29] netlink_rcv_skb+0x1e3/0x430 [ 3428.836185][ T29] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 3428.841714][ T29] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 3428.854103][ T29] ? netlink_deliver_tap+0x2e/0x1b0 [ 3428.866011][ T29] netlink_unicast+0x7ea/0x980 [ 3428.870865][ T29] ? __pfx_netlink_unicast+0x10/0x10 [ 3428.876723][ T29] ? __virt_addr_valid+0x44e/0x520 [ 3428.881920][ T29] ? __phys_addr_symbol+0x2f/0x70 [ 3428.895957][ T29] ? __check_object_size+0x4bb/0xa00 [ 3428.901457][ T29] ? bpf_lsm_netlink_send+0x9/0x10 [ 3428.906974][ T29] netlink_sendmsg+0xa3b/0xd70 [ 3428.911958][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 3428.925975][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3428.932044][ T29] ? aa_sock_msg_perm+0x91/0x160 [ 3428.937741][ T29] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 3428.943091][ T29] ? security_socket_sendmsg+0x87/0xb0 [ 3428.957310][ T29] ? __pfx_netlink_sendmsg+0x10/0x10 [ 3428.962681][ T29] __sock_sendmsg+0x221/0x270 [ 3428.983168][ T29] __sys_sendto+0x3a4/0x4f0 [ 3428.988080][ T29] ? __pfx___sys_sendto+0x10/0x10 [ 3428.993168][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3429.026117][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3429.032219][ T29] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3429.056175][ T29] __x64_sys_sendto+0xde/0x100 [ 3429.061123][ T29] do_syscall_64+0xf9/0x240 [ 3429.065690][ T29] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 3429.086022][ T29] RIP: 0033:0x7fef94a7fa9c [ 3429.090598][ T29] RSP: 002b:00007fef94ccf610 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 3429.116050][ T29] RAX: ffffffffffffffda RBX: 00007fef956d4620 RCX: 00007fef94a7fa9c [ 3429.124098][ T29] RDX: 0000000000000028 RSI: 00007fef956d4670 RDI: 0000000000000003 [ 3429.145968][ T29] RBP: 0000000000000000 R08: 00007fef94ccf664 R09: 000000000000000c [ 3429.154022][ T29] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 3429.186101][ T29] R13: 0000000000000000 R14: 00007fef956d4670 R15: 0000000000000000 [ 3429.194180][ T29] [ 3429.206116][ T29] [ 3429.206116][ T29] Showing all locks held in the system: [ 3429.213985][ T29] 1 lock held by khungtaskd/29: [ 3429.236057][ T29] #0: ffffffff8e130ae0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 3429.255903][ T29] 2 locks held by kworker/0:2/924: [ 3429.261078][ T29] #0: ffff888014c8e938 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 3429.276776][ T29] #1: ffffc900040bfd20 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 3429.290518][ T29] 1 lock held by dhcpcd/4735: [ 3429.295263][ T29] #0: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: netlink_dump+0xde/0xc80 [ 3429.304768][ T29] 2 locks held by getty/4830: [ 3429.309755][ T29] #0: ffff88802b3240a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 3429.320171][ T29] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b4/0x1e10 [ 3429.330937][ T29] 3 locks held by kworker/1:6/6434: [ 3429.336457][ T29] #0: ffff888014c8cd38 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 3429.356032][ T29] #1: ffffc9000498fd20 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 3429.367486][ T29] #2: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 3429.386171][ T29] 5 locks held by kworker/u4:17/19598: [ 3429.391697][ T29] #0: ffff8880162ecd38 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 3429.415957][ T29] #1: ffffc9000316fd20 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 3429.442658][ T29] #2: ffffffff8f368a50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf5/0xb90 [ 3429.452386][ T29] #3: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe8/0x9d0 [ 3429.462785][ T29] #4: ffffffff8e136478 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3a3/0x890 [ 3429.475893][ T29] 3 locks held by kworker/u4:22/19601: [ 3429.486233][ T29] 3 locks held by kworker/0:3/3062: [ 3429.491492][ T29] #0: ffff88802a870d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 3429.507229][ T29] #1: ffffc90013d5fd20 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 3429.526760][ T29] #2: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0 [ 3429.546009][ T29] 3 locks held by kworker/0:5/3905: [ 3429.551376][ T29] #0: ffff888014c8cd38 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 3429.563142][ T29] #1: ffffc90009b3fd20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 3429.586309][ T29] #2: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 3429.595421][ T29] 3 locks held by kworker/1:7/21200: [ 3429.606001][ T29] #0: ffff88802a870d38 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 3429.625907][ T29] #1: ffffc90009d4fd20 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x825/0x1420 [ 3429.645878][ T29] #2: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 3429.655525][ T29] 1 lock held by syz-executor.0/21648: [ 3429.661624][ T29] #0: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 3429.676355][ T29] 1 lock held by syz-executor.1/21656: [ 3429.681873][ T29] #0: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 3429.696452][ T29] 1 lock held by syz-executor.2/21658: [ 3429.701988][ T29] #0: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 3429.716490][ T29] 1 lock held by syz-executor.3/21657: [ 3429.721995][ T29] #0: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x82c/0x1040 [ 3429.741379][ T29] 2 locks held by syz-executor.0/21834: [ 3429.756057][ T29] #0: ffffffff8f368a50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 [ 3429.765678][ T29] #1: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 [ 3429.785899][ T29] 2 locks held by syz-executor.1/21837: [ 3429.791510][ T29] #0: ffffffff8f368a50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 [ 3429.801697][ T29] #1: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 [ 3429.815966][ T29] 2 locks held by syz-executor.3/21841: [ 3429.821591][ T29] #0: ffffffff8f368a50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 [ 3429.837105][ T29] #1: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 [ 3429.854160][ T29] 2 locks held by syz-executor.2/21843: [ 3429.860267][ T29] #0: ffffffff8f368a50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 [ 3429.876197][ T29] #1: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 [ 3429.885727][ T29] 1 lock held by syz-executor.4/21932: [ 3429.891789][ T29] 3 locks held by syz-executor.4/21935: [ 3429.905916][ T29] 2 locks held by syz-executor.4/21949: [ 3429.911677][ T29] 3 locks held by syz-executor.4/21960: [ 3429.917356][ T29] #0: ffff888025256420 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1b78/0x2b50 [ 3429.927546][ T29] #1: ffff88804fea8960 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: shmem_file_write_iter+0x83/0x120 [ 3429.947461][ T29] #2: ffffffff8e1ef488 (shmem_swaplist_mutex){+.+.}-{3:3}, at: shmem_writepage+0x75d/0x18f0 [ 3429.958202][ T29] 2 locks held by syz-executor.0/21975: [ 3429.963786][ T29] #0: ffffffff8f368a50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 [ 3429.986157][ T29] #1: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 [ 3429.995668][ T29] 2 locks held by syz-executor.1/21979: [ 3430.001833][ T29] #0: ffffffff8f368a50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 [ 3430.015891][ T29] #1: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 [ 3430.025395][ T29] 2 locks held by syz-executor.3/21982: [ 3430.056991][ T29] #0: ffffffff8f368a50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 [ 3430.075889][ T29] #1: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 [ 3430.085408][ T29] 2 locks held by syz-executor.2/21985: [ 3430.116107][ T29] #0: ffffffff8f368a50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c7/0x7b0 [ 3430.125726][ T29] #1: ffffffff8f374fc8 (rtnl_mutex){+.