d0/0x1d0 [ 1143.712717][T32260] ? __rcu_read_lock+0x50/0x50 [ 1143.717442][T32260] ? check_stack_object+0x5a/0x90 [ 1143.722435][T32260] ? _copy_from_user+0xa4/0xe0 [ 1143.727164][T32260] ? rw_copy_check_uvector+0x2b3/0x310 [ 1143.732588][T32260] ? import_iovec+0x1c2/0x380 [ 1143.737226][T32260] ? dup_iter+0x110/0x110 [ 1143.741516][T32260] ? do_vfs_ioctl+0x780/0x1750 [ 1143.746247][T32260] __se_sys_vmsplice+0x1fb/0x300 [ 1143.751157][T32260] ? __x64_sys_vmsplice+0xa0/0xa0 [ 1143.756161][T32260] ? put_timespec64+0x109/0x150 [ 1143.760978][T32260] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1143.766588][T32260] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 1143.772283][T32260] do_syscall_64+0xcb/0x150 [ 1143.776756][T32260] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1143.782618][T32260] RIP: 0033:0x45c849 [ 1143.786486][T32260] Code: Bad RIP value. [ 1143.790517][T32260] RSP: 002b:00007fbaa8d97c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 1143.798891][T32260] RAX: ffffffffffffffda RBX: 00007fbaa8d986d4 RCX: 000000000045c849 [ 1143.806828][T32260] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003 [ 1143.814765][T32260] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1143.822714][T32260] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1143.830658][T32260] R13: 0000000000000c47 R14: 00000000004ce688 R15: 000000000076bfac [ 1143.846146][T32260] Mem-Info: [ 1143.849943][T32260] active_anon:1442152 inactive_anon:4691 isolated_anon:0 [ 1143.849943][T32260] active_file:143 inactive_file:162 isolated_file:41 [ 1143.849943][T32260] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1143.849943][T32260] slab_reclaimable:7320 slab_unreclaimable:72263 [ 1143.849943][T32260] mapped:55331 shmem:4764 pagetables:29089 bounce:0 [ 1143.849943][T32260] free:10104 free_pcp:523 free_cma:0 [ 1143.888079][T32260] Node 0 active_anon:5768608kB inactive_anon:18764kB active_file:572kB inactive_file:648kB unevictable:0kB isolated(anon):0kB isolated(file):164kB mapped:221324kB dirty:0kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1143.912943][T32260] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1143.946972][T32260] lowmem_reserve[]: 0 2912 6416 6416 [ 1143.952691][T32260] DMA32 free:19284kB min:4644kB low:7624kB high:10604kB active_anon:2843912kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6464kB pagetables:19844kB bounce:0kB free_pcp:40kB local_pcp:0kB free_cma:0kB [ 1144.006603][T32260] lowmem_reserve[]: 0 0 3504 3504 [ 1144.011878][T32260] Normal free:5532kB min:5592kB low:9180kB high:12768kB active_anon:2924696kB inactive_anon:18760kB active_file:168kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29024kB pagetables:96512kB bounce:0kB free_pcp:388kB local_pcp:0kB free_cma:0kB [ 1144.048126][T32260] lowmem_reserve[]: 0 0 0 0 [ 1144.052832][T32260] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1144.066491][T32260] DMA32: 114*4kB (MH) 96*8kB (UMH) 75*16kB (UMH) 18*32kB (UMH) 8*64kB (MEH) 47*128kB (UMH) 20*256kB (M) 8*512kB (ME) 1*1024kB (U) 0*2048kB 0*4096kB = 19768kB [ 1144.082675][T32260] Normal: 126*4kB (UME) 39*8kB (ME) 57*16kB (UME) 29*32kB (UME) 3*64kB (M) 8*128kB (UM) 2*256kB (UM) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 5920kB [ 1144.098577][T32260] 5129 total pagecache pages [ 1144.103489][T32260] 0 pages in swap cache [ 1144.117722][T32260] Swap cache stats: add 0, delete 0, find 0/0 [ 1144.124099][T32260] Free swap = 0kB [ 1144.128120][T32260] Total swap = 0kB [ 1144.132141][T32260] 1965979 pages RAM [ 1144.136198][T32260] 0 pages HighMem/MovableOnly [ 1144.141183][T32260] 318832 pages reserved [ 1144.145605][T32260] 0 pages cma reserved [ 1144.151034][T32260] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=32257,uid=0 [ 1144.281235][ T204] systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1144.292516][ T204] CPU: 0 PID: 204 Comm: systemd-journal Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1144.302574][ T204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1144.312635][ T204] Call Trace: [ 1144.315915][ T204] dump_stack+0x14a/0x1ce [ 1144.320227][ T204] ? devkmsg_release+0x11c/0x11c [ 1144.325133][ T204] ? show_regs_print_info+0x12/0x12 [ 1144.330300][ T204] ? radix_tree_cpu_dead+0x160/0x160 [ 1144.335553][ T204] ? _raw_spin_lock+0xa1/0x170 [ 1144.340296][ T204] ? _raw_spin_trylock_bh+0x190/0x190 [ 1144.345666][ T204] dump_header+0xdb/0x700 [ 1144.349964][ T204] oom_kill_process+0xd3/0x280 [ 1144.354697][ T204] out_of_memory+0x5b6/0x890 [ 1144.359271][ T204] ? unregister_oom_notifier+0x20/0x20 [ 1144.364699][ T204] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1144.370213][ T204] ? get_page_from_freelist+0x7c0/0x7c0 [ 1144.375728][ T204] ? __zone_watermark_ok+0x96/0x260 [ 1144.380910][ T204] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1144.386254][ T204] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1144.391774][ T204] ? __secure_computing+0x250/0x250 [ 1144.396941][ T204] alloc_slab_page+0x3a/0x3a0 [ 1144.401589][ T204] new_slab+0x3ef/0x430 [ 1144.405715][ T204] ___slab_alloc+0x2e0/0x450 [ 1144.410278][ T204] ? slab_free_freelist_hook+0xd0/0x140 [ 1144.415795][ T204] ? getname_flags+0xb8/0x610 [ 1144.420444][ T204] ? getname_flags+0xb8/0x610 [ 1144.425089][ T204] kmem_cache_alloc+0x23c/0x260 [ 1144.429917][ T204] ? __secure_computing+0x1b6/0x250 [ 1144.435086][ T204] getname_flags+0xb8/0x610 [ 1144.439585][ T204] do_mkdirat+0xa1/0x310 [ 1144.443801][ T204] ? do_syscall_64+0x150/0x150 [ 1144.448537][ T204] ? vfs_mkdir+0x30/0x30 [ 1144.452753][ T204] do_syscall_64+0xcb/0x150 [ 1144.457227][ T204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1144.463091][ T204] RIP: 0033:0x7fd3095a3687 [ 1144.467479][ T204] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 1144.487052][ T204] RSP: 002b:00007ffd91e74338 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 [ 1144.495537][ T204] RAX: ffffffffffffffda RBX: 00007ffd91e77250 RCX: 00007fd3095a3687 [ 1144.503480][ T204] RDX: 00007fd30a014a00 RSI: 00000000000001ed RDI: 000055651cfd78c0 [ 1144.511419][ T204] RBP: 00007ffd91e74370 R08: 0000000000000000 R09: 0000000000000000 [ 1144.519373][ T204] R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000 [ 1144.527328][ T204] R13: 0000000000000000 R14: 00007ffd91e77250 R15: 00007ffd91e74860 [ 1144.536415][ T204] Mem-Info: [ 1144.539544][ T204] active_anon:1441762 inactive_anon:4691 isolated_anon:0 [ 1144.539544][ T204] active_file:427 inactive_file:443 isolated_file:60 [ 1144.539544][ T204] unevictable:0 dirty:6 writeback:0 unstable:0 [ 1144.539544][ T204] slab_reclaimable:7320 slab_unreclaimable:72197 [ 1144.539544][ T204] mapped:55915 shmem:4764 pagetables:29057 bounce:0 [ 1144.539544][ T204] free:10250 free_pcp:318 free_cma:0 [ 1144.596533][ T204] Node 0 active_anon:5767056kB inactive_anon:18764kB active_file:1048kB inactive_file:1644kB unevictable:0kB isolated(anon):0kB isolated(file):232kB mapped:222800kB dirty:52kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1144.626318][ T204] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1144.667205][ T204] lowmem_reserve[]: 0 2912 6416 6416 [ 1144.672806][ T204] DMA32 free:19852kB min:4644kB low:7624kB high:10604kB active_anon:2842928kB inactive_anon:4kB active_file:216kB inactive_file:416kB unevictable:0kB writepending:24kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6272kB pagetables:19724kB bounce:0kB free_pcp:1572kB local_pcp:1236kB free_cma:0kB [ 1144.701993][ T204] lowmem_reserve[]: 0 0 3504 3504 [ 1144.707974][ T204] Normal free:6524kB min:5592kB low:9180kB high:12768kB active_anon:2924128kB inactive_anon:18760kB active_file:324kB inactive_file:456kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29024kB pagetables:96504kB bounce:0kB free_pcp:704kB local_pcp:680kB free_cma:0kB [ 1144.737491][ T204] lowmem_reserve[]: 0 0 0 0 [ 1144.742033][ T204] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1144.755445][ T204] DMA32: 19*4kB (H) 40*8kB (UH) 66*16kB (UH) 17*32kB (UMH) 11*64kB (UEH) 44*128kB (UMH) 20*256kB (M) 8*512kB (ME) 1*1024kB (U) 0*2048kB 0*4096kB = 18572kB [ 1144.771107][ T204] Normal: 84*4kB (ME) 18*8kB (ME) 31*16kB (UME) 34*32kB (UME) 4*64kB (M) 8*128kB (UM) 2*256kB (UM) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 5392kB [ 1144.793277][ T204] 5674 total pagecache pages [ 1144.803161][ T204] 0 pages in swap cache [ 1144.816268][ T204] Swap cache stats: add 0, delete 0, find 0/0 [ 1144.826356][ T204] Free swap = 0kB [ 1144.830204][ T204] Total swap = 0kB [ 1144.844049][ T204] 1965979 pages RAM [ 1144.847964][ T204] 0 pages HighMem/MovableOnly [ 1144.852628][ T204] 318832 pages reserved [ 1144.866277][ T204] 0 pages cma reserved [ 1144.870378][ T204] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=32272,uid=0 [ 1144.902677][ T204] Out of memory: Killed process 32272 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:34752kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:05:14 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() gettid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:14 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) r3 = getegid() setgid(r3) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000480)={r5}, 0xc) ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000180)=0x500c) [ 1147.393643][T32275] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1147.432954][T32275] CPU: 0 PID: 32275 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1147.443112][T32275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1147.453152][T32275] Call Trace: [ 1147.456427][T32275] dump_stack+0x14a/0x1ce [ 1147.460740][T32275] ? devkmsg_release+0x11c/0x11c [ 1147.465654][T32275] ? show_regs_print_info+0x12/0x12 [ 1147.470821][T32275] ? radix_tree_cpu_dead+0x160/0x160 [ 1147.476071][T32275] ? _raw_spin_lock+0xa1/0x170 [ 1147.480810][T32275] ? _raw_spin_trylock_bh+0x190/0x190 [ 1147.486255][T32275] dump_header+0xdb/0x700 [ 1147.490554][T32275] oom_kill_process+0xd3/0x280 [ 1147.495289][T32275] out_of_memory+0x5b6/0x890 [ 1147.499849][T32275] ? unregister_oom_notifier+0x20/0x20 [ 1147.505286][T32275] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1147.510811][T32275] ? get_page_from_freelist+0x7c0/0x7c0 [ 1147.516324][T32275] ? __zone_watermark_ok+0x96/0x260 [ 1147.521488][T32275] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1147.526854][T32275] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1147.532363][T32275] ? copy_process+0x5a4/0x5150 [ 1147.537093][T32275] ? kmem_cache_alloc+0x1d2/0x260 [ 1147.542080][T32275] copy_process+0x5f3/0x5150 [ 1147.546636][T32275] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 1147.552155][T32275] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 1147.558188][T32275] ? fork_idle+0x290/0x290 [ 1147.562571][T32275] _do_fork+0x196/0x920 [ 1147.566691][T32275] ? switch_mm+0x100/0x100 [ 1147.571071][T32275] ? dup_mm+0x300/0x300 [ 1147.575196][T32275] __x64_sys_clone+0x25f/0x2c0 [ 1147.579939][T32275] ? __ia32_sys_vfork+0x110/0x110 [ 1147.584928][T32275] ? __fpregs_load_activate+0x2d3/0x390 [ 1147.590444][T32275] do_syscall_64+0xcb/0x150 [ 1147.594920][T32275] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1147.600792][T32275] RIP: 0033:0x45f219 [ 1147.604667][T32275] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1147.624256][T32275] RSP: 002b:00007fff19d28aa8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1147.632642][T32275] RAX: ffffffffffffffda RBX: 00007fbaa8d77700 RCX: 000000000045f219 [ 1147.640580][T32275] RDX: 00007fbaa8d779d0 RSI: 00007fbaa8d76db0 RDI: 00000000003d0f00 [ 1147.648522][T32275] RBP: 00007fff19d28cc0 R08: 00007fbaa8d77700 R09: 00007fbaa8d77700 [ 1147.656466][T32275] R10: 00007fbaa8d779d0 R11: 0000000000000202 R12: 0000000000000000 [ 1147.664407][T32275] R13: 00007fff19d28b5f R14: 00007fbaa8d779c0 R15: 000000000076c04c [ 1147.679384][T32275] Mem-Info: [ 1147.685307][T32275] active_anon:1441963 inactive_anon:4691 isolated_anon:0 [ 1147.685307][T32275] active_file:301 inactive_file:378 isolated_file:64 [ 1147.685307][T32275] unevictable:0 dirty:10 writeback:0 unstable:0 [ 1147.685307][T32275] slab_reclaimable:7317 slab_unreclaimable:72411 [ 1147.685307][T32275] mapped:55674 shmem:4764 pagetables:29056 bounce:0 [ 1147.685307][T32275] free:9839 free_pcp:564 free_cma:0 [ 1147.723993][T32275] Node 0 active_anon:5767852kB inactive_anon:18764kB active_file:400kB inactive_file:1788kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:221496kB dirty:40kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1147.750157][T32275] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1147.776964][T32275] lowmem_reserve[]: 0 2912 6416 6416 [ 1147.782885][T32275] DMA32 free:18836kB min:4644kB low:7624kB high:10604kB active_anon:2845732kB inactive_anon:8kB active_file:36kB inactive_file:0kB unevictable:0kB writepending:4kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6304kB pagetables:19604kB bounce:0kB free_pcp:904kB local_pcp:420kB free_cma:0kB [ 1147.812335][T32275] lowmem_reserve[]: 0 0 3504 3504 [ 1147.817508][T32275] Normal free:5764kB min:5592kB low:9180kB high:12768kB active_anon:2922140kB inactive_anon:18756kB active_file:44kB inactive_file:756kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29056kB pagetables:96620kB bounce:0kB free_pcp:1352kB local_pcp:968kB free_cma:0kB [ 1147.861369][T32275] lowmem_reserve[]: 0 0 0 0 [ 1147.866708][T32275] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1147.880154][T32275] DMA32: 68*4kB (UH) 49*8kB (UH) 55*16kB (UH) 24*32kB (UMH) 16*64kB (UH) 43*128kB (UMH) 21*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 18312kB [ 1147.897141][T32275] Normal: 94*4kB (ME) 38*8kB (ME) 25*16kB (UME) 55*32kB (UME) 10*64kB (UM) 15*128kB (UM) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5656kB [ 1147.912138][T32275] 5023 total pagecache pages [ 1147.916896][T32275] 0 pages in swap cache [ 1147.921034][T32275] Swap cache stats: add 0, delete 0, find 0/0 [ 1147.927216][T32275] Free swap = 0kB [ 1147.930921][T32275] Total swap = 0kB [ 1147.934608][T32275] 1965979 pages RAM [ 1147.938439][T32275] 0 pages HighMem/MovableOnly [ 1147.943111][T32275] 318832 pages reserved [ 1147.947297][T32275] 0 pages cma reserved [ 1147.951352][T32275] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=28645,uid=0 [ 1147.965448][T32275] Out of memory: Killed process 28645 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1147.986413][ T23] oom_reaper: reaped process 28645 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:05:17 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() gettid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0xc) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x1) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0xfffffffffffffff5, 0x8, {0xffffffff}}, 0x18) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:17 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) r3 = getegid() setgid(r3) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000480)={r5}, 0xc) ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000180)=0x500c) 03:05:18 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) r3 = getegid() setgid(r3) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000480)={r5}, 0xc) ioctl$FIBMAP(0xffffffffffffffff, 0x1, &(0x7f0000000180)=0x500c) 03:05:18 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() gettid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r2}], 0x1, 0x0) fcntl$getflags(r2, 0x40a) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1151.079280][T32309] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1151.118820][T32309] CPU: 1 PID: 32309 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1151.128978][T32309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1151.139002][T32309] Call Trace: [ 1151.142305][T32309] dump_stack+0x14a/0x1ce [ 1151.146603][T32309] ? devkmsg_release+0x11c/0x11c [ 1151.151509][T32309] ? show_regs_print_info+0x12/0x12 [ 1151.156674][T32309] ? radix_tree_cpu_dead+0x160/0x160 [ 1151.161926][T32309] ? _raw_spin_lock+0xa1/0x170 [ 1151.166656][T32309] ? _raw_spin_trylock_bh+0x190/0x190 [ 1151.171995][T32309] dump_header+0xdb/0x700 [ 1151.176291][T32309] oom_kill_process+0xd3/0x280 [ 1151.181024][T32309] out_of_memory+0x5b6/0x890 [ 1151.185578][T32309] ? unregister_oom_notifier+0x20/0x20 [ 1151.191004][T32309] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1151.196616][T32309] ? unwind_get_return_address+0x48/0x90 [ 1151.202247][T32309] ? get_page_from_freelist+0x7c0/0x7c0 [ 1151.207778][T32309] ? __zone_watermark_ok+0x96/0x260 [ 1151.212949][T32309] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1151.218292][T32309] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1151.223805][T32309] ? copy_process+0x5a4/0x5150 [ 1151.228535][T32309] ? kmem_cache_alloc+0x1d2/0x260 [ 1151.233529][T32309] copy_process+0x5f3/0x5150 [ 1151.238091][T32309] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 1151.243635][T32309] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 1151.249709][T32309] ? fork_idle+0x290/0x290 [ 1151.254097][T32309] _do_fork+0x196/0x920 [ 1151.258222][T32309] ? switch_mm+0x100/0x100 [ 1151.262606][T32309] ? dup_mm+0x300/0x300 [ 1151.266728][T32309] __x64_sys_clone+0x25f/0x2c0 [ 1151.271484][T32309] ? __ia32_sys_vfork+0x110/0x110 [ 1151.276481][T32309] ? __fpregs_load_activate+0x2d3/0x390 [ 1151.281995][T32309] do_syscall_64+0xcb/0x150 [ 1151.286466][T32309] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1151.292357][T32309] RIP: 0033:0x45f219 [ 1151.296236][T32309] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1151.316075][T32309] RSP: 002b:00007fff19d28aa8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1151.324468][T32309] RAX: ffffffffffffffda RBX: 00007fbaa8d77700 RCX: 000000000045f219 [ 1151.332405][T32309] RDX: 00007fbaa8d779d0 RSI: 00007fbaa8d76db0 RDI: 00000000003d0f00 [ 1151.340345][T32309] RBP: 00007fff19d28cc0 R08: 00007fbaa8d77700 R09: 00007fbaa8d77700 [ 1151.348287][T32309] R10: 00007fbaa8d779d0 R11: 0000000000000202 R12: 0000000000000000 [ 1151.356244][T32309] R13: 00007fff19d28b5f R14: 00007fbaa8d779c0 R15: 000000000076c04c [ 1151.365501][T32309] Mem-Info: [ 1151.369265][T32309] active_anon:1442002 inactive_anon:4691 isolated_anon:0 [ 1151.369265][T32309] active_file:59 inactive_file:197 isolated_file:27 [ 1151.369265][T32309] unevictable:0 dirty:5 writeback:0 unstable:0 [ 1151.369265][T32309] slab_reclaimable:7318 slab_unreclaimable:72315 [ 1151.369265][T32309] mapped:55217 shmem:4764 pagetables:29125 bounce:0 [ 1151.369265][T32309] free:10628 free_pcp:44 free_cma:0 [ 1151.407526][T32309] Node 0 active_anon:5768028kB inactive_anon:18764kB active_file:312kB inactive_file:916kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:220832kB dirty:0kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1151.432342][T32309] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1151.458762][T32309] lowmem_reserve[]: 0 2912 6416 6416 [ 1151.464691][T32309] DMA32 free:20376kB min:4644kB low:7624kB high:10604kB active_anon:2843468kB inactive_anon:8kB active_file:8kB inactive_file:120kB unevictable:0kB writepending:8kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6464kB pagetables:19912kB bounce:0kB free_pcp:144kB local_pcp:132kB free_cma:0kB [ 1151.494204][T32309] lowmem_reserve[]: 0 0 3504 3504 [ 1151.500491][T32309] Normal free:5612kB min:5592kB low:9180kB high:12768kB active_anon:2924560kB inactive_anon:18756kB active_file:304kB inactive_file:396kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29120kB pagetables:96628kB bounce:0kB free_pcp:480kB local_pcp:388kB free_cma:0kB [ 1151.530582][T32309] lowmem_reserve[]: 0 0 0 0 [ 1151.535892][T32309] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1151.552508][T32309] DMA32: 26*4kB (H) 19*8kB (UH) 101*16kB (MH) 26*32kB (UMH) 15*64kB (UMH) 45*128kB (UMH) 21*256kB (M) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 18896kB [ 1151.581448][T32309] Normal: 206*4kB (UME) 113*8kB (UME) 46*16kB (UME) 13*32kB (ME) 7*64kB (M) 7*128kB (M) 0*256kB 3*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 5760kB [ 1151.596460][T32309] 5332 total pagecache pages [ 1151.601697][T32309] 0 pages in swap cache [ 1151.605982][T32309] Swap cache stats: add 0, delete 0, find 0/0 [ 1151.612170][T32309] Free swap = 0kB [ 1151.616118][T32309] Total swap = 0kB [ 1151.625351][T32309] 1965979 pages RAM [ 1151.630485][T32309] 0 pages HighMem/MovableOnly [ 1151.635628][T32309] 318832 pages reserved [ 1151.640251][T32309] 0 pages cma reserved [ 1151.645009][T32309] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=32308,uid=0 [ 1151.699123][ T252] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1151.710109][ T252] CPU: 1 PID: 252 Comm: in:imklog Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1151.719635][ T252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1151.729655][ T252] Call Trace: [ 1151.732913][ T252] dump_stack+0x14a/0x1ce [ 1151.737223][ T252] ? devkmsg_release+0x11c/0x11c [ 1151.742127][ T252] ? show_regs_print_info+0x12/0x12 [ 1151.747299][ T252] ? radix_tree_cpu_dead+0x160/0x160 [ 1151.752558][ T252] ? _raw_spin_lock+0xa1/0x170 [ 1151.757330][ T252] ? _raw_spin_trylock_bh+0x190/0x190 [ 1151.762676][ T252] dump_header+0xdb/0x700 [ 1151.766973][ T252] oom_kill_process+0xd3/0x280 [ 1151.771701][ T252] out_of_memory+0x5b6/0x890 [ 1151.776256][ T252] ? unregister_oom_notifier+0x20/0x20 [ 1151.781688][ T252] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1151.787196][ T252] ? get_page_from_freelist+0x7c0/0x7c0 [ 1151.792722][ T252] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1151.798063][ T252] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1151.803570][ T252] pagecache_get_page+0x50f/0x880 [ 1151.808559][ T252] filemap_fault+0x1474/0x19d0 [ 1151.813304][ T252] ? generic_file_read_iter+0x20b0/0x20b0 [ 1151.818989][ T252] ext4_filemap_fault+0x7b/0x90 [ 1151.823807][ T252] handle_mm_fault+0x2846/0x40b0 [ 1151.828709][ T252] ? finish_fault+0x230/0x230 [ 1151.833353][ T252] ? vmacache_find+0x205/0x4b0 [ 1151.838080][ T252] do_user_addr_fault+0x48a/0x9f0 [ 1151.843095][ T252] page_fault+0x2f/0x40 [ 1151.847215][ T252] RIP: 0033:0x55b29754f290 [ 1151.851606][ T252] Code: Bad RIP value. [ 1151.855638][ T252] RSP: 002b:00007f01ddb95478 EFLAGS: 00010202 [ 1151.861667][ T252] RAX: 0000000000000000 RBX: 00007f01d000c350 RCX: 00007f01d000c46c [ 1151.869603][ T252] RDX: 0000000000000000 RSI: 000055b29956afb0 RDI: 000055b29956afb0 [ 1151.877538][ T252] RBP: 000055b29956afb0 R08: 00007f01df3838da R09: a3d70a3d70a3d70b [ 1151.885517][ T252] R10: 2ce33e6c02ce33e7 R11: 00007f01ddb953d0 R12: 00007f01ddb95da0 [ 1151.893456][ T252] R13: 00007f01ddb95da3 R14: 0000000000001f9f R15: 00007f01ddb95e2b [ 1151.901785][ T252] Mem-Info: [ 1151.905264][ T252] active_anon:1442082 inactive_anon:4691 isolated_anon:0 [ 1151.905264][ T252] active_file:77 inactive_file:175 isolated_file:32 [ 1151.905264][ T252] unevictable:0 dirty:2 writeback:0 unstable:0 [ 1151.905264][ T252] slab_reclaimable:7317 slab_unreclaimable:72310 [ 1151.905264][ T252] mapped:55266 shmem:4764 pagetables:29135 bounce:0 [ 1151.905264][ T252] free:10496 free_pcp:146 free_cma:0 [ 1151.942949][ T252] Node 0 active_anon:5768388kB inactive_anon:18764kB active_file:216kB inactive_file:240kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:220452kB dirty:24kB writeback:8kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1151.967258][ T252] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1151.993290][ T252] lowmem_reserve[]: 0 2912 6416 6416 [ 1151.998664][ T252] DMA32 free:19680kB min:4644kB low:7624kB high:10604kB active_anon:2843772kB inactive_anon:8kB active_file:124kB inactive_file:1232kB unevictable:0kB writepending:32kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6432kB pagetables:19912kB bounce:0kB free_pcp:120kB local_pcp:0kB free_cma:0kB [ 1152.027875][ T252] lowmem_reserve[]: 0 0 3504 3504 [ 1152.032995][ T252] Normal free:5324kB min:5592kB low:9180kB high:12768kB active_anon:2924616kB inactive_anon:18756kB active_file:344kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29120kB pagetables:96752kB bounce:0kB free_pcp:1168kB local_pcp:460kB free_cma:0kB [ 1152.062711][ T252] lowmem_reserve[]: 0 0 0 0 [ 1152.067642][ T252] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1152.081504][ T252] DMA32: 70*4kB (UMH) 37*8kB (UMH) 55*16kB (UMH) 31*32kB (UMH) 15*64kB (UMH) 45*128kB (UMH) 21*256kB (M) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 18640kB [ 1152.097072][ T252] Normal: 282*4kB (UME) 154*8kB (UME) 46*16kB (UME) 15*32kB (UME) 7*64kB (UM) 7*128kB (UM) 0*256kB 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 6456kB [ 1152.111998][ T252] 4800 total pagecache pages [ 1152.116659][ T252] 0 pages in swap cache [ 1152.120957][ T252] Swap cache stats: add 0, delete 0, find 0/0 [ 1152.127097][ T252] Free swap = 0kB [ 1152.130856][ T252] Total swap = 0kB [ 1152.134625][ T252] 1965979 pages RAM [ 1152.138482][ T252] 0 pages HighMem/MovableOnly [ 1152.143191][ T252] 318832 pages reserved [ 1152.147386][ T252] 0 pages cma reserved [ 1152.151494][ T252] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=32321,uid=0 [ 1152.165610][ T252] Out of memory: Killed process 32321 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34736kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1152.184743][ T23] oom_reaper: reaped process 32321 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:05:20 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() gettid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1155.376809][ T204] systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1155.388216][ T204] CPU: 0 PID: 204 Comm: systemd-journal Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1155.398271][ T204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1155.408342][ T204] Call Trace: [ 1155.411606][ T204] dump_stack+0x14a/0x1ce [ 1155.415904][ T204] ? devkmsg_release+0x11c/0x11c [ 1155.420810][ T204] ? show_regs_print_info+0x12/0x12 [ 1155.425986][ T204] ? radix_tree_cpu_dead+0x160/0x160 [ 1155.431240][ T204] ? _raw_spin_lock+0xa1/0x170 [ 1155.435982][ T204] ? _raw_spin_trylock_bh+0x190/0x190 [ 1155.441334][ T204] dump_header+0xdb/0x700 [ 1155.445638][ T204] oom_kill_process+0xd3/0x280 [ 1155.450385][ T204] out_of_memory+0x5b6/0x890 [ 1155.454954][ T204] ? unregister_oom_notifier+0x20/0x20 [ 1155.460399][ T204] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1155.465921][ T204] ? get_page_from_freelist+0x7c0/0x7c0 [ 1155.471437][ T204] ? __zone_watermark_ok+0x96/0x260 [ 1155.476701][ T204] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1155.482051][ T204] ? __kasan_kmalloc+0x12c/0x1c0 [ 1155.486979][ T204] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1155.492501][ T204] alloc_slab_page+0x3a/0x3a0 [ 1155.497154][ T204] new_slab+0x3ef/0x430 [ 1155.501303][ T204] ? should_fail+0x18e/0x860 [ 1155.505879][ T204] ___slab_alloc+0x2e0/0x450 [ 1155.510440][ T204] ? getname_flags+0xb8/0x610 [ 1155.515094][ T204] ? getname_flags+0xb8/0x610 [ 1155.519868][ T204] kmem_cache_alloc+0x23c/0x260 [ 1155.524698][ T204] getname_flags+0xb8/0x610 [ 1155.529173][ T204] ? security_prepare_creds+0x197/0x220 [ 1155.534690][ T204] user_path_at_empty+0x28/0x50 [ 1155.539519][ T204] do_faccessat+0x306/0x800 [ 1155.544003][ T204] ? __ia32_sys_fallocate+0x100/0x100 [ 1155.549349][ T204] do_syscall_64+0xcb/0x150 [ 1155.553835][ T204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1155.559701][ T204] RIP: 0033:0x7fd3095a39c7 [ 1155.564197][ T204] Code: Bad RIP value. [ 1155.568235][ T204] RSP: 002b:00007ffd91e74338 EFLAGS: 00000246 ORIG_RAX: 0000000000000015 [ 1155.576615][ T204] RAX: ffffffffffffffda RBX: 00007ffd91e77250 RCX: 00007fd3095a39c7 [ 1155.584566][ T204] RDX: 00007fd30a014a00 RSI: 0000000000000000 RDI: 000055651bb229a3 [ 1155.592515][ T204] RBP: 00007ffd91e74370 R08: 0000000000000000 R09: 0000000000000000 [ 1155.600506][ T204] R10: 0000000000000069 R11: 0000000000000246 R12: 0000000000000000 [ 1155.608453][ T204] R13: 0000000000000000 R14: 00007ffd91e77250 R15: 00007ffd91e74860 [ 1155.616509][ T204] Mem-Info: [ 1155.619617][ T204] active_anon:1440166 inactive_anon:4691 isolated_anon:0 [ 1155.619617][ T204] active_file:80 inactive_file:2159 isolated_file:0 [ 1155.619617][ T204] unevictable:0 dirty:1 writeback:0 unstable:0 [ 1155.619617][ T204] slab_reclaimable:7311 slab_unreclaimable:72471 [ 1155.619617][ T204] mapped:56525 shmem:4764 pagetables:29103 bounce:0 [ 1155.619617][ T204] free:10355 free_pcp:199 free_cma:0 [ 1155.657192][ T204] Node 0 active_anon:5760664kB inactive_anon:18764kB active_file:320kB inactive_file:9296kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:226416kB dirty:4kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1155.681360][ T204] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1155.707300][ T204] lowmem_reserve[]: 0 2912 6416 6416 [ 1155.712596][ T204] DMA32 free:20876kB min:4644kB low:7624kB high:10604kB active_anon:2842680kB inactive_anon:4kB active_file:192kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6272kB pagetables:19800kB bounce:0kB free_pcp:1488kB local_pcp:0kB free_cma:0kB [ 1155.741231][ T204] lowmem_reserve[]: 0 0 3504 3504 [ 1155.746292][ T204] Normal free:10464kB min:5592kB low:9180kB high:12768kB active_anon:2917984kB inactive_anon:18760kB active_file:344kB inactive_file:1480kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29088kB pagetables:96612kB bounce:0kB free_pcp:348kB local_pcp:0kB free_cma:0kB [ 1155.775600][ T204] lowmem_reserve[]: 0 0 0 0 [ 1155.780077][ T204] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1155.793346][ T204] DMA32: 163*4kB (MH) 98*8kB (UMH) 59*16kB (UMH) 36*32kB (UMH) 15*64kB (UMH) 54*128kB (UMH) 21*256kB (M) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 20876kB [ 1155.808877][ T204] Normal: 214*4kB (UME) 251*8kB (UME) 137*16kB (UME) 51*32kB (UME) 7*64kB (M) 8*128kB (UM) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8416kB [ 1155.823737][ T204] 5947 total pagecache pages 03:05:23 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x1}, 0x1c) sendmsg(r0, &(0x7f0000000100)={0x0, 0xfffffffffffffeef, &(0x7f0000000040)=[{&(0x7f0000000000)='+', 0x1}], 0x1}, 0x8000) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000480)="a9772d9bea4824cc3854a62ffb84c4fb114d80fe462fd727b6f682cf0f9ccfe45f46ed18fc8af0505df86b4230370bfacd1f7266fae5859a3608357c69f51cfa473ef19a9dc2aeb43f9ed68acc034cf841229fbbe3f57130fe2ad707c56a92dbe64e59aa78e24db8e9b50597ab0024ca2564fbdb50e7b8cfa5c7028d556977ad6a90adf768a5ac0505ab07f8256368c6e71dd4b5a1c2e3c9946b610ab2b324099beb706b6a510c134ad18c928be3af6cf20e5016c9a050e35e30716e4913c882272bbfc8f0e1ee9c31484af6953e7d967640eff8accacee6daf3f98051a3ee281555a41340273dcb0bd8cc8cd549676f3ec23cbca42d4b76a178376eefb3da036d60cb88b5cb9c0ae0135be1d4f598c564fbe97ad4b691f59ba4063b898482d9cde4497009884d75b1965874e9c4d5a7cf8a640433c02acd340a98eff73e5948611184c7c60da3b233367d58aaf4e407e2e2c506b871fd822ec231389734d23a2aa5dc197831d8fee19361e5b99d0b51e5b1f0cadf296b91aa9477fa72879b4a3a3040777cf778cee1de32619701d71cb5316c7234a910b497b5f1b2cd2a0d39e92b6b92e091b470da2cec0e1b1fd3ce1a15d559b3733b97b2ddb1dd2aa73c9e03f189b8dd48c9093daddcd2c3fd0e1a9d16046d85c8934d2f9094aa5fa7b8ff061cb753dea2637ac2a8d523c9791ae454ea2e8cb10ce4a3ad8937ed583cd653bdb05b965e658f9c5f06a43bb1e61cfa4cb9be2cb4ef264d10f37e5292576bfdc97b2e1f8b692f0b64f76287e67805df914273677a9c39bd1e4f73d3c1afd99ad18a210caee42ab5c87969f6f99d7423dbb72d436ef3a3dead8eda03274d2e8e7f107eb04fdc3e36d6d4022dbc5c2fe388aaa3234950588ef56362708189826b98d3c9ed4dabcb33582a7e55327e82686aac973a5d0292afd7175a9c57b4fc1e5ba7cb0a34e35e50526d40bdb51a224e5b89e74e8752c1b39ab250b178adfab91c73c04d3c012b244cb7745dde4f716203ffcddaa096186ed0403b323c3aaa79aa4a0e6d1231ce99f83788ba0dc86da01cdad25816c26bf8e523b287d7ee83b5d0c55599ddbd202f743a1bc3d107a9c9610dc62537af48eecdd174ee4e796943250b81af0da28c57955aea149010ede13eb973dbe959500afe5e77b32ad5a11a353555b48eb7684596eadc481c291f185d0d47c639fa5bcb2dffe859a9d4a0e184a640e30f0afe83f2096faef9c0129289688a5267e0d2dadadd0f8cb13f35827f0337d2edf6220a244dd8c135563051f6fcd7fdad7879ff3ef01975938bc6e47aee745d4701cfc5e5546f05903bbcde0120ad847c32658c1384a6d8f188544df337a25f806051a346fb980a4e84fee06b0d367bc81161e96072b2e7e47999ac93437749d11864fa4c03a2d333135660aa17bd421623e6654eeae956e51a0157cb876db3e9cb324641d132cda7aabd9dcaa51f090c1955d20c2618466a0ea5acbaeac5a46e00b8869ca9a337eb5d9406592a790678a1f0bbe729054abb4810f4fdf50c517d4dd312b2d382412d45b9f60464c107c0735b16ceced73484f37cdcc8b9a4a62bc997bbd1d23b993fc5cfed9a43d2f4d335570e76715b020664bedb0db88816bc97ec37d13d64f604b71fc73f3c38954ae554e45997209afb0ff102dc170986e2d72e4178a7e6131308afa29ba732e251ebdf6254c0589752bfca3bef7fd0fc60ba683c6016b16234216bdcf8975bebafd8ee4606a96c1993d1f096b435fa84279344b914dec8e56566e103592a7ed44c63c8b5c18e01fa873032b1087622f225747339d38fa89e7008695ce0b3d6f505ab7ecdf99182ab7aa264d9108af35b0a373da18a8183f696dc70a8ac88c5663a866e89c7d7dbdf7296d63e5167978b38463ae9f36fe4121229e92cced04e", 