+.}-{3:3}, at: smc_pnet_net_init+0x10a/0x1e0 [ 3430.156058][ T29] 3 locks held by syz-executor.4/22002: [ 3430.161662][ T29] #0: ffff888025256420 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1b78/0x2b50 [ 3430.185982][ T29] #1: ffff88808bb2b0c0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: shmem_file_write_iter+0x83/0x120 [ 3430.205888][ T29] #2: ffffffff8e1ef488 (shmem_swaplist_mutex){+.+.}-{3:3}, at: shmem_writepage+0x75d/0x18f0 [ 3430.216596][ T29] 3 locks held by syz-executor.4/22012: [ 3430.222165][ T29] 3 locks held by syz-executor.4/22016: [ 3430.227835][ T29] #0: ffff888025256420 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1b78/0x2b50 [ 3430.237533][ T29] #1: ffff88808cb9f8f0 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: shmem_file_write_iter+0x83/0x120 [ 3430.249127][ T29] #2: ffffffff8e1ef488 (shmem_swaplist_mutex){+.+.}-{3:3}, at: shmem_writepage+0x75d/0x18f0 [ 3430.259454][ T29] 5 locks held by syz-executor.4/22019: [ 3430.265032][ T29] 2 locks held by syz-executor.4/22022: [ 3430.270686][ T29] 3 locks held by syz-executor.4/22026: [ 3430.277564][ T29] #0: ffff888025256420 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1b78/0x2b50 [ 3430.286973][ T29] #1: ffff8880a975baa0 (&mm->mmap_lock){++++}-{3:3}, at: get_dump_page+0xe1/0x2f0 [ 3430.296428][ T29] #2: ffffffff8e1ef488 (shmem_swaplist_mutex){+.+.}-{3:3}, at: shmem_writepage+0x75d/0x18f0 [ 3430.306766][ T29] 3 locks held by syz-executor.4/22030: [ 3430.312338][ T29] #0: ffff888025256420 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1b78/0x2b50 [ 3430.321843][ T29] #1: ffff8880a53d6540 (&sb->s_type->i_mutex_key#12){+.+.}-{3:3}, at: shmem_file_write_iter+0x83/0x120 [ 3430.345957][ T29] #2: ffffffff8e1ef488 (shmem_swaplist_mutex){+.+.}-{3:3}, at: shmem_writepage+0x75d/0x18f0 [ 3430.356331][ T29] 3 locks held by syz-executor.4/22033: [ 3430.361922][ T29] 3 locks held by syz-executor.4/22037: [ 3430.375925][ T29] #0: ffff888025256420 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1b78/0x2b50 [ 3430.385273][ T29] #1: ffff8880aa3f0b20 (&mm->mmap_lock){++++}-{3:3}, at: get_dump_page+0xe1/0x2f0 [ 3430.415897][ T29] #2: ffffffff8e1ef488 (shmem_swaplist_mutex){+.+.}-{3:3}, at: shmem_writepage+0x75d/0x18f0 [ 3430.442035][ T29] 3 locks held by syz-executor.4/22041: [ 3430.455886][ T29] 3 locks held by syz-executor.4/22053: [ 3430.461487][ T29] 3 locks held by syz-executor.4/22056: [ 3430.475921][ T29] #0: ffff888025256420 (sb_writers#5){.+.+}-{0:0}, at: do_coredump+0x1b78/0x2b50 [ 3430.485291][ T29] #1: ffff88807f430b20 (&mm->mmap_lock){++++}-{3:3}, at: get_dump_page+0xe1/0x2f0 [ 3430.505918][ T29] #2: ffffffff8e1ef488 (shmem_swaplist_mutex){+.+.}-{3:3}, at: shmem_writepage+0x75d/0x18f0 [ 3430.525895][ T29] 2 locks held by syz-executor.4/22059: [ 3430.531506][ T29] 1 lock held by syz-executor.4/22061: [ 3430.545889][ T29] #0: ffffffff8e1ef488 (shmem_swaplist_mutex){+.+.}-{3:3}, at: shmem_writepage+0x75d/0x18f0 [ 3430.565974][ T29] [ 3430.568344][ T29] ============================================= [ 3430.568344][ T29] [ 3430.586020][ T29] NMI backtrace for cpu 1 [ 3430.590419][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted 6.8.0-rc3-syzkaller #0 [ 3430.598517][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3430.608596][ T29] Call Trace: [ 3430.611894][ T29] [ 3430.614850][ T29] dump_stack_lvl+0x1e7/0x2e0 [ 3430.619573][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 3430.624986][ T29] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3430.630232][ T29] ? __pfx__printk+0x10/0x10 [ 3430.634871][ T29] ? vprintk_emit+0x607/0x720 [ 3430.639584][ T29] ? __pfx_vprintk_emit+0x10/0x10 [ 3430.644675][ T29] nmi_cpu_backtrace+0x49c/0x4d0 [ 3430.649672][ T29] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 3430.655264][ T29] ? _printk+0xd5/0x120 [ 3430.659461][ T29] ? __pfx__printk+0x10/0x10 [ 3430.664080][ T29] ? __wake_up_klogd+0xcc/0x110 [ 3430.668968][ T29] ? __pfx__printk+0x10/0x10 [ 3430.673590][ T29] ? __rcu_read_unlock+0xa0/0x110 [ 3430.678646][ T29] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 3430.684665][ T29] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 3430.690713][ T29] watchdog+0xfaf/0xff0 [ 3430.694909][ T29] ? watchdog+0x1e9/0xff0 [ 3430.699279][ T29] ? __pfx_watchdog+0x10/0x10 [ 3430.703987][ T29] kthread+0x2ef/0x390 [ 3430.708081][ T29] ? __pfx_watchdog+0x10/0x10 [ 3430.712816][ T29] ? __pfx_kthread+0x10/0x10 [ 3430.717443][ T29] ret_from_fork+0x4b/0x80 [ 3430.721900][ T29] ? __pfx_kthread+0x10/0x10 [ 3430.726527][ T29] ret_from_fork_asm+0x1b/0x30 [ 3430.731358][ T29] [ 3430.735138][ T29] Sending NMI from CPU 1 to CPUs 0: [ 3430.740457][ C0] NMI backtrace for cpu 0 [ 3430.740468][ C0] CPU: 0 PID: 25432 Comm: kworker/u4:49 Not tainted 6.8.0-rc3-syzkaller #0 [ 3430.740488][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3430.740499][ C0] Workqueue: events_unbound toggle_allocation_gate [ 3430.740530][ C0] RIP: 0010:switch_ldt+0xc6/0x280 [ 3430.740550][ C0] Code: 38 00 74 08 48 89 df e8 58 59 c2 00 4c 0b 2b 0f 85 f1 00 00 00 e8 ea 3d 60 00 48 c7 c0 c0 13 48 94 48 c1 e8 03 42 0f b6 04 38 <84> c0 0f 85 54 01 00 00 8b 1d 5c ea 14 13 31 ff 89 de e8 03 42 60 [ 3430.740565][ C0] RSP: 0018:ffffc9000d1d75e0 EFLAGS: 00000806 [ 3430.740579][ C0] RAX: 0000000000000004 RBX: ffff888014c806c0 RCX: ffff88808c84d940 [ 3430.740593][ C0] RDX: 0000000000000000 RSI: ffff888014c80000 RDI: ffffffff8e21bd80 [ 3430.740605][ C0] RBP: ffffc9000d1d7670 R08: ffff888014c80783 R09: 1ffff110029900f0 [ 3430.740619][ C0] R10: dffffc0000000000 R11: ffffed10029900f1 R12: 1ffff92001a3aebc [ 3430.740633][ C0] R13: 0000000000000000 R14: ffff888014c80000 R15: dffffc0000000000 [ 3430.740646][ C0] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 3430.740661][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 3430.740674][ C0] CR2: 0000001b32922000 CR3: 0000000014c7a000 CR4: 00000000003506f0 [ 3430.740689][ C0] Call Trace: [ 3430.740696][ C0] [ 3430.740703][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 3430.740730][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 3430.740757][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 3430.740784][ C0] ? nmi_handle+0x2a/0x580 [ 3430.740809][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 3430.740830][ C0] ? nmi_handle+0x14f/0x580 [ 3430.740847][ C0] ? nmi_handle+0x2a/0x580 [ 3430.740864][ C0] ? switch_ldt+0xc6/0x280 [ 3430.740880][ C0] ? default_do_nmi+0x63/0x160 [ 3430.740897][ C0] ? exc_nmi+0x121/0x210 [ 3430.740913][ C0] ? end_repeat_nmi+0xf/0x60 [ 3430.740946][ C0] ? switch_ldt+0xc6/0x280 [ 3430.740963][ C0] ? switch_ldt+0xc6/0x280 [ 3430.740980][ C0] ? switch_ldt+0xc6/0x280 [ 3430.740998][ C0] [ 3430.741003][ C0] [ 3430.741009][ C0] ? __pfx_switch_ldt+0x10/0x10 [ 3430.741028][ C0] ? rcu_is_watching+0x15/0xb0 [ 3430.741056][ C0] switch_mm_irqs_off+0x84d/0xae0 [ 3430.741106][ C0] ? __pfx_switch_mm_irqs_off+0x10/0x10 [ 3430.741132][ C0] ? do_raw_spin_unlock+0x13b/0x8b0 [ 3430.741154][ C0] ? walk_to_pmd+0x19b/0x240 [ 3430.741172][ C0] ? __kmalloc_node_track_caller+0x125/0x4e0 [ 3430.741193][ C0] ? rcu_is_watching+0x15/0xb0 [ 3430.741220][ C0] __text_poke+0x719/0xd30 [ 3430.741239][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 3430.741260][ C0] ? __kmalloc_node_track_caller+0x125/0x4e0 [ 3430.741290][ C0] ? __pfx_text_poke_memcpy+0x10/0x10 [ 3430.741311][ C0] ? __pfx___text_poke+0x10/0x10 [ 3430.741330][ C0] ? kmem_cache_alloc_bulk+0x16c/0x780 [ 3430.741355][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 3430.741379][ C0] ? __pfx_perf_event_text_poke+0x10/0x10 [ 3430.741397][ C0] ? __mutex_trylock_common+0x182/0x2e0 [ 3430.741417][ C0] ? __pfx___might_resched+0x10/0x10 [ 3430.741445][ C0] text_poke_bp_batch+0x8cd/0xb30 [ 3430.741472][ C0] ? kmem_cache_alloc_bulk+0x16d/0x780 [ 3430.741494][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 3430.741530][ C0] ? arch_jump_label_transform_queue+0x9b/0x100 [ 3430.741559][ C0] text_poke_finish+0x30/0x50 [ 3430.741578][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 3430.741601][ C0] static_key_enable_cpuslocked+0x136/0x260 [ 3430.741625][ C0] static_key_enable+0x1a/0x20 [ 3430.741646][ C0] toggle_allocation_gate+0xb5/0x250 [ 3430.741672][ C0] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 3430.741699][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 3430.741731][ C0] ? process_scheduled_works+0x825/0x1420 [ 3430.741768][ C0] process_scheduled_works+0x913/0x1420 [ 3430.741807][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 3430.741836][ C0] ? assign_work+0x364/0x3d0 [ 3430.741862][ C0] worker_thread+0xa5f/0x1000 [ 3430.741898][ C0] ? __pfx_worker_thread+0x10/0x10 [ 3430.741922][ C0] kthread+0x2ef/0x390 [ 3430.741939][ C0] ? __pfx_worker_thread+0x10/0x10 [ 3430.741962][ C0] ? __pfx_kthread+0x10/0x10 [ 3430.741979][ C0] ret_from_fork+0x4b/0x80 [ 3430.742001][ C0] ? __pfx_kthread+0x10/0x10 [ 3430.742019][ C0] ret_from_fork_asm+0x1b/0x30 [ 3430.742050][ C0] [ 3431.167743][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 3431.174644][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted 6.8.0-rc3-syzkaller #0 [ 3431.182740][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 [ 3431.192836][ T29] Call Trace: [ 3431.196157][ T29] [ 3431.199114][ T29] dump_stack_lvl+0x1e7/0x2e0 [ 3431.204024][ T29] ? __pfx_dump_stack_lvl+0x10/0x10 [ 3431.209268][ T29] ? __pfx__printk+0x10/0x10 [ 3431.213901][ T29] ? lockdep_hardirqs_on_prepare+0x43c/0x780 [ 3431.219942][ T29] ? vscnprintf+0x5d/0x90 [ 3431.224318][ T29] panic+0x349/0x860 [ 3431.228253][ T29] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 3431.234444][ T29] ? __pfx_panic+0x10/0x10 [ 3431.238897][ T29] ? tick_nohz_tick_stopped+0x7b/0xc0 [ 3431.244308][ T29] ? __irq_work_queue_local+0x137/0x3e0 [ 3431.249923][ T29] ? preempt_schedule_thunk+0x1a/0x30 [ 3431.255323][ T29] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 3431.261521][ T29] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 3431.267730][ T29] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 3431.273933][ T29] watchdog+0xfee/0xff0 [ 3431.278139][ T29] ? watchdog+0x1e9/0xff0 [ 3431.282511][ T29] ? __pfx_watchdog+0x10/0x10 [ 3431.287224][ T29] kthread+0x2ef/0x390 [ 3431.291340][ T29] ? __pfx_watchdog+0x10/0x10 [ 3431.296056][ T29] ? __pfx_kthread+0x10/0x10 [ 3431.300673][ T29] ret_from_fork+0x4b/0x80 [ 3431.305129][ T29] ? __pfx_kthread+0x10/0x10 [ 3431.309753][ T29] ret_from_fork_asm+0x1b/0x30 [ 3431.314569][ T29] [ 3431.318023][ T29] Kernel Offset: disabled [ 3431.322353][ T29] Rebooting in 86400 seconds..