0xffe4}], 0x1) [ 1155.828486][ T204] 0 pages in swap cache [ 1155.832633][ T204] Swap cache stats: add 0, delete 0, find 0/0 [ 1155.838712][ T204] Free swap = 0kB [ 1155.842417][ T204] Total swap = 0kB [ 1155.846138][ T204] 1965979 pages RAM [ 1155.849931][ T204] 0 pages HighMem/MovableOnly [ 1155.854605][ T204] 318832 pages reserved [ 1155.858769][ T204] 0 pages cma reserved [ 1155.862817][ T204] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=32324,uid=0 [ 1155.876930][ T204] Out of memory: Killed process 32324 (syz-executor.1) total-vm:75092kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 1155.897071][ T23] oom_reaper: reaped process 32324 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:05:25 executing program 1: socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000001240)=ANY=[@ANYBLOB="61120c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07006706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000001e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12feffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261cb2e73b8f775bdb94a0b438083c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5af65727546e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d04acd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d75ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb40b401e3738270b315d362ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae800803f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee01522041f5205c82f05e340ce4ede5d24dec65179c633c8dbd749a9376e3321815d08dfaf0c029f04e9faba51ba8c2930331dbd66e586e1edaefd6da3e85c722520a471dff4339cec1c8e34684ed8b98a55cc44db6962b329ecce17f603fccdd825e644beb662c2679fa96077af737c174add5484d64ffb5ece27a435b5160880567266c69e32cab404592869e65826d6da4ee1f22f9e9e7fb06b87d48195981c95b9c29a2f25e73ebfc1a45a08d90f861b522302726a5972027f19731b345cf9ad7dbbc1587a5b3be5c0c20517da3ccbc323fa7344e9cf048d4950431f76f3122f9039db81615fd3788a4eb6e6e93cc2d0d3b3c743eb67e780ed17e9a0c5b89fb18e303c0b7620b7f0e12ac4ea85eb19d6304d2736c6c32baf0e8c681732ec9e2c4cfa0dfd1a63ea133fdda54d67b0f7a245a5d907660bf956eb423bec9dc4c68737772a876bb9dae3382e0a1717"], &(0x7f0000000100)='GPL\x00'}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x1ffc3c0000000000) 03:05:25 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() gettid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:26 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() gettid() vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:27 executing program 1: socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000001240)=ANY=[@ANYBLOB="61120c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07006706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000001e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12feffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261cb2e73b8f775bdb94a0b438083c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5af65727546e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d04acd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d75ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb40b401e3738270b315d362ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae800803f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee01522041f5205c82f05e340ce4ede5d24dec65179c633c8dbd749a9376e3321815d08dfaf0c029f04e9faba51ba8c2930331dbd66e586e1edaefd6da3e85c722520a471dff4339cec1c8e34684ed8b98a55cc44db6962b329ecce17f603fccdd825e644beb662c2679fa96077af737c174add5484d64ffb5ece27a435b5160880567266c69e32cab404592869e65826d6da4ee1f22f9e9e7fb06b87d48195981c95b9c29a2f25e73ebfc1a45a08d90f861b522302726a5972027f19731b345cf9ad7dbbc1587a5b3be5c0c20517da3ccbc323fa7344e9cf048d4950431f76f3122f9039db81615fd3788a4eb6e6e93cc2d0d3b3c743eb67e780ed17e9a0c5b89fb18e303c0b7620b7f0e12ac4ea85eb19d6304d2736c6c32baf0e8c681732ec9e2c4cfa0dfd1a63ea133fdda54d67b0f7a245a5d907660bf956eb423bec9dc4c68737772a876bb9dae3382e0a1717"], &(0x7f0000000100)='GPL\x00'}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x1ffc3c0000000000) 03:05:27 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) r2 = dup(0xffffffffffffffff) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000000140)=r3) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0x4c, 0x0, 0x828, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x2e}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8080}, 0x4) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r5}], 0x1, 0x0) signalfd(r5, &(0x7f0000000000)={[0x1]}, 0x8) getegid() write(r4, &(0x7f0000000340), 0x41395527) getsockopt$IP_VS_SO_GET_INFO(r4, 0x0, 0x481, &(0x7f0000000140), &(0x7f0000000180)=0xc) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:28 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() gettid() vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:28 executing program 1: socket(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x16, &(0x7f0000001240)=ANY=[@ANYBLOB="61120c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07006706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000001e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12feffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261cb2e73b8f775bdb94a0b438083c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5af65727546e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d04acd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d75ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f0f53acbb40b401e3738270b315d362ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d000000000000000000000000005f37d83f84e98a523d80bd0d0d703f37ca363f601ae800803f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee01522041f5205c82f05e340ce4ede5d24dec65179c633c8dbd749a9376e3321815d08dfaf0c029f04e9faba51ba8c2930331dbd66e586e1edaefd6da3e85c722520a471dff4339cec1c8e34684ed8b98a55cc44db6962b329ecce17f603fccdd825e644beb662c2679fa96077af737c174add5484d64ffb5ece27a435b5160880567266c69e32cab404592869e65826d6da4ee1f22f9e9e7fb06b87d48195981c95b9c29a2f25e73ebfc1a45a08d90f861b522302726a5972027f19731b345cf9ad7dbbc1587a5b3be5c0c20517da3ccbc323fa7344e9cf048d4950431f76f3122f9039db81615fd3788a4eb6e6e93cc2d0d3b3c743eb67e780ed17e9a0c5b89fb18e303c0b7620b7f0e12ac4ea85eb19d6304d2736c6c32baf0e8c681732ec9e2c4cfa0dfd1a63ea133fdda54d67b0f7a245a5d907660bf956eb423bec9dc4c68737772a876bb9dae3382e0a1717"], &(0x7f0000000100)='GPL\x00'}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x1ffc3c0000000000) 03:05:30 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(r0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_LISTDEF(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f0000000780)=ANY=[@ANYBLOB="8c00", @ANYRES16=r4, @ANYBLOB="200026bd7000ffdbdf250600000008000200050000001400050000000063e5359de79714b237e7be5eba5c1dc400000000000000ffff0000000006000b000a000000140006000000000000000000000000000000000014000500ff02000000000000000000000000000108000c000000000014000500fe8000000000000000000000000000bb9101a10a6f24c6a601256fc39abaf91ea2345f26425e071e2e4b69cd1b8b5b2994e567d9ef9244345b4f5fd446f4e73a3d53181f8ced19780fc0dcc3fdf2835080724ec39a392f9df78661a20ae367943b0355580039325bd511102cbfb9797d434bad"], 0x3}, 0x1, 0x0, 0x0, 0x800}, 0x1) sendmsg$NLBL_MGMT_C_LISTALL(r3, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x70, r4, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @dev={0xac, 0x14, 0x14, 0x12}}, @NLBL_MGMT_A_CV4DOI={0x8}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @ipv4={[], [], @local}}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @remote}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x1e}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @local}]}, 0x70}, 0x1, 0x0, 0x0, 0x4000001}, 0x48080) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000100)='NLBL_MGMT\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:30 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000340)={'filter\x00', 0x4, [{}, {}, {}, {}]}, 0x68) 03:05:30 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0), 0x0, 0x1) close(r4) splice(r3, 0x0, r4, 0x0, 0x0, 0x0) ioctl$PIO_FONTRESET(r4, 0x4b6d, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:30 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() gettid() vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:30 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x7f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='devpts\x00', 0x0, 0x0) 03:05:31 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1163.336043][ T3763] kworker/u4:10 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 1163.351799][ T3763] CPU: 1 PID: 3763 Comm: kworker/u4:10 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1163.361788][ T3763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1163.371836][ T3763] Workqueue: events_unbound call_usermodehelper_exec_work [ 1163.378947][ T3763] Call Trace: [ 1163.382223][ T3763] dump_stack+0x14a/0x1ce [ 1163.386534][ T3763] ? devkmsg_release+0x11c/0x11c [ 1163.391479][ T3763] ? show_regs_print_info+0x12/0x12 [ 1163.396658][ T3763] ? radix_tree_cpu_dead+0x160/0x160 [ 1163.401923][ T3763] ? _raw_spin_lock+0xa1/0x170 [ 1163.406666][ T3763] ? _raw_spin_trylock_bh+0x190/0x190 [ 1163.412024][ T3763] dump_header+0xdb/0x700 [ 1163.416337][ T3763] oom_kill_process+0xd3/0x280 [ 1163.421085][ T3763] out_of_memory+0x5b6/0x890 [ 1163.425658][ T3763] ? unregister_oom_notifier+0x20/0x20 [ 1163.431129][ T3763] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1163.436660][ T3763] ? get_page_from_freelist+0x7c0/0x7c0 [ 1163.442207][ T3763] ? worker_thread+0xa8f/0x1430 [ 1163.447046][ T3763] ? __zone_watermark_ok+0x96/0x260 [ 1163.452239][ T3763] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1163.457594][ T3763] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1163.463118][ T3763] ? copy_process+0x5a4/0x5150 [ 1163.467883][ T3763] ? kmem_cache_alloc+0x1d2/0x260 [ 1163.472890][ T3763] copy_process+0x5f3/0x5150 [ 1163.477462][ T3763] ? __kasan_slab_free+0x1f2/0x230 [ 1163.482552][ T3763] ? __kasan_slab_free+0x181/0x230 [ 1163.487646][ T3763] ? slab_free_freelist_hook+0xd0/0x140 [ 1163.493190][ T3763] ? kmem_cache_free+0xac/0x5f0 [ 1163.498027][ T3763] ? worker_thread+0xa8f/0x1430 [ 1163.502868][ T3763] ? kthread+0x2df/0x300 [ 1163.507093][ T3763] ? ret_from_fork+0x1f/0x30 [ 1163.511652][ T3763] ? fork_idle+0x290/0x290 [ 1163.516040][ T3763] _do_fork+0x196/0x920 [ 1163.520166][ T3763] ? update_misfit_status+0x5e0/0x5e0 [ 1163.525508][ T3763] ? dup_mm+0x300/0x300 [ 1163.529653][ T3763] ? _raw_spin_lock_irq+0xa2/0x180 [ 1163.534732][ T3763] kernel_thread+0x162/0x1d0 [ 1163.539293][ T3763] ? proc_cap_handler+0x580/0x580 [ 1163.544290][ T3763] ? legacy_clone_args_valid+0x50/0x50 [ 1163.549723][ T3763] ? kernel_sigaction+0x11b/0x200 [ 1163.554723][ T3763] ? proc_cap_handler+0x580/0x580 [ 1163.559729][ T3763] ? _raw_spin_unlock_irq+0x5/0x20 [ 1163.564818][ T3763] ? finish_task_switch+0x235/0x4c0 [ 1163.569998][ T3763] call_usermodehelper_exec_work+0xe0/0x350 [ 1163.575870][ T3763] ? call_usermodehelper_setup+0x210/0x210 [ 1163.581654][ T3763] ? read_word_at_a_time+0xe/0x20 [ 1163.586653][ T3763] ? strscpy+0xa6/0x260 [ 1163.590782][ T3763] process_one_work+0x777/0xf90 [ 1163.595600][ T3763] worker_thread+0xa8f/0x1430 [ 1163.600244][ T3763] kthread+0x2df/0x300 [ 1163.604276][ T3763] ? process_one_work+0xf90/0xf90 [ 1163.609277][ T3763] ? kthread_destroy_worker+0x280/0x280 [ 1163.614809][ T3763] ret_from_fork+0x1f/0x30 [ 1163.622402][ T3763] Mem-Info: [ 1163.627140][ T3763] active_anon:1442838 inactive_anon:4690 isolated_anon:0 [ 1163.627140][ T3763] active_file:45 inactive_file:22 isolated_file:0 [ 1163.627140][ T3763] unevictable:0 dirty:0 writeback:3 unstable:0 [ 1163.627140][ T3763] slab_reclaimable:7302 slab_unreclaimable:72444 [ 1163.627140][ T3763] mapped:55163 shmem:4764 pagetables:29203 bounce:0 [ 1163.627140][ T3763] free:9676 free_pcp:0 free_cma:0 [ 1163.665564][ T3763] Node 0 active_anon:5771352kB inactive_anon:18760kB active_file:56kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:220652kB dirty:0kB writeback:12kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1163.689658][ T3763] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1163.741103][ T3763] lowmem_reserve[]: 0 2912 6416 6416 [ 1163.746422][ T3763] DMA32 free:16884kB min:4644kB low:7624kB high:10604kB active_anon:2845672kB inactive_anon:4kB active_file:20kB inactive_file:260kB unevictable:0kB writepending:60kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6528kB pagetables:20088kB bounce:0kB free_pcp:892kB local_pcp:496kB free_cma:0kB [ 1163.781678][ T3763] lowmem_reserve[]: 0 0 3504 3504 [ 1163.786721][ T3763] Normal free:4040kB min:5592kB low:9180kB high:12768kB active_anon:2925512kB inactive_anon:18756kB active_file:240kB inactive_file:32kB unevictable:0kB writepending:52kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29184kB pagetables:96724kB bounce:0kB free_pcp:644kB local_pcp:52kB free_cma:0kB [ 1163.816069][ T3763] lowmem_reserve[]: 0 0 0 0 [ 1163.820625][ T3763] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1163.833999][ T3763] DMA32: 106*4kB (UMH) 55*8kB (UMH) 81*16kB (UMH) 28*32kB (UMH) 22*64kB (UMH) 49*128kB (UMH) 18*256kB (UM) 5*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 17904kB [ 1163.864956][ T3763] Normal: 97*4kB (UME) 20*8kB (UE) 21*16kB (UMEH) 64*32kB (UME) 8*64kB (UM) 1*128kB (M) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 3828kB [ 1163.879667][ T3763] 4893 total pagecache pages [ 1163.884245][ T3763] 0 pages in swap cache [ 1163.888396][ T3763] Swap cache stats: add 0, delete 0, find 0/0 [ 1163.894437][ T3763] Free swap = 0kB [ 1163.900457][ T3763] Total swap = 0kB [ 1163.904164][ T3763] 1965979 pages RAM [ 1163.907959][ T3763] 0 pages HighMem/MovableOnly [ 1163.912607][ T3763] 318832 pages reserved [ 1163.937244][ T3763] 0 pages cma reserved [ 1163.941318][ T3763] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=28624,uid=0 [ 1163.955424][ T3763] Out of memory: Killed process 28624 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1163.974407][ T23] oom_reaper: reaped process 28624 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:05:40 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) connect$inet(r0, &(0x7f0000593000)={0x2, 0x0, @multicast1}, 0x10) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r2, 0x0, 0x0, &(0x7f00000000c0)={@multicast1, @local, @loopback}, 0xc) setsockopt$inet_mreqn(r0, 0x0, 0x31, 0x0, 0x0) 03:05:40 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1172.512172][ T204] systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1172.523526][ T204] CPU: 1 PID: 204 Comm: systemd-journal Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1172.533566][ T204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1172.543594][ T204] Call Trace: [ 1172.546858][ T204] dump_stack+0x14a/0x1ce [ 1172.551156][ T204] ? devkmsg_release+0x11c/0x11c [ 1172.556061][ T204] ? show_regs_print_info+0x12/0x12 [ 1172.561231][ T204] ? radix_tree_cpu_dead+0x160/0x160 [ 1172.566604][ T204] ? _raw_spin_lock+0xa1/0x170 [ 1172.571350][ T204] ? _raw_spin_trylock_bh+0x190/0x190 [ 1172.576692][ T204] dump_header+0xdb/0x700 [ 1172.580991][ T204] oom_kill_process+0xd3/0x280 [ 1172.585724][ T204] out_of_memory+0x5b6/0x890 [ 1172.590291][ T204] ? unregister_oom_notifier+0x20/0x20 [ 1172.595724][ T204] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1172.601241][ T204] ? get_page_from_freelist+0x7c0/0x7c0 [ 1172.606757][ T204] ? __zone_watermark_ok+0x96/0x260 [ 1172.611928][ T204] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1172.617270][ T204] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1172.622789][ T204] ? __secure_computing+0x250/0x250 [ 1172.627956][ T204] alloc_slab_page+0x3a/0x3a0 [ 1172.632602][ T204] new_slab+0x3ef/0x430 [ 1172.636724][ T204] ___slab_alloc+0x2e0/0x450 [ 1172.641283][ T204] ? slab_free_freelist_hook+0xd0/0x140 [ 1172.646796][ T204] ? getname_flags+0xb8/0x610 [ 1172.651440][ T204] ? getname_flags+0xb8/0x610 [ 1172.656085][ T204] kmem_cache_alloc+0x23c/0x260 [ 1172.660923][ T204] ? __secure_computing+0x1b6/0x250 [ 1172.666096][ T204] getname_flags+0xb8/0x610 [ 1172.670568][ T204] do_mkdirat+0xa1/0x310 [ 1172.674792][ T204] ? do_syscall_64+0x150/0x150 [ 1172.679529][ T204] ? vfs_mkdir+0x30/0x30 [ 1172.683740][ T204] do_syscall_64+0xcb/0x150 [ 1172.688218][ T204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1172.694080][ T204] RIP: 0033:0x7fd3095a3687 [ 1172.698466][ T204] Code: 00 b8 ff ff ff ff c3 0f 1f 40 00 48 8b 05 09 d8 2b 00 64 c7 00 5f 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e1 d7 2b 00 f7 d8 64 89 01 48 [ 1172.718042][ T204] RSP: 002b:00007ffd91e74338 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 [ 1172.726417][ T204] RAX: ffffffffffffffda RBX: 00007ffd91e77250 RCX: 00007fd3095a3687 [ 1172.734357][ T204] RDX: 00007fd30a014a00 RSI: 00000000000001ed RDI: 000055651cfd78c0 [ 1172.742297][ T204] RBP: 00007ffd91e74370 R08: 0000000000000000 R09: 0000000000000000 [ 1172.750240][ T204] R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000 [ 1172.758187][ T204] R13: 0000000000000000 R14: 00007ffd91e77250 R15: 00007ffd91e74860 [ 1172.768853][ T204] Mem-Info: [ 1172.772980][ T204] active_anon:1440654 inactive_anon:4691 isolated_anon:0 [ 1172.772980][ T204] active_file:106 inactive_file:373 isolated_file:0 [ 1172.772980][ T204] unevictable:0 dirty:2 writeback:0 unstable:0 [ 1172.772980][ T204] slab_reclaimable:7293 slab_unreclaimable:72505 [ 1172.772980][ T204] mapped:55469 shmem:4764 pagetables:29185 bounce:0 [ 1172.772980][ T204] free:10931 free_pcp:585 free_cma:0 [ 1172.812318][ T204] Node 0 active_anon:5762616kB inactive_anon:18764kB active_file:524kB inactive_file:1536kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221976kB dirty:8kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1172.837234][ T204] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1172.864107][ T204] lowmem_reserve[]: 0 2912 6416 6416 [ 1172.870637][ T204] DMA32 free:21208kB min:4644kB low:7624kB high:10604kB active_anon:2845828kB inactive_anon:4kB active_file:0kB inactive_file:584kB unevictable:0kB writepending:4kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6336kB pagetables:19892kB bounce:0kB free_pcp:1012kB local_pcp:0kB free_cma:0kB [ 1172.900754][ T204] lowmem_reserve[]: 0 0 3504 3504 [ 1172.907055][ T204] Normal free:6108kB min:5592kB low:9180kB high:12768kB active_anon:2916788kB inactive_anon:18760kB active_file:464kB inactive_file:1148kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29120kB pagetables:96848kB bounce:0kB free_pcp:1788kB local_pcp:388kB free_cma:0kB [ 1172.937634][ T204] lowmem_reserve[]: 0 0 0 0 [ 1172.943460][ T204] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1172.957678][ T204] DMA32: 222*4kB (UMH) 83*8kB (UMH) 101*16kB (UMH) 81*32kB (UMH) 36*64kB (UMH) 43*128kB (UMH) 20*256kB (UM) 6*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 21760kB [ 1172.974081][ T204] Normal: 162*4kB (ME) 113*8kB (UME) 48*16kB (UME) 50*32kB (UME) 22*64kB (UM) 15*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7248kB [ 1172.993998][ T204] 5315 total pagecache pages [ 1172.999029][ T204] 0 pages in swap cache [ 1173.003367][ T204] Swap cache stats: add 0, delete 0, find 0/0 [ 1173.009627][ T204] Free swap = 0kB [ 1173.013513][ T204] Total swap = 0kB [ 1173.017348][ T204] 1965979 pages RAM [ 1173.021229][ T204] 0 pages HighMem/MovableOnly [ 1173.026018][ T204] 318832 pages reserved [ 1173.030253][ T204] 0 pages cma reserved [ 1173.034417][ T204] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=32409,uid=0 [ 1173.048675][ T204] Out of memory: Killed process 32409 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1173.071700][ T204] systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1173.082864][ T204] CPU: 1 PID: 204 Comm: systemd-journal Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1173.092900][ T204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1173.103048][ T204] Call Trace: [ 1173.106325][ T204] dump_stack+0x14a/0x1ce [ 1173.110619][ T204] ? devkmsg_release+0x11c/0x11c [ 1173.115610][ T204] ? show_regs_print_info+0x12/0x12 [ 1173.120770][ T204] ? radix_tree_cpu_dead+0x160/0x160 [ 1173.126024][ T204] ? _raw_spin_lock+0xa1/0x170 [ 1173.130757][ T204] ? _raw_spin_trylock_bh+0x190/0x190 [ 1173.136109][ T204] dump_header+0xdb/0x700 [ 1173.140405][ T204] oom_kill_process+0xd3/0x280 [ 1173.145139][ T204] out_of_memory+0x5b6/0x890 [ 1173.149784][ T204] ? unregister_oom_notifier+0x20/0x20 [ 1173.155214][ T204] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1173.160727][ T204] ? get_page_from_freelist+0x7c0/0x7c0 [ 1173.166255][ T204] ? __zone_watermark_ok+0x96/0x260 [ 1173.171418][ T204] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1173.176755][ T204] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1173.182269][ T204] ? __secure_computing+0x250/0x250 [ 1173.187433][ T204] alloc_slab_page+0x3a/0x3a0 [ 1173.192099][ T204] new_slab+0x3ef/0x430 [ 1173.196236][ T204] ___slab_alloc+0x2e0/0x450 [ 1173.200814][ T204] ? slab_free_freelist_hook+0xd0/0x140 [ 1173.206328][ T204] ? getname_flags+0xb8/0x610 [ 1173.210984][ T204] ? getname_flags+0xb8/0x610 [ 1173.215628][ T204] kmem_cache_alloc+0x23c/0x260 [ 1173.220456][ T204] ? __secure_computing+0x1b6/0x250 [ 1173.225619][ T204] getname_flags+0xb8/0x610 [ 1173.230085][ T204] do_mkdirat+0xa1/0x310 [ 1173.234296][ T204] ? do_syscall_64+0x150/0x150 [ 1173.239029][ T204] ? vfs_mkdir+0x30/0x30 [ 1173.243239][ T204] do_syscall_64+0xcb/0x150 [ 1173.247728][ T204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1173.253586][ T204] RIP: 0033:0x7fd3095a3687 [ 1173.257986][ T204] Code: Bad RIP value. [ 1173.262031][ T204] RSP: 002b:00007ffd91e74338 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 [ 1173.270405][ T204] RAX: ffffffffffffffda RBX: 00007ffd91e77250 RCX: 00007fd3095a3687 [ 1173.278347][ T204] RDX: 00007fd30a014a00 RSI: 00000000000001ed RDI: 000055651cfd78c0 [ 1173.286289][ T204] RBP: 00007ffd91e74370 R08: 0000000000000000 R09: 0000000000000000 [ 1173.294248][ T204] R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000 [ 1173.302187][ T204] R13: 0000000000000000 R14: 00007ffd91e77250 R15: 00007ffd91e74860 [ 1173.310337][ T204] Mem-Info: [ 1173.313537][ T204] active_anon:1440655 inactive_anon:4691 isolated_anon:0 [ 1173.313537][ T204] active_file:111 inactive_file:1240 isolated_file:0 [ 1173.313537][ T204] unevictable:0 dirty:1 writeback:0 unstable:0 [ 1173.313537][ T204] slab_reclaimable:7293 slab_unreclaimable:72589 [ 1173.313537][ T204] mapped:55918 shmem:4764 pagetables:29185 bounce:0 [ 1173.313537][ T204] free:10482 free_pcp:271 free_cma:0 [ 1173.351331][ T204] Node 0 active_anon:5762620kB inactive_anon:18764kB active_file:208kB inactive_file:172kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:220672kB dirty:4kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1173.375715][ T204] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1173.401856][ T204] lowmem_reserve[]: 0 2912 6416 6416 [ 1173.407449][ T204] DMA32 free:20600kB min:4644kB low:7624kB high:10604kB active_anon:2845832kB inactive_anon:4kB active_file:116kB inactive_file:220kB unevictable:0kB writepending:8kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6336kB pagetables:19892kB bounce:0kB free_pcp:1716kB local_pcp:332kB free_cma:0kB [ 1173.436534][ T204] lowmem_reserve[]: 0 0 3504 3504 [ 1173.441726][ T204] Normal free:7196kB min:5592kB low:9180kB high:12768kB active_anon:2916696kB inactive_anon:18760kB active_file:160kB inactive_file:1452kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29088kB pagetables:96720kB bounce:0kB free_pcp:896kB local_pcp:496kB free_cma:0kB [ 1173.471282][ T204] lowmem_reserve[]: 0 0 0 0 [ 1173.475924][ T204] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1173.489353][ T204] DMA32: 84*4kB (UMH) 48*8kB (UMH) 90*16kB (UMH) 86*32kB (UMH) 39*64kB (UMH) 39*128kB (UMH) 20*256kB (UM) 6*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 20592kB [ 1173.505088][ T204] Normal: 87*4kB (UME) 17*8kB (UME) 42*16kB (UME) 43*32kB (ME) 21*64kB (M) 14*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5668kB [ 1173.519471][ T204] 5738 total pagecache pages [ 1173.524194][ T204] 0 pages in swap cache [ 1173.528453][ T204] Swap cache stats: add 0, delete 0, find 0/0 [ 1173.534620][ T204] Free swap = 0kB [ 1173.538434][ T204] Total swap = 0kB [ 1173.542230][ T204] 1965979 pages RAM [ 1173.546172][ T204] 0 pages HighMem/MovableOnly [ 1173.550990][ T204] 318832 pages reserved [ 1173.555240][ T204] 0 pages cma reserved [ 1173.559398][ T204] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=32406,uid=0 [ 1173.573646][ T204] Out of memory: Killed process 32406 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:05:43 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000640)=ANY=[@ANYBLOB="240000000301010100611754f30000000000000808000840000000000800154000000000"], 0x24}}, 0x0) 03:05:43 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:44 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x3, 0x7) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$BLKBSZGET(0xffffffffffffffff, 0x80081270, &(0x7f0000000140)) setsockopt$inet6_tcp_int(r1, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r1}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:44 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='devpts\x00', 0x0, 0x0) syz_mount_image$tmpfs(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0xc864, &(0x7f0000000200)={[{@gid={'gid'}}]}) [ 1177.539288][ T389] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1177.550131][ T389] CPU: 1 PID: 389 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1177.559741][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1177.569805][ T389] Call Trace: [ 1177.573065][ T389] dump_stack+0x14a/0x1ce [ 1177.577365][ T389] ? devkmsg_release+0x11c/0x11c [ 1177.582270][ T389] ? show_regs_print_info+0x12/0x12 [ 1177.587431][ T389] ? radix_tree_cpu_dead+0x160/0x160 [ 1177.592683][ T389] ? _raw_spin_lock+0xa1/0x170 [ 1177.597508][ T389] ? _raw_spin_trylock_bh+0x190/0x190 [ 1177.602844][ T389] dump_header+0xdb/0x700 [ 1177.607143][ T389] oom_kill_process+0xd3/0x280 [ 1177.611883][ T389] out_of_memory+0x5b6/0x890 [ 1177.616442][ T389] ? unregister_oom_notifier+0x20/0x20 [ 1177.621869][ T389] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1177.627393][ T389] ? get_page_from_freelist+0x7c0/0x7c0 [ 1177.632947][ T389] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1177.638302][ T389] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1177.643828][ T389] pagecache_get_page+0x50f/0x880 [ 1177.648828][ T389] filemap_fault+0x1474/0x19d0 [ 1177.653564][ T389] ? generic_file_read_iter+0x20b0/0x20b0 [ 1177.659251][ T389] ? mm_trace_rss_stat+0x41/0x1a0 [ 1177.664245][ T389] ext4_filemap_fault+0x7b/0x90 [ 1177.669063][ T389] handle_mm_fault+0x2846/0x40b0 [ 1177.673972][ T389] ? finish_fault+0x230/0x230 [ 1177.678616][ T389] ? vmacache_find+0x47a/0x4b0 [ 1177.683346][ T389] do_user_addr_fault+0x48a/0x9f0 [ 1177.688338][ T389] page_fault+0x2f/0x40 [ 1177.692469][ T389] RIP: 0033:0x71fd74 [ 1177.696335][ T389] Code: Bad RIP value. [ 1177.700370][ T389] RSP: 002b:000000c43b2a8618 EFLAGS: 00010297 [ 1177.706408][ T389] RAX: 0000000000000001 RBX: 0000000000d28750 RCX: 0000000000000001 [ 1177.714352][ T389] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000c420001cb0 [ 1177.722296][ T389] RBP: 000000c43b2a8650 R08: 000000c420001e00 R09: 0000000000000000 [ 1177.730240][ T389] R10: 00000000009f0182 R11: 0000000000000004 R12: 0000000000000000 [ 1177.738185][ T389] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 1177.747549][ T389] Mem-Info: [ 1177.751051][ T389] active_anon:1442162 inactive_anon:4691 isolated_anon:0 [ 1177.751051][ T389] active_file:60 inactive_file:64 isolated_file:29 [ 1177.751051][ T389] unevictable:0 dirty:0 writeback:2 unstable:0 [ 1177.751051][ T389] slab_reclaimable:7288 slab_unreclaimable:72724 [ 1177.751051][ T389] mapped:55226 shmem:4764 pagetables:29212 bounce:0 [ 1177.751051][ T389] free:9931 free_pcp:8 free_cma:0 [ 1177.789178][ T389] Node 0 active_anon:5768648kB inactive_anon:18764kB active_file:112kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):100kB mapped:220904kB dirty:0kB writeback:8kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1177.813240][ T389] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1177.839174][ T389] lowmem_reserve[]: 0 2912 6416 6416 [ 1177.845902][ T389] DMA32 free:18284kB min:4644kB low:7624kB high:10604kB active_anon:2848296kB inactive_anon:8kB active_file:28kB inactive_file:56kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6432kB pagetables:20108kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1177.875424][ T389] lowmem_reserve[]: 0 0 3504 3504 [ 1177.880546][ T389] Normal free:5164kB min:5592kB low:9180kB high:12768kB active_anon:2920352kB inactive_anon:18756kB active_file:0kB inactive_file:268kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29152kB pagetables:96740kB bounce:0kB free_pcp:96kB local_pcp:0kB free_cma:0kB [ 1177.910067][ T389] lowmem_reserve[]: 0 0 0 0 [ 1177.914740][ T389] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1177.928153][ T389] DMA32: 74*4kB (UMH) 39*8kB (UH) 59*16kB (UH) 31*32kB (UMH) 42*64kB (UMH) 43*128kB (UMH) 20*256kB (UM) 6*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 18928kB [ 1177.943684][ T389] Normal: 152*4kB (ME) 73*8kB (UME) 50*16kB (UME) 43*32kB (UME) 19*64kB (UM) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5864kB [ 1177.958264][ T389] 4911 total pagecache pages [ 1177.962881][ T389] 0 pages in swap cache [ 1177.967078][ T389] Swap cache stats: add 0, delete 0, find 0/0 [ 1177.973168][ T389] Free swap = 0kB [ 1177.976935][ T389] Total swap = 0kB [ 1177.980672][ T389] 1965979 pages RAM [ 1177.984617][ T389] 0 pages HighMem/MovableOnly [ 1177.989380][ T389] 318832 pages reserved [ 1177.993538][ T389] 0 pages cma reserved [ 1177.997898][ T389] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=28588,uid=0 [ 1178.012142][ T389] Out of memory: Killed process 28588 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1178.031872][ T23] oom_reaper: reaped process 28588 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1178.080565][ T204] systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1178.111375][ T204] CPU: 0 PID: 204 Comm: systemd-journal Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1178.121429][ T204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1178.131529][ T204] Call Trace: [ 1178.134798][ T204] dump_stack+0x14a/0x1ce [ 1178.139107][ T204] ? devkmsg_release+0x11c/0x11c [ 1178.144048][ T204] ? show_regs_print_info+0x12/0x12 [ 1178.149215][ T204] ? radix_tree_cpu_dead+0x160/0x160 [ 1178.154474][ T204] ? _raw_spin_lock+0xa1/0x170 [ 1178.159219][ T204] ? _raw_spin_trylock_bh+0x190/0x190 [ 1178.164571][ T204] dump_header+0xdb/0x700 [ 1178.168883][ T204] oom_kill_process+0xd3/0x280 [ 1178.173729][ T204] out_of_memory+0x5b6/0x890 [ 1178.178304][ T204] ? unregister_oom_notifier+0x20/0x20 [ 1178.183745][ T204] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1178.189305][ T204] ? get_page_from_freelist+0x7c0/0x7c0 [ 1178.194961][ T204] ? __zone_watermark_ok+0x96/0x260 [ 1178.200146][ T204] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1178.205495][ T204] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1178.211015][ T204] ? __secure_computing+0x250/0x250 [ 1178.216187][ T204] alloc_slab_page+0x3a/0x3a0 [ 1178.220836][ T204] new_slab+0x3ef/0x430 [ 1178.224964][ T204] ___slab_alloc+0x2e0/0x450 [ 1178.229658][ T204] ? slab_free_freelist_hook+0xd0/0x140 [ 1178.235171][ T204] ? getname_flags+0xb8/0x610 [ 1178.239904][ T204] ? getname_flags+0xb8/0x610 [ 1178.244596][ T204] kmem_cache_alloc+0x23c/0x260 [ 1178.249418][ T204] ? __secure_computing+0x1b6/0x250 [ 1178.254619][ T204] getname_flags+0xb8/0x610 [ 1178.259180][ T204] do_mkdirat+0xa1/0x310 [ 1178.263481][ T204] ? do_syscall_64+0x150/0x150 [ 1178.268213][ T204] ? vfs_mkdir+0x30/0x30 [ 1178.272433][ T204] do_syscall_64+0xcb/0x150 [ 1178.276912][ T204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1178.282786][ T204] RIP: 0033:0x7fd3095a3687 [ 1178.287176][ T204] Code: Bad RIP value. [ 1178.291212][ T204] RSP: 002b:00007ffd91e74338 EFLAGS: 00000293 ORIG_RAX: 0000000000000053 [ 1178.299589][ T204] RAX: ffffffffffffffda RBX: 00007ffd91e77250 RCX: 00007fd3095a3687 [ 1178.307532][ T204] RDX: 00007fd30a014a00 RSI: 00000000000001ed RDI: 000055651cfd78c0 [ 1178.315472][ T204] RBP: 00007ffd91e74370 R08: 0000000000000000 R09: 0000000000000000 [ 1178.323412][ T204] R10: 0000000000000069 R11: 0000000000000293 R12: 0000000000000000 [ 1178.331361][ T204] R13: 0000000000000000 R14: 00007ffd91e77250 R15: 00007ffd91e74860 [ 1178.340279][ T204] Mem-Info: [ 1178.344960][ T204] active_anon:1441993 inactive_anon:4691 isolated_anon:0 [ 1178.344960][ T204] active_file:25 inactive_file:93 isolated_file:31 [ 1178.344960][ T204] unevictable:0 dirty:7 writeback:0 unstable:0 [ 1178.344960][ T204] slab_reclaimable:7288 slab_unreclaimable:72665 [ 1178.344960][ T204] mapped:55219 shmem:4764 pagetables:29212 bounce:0 [ 1178.344960][ T204] free:10061 free_pcp:343 free_cma:0 [ 1178.382658][ T204] Node 0 active_anon:5767972kB inactive_anon:18764kB active_file:76kB inactive_file:560kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:220776kB dirty:28kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1178.406847][ T204] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1178.433010][ T204] lowmem_reserve[]: 0 2912 6416 6416 [ 1178.438618][ T204] DMA32 free:18764kB min:4644kB low:7624kB high:10604kB active_anon:2847988kB inactive_anon:8kB active_file:500kB inactive_file:892kB unevictable:0kB writepending:4kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6432kB pagetables:20108kB bounce:0kB free_pcp:256kB local_pcp:0kB free_cma:0kB [ 1178.467785][ T204] lowmem_reserve[]: 0 0 3504 3504 [ 1178.473043][ T204] Normal free:5128kB min:5592kB low:9180kB high:12768kB active_anon:2920356kB inactive_anon:18756kB active_file:288kB inactive_file:428kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29120kB pagetables:96612kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1178.502072][ T204] lowmem_reserve[]: 0 0 0 0 [ 1178.506774][ T204] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1178.520298][ T204] DMA32: 78*4kB (UMH) 39*8kB (UH) 77*16kB (UMH) 41*32kB (UMH) 38*64kB (UMH) 37*128kB (UMH) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 19552kB [ 1178.536045][ T204] Normal: 96*4kB (UME) 29*8kB (UME) 28*16kB (UME) 43*32kB (UME) 22*64kB (M) 10*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5128kB [ 1178.550478][ T204] 5356 total pagecache pages [ 1178.555314][ T204] 0 pages in swap cache [ 1178.559449][ T204] Swap cache stats: add 0, delete 0, find 0/0 [ 1178.565502][ T204] Free swap = 0kB [ 1178.569198][ T204] Total swap = 0kB [ 1178.572926][ T204] 1965979 pages RAM [ 1178.576756][ T204] 0 pages HighMem/MovableOnly [ 1178.581462][ T204] 318832 pages reserved [ 1178.585801][ T204] 0 pages cma reserved [ 1178.589860][ T204] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=28478,uid=0 [ 1178.603985][ T204] Out of memory: Killed process 28478 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1179.473176][ T1] systemd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1179.487615][ T1] CPU: 0 PID: 1 Comm: systemd Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1179.496891][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1179.507034][ T1] Call Trace: [ 1179.510310][ T1] dump_stack+0x14a/0x1ce [ 1179.514625][ T1] ? devkmsg_release+0x11c/0x11c [ 1179.519539][ T1] ? show_regs_print_info+0x12/0x12 [ 1179.524802][ T1] ? radix_tree_cpu_dead+0x160/0x160 [ 1179.530068][ T1] ? _raw_spin_lock+0xa1/0x170 [ 1179.534813][ T1] ? _raw_spin_trylock_bh+0x190/0x190 [ 1179.540164][ T1] dump_header+0xdb/0x700 [ 1179.544471][ T1] oom_kill_process+0xd3/0x280 [ 1179.549202][ T1] out_of_memory+0x5b6/0x890 [ 1179.553768][ T1] ? unregister_oom_notifier+0x20/0x20 [ 1179.559200][ T1] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1179.564716][ T1] ? get_page_from_freelist+0x7c0/0x7c0 [ 1179.570237][ T1] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1179.575578][ T1] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1179.581092][ T1] pagecache_get_page+0x50f/0x880 [ 1179.586090][ T1] filemap_fault+0x1474/0x19d0 [ 1179.590819][ T1] ? generic_file_read_iter+0x20b0/0x20b0 [ 1179.596525][ T1] ext4_filemap_fault+0x7b/0x90 [ 1179.601344][ T1] handle_mm_fault+0x2846/0x40b0 [ 1179.606254][ T1] ? finish_fault+0x230/0x230 [ 1179.610901][ T1] ? vmacache_find+0x205/0x4b0 [ 1179.615654][ T1] do_user_addr_fault+0x48a/0x9f0 [ 1179.620650][ T1] page_fault+0x2f/0x40 [ 1179.624797][ T1] RIP: 0033:0x7f52e2ee321d [ 1179.631275][ T1] Code: Bad RIP value. [ 1179.635315][ T1] RSP: 002b:00007ffdc4711730 EFLAGS: 00010207 [ 1179.641476][ T1] RAX: 0000000000000001 RBX: 000055d1c0d5cd10 RCX: 00007f52e1816303 [ 1179.649433][ T1] RDX: 0000000000000001 RSI: 00007ffdc4711730 RDI: 0000000000000000 [ 1179.657386][ T1] RBP: 00007ffdc47119e0 R08: 78837c293efa150f R09: 0000000000000530 [ 1179.665342][ T1] R10: 00000000ffffffff R11: 0000000000000000 R12: 00007ffdc4711730 [ 1179.673287][ T1] R13: 0000000000000001 R14: ffffffffffffffff R15: 0000000000000002 [ 1179.683721][ T1] Mem-Info: [ 1179.687323][ T1] active_anon:1442120 inactive_anon:4691 isolated_anon:0 [ 1179.687323][ T1] active_file:162 inactive_file:165 isolated_file:74 [ 1179.687323][ T1] unevictable:0 dirty:1 writeback:0 unstable:0 [ 1179.687323][ T1] slab_reclaimable:7288 slab_unreclaimable:72644 [ 1179.687323][ T1] mapped:55440 shmem:4764 pagetables:29206 bounce:0 [ 1179.687323][ T1] free:9933 free_pcp:75 free_cma:0 [ 1179.725303][ T1] Node 0 active_anon:5768480kB inactive_anon:18764kB active_file:540kB inactive_file:736kB unevictable:0kB isolated(anon):0kB isolated(file):196kB mapped:221660kB dirty:4kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1179.755359][ T1] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1179.782165][ T1] lowmem_reserve[]: 0 2912 6416 6416 [ 1179.787790][ T1] DMA32 free:18284kB min:4644kB low:7624kB high:10604kB active_anon:2850052kB inactive_anon:8kB active_file:16kB inactive_file:28kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6400kB pagetables:19992kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1179.816478][ T1] lowmem_reserve[]: 0 0 3504 3504 [ 1179.821635][ T1] Normal free:5544kB min:5592kB low:9180kB high:12768kB active_anon:2918428kB inactive_anon:18756kB active_file:432kB inactive_file:428kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29280kB pagetables:96832kB bounce:0kB free_pcp:1444kB local_pcp:108kB free_cma:0kB [ 1179.851197][ T1] lowmem_reserve[]: 0 0 0 0 [ 1179.855791][ T1] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1179.869207][ T1] DMA32: 191*4kB (UMH) 62*8kB (UMH) 74*16kB (UMH) 35*32kB (UMH) 36*64kB (UMH) 19*128kB (UMH) 21*256kB (UM) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 18284kB [ 1179.885048][ T1] Normal: 106*4kB (MEH) 39*8kB (MEH) 27*16kB (MEH) 20*32kB (MEH) 8*64kB (MH) 20*128kB (M) 3*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5648kB [ 1179.900381][ T1] 4861 total pagecache pages [ 1179.905590][ T1] 0 pages in swap cache [ 1179.910048][ T1] Swap cache stats: add 0, delete 0, find 0/0 [ 1179.916124][ T1] Free swap = 0kB [ 1179.919825][ T1] Total swap = 0kB [ 1179.923541][ T1] 1965979 pages RAM [ 1179.927333][ T1] 0 pages HighMem/MovableOnly [ 1179.931989][ T1] 318832 pages reserved [ 1179.940213][ T1] 0 pages cma reserved [ 1179.944352][ T1] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=32431,uid=0 [ 1179.958534][ T1] Out of memory: Killed process 32431 (syz-executor.0) total-vm:74960kB, anon-rss:16548kB, file-rss:34704kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:05:49 executing program 1: clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000100)={'security\x00'}, &(0x7f0000000180)=0x54) r3 = memfd_create(&(0x7f0000000040)='/dev.auys\x00', 0x0) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x2000007, 0x11, r3, 0x0) rt_sigaction(0x7, &(0x7f0000b4a000)={0xfffffffffffffffd, 0xd0000000, 0x0}, 0x0, 0x8, &(0x7f0000000000)) syz_open_procfs(0x0, &(0x7f0000000080)='net/ip_vs\x00') prctl$PR_SET_DUMPABLE(0x4, 0x0) syz_open_procfs(0x0, &(0x7f0000000700)='auxv\x00') 03:05:49 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:51 executing program 1: clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x18) 03:05:52 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:53 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYRES16, @ANYBLOB="a7b74aad84a9d68309edc937d385a7c5959263093c6547c70921cd03f191f3b525328e92fad8556bc8405672662be6236747a6cdb02d4d678ce828c53466ba9d95a6b464336d4f7eadad3878640848d2e5fa8b4739d9fb4ec579bc7a30ec"], 0x0, 0x60}, 0x20) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/2, 0x2}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x33) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 03:05:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') sendmsg$NFT_MSG_GETSET(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x785c395fa877e2e8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="340000000a0a0102000000000000000007000009080005400000df3f0800074000000006080003400000000a08000a4000000002"], 0x34}}, 0x4004010) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x4, 0x1, 0x0, 0x3, 0x8}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:55 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1189.825071][ T405] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1189.836014][ T405] CPU: 0 PID: 405 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1189.845623][ T405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1189.855646][ T405] Call Trace: [ 1189.859025][ T405] dump_stack+0x14a/0x1ce [ 1189.863342][ T405] ? devkmsg_release+0x11c/0x11c [ 1189.868258][ T405] ? show_regs_print_info+0x12/0x12 [ 1189.873433][ T405] ? radix_tree_cpu_dead+0x160/0x160 [ 1189.878705][ T405] ? _raw_spin_lock+0xa1/0x170 [ 1189.883440][ T405] ? _raw_spin_trylock_bh+0x190/0x190 [ 1189.888792][ T405] dump_header+0xdb/0x700 [ 1189.893118][ T405] oom_kill_process+0xd3/0x280 [ 1189.897859][ T405] out_of_memory+0x5b6/0x890 [ 1189.902423][ T405] ? unregister_oom_notifier+0x20/0x20 [ 1189.907859][ T405] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1189.913385][ T405] ? get_page_from_freelist+0x7c0/0x7c0 [ 1189.918900][ T405] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1189.924241][ T405] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1189.929753][ T405] pagecache_get_page+0x50f/0x880 [ 1189.934744][ T405] filemap_fault+0x1474/0x19d0 [ 1189.939480][ T405] ? generic_file_read_iter+0x20b0/0x20b0 [ 1189.945164][ T405] ? mm_trace_rss_stat+0x41/0x1a0 [ 1189.950154][ T405] ext4_filemap_fault+0x7b/0x90 [ 1189.954972][ T405] handle_mm_fault+0x2846/0x40b0 [ 1189.959874][ T405] ? finish_fault+0x230/0x230 [ 1189.964518][ T405] ? vmacache_find+0x3a2/0x4b0 [ 1189.969251][ T405] do_user_addr_fault+0x48a/0x9f0 [ 1189.974246][ T405] page_fault+0x2f/0x40 [ 1189.978367][ T405] RIP: 0033:0x730175 [ 1189.982232][ T405] Code: cc cc cc cc cc 48 8b 44 24 08 84 00 48 89 44 24 08 c6 44 24 10 00 e9 6a 3e ff ff cc cc cc cc cc cc cc cc cc cc 48 8b 44 24 08 <84> 00 48 89 44 24 08 48 c7 44 24 10 00 00 00 00 e9 56 3e ff ff cc [ 1190.001803][ T405] RSP: 002b:000000c43204b740 EFLAGS: 00010216 [ 1190.007838][ T405] RAX: 00000000014501c0 RBX: 000000c43abaf4e0 RCX: 0000000000730170 [ 1190.015779][ T405] RDX: 000000003c84c8af RSI: 0000000000000020 RDI: 000000c430afd400 [ 1190.023719][ T405] RBP: 000000c43204b758 R08: 0000000000000000 R09: 0000000000000000 [ 1190.031661][ T405] R10: 00000000009f0182 R11: 0000000000000004 R12: 0000000000000000 [ 1190.039605][ T405] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 1190.062836][ T405] Mem-Info: [ 1190.066154][ T405] active_anon:1438079 inactive_anon:4691 isolated_anon:0 [ 1190.066154][ T405] active_file:418 inactive_file:371 isolated_file:32 [ 1190.066154][ T405] unevictable:0 dirty:11 writeback:0 unstable:0 [ 1190.066154][ T405] slab_reclaimable:7276 slab_unreclaimable:72584 [ 1190.066154][ T405] mapped:55790 shmem:4764 pagetables:29222 bounce:0 [ 1190.066154][ T405] free:12472 free_pcp:1158 free_cma:0 [ 1190.104158][ T405] Node 0 active_anon:5752316kB inactive_anon:18764kB active_file:1672kB inactive_file:1472kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:223260kB dirty:44kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1190.128891][ T405] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1190.155413][ T405] lowmem_reserve[]: 0 2912 6416 6416 [ 1190.161150][ T405] DMA32 free:23340kB min:4644kB low:7624kB high:10604kB active_anon:2843496kB inactive_anon:4kB active_file:920kB inactive_file:440kB unevictable:0kB writepending:28kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6432kB pagetables:20032kB bounce:0kB free_pcp:2904kB local_pcp:1432kB free_cma:0kB [ 1190.191109][ T405] lowmem_reserve[]: 0 0 3504 3504 [ 1190.197045][ T405] Normal free:10644kB min:5592kB low:9180kB high:12768kB active_anon:2908484kB inactive_anon:18760kB active_file:904kB inactive_file:2520kB unevictable:0kB writepending:16kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29152kB pagetables:96856kB bounce:0kB free_pcp:1360kB local_pcp:384kB free_cma:0kB [ 1190.228094][ T405] lowmem_reserve[]: 0 0 0 0 [ 1190.233809][ T405] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1190.248186][ T405] DMA32: 438*4kB (UMH) 135*8kB (UMH) 129*16kB (UMH) 64*32kB (UMH) 54*64kB (UMH) 32*128kB (UMH) 19*256kB (UM) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 23968kB [ 1190.266161][ T405] Normal: 99*4kB (UEH) 101*8kB (UME) 60*16kB (UME) 19*32kB (UME) 34*64kB (UM) 24*128kB (UM) 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9044kB [ 1190.285552][ T405] 6145 total pagecache pages [ 1190.291888][ T405] 0 pages in swap cache [ 1190.296745][ T405] Swap cache stats: add 0, delete 0, find 0/0 [ 1190.310944][ T405] Free swap = 0kB [ 1190.317406][ T405] Total swap = 0kB [ 1190.323799][ T405] 1965979 pages RAM [ 1190.328033][ T405] 0 pages HighMem/MovableOnly [ 1190.333697][ T405] 318832 pages reserved [ 1190.338225][ T405] 0 pages cma reserved [ 1190.343593][ T405] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=32480,uid=0 [ 1190.358683][ T405] Out of memory: Killed process 32480 (syz-executor.0) total-vm:75488kB, anon-rss:16584kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:05:58 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:05:59 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) r1 = socket(0x400000000000010, 0x802, 0x0) write(r1, &(0x7f00000000c0)="24000000200099f0003be90000ed190e020008160000100000ba1080080002007f196be0", 0x24) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x60, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x42df58543c8380db}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0x24, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @multicast2=0xe0000005}, @IFLA_IPTUN_6RD_PREFIXLEN={0x6}, @IFLA_IPTUN_ENCAP_SPORT={0x6, 0x11, 0x4e24}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x1f}]}}}, @IFLA_MTU={0x8, 0x4, 0x10001}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x60}}, 0x0) [ 1192.209464][T32497] IPv6: sit1: Disabled Multicast RS [ 1192.265093][T32499] IPv6: sit1: Disabled Multicast RS 03:06:00 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:00 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) getegid() write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:01 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x1) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, &(0x7f0000000100)={0x0, 0x0, {0x27, 0x9, 0xe, 0x1b, 0x9, 0x1f, 0x2, 0xd0, 0x1}}) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1b, &(0x7f00000000c0)=0x2000000000000074, 0x4) 03:06:02 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:03 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) getegid() write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:03 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:03 executing program 5: close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$IOC_PR_REGISTER(0xffffffffffffffff, 0x401870c8, &(0x7f0000000240)={0x5, 0x9}) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x1c, r6, 0xb0343aabd1184b87, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_GET_STATION(r4, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0xb0, r6, 0x100, 0x70bd2d, 0x25dfdbfd, {}, [@NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x88}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x2}, @NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x8, 0x8001}}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x1b, 0x13, "08fa3ed306b688e8d5fdbbe34480c4dca70ab29c4f1486"}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x15, 0xbe, "9d456fcb4b67c670ab2ba64ca0ede11f6b"}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x3}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x100}, @NL80211_ATTR_STA_FLAGS={0x10, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_AUTHENTICATED={0x4}, @NL80211_STA_FLAG_ASSOCIATED={0x4}, @NL80211_STA_FLAG_SHORT_PREAMBLE={0x4}]}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x22, 0x13, "b68638fd53e73ea62ca982a28e51ba842a55edda4d562687231afc5fc77f"}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0x4}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4000}, 0x4091) 03:06:03 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:03 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) getegid() write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1199.273156][T32545] systemd-udevd invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1199.284277][T32545] CPU: 1 PID: 32545 Comm: systemd-udevd Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1199.294327][T32545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1199.304358][T32545] Call Trace: [ 1199.307628][T32545] dump_stack+0x14a/0x1ce [ 1199.311980][T32545] ? devkmsg_release+0x11c/0x11c [ 1199.316894][T32545] ? show_regs_print_info+0x12/0x12 [ 1199.322068][T32545] ? radix_tree_cpu_dead+0x160/0x160 [ 1199.327325][T32545] ? _raw_spin_lock+0xa1/0x170 [ 1199.332060][T32545] ? _raw_spin_trylock_bh+0x190/0x190 [ 1199.337407][T32545] dump_header+0xdb/0x700 [ 1199.341720][T32545] oom_kill_process+0xd3/0x280 [ 1199.346471][T32545] out_of_memory+0x5b6/0x890 [ 1199.351045][T32545] ? unregister_oom_notifier+0x20/0x20 [ 1199.356500][T32545] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1199.362017][T32545] ? __kernel_text_address+0x93/0x110 [ 1199.367362][T32545] ? get_page_from_freelist+0x7c0/0x7c0 [ 1199.372890][T32545] ? __zone_watermark_ok+0x96/0x260 [ 1199.378066][T32545] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1199.383421][T32545] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1199.388938][T32545] ? avc_has_perm_flags+0xe3/0x2b0 [ 1199.394026][T32545] ? avc_has_perm_flags+0x184/0x2b0 [ 1199.399196][T32545] alloc_slab_page+0x3a/0x3a0 [ 1199.403845][T32545] new_slab+0x3ef/0x430 [ 1199.407967][T32545] ? atime_needs_update+0x570/0x570 [ 1199.413138][T32545] ? should_fail+0x18e/0x860 [ 1199.417695][T32545] ___slab_alloc+0x2e0/0x450 [ 1199.422251][T32545] ? selinux_inode_follow_link+0x286/0x3c0 [ 1199.428023][T32545] ? kernfs_iop_get_link+0x63/0x550 [ 1199.433190][T32545] ? kernfs_iop_get_link+0x63/0x550 [ 1199.438381][T32545] kmem_cache_alloc_trace+0x258/0x270 [ 1199.443738][T32545] ? kernfs_create_link+0x1f0/0x1f0 [ 1199.448912][T32545] kernfs_iop_get_link+0x63/0x550 [ 1199.453923][T32545] ? security_inode_follow_link+0xed/0x130 [ 1199.459715][T32545] ? kernfs_create_link+0x1f0/0x1f0 [ 1199.464883][T32545] trailing_symlink+0x508/0xb10 [ 1199.469714][T32545] path_openat+0x751/0x3d10 [ 1199.474215][T32545] ? unwind_get_return_address+0x48/0x90 [ 1199.479823][T32545] ? do_filp_open+0x440/0x440 [ 1199.484471][T32545] ? do_sys_open+0x33d/0x7d0 [ 1199.489032][T32545] ? do_syscall_64+0xcb/0x150 [ 1199.493681][T32545] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1199.499717][T32545] do_filp_open+0x20d/0x440 [ 1199.504188][T32545] ? vfs_tmpfile+0x220/0x220 [ 1199.508771][T32545] ? _raw_spin_unlock+0x5/0x20 [ 1199.513524][T32545] ? __alloc_fd+0x4e8/0x590 [ 1199.518006][T32545] do_sys_open+0x387/0x7d0 [ 1199.522399][T32545] ? file_open_root+0x450/0x450 [ 1199.527219][T32545] ? do_user_addr_fault+0x55c/0x9f0 [ 1199.532387][T32545] do_syscall_64+0xcb/0x150 [ 1199.536860][T32545] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1199.542726][T32545] RIP: 0033:0x7fe7091c2840 [ 1199.547124][T32545] Code: Bad RIP value. [ 1199.551158][T32545] RSP: 002b:00007fff9cd53d48 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1199.559533][T32545] RAX: ffffffffffffffda RBX: 0000000000000705 RCX: 00007fe7091c2840 [ 1199.567470][T32545] RDX: 0000000000000005 RSI: 0000000000080000 RDI: 00007fff9cd53d50 [ 1199.575407][T32545] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000012 [ 1199.583349][T32545] R10: 0000000000000122 R11: 0000000000000246 R12: 00007fff9cd54d90 [ 1199.591294][T32545] R13: 0000000000000000 R14: 0000000000000000 R15: 000000000000000f [ 1199.600301][T32545] Mem-Info: [ 1199.604539][T32545] active_anon:1439543 inactive_anon:4689 isolated_anon:0 [ 1199.604539][T32545] active_file:306 inactive_file:391 isolated_file:32 [ 1199.604539][T32545] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1199.604539][T32545] slab_reclaimable:7273 slab_unreclaimable:72486 [ 1199.604539][T32545] mapped:55754 shmem:4764 pagetables:29293 bounce:0 [ 1199.604539][T32545] free:11840 free_pcp:600 free_cma:0 [ 1199.642964][T32545] Node 0 active_anon:5758172kB inactive_anon:18756kB active_file:380kB inactive_file:1012kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221288kB dirty:0kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1199.667944][T32545] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1199.694261][T32545] lowmem_reserve[]: 0 2912 6416 6416 [ 1199.699963][T32545] DMA32 free:21672kB min:4644kB low:7624kB high:10604kB active_anon:2848608kB inactive_anon:4kB active_file:36kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6464kB pagetables:20124kB bounce:0kB free_pcp:1008kB local_pcp:0kB free_cma:0kB [ 1199.729317][T32545] lowmem_reserve[]: 0 0 3504 3504 [ 1199.734614][T32545] Normal free:9768kB min:5592kB low:9180kB high:12768kB active_anon:2909564kB inactive_anon:18752kB active_file:440kB inactive_file:2644kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29152kB pagetables:97048kB bounce:0kB free_pcp:688kB local_pcp:412kB free_cma:0kB [ 1199.764326][T32545] lowmem_reserve[]: 0 0 0 0 [ 1199.769025][T32545] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1199.782527][T32545] DMA32: 135*4kB (UMH) 110*8kB (UMH) 61*16kB (UMH) 54*32kB (UMH) 48*64kB (UMH) 35*128kB (UMH) 20*256kB (UM) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 21404kB [ 1199.798591][T32545] Normal: 87*4kB (ME) 137*8kB (UME) 98*16kB (UME) 48*32kB (UME) 16*64kB (M) 15*128kB (M) 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 8004kB [ 1199.813447][T32545] 6205 total pagecache pages [ 1199.818202][T32545] 0 pages in swap cache [ 1199.822754][T32545] Swap cache stats: add 0, delete 0, find 0/0 [ 1199.828992][T32545] Free swap = 0kB [ 1199.832850][T32545] Total swap = 0kB [ 1199.836699][T32545] 1965979 pages RAM [ 1199.840605][T32545] 0 pages HighMem/MovableOnly [ 1199.845503][T32545] 318832 pages reserved [ 1199.849745][T32545] 0 pages cma reserved [ 1199.853909][T32545] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=32540,uid=0 [ 1199.868213][T32545] Out of memory: Killed process 32540 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1199.885793][ T23] oom_reaper: reaped process 32540 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:06:08 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:08 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x3, 0x7) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:08 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:09 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x3, 0x7) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:09 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x10001ff) 03:06:10 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x10001ff) 03:06:10 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x3, 0x7) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:10 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/seq/clients\x00', 0x0, 0x0) ioctl$RTC_ALM_SET(r4, 0x40247007, &(0x7f0000000140)={0x4, 0x10, 0x5, 0x18, 0x6, 0x800, 0x1, 0xf0, 0x1}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) poll(&(0x7f0000000080)=[{}], 0x1, 0x0) fsetxattr$security_evm(0xffffffffffffffff, &(0x7f0000000180)='security.evm\x00', &(0x7f0000000200)=@sha1={0x1, "fe7b2d0ce939d655783dc62ddb8a95ca96d63c10"}, 0x15, 0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1202.743440][ T385] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1202.757385][ T385] CPU: 1 PID: 385 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1202.767020][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1202.777048][ T385] Call Trace: [ 1202.780314][ T385] dump_stack+0x14a/0x1ce [ 1202.784637][ T385] ? devkmsg_release+0x11c/0x11c [ 1202.789543][ T385] ? show_regs_print_info+0x12/0x12 [ 1202.794707][ T385] ? radix_tree_cpu_dead+0x160/0x160 [ 1202.799958][ T385] ? _raw_spin_lock+0xa1/0x170 [ 1202.804691][ T385] ? _raw_spin_trylock_bh+0x190/0x190 [ 1202.810034][ T385] dump_header+0xdb/0x700 [ 1202.814344][ T385] oom_kill_process+0xd3/0x280 [ 1202.819084][ T385] out_of_memory+0x5b6/0x890 [ 1202.823727][ T385] ? unregister_oom_notifier+0x20/0x20 [ 1202.829175][ T385] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1202.834697][ T385] ? get_page_from_freelist+0x7c0/0x7c0 [ 1202.840218][ T385] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1202.845562][ T385] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1202.851091][ T385] pagecache_get_page+0x50f/0x880 [ 1202.856091][ T385] filemap_fault+0x1474/0x19d0 [ 1202.860825][ T385] ? generic_file_read_iter+0x20b0/0x20b0 [ 1202.866507][ T385] ? ___preempt_schedule+0x16/0x20 [ 1202.871592][ T385] ext4_filemap_fault+0x7b/0x90 [ 1202.876413][ T385] handle_mm_fault+0x2846/0x40b0 [ 1202.881319][ T385] ? finish_fault+0x230/0x230 [ 1202.885968][ T385] ? vmacache_find+0x2d2/0x4b0 [ 1202.890702][ T385] do_user_addr_fault+0x48a/0x9f0 [ 1202.895701][ T385] page_fault+0x2f/0x40 [ 1202.899823][ T385] RIP: 0033:0x46e9b0 [ 1202.903693][ T385] Code: Bad RIP value. [ 1202.907724][ T385] RSP: 002b:000000c4320477e8 EFLAGS: 00010206 [ 1202.913750][ T385] RAX: 0000000001eec2c0 RBX: 000000000040e0a7 RCX: 000000c420143e00 [ 1202.921688][ T385] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000c420143e30 [ 1202.929630][ T385] RBP: 000000c432047850 R08: 000000c420001e00 R09: 0000000000000000 [ 1202.937570][ T385] R10: 00000000009f0182 R11: 0000000000000004 R12: 0000000000000000 [ 1202.945512][ T385] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 1202.955587][ T385] Mem-Info: [ 1202.958868][ T385] active_anon:1440800 inactive_anon:4691 isolated_anon:0 [ 1202.958868][ T385] active_file:342 inactive_file:350 isolated_file:24 [ 1202.958868][ T385] unevictable:0 dirty:10 writeback:0 unstable:0 [ 1202.958868][ T385] slab_reclaimable:7270 slab_unreclaimable:72367 [ 1202.958868][ T385] mapped:55809 shmem:4764 pagetables:29290 bounce:0 [ 1202.958868][ T385] free:11033 free_pcp:76 free_cma:0 [ 1202.997037][ T385] Node 0 active_anon:5763200kB inactive_anon:18764kB active_file:1232kB inactive_file:1336kB unevictable:0kB isolated(anon):0kB isolated(file):96kB mapped:223036kB dirty:40kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1203.021848][ T385] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1203.048555][ T385] lowmem_reserve[]: 0 2912 6416 6416 [ 1203.054559][ T385] DMA32 free:18572kB min:4644kB low:7624kB high:10604kB active_anon:2850928kB inactive_anon:4kB active_file:24kB inactive_file:420kB unevictable:0kB writepending:4kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6400kB pagetables:19996kB bounce:0kB free_pcp:1052kB local_pcp:296kB free_cma:0kB [ 1203.097058][ T385] lowmem_reserve[]: 0 0 3504 3504 [ 1203.103848][ T385] Normal free:9568kB min:9688kB low:13276kB high:16864kB active_anon:2911496kB inactive_anon:18760kB active_file:676kB inactive_file:456kB unevictable:0kB writepending:36kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29344kB pagetables:97164kB bounce:0kB free_pcp:44kB local_pcp:28kB free_cma:0kB [ 1203.154635][ T385] lowmem_reserve[]: 0 0 0 0 [ 1203.164962][ T385] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1203.214757][ T385] DMA32: 216*4kB (UMH) 59*8kB (UMH) 26*16kB (UH) 27*32kB (UMH) 21*64kB (UMH) 41*128kB (UMH) 21*256kB (UM) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 19192kB [ 1203.231115][ T385] Normal: 255*4kB (UME) 218*8kB (UME) 50*16kB (UME) 18*32kB (UME) 6*64kB (UM) 16*128kB (UM) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6828kB [ 1203.314188][ T385] 5396 total pagecache pages [ 1203.318950][ T385] 0 pages in swap cache [ 1203.323189][ T385] Swap cache stats: add 0, delete 0, find 0/0 [ 1203.329634][ T385] Free swap = 0kB [ 1203.333389][ T385] Total swap = 0kB [ 1203.337083][ T385] 1965979 pages RAM [ 1203.340890][ T385] 0 pages HighMem/MovableOnly [ 1203.345643][ T385] 318832 pages reserved [ 1203.349846][ T385] 0 pages cma reserved [ 1203.353981][ T385] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=32567,uid=0 [ 1203.368257][ T385] Out of memory: Killed process 32567 (syz-executor.0) total-vm:75224kB, anon-rss:16532kB, file-rss:34484kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 1203.389527][ T23] oom_reaper: reaped process 32567 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 03:06:12 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x10001ff) 03:06:12 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1204.901232][ T429] syz-executor.1 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1204.918058][ T429] CPU: 0 PID: 429 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1204.928032][ T429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1204.938061][ T429] Call Trace: [ 1204.941321][ T429] dump_stack+0x14a/0x1ce [ 1204.945620][ T429] ? devkmsg_release+0x11c/0x11c [ 1204.950527][ T429] ? show_regs_print_info+0x12/0x12 [ 1204.955696][ T429] ? radix_tree_cpu_dead+0x160/0x160 [ 1204.960946][ T429] ? _raw_spin_lock+0xa1/0x170 [ 1204.965675][ T429] ? _raw_spin_trylock_bh+0x190/0x190 [ 1204.971013][ T429] dump_header+0xdb/0x700 [ 1204.975311][ T429] oom_kill_process+0xd3/0x280 [ 1204.980042][ T429] out_of_memory+0x5b6/0x890 [ 1204.984602][ T429] ? unregister_oom_notifier+0x20/0x20 [ 1204.990031][ T429] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1204.995546][ T429] ? __kernel_text_address+0x93/0x110 [ 1205.000888][ T429] ? get_page_from_freelist+0x7c0/0x7c0 [ 1205.006403][ T429] ? ext4_lookup+0x9b6/0xcb0 [ 1205.010961][ T429] ? __zone_watermark_ok+0x96/0x260 [ 1205.016143][ T429] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1205.021478][ T429] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1205.026993][ T429] alloc_slab_page+0x3a/0x3a0 [ 1205.031762][ T429] new_slab+0x3ef/0x430 [ 1205.035889][ T429] ? should_fail+0x18e/0x860 [ 1205.040448][ T429] ___slab_alloc+0x2e0/0x450 [ 1205.045004][ T429] ? success_walk_trace+0x430/0x430 [ 1205.050195][ T429] ? getname_flags+0xb8/0x610 [ 1205.054864][ T429] ? getname_flags+0xb8/0x610 [ 1205.059507][ T429] kmem_cache_alloc+0x23c/0x260 [ 1205.064324][ T429] getname_flags+0xb8/0x610 [ 1205.068795][ T429] ? __rcu_read_lock+0x50/0x50 [ 1205.073524][ T429] user_path_at_empty+0x28/0x50 [ 1205.078342][ T429] __se_sys_newlstat+0xe4/0x8b0 [ 1205.083173][ T429] ? __x64_sys_newlstat+0x60/0x60 [ 1205.088179][ T429] ? __rcu_read_lock+0x50/0x50 [ 1205.092931][ T429] ? vfs_submount+0xb0/0xb0 [ 1205.097406][ T429] ? retain_dentry+0x275/0x360 [ 1205.102140][ T429] ? dput+0x518/0x5e0 [ 1205.106103][ T429] ? switch_fpu_return+0x10/0x10 [ 1205.111008][ T429] ? getname_flags+0x20d/0x610 [ 1205.115737][ T429] do_syscall_64+0xcb/0x150 [ 1205.120209][ T429] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1205.126068][ T429] RIP: 0033:0x45bc05 [ 1205.129932][ T429] Code: d4 ff ff ff 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 83 ff 01 48 89 f0 77 30 48 89 c7 48 89 d6 b8 06 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 03 f3 c3 90 48 c7 c2 d4 ff ff ff f7 d8 64 89 [ 1205.149503][ T429] RSP: 002b:00007fff19d27c98 EFLAGS: 00000246 ORIG_RAX: 0000000000000006 [ 1205.157881][ T429] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045bc05 [ 1205.165831][ T429] RDX: 00007fff19d27cb0 RSI: 00007fff19d27cb0 RDI: 00007fff19d27d40 [ 1205.173777][ T429] RBP: 000000000000168d R08: 0000000000000000 R09: 0000000000000011 [ 1205.181724][ T429] R10: 000000000000000a R11: 0000000000000246 R12: 00007fff19d28dd0 [ 1205.189670][ T429] R13: 0000000002a49940 R14: 0000000000000000 R15: 00007fff19d28dd0 [ 1205.198690][ T429] Mem-Info: [ 1205.202823][ T429] active_anon:1437982 inactive_anon:4691 isolated_anon:0 [ 1205.202823][ T429] active_file:358 inactive_file:877 isolated_file:0 [ 1205.202823][ T429] unevictable:0 dirty:10 writeback:0 unstable:0 [ 1205.202823][ T429] slab_reclaimable:7270 slab_unreclaimable:72501 [ 1205.202823][ T429] mapped:55981 shmem:4764 pagetables:29294 bounce:0 [ 1205.202823][ T429] free:12470 free_pcp:850 free_cma:0 [ 1205.241499][ T429] Node 0 active_anon:5751928kB inactive_anon:18764kB active_file:1432kB inactive_file:4008kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:224224kB dirty:40kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1205.267835][ T429] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1205.294612][ T429] lowmem_reserve[]: 0 2912 6416 6416 [ 1205.305069][ T429] DMA32 free:21640kB min:4644kB low:7624kB high:10604kB active_anon:2846400kB inactive_anon:4kB active_file:24kB inactive_file:12kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6464kB pagetables:19996kB bounce:0kB free_pcp:1840kB local_pcp:504kB free_cma:0kB [ 1205.335726][ T429] lowmem_reserve[]: 0 0 3504 3504 [ 1205.361541][ T429] Normal free:9792kB min:5592kB low:9180kB high:12768kB active_anon:2905628kB inactive_anon:18760kB active_file:2852kB inactive_file:3512kB unevictable:0kB writepending:40kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29152kB pagetables:97180kB bounce:0kB free_pcp:1740kB local_pcp:1256kB free_cma:0kB [ 1205.391884][ T429] lowmem_reserve[]: 0 0 0 0 [ 1205.396715][ T429] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1205.410155][ T429] DMA32: 160*4kB (UMH) 87*8kB (UMH) 61*16kB (UMH) 84*32kB (MH) 48*64kB (MH) 31*128kB (UMH) 20*256kB (UM) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 21768kB [ 1205.426034][ T429] Normal: 87*4kB (UE) 22*8kB (UME) 26*16kB (UME) 73*32kB (UME) 53*64kB (UM) 15*128kB (UM) 2*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9100kB [ 1205.481513][ T429] 6278 total pagecache pages [ 1205.486314][ T429] 0 pages in swap cache [ 1205.501514][ T429] Swap cache stats: add 0, delete 0, find 0/0 [ 1205.507954][ T429] Free swap = 0kB [ 1205.520094][ T429] Total swap = 0kB [ 1205.527652][ T429] 1965979 pages RAM [ 1205.531638][ T429] 0 pages HighMem/MovableOnly [ 1205.536297][ T429] 318832 pages reserved [ 1205.540436][ T429] 0 pages cma reserved [ 1205.544932][ T429] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=28433,uid=0 [ 1205.559433][ T429] Out of memory: Killed process 28433 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1205.579435][ T23] oom_reaper: reaped process 28433 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:06:17 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, r0, 0x0, 0x10001ff) 03:06:17 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340)="f384501a94932b3550c571309dad94b1e4a3f2dd7ac4d9864a5ad229c89b4b7c51b67fbaea01098838fb1cdcac3a86220fe6ddc8349de44b6580e6945acc529655eb5f91fb39b9535ba34b0272dde3aa8f1f6e10bd4209000000c0d04c8e7dfd0d44aa9c5105304f91cfd6e862380fd65baec8ed0e0d9c3397a3fa693e37dec05768917aef6e403effff28ae08eadeb723fe8187d2246e3b8df59367e2c6e56e2ffc1acba7553a58dc6f9ee7a33f96327e5677c5ce3091c7b39c4f5e562ed7f3a5ae6c6dc7780c17cceb1da39f2ba6ad378e8aa5e2c7cb6fbd63433636cfbf8408f43075ee829137f4313817c7b6b084cf8ad1637337e7a9411e4f7bf141c37b51b91c16c28018d9838d932a39ce3d50edca93933de902a058c0366a5dab211c16cb587635ef00c734b6e26f4315dcf3cd8b3c7d342e30bc61d121670c25e001bdfca3321935b1696e1214aeb085fc4379303f3761f368eeed56de00aae9ed0df714fce8ba31b223519130", 0x16b) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x10, &(0x7f0000000100)=0x5, 0x4) poll(&(0x7f0000000080)=[{r4}], 0x1, 0x0) read(r4, &(0x7f0000000100)=""/39, 0x27) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:19 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, r0, 0x0, 0x10001ff) 03:06:19 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r5}], 0x1, 0x0) fcntl$setflags(r5, 0x2, 0x1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:19 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, r0, 0x0, 0x10001ff) 03:06:21 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') tkill(0x0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, r0, 0x0, 0x10001ff) 03:06:24 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') tkill(0x0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, r0, 0x0, 0x10001ff) 03:06:24 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4201, 0x0, 0x0, &(0x7f0000000080)={0x0}) ioprio_set$pid(0x1, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:27 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') tkill(0x0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, r0, 0x0, 0x10001ff) [ 1219.747981][ T386] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1219.758947][ T386] CPU: 1 PID: 386 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1219.768556][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1219.778582][ T386] Call Trace: [ 1219.781844][ T386] dump_stack+0x14a/0x1ce [ 1219.786141][ T386] ? devkmsg_release+0x11c/0x11c [ 1219.791046][ T386] ? show_regs_print_info+0x12/0x12 [ 1219.796211][ T386] ? radix_tree_cpu_dead+0x160/0x160 [ 1219.801463][ T386] ? _raw_spin_lock+0xa1/0x170 [ 1219.806198][ T386] ? _raw_spin_trylock_bh+0x190/0x190 [ 1219.811537][ T386] dump_header+0xdb/0x700 [ 1219.815834][ T386] oom_kill_process+0xd3/0x280 [ 1219.820567][ T386] out_of_memory+0x5b6/0x890 [ 1219.825128][ T386] ? unregister_oom_notifier+0x20/0x20 [ 1219.830556][ T386] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1219.836068][ T386] ? get_page_from_freelist+0x7c0/0x7c0 [ 1219.841581][ T386] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1219.846936][ T386] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1219.852451][ T386] pagecache_get_page+0x50f/0x880 [ 1219.857442][ T386] filemap_fault+0x1474/0x19d0 [ 1219.862175][ T386] ? generic_file_read_iter+0x20b0/0x20b0 [ 1219.867860][ T386] ? xas_find+0x11f/0x6f0 [ 1219.872161][ T386] ext4_filemap_fault+0x7b/0x90 [ 1219.876978][ T386] handle_mm_fault+0x2846/0x40b0 [ 1219.881884][ T386] ? finish_fault+0x230/0x230 [ 1219.886525][ T386] ? vmacache_find+0x205/0x4b0 [ 1219.891267][ T386] do_user_addr_fault+0x48a/0x9f0 [ 1219.896259][ T386] page_fault+0x2f/0x40 [ 1219.900379][ T386] RIP: 0033:0x42e2a0 [ 1219.904251][ T386] Code: Bad RIP value. [ 1219.908285][ T386] RSP: 002b:000000c42004fee0 EFLAGS: 00010202 [ 1219.914316][ T386] RAX: 000000c420001980 RBX: 0000000000000001 RCX: 0000000000000000 [ 1219.922370][ T386] RDX: 0000000100000004 RSI: 00000000000000e9 RDI: 0000000000000072 [ 1219.930313][ T386] RBP: 000000c42004ff18 R08: 0000000000000000 R09: 00007ffda3bf70b8 [ 1219.938258][ T386] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000042f0a0 [ 1219.946196][ T386] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000000 [ 1219.958098][ T386] Mem-Info: [ 1219.961249][ T386] active_anon:1442484 inactive_anon:4691 isolated_anon:0 [ 1219.961249][ T386] active_file:12 inactive_file:8 isolated_file:32 [ 1219.961249][ T386] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1219.961249][ T386] slab_reclaimable:7252 slab_unreclaimable:72877 [ 1219.961249][ T386] mapped:55230 shmem:4764 pagetables:29486 bounce:0 [ 1219.961249][ T386] free:9273 free_pcp:180 free_cma:0 [ 1219.998597][ T386] Node 0 active_anon:5770000kB inactive_anon:18764kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):76kB mapped:220912kB dirty:0kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1220.022513][ T386] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1220.048561][ T386] lowmem_reserve[]: 0 2912 6416 6416 [ 1220.053862][ T386] DMA32 free:17688kB min:4644kB low:7624kB high:10604kB active_anon:2852484kB inactive_anon:8kB active_file:16kB inactive_file:36kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6592kB pagetables:20300kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1220.082883][ T386] lowmem_reserve[]: 0 0 3504 3504 [ 1220.088544][ T386] Normal free:4068kB min:5592kB low:9180kB high:12768kB active_anon:2917524kB inactive_anon:18756kB active_file:32kB inactive_file:24kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29344kB pagetables:97648kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1220.119767][ T386] lowmem_reserve[]: 0 0 0 0 [ 1220.124271][ T386] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1220.139891][ T386] DMA32: 73*4kB (UME) 36*8kB (UM) 30*16kB (UME) 28*32kB (UME) 28*64kB (UM) 33*128kB (UM) 18*256kB (ME) 8*512kB (UM) 1*1024kB (E) 0*2048kB 0*4096kB = 17700kB [ 1220.157948][ T386] Normal: 105*4kB (UME) 28*8kB (ME) 32*16kB (UME) 15*32kB (UME) 22*64kB (UM) 4*128kB (M) 2*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4068kB [ 1220.173340][ T386] 4810 total pagecache pages [ 1220.181059][ T386] 0 pages in swap cache [ 1220.185313][ T386] Swap cache stats: add 0, delete 0, find 0/0 [ 1220.192401][ T386] Free swap = 0kB [ 1220.196114][ T386] Total swap = 0kB [ 1220.199820][ T386] 1965979 pages RAM [ 1220.205955][ T386] 0 pages HighMem/MovableOnly [ 1220.211563][ T386] 318832 pages reserved [ 1220.215696][ T386] 0 pages cma reserved [ 1220.219736][ T386] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=32624,uid=0 [ 1220.239687][ T386] Out of memory: Killed process 32624 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34740kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1220.267391][ T23] oom_reaper: reaped process 32624 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1222.214996][ T411] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1222.226158][ T411] CPU: 0 PID: 411 Comm: syz-executor.0 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1222.236093][ T411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1222.246123][ T411] Call Trace: [ 1222.249397][ T411] dump_stack+0x14a/0x1ce [ 1222.253813][ T411] ? devkmsg_release+0x11c/0x11c [ 1222.258846][ T411] ? show_regs_print_info+0x12/0x12 [ 1222.264007][ T411] ? radix_tree_cpu_dead+0x160/0x160 [ 1222.269373][ T411] ? _raw_spin_lock+0xa1/0x170 [ 1222.274106][ T411] ? _raw_spin_trylock_bh+0x190/0x190 [ 1222.279529][ T411] dump_header+0xdb/0x700 [ 1222.283823][ T411] oom_kill_process+0xd3/0x280 [ 1222.288553][ T411] out_of_memory+0x5b6/0x890 [ 1222.293142][ T411] ? unregister_oom_notifier+0x20/0x20 [ 1222.298565][ T411] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1222.304118][ T411] ? get_page_from_freelist+0x7c0/0x7c0 [ 1222.309736][ T411] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1222.315086][ T411] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1222.320642][ T411] pagecache_get_page+0x50f/0x880 [ 1222.325642][ T411] filemap_fault+0x1474/0x19d0 [ 1222.330374][ T411] ? generic_file_read_iter+0x20b0/0x20b0 [ 1222.336096][ T411] ? clockevents_program_event+0x214/0x2d0 [ 1222.341883][ T411] ext4_filemap_fault+0x7b/0x90 [ 1222.346702][ T411] handle_mm_fault+0x2846/0x40b0 [ 1222.351605][ T411] ? finish_fault+0x230/0x230 [ 1222.356278][ T411] ? vmacache_find+0x205/0x4b0 [ 1222.361006][ T411] do_user_addr_fault+0x48a/0x9f0 [ 1222.366008][ T411] page_fault+0x2f/0x40 [ 1222.370136][ T411] RIP: 0033:0x410362 [ 1222.374007][ T411] Code: Bad RIP value. [ 1222.378040][ T411] RSP: 002b:00007ffff9aff070 EFLAGS: 00010202 [ 1222.384074][ T411] RAX: 0000000000000000 RBX: 000000000012a397 RCX: 000000000045acf0 [ 1222.392014][ T411] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffff9aff050 [ 1222.399988][ T411] RBP: 0000000000000fef R08: 0000000000000001 R09: 0000000001a19940 [ 1222.407928][ T411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000014 [ 1222.415864][ T411] R13: 00007ffff9aff0a0 R14: 00000000001299e9 R15: 00007ffff9aff0b0 [ 1222.424698][ T411] Mem-Info: [ 1222.427898][ T411] active_anon:1442290 inactive_anon:4691 isolated_anon:0 [ 1222.427898][ T411] active_file:25 inactive_file:26 isolated_file:0 [ 1222.427898][ T411] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1222.427898][ T411] slab_reclaimable:7252 slab_unreclaimable:72942 [ 1222.427898][ T411] mapped:55220 shmem:4764 pagetables:29488 bounce:0 [ 1222.427898][ T411] free:9426 free_pcp:62 free_cma:0 [ 1222.466504][ T411] Node 0 active_anon:5769224kB inactive_anon:18764kB active_file:36kB inactive_file:72kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:220880kB dirty:0kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1222.490927][ T411] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1222.517450][ T411] lowmem_reserve[]: 0 2912 6416 6416 [ 1222.522827][ T411] DMA32 free:17556kB min:4644kB low:7624kB high:10604kB active_anon:2852588kB inactive_anon:8kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6592kB pagetables:20300kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1222.553653][ T411] lowmem_reserve[]: 0 0 3504 3504 [ 1222.558770][ T411] Normal free:3976kB min:5592kB low:9180kB high:12768kB active_anon:2916636kB inactive_anon:18756kB active_file:104kB inactive_file:88kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29376kB pagetables:97652kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1222.588827][ T411] lowmem_reserve[]: 0 0 0 0 [ 1222.596140][ T411] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1222.613923][ T411] DMA32: 27*4kB (UM) 78*8kB (UM) 46*16kB (UM) 27*32kB (UM) 27*64kB (UM) 33*128kB (UM) 18*256kB (UM) 7*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 17500kB [ 1222.629306][ T411] Normal: 109*4kB (UME) 27*8kB (ME) 35*16kB (UME) 33*32kB (UME) 16*64kB (UM) 4*128kB (M) 2*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4316kB [ 1222.646337][ T411] 4788 total pagecache pages [ 1222.650920][ T411] 0 pages in swap cache [ 1222.655063][ T411] Swap cache stats: add 0, delete 0, find 0/0 [ 1222.663502][ T411] Free swap = 0kB [ 1222.667192][ T411] Total swap = 0kB [ 1222.670895][ T411] 1965979 pages RAM [ 1222.674689][ T411] 0 pages HighMem/MovableOnly [ 1222.679333][ T411] 318832 pages reserved [ 1222.685598][ T411] 0 pages cma reserved [ 1222.689633][ T411] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=28377,uid=0 [ 1222.705753][ T411] Out of memory: Killed process 28377 (syz-executor.0) total-vm:75224kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1222.726352][ T23] oom_reaper: reaped process 28377 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:06:31 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x1) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0xe) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500)}], 0x1, 0x8) sched_setattr(0x0, &(0x7f0000000080)={0x51, 0x2, 0x1, 0x0, 0x3, 0x4000000}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='uid_map\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:31 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) socket$inet6(0xa, 0x3, 0x7) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getegid() write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r5, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r7, 0x0) write$P9_RSTATu(r3, &(0x7f0000000100)=ANY=[@ANYBLOB="570000007d020000003c0000010200000501010000000500000000000000000000200900000006000000f601000000000000030100010000000600737461636b0000000600737461636b00", @ANYRES32=r5, @ANYRES32=r2, @ANYRES32=r7], 0x57) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x2}) readv(r8, &(0x7f0000000380)=[{&(0x7f0000000280)=""/196, 0x4}], 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r9) 03:06:31 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x10001ff) 03:06:31 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x10001ff) 03:06:31 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x10001ff) 03:06:31 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:31 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:31 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x3, 0x14000) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000003c0)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002dbd7000fbdbdf25050000000800050000000000000000001400060065727370616e300000000000000000002900070073797374656d5f753a6f626a6563745f723a73656d616e6167655f657865635f743a733000"/106], 0x70}, 0x1, 0x0, 0x0, 0x260400c1}, 0x200080d0) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="e0000004", @ANYRES16=r4, @ANYBLOB="01002dbd7000fddbdf250800000014000200000000000000000000000000000000002900070073797374656d5f753a6f626a6563745f723a67657474795f7661725f72756e5f743a73300000000008000400e00000022f00070073797374656d5f753a6f626a6563745f723a726573746f7265636f6e645f7661725f72756e5f743a733000002600070073797374656d5f753a6f626a6563745f723a6b736d5f6465766963655f743a73300000002900070073797374656d5f753a6f626a6563745f723a6c64636f6e6669675f657865635f743a733000000000"], 0xe0}, 0x1, 0x0, 0x0, 0x20000004}, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r3, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x60, r4, 0x1, 0x70bd27, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast2}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'netpci0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'ipvlan1\x00'}, @NLBL_UNLABEL_A_ACPTFLG={0x5}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000000}, 0x20004000) preadv(r2, &(0x7f0000000500), 0x37d, 0x0) 03:06:31 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:31 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) r3 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_buf(r3, 0x107, 0xf, &(0x7f0000000000)="a2e6fa9a", 0x31c) bind(r3, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) sendto$inet6(r3, &(0x7f0000000180)="ce0410018b3350ec00911efc0bb35c02630dffffa328b47ca8a88a37877b0634e9ff000099dbe547f481705924fac300000000309662bd845011399e970800d82b330a7da6d0edc542cff0c2d1e327fb132880f70f9ea0eed861c0359719771aaf54cf132c4a684a669b62000000003cb4f10e6fb6e931412876551a46b4a0bd9d70738b72dbc7dbaebff1e0bbfd5fd159c549b5d3298404b06ab599d948fa871bde4138ddfc4256dfa36743b3c508632bef4531346d82a28ba3612a9e26095a149bdbc9a8136bc141ec1eb7938d6db2e81ee8d65c2ce525bdf39633faca0a5f5a1ecc6e8623014fe4c5be6bd7dcbb", 0x4e60, 0x810, 0x0, 0xfffffffffffffe5d) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000100)=0x14) r4 = syz_open_procfs(0x0, &(0x7f0000000340)='oom_adj\x00') preadv(r4, &(0x7f00000002c0), 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000003c0)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_STATICLIST(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000500)={&(0x7f0000000540)=ANY=[@ANYBLOB="7004000069918aa7241bf972e83977d88177e3a423d914050457ef20bd28ef583160030aec6300007278bb352fa504a3dc63810428f716eca89bad411124bc92bb384cc998022041423dbb6e54835cec53b4696dc070ecf562ad5e8215a01e29", @ANYRES16=r5, @ANYBLOB="01002dbd7000fbdbdf25050000000800050000000000000000001400060065727370616e300000000000000000002900070073797374656d5f753a6f626a6563745f723a73656d616e6167655f657865635f743a733000"/106], 0x70}, 0x1, 0x0, 0x0, 0x260400c1}, 0x200080d0) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000740)=ANY=[@ANYBLOB="e00000444d52588882e588fa4551b151764833c79e6d40d62c87e445aee4ecf6ebc5bc1eca702cb290d267fae122e7600f3775715fa471cd029787500225591205c9e5030232ec6be60736c2c647492285b7d1b36e6ad24195aab65948d3c749cf01ccf1", @ANYRES16=r5, @ANYBLOB="01002dbd7000fddbdf250800000014000200000000000000000000000000000000002900070073797374656d5f753a6f626a6563745f723a676574747976dee785ebab5f7661725f72756e5f743a73300000000008000400e00000022f00070073797374656d5f753a6f626a6563745f723a726573746f7265636f6e645f7661725f72756e5f743a733000002600070073797374656d5f753a6f626a6563745f723a6b736d5f6465766963655f743a73300000002900070073797374656d5f753a6f626a6563745f723a6c64636f6e6669675f657865635f743a733000000000"], 0xe0}, 0x1, 0x0, 0x0, 0x20000004}, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000900)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000125bd7000ffdbdf250300000008000400e00000ac14140008000500e00000011400020000000000000000000000000000000001140002a3095f7814360f833b5800ff020000000000008000000000000001000000000061a7b771666525c294f656caa79c8d97398941550756895c66ce8ebe083c56b04e54810b0e7d6d1b395dd5ca3f87bbf8feb1f78a33a8c729794eabcfff8ed074b70ac646bc44f610c65e70965de0351661b35274ce108ccac350cac95f17293a3baba291dbcd7b3c3199cb7c9ec42e47d2af4688903e983b010162ab8408cbf22a2f52fe8384cf1fcd2251053d5a2217f69eb58858b1a5dd89aacf6eb725b961eb"], 0x54}, 0x1, 0x0, 0x0, 0x4044}, 0x0) 03:06:31 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:31 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:31 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:32 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) ptrace$peeksig(0x4209, r0, &(0x7f0000000100)={0x81f, 0x1, 0x3}, &(0x7f0000000340)=[{}, {}, {}]) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:32 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:32 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000000)=0x7, 0x4) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:32 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, 0x0) r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:32 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, 0x0) r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:32 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, 0x0) r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:32 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0xffffffff, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:06:32 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r2}], 0x1, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8982, &(0x7f0000000000)={0x6, 'veth1_to_bond\x00', {0x400}, 0x1000}) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 03:06:32 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') gettid() tkill(0x0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, r0, 0x0, 0x10001ff) 03:06:32 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') gettid() tkill(0x0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, r0, 0x0, 0x10001ff) 03:06:32 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') gettid() tkill(0x0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, r0, 0x0, 0x10001ff) 03:06:32 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:33 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:33 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() getpgid(r0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:33 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:33 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:33 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) [ 1225.171107][ T308] syz-executor.4 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1225.198691][ T308] CPU: 1 PID: 308 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1225.208666][ T308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1225.218694][ T308] Call Trace: [ 1225.221955][ T308] dump_stack+0x14a/0x1ce [ 1225.226252][ T308] ? devkmsg_release+0x11c/0x11c [ 1225.231175][ T308] ? show_regs_print_info+0x12/0x12 [ 1225.236346][ T308] ? radix_tree_cpu_dead+0x160/0x160 [ 1225.241599][ T308] ? _raw_spin_lock+0xa1/0x170 [ 1225.246334][ T308] ? _raw_spin_trylock_bh+0x190/0x190 [ 1225.251680][ T308] dump_header+0xdb/0x700 [ 1225.255979][ T308] oom_kill_process+0xd3/0x280 [ 1225.260723][ T308] out_of_memory+0x5b6/0x890 [ 1225.265304][ T308] ? unregister_oom_notifier+0x20/0x20 [ 1225.270737][ T308] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1225.276266][ T308] ? get_page_from_freelist+0x7c0/0x7c0 [ 1225.281783][ T308] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1225.287123][ T308] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1225.292645][ T308] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 1225.298685][ T308] ? __perf_event_task_sched_in+0x4f7/0x560 [ 1225.304548][ T308] wp_page_copy+0x1cb/0x1120 [ 1225.309110][ T308] ? add_mm_rss_vec+0x270/0x270 [ 1225.313928][ T308] ? __schedule+0x920/0xef0 [ 1225.318402][ T308] ? vm_normal_page+0x1c9/0x1d0 [ 1225.323224][ T308] do_wp_page+0x4c1/0x1530 [ 1225.327614][ T308] ? _raw_spin_lock+0xa1/0x170 [ 1225.332351][ T308] ? do_swap_page+0x1560/0x1560 [ 1225.337181][ T308] handle_mm_fault+0x1363/0x40b0 [ 1225.342089][ T308] ? switch_mm_irqs_off+0x509/0xa10 [ 1225.347291][ T308] ? finish_fault+0x230/0x230 [ 1225.351941][ T308] ? vmacache_find+0x205/0x4b0 [ 1225.356783][ T308] do_user_addr_fault+0x48a/0x9f0 [ 1225.361795][ T308] page_fault+0x2f/0x40 [ 1225.365919][ T308] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 1225.372494][ T308] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 1225.392079][ T308] RSP: 0018:ffff888100d9f888 EFLAGS: 00010206 [ 1225.398217][ T308] RAX: ffffffff81f6e701 RBX: 0000000020017500 RCX: 0000000000000500 [ 1225.406155][ T308] RDX: 0000000000001000 RSI: ffff888100c4eb00 RDI: 0000000020017000 [ 1225.414104][ T308] RBP: ffff888100d9fda8 R08: dffffc0000000000 R09: ffffed1020189e00 [ 1225.422059][ T308] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 1225.430001][ T308] R13: 0000000000001000 R14: ffff888100c4e000 R15: 0000000020016500 [ 1225.437952][ T308] ? _copy_to_iter+0x1031/0x1060 [ 1225.442864][ T308] copyout+0x8e/0xb0 [ 1225.446725][ T308] copy_page_to_iter+0x393/0xbd0 [ 1225.451648][ T308] pipe_to_user+0xa3/0x130 [ 1225.456032][ T308] __splice_from_pipe+0x2d3/0x870 [ 1225.461024][ T308] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 1225.466546][ T308] do_vmsplice+0x252/0xee0 [ 1225.470937][ T308] ? futex_exit_release+0xc0/0xc0 [ 1225.475939][ T308] ? preempt_schedule_irq+0xe7/0x140 [ 1225.481189][ T308] ? preempt_schedule_notrace+0x130/0x130 [ 1225.486877][ T308] ? write_pipe_buf+0x1d0/0x1d0 [ 1225.491712][ T308] ? __rcu_read_lock+0x50/0x50 [ 1225.496463][ T308] ? retint_kernel+0x1b/0x1b [ 1225.501027][ T308] ? import_iovec+0x15c/0x380 [ 1225.505681][ T308] ? __sanitizer_cov_trace_const_cmp4+0x90/0x90 [ 1225.511890][ T308] ? import_iovec+0x1c2/0x380 [ 1225.516537][ T308] ? dup_iter+0x110/0x110 [ 1225.520833][ T308] ? perf_pmu_sched_task+0x370/0x370 [ 1225.526081][ T308] __se_sys_vmsplice+0x1fb/0x300 [ 1225.530988][ T308] ? __x64_sys_vmsplice+0xa0/0xa0 [ 1225.535981][ T308] ? put_timespec64+0x109/0x150 [ 1225.540819][ T308] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1225.546421][ T308] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 1225.552122][ T308] do_syscall_64+0xcb/0x150 [ 1225.556607][ T308] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1225.562477][ T308] RIP: 0033:0x45c849 [ 1225.566348][ T308] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1225.585922][ T308] RSP: 002b:00007faf0c2acc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 1225.594300][ T308] RAX: ffffffffffffffda RBX: 00007faf0c2ad6d4 RCX: 000000000045c849 [ 1225.602252][ T308] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 1225.610202][ T308] RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000 [ 1225.618149][ T308] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1225.626109][ T308] R13: 0000000000000c47 R14: 00000000004ce688 R15: 000000000076c04c [ 1225.700055][ T308] Mem-Info: [ 1225.713581][ T308] active_anon:1440654 inactive_anon:4691 isolated_anon:0 [ 1225.713581][ T308] active_file:195 inactive_file:161 isolated_file:56 [ 1225.713581][ T308] unevictable:0 dirty:16 writeback:0 unstable:0 [ 1225.713581][ T308] slab_reclaimable:7225 slab_unreclaimable:72608 [ 1225.713581][ T308] mapped:55563 shmem:4764 pagetables:29877 bounce:0 [ 1225.713581][ T308] free:10327 free_pcp:0 free_cma:0 [ 1225.773660][ T308] Node 0 active_anon:5762716kB inactive_anon:18764kB active_file:468kB inactive_file:1044kB unevictable:0kB isolated(anon):0kB isolated(file):212kB mapped:221852kB dirty:64kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1225.852374][ T308] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1225.880800][ T308] lowmem_reserve[]: 0 2912 6416 6416 [ 1225.886180][ T308] DMA32 free:17360kB min:4644kB low:7624kB high:10604kB active_anon:2853320kB inactive_anon:4kB active_file:124kB inactive_file:12kB unevictable:0kB writepending:28kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7072kB pagetables:20416kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 1225.914904][ T308] lowmem_reserve[]: 0 0 3504 3504 [ 1225.920113][ T308] Normal free:8136kB min:9688kB low:13276kB high:16864kB active_anon:2908800kB inactive_anon:18760kB active_file:380kB inactive_file:216kB unevictable:0kB writepending:136kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29856kB pagetables:99092kB bounce:0kB free_pcp:1360kB local_pcp:68kB free_cma:0kB [ 1225.949863][ T308] lowmem_reserve[]: 0 0 0 0 [ 1225.955432][ T308] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1225.968951][ T308] DMA32: 193*4kB (UM) 58*8kB (UM) 62*16kB (UM) 5*32kB (UM) 29*64kB (M) 38*128kB (M) 17*256kB (M) 8*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 17556kB [ 1225.983828][ T308] Normal: 506*4kB (UMEH) 161*8kB (UMEH) 58*16kB (UMEH) 17*32kB (MEH) 4*64kB (UEH) 7*128kB (UEH) 1*256kB (H) 0*512kB 1*1024kB (U) 1*2048kB (U) 0*4096kB = 9264kB [ 1226.000485][ T308] 4876 total pagecache pages [ 1226.005195][ T308] 0 pages in swap cache [ 1226.009450][ T308] Swap cache stats: add 0, delete 0, find 0/0 [ 1226.015770][ T308] Free swap = 0kB [ 1226.020237][ T308] Total swap = 0kB [ 1226.024746][ T308] 1965979 pages RAM [ 1226.029309][ T308] 0 pages HighMem/MovableOnly [ 1226.035345][ T308] 318832 pages reserved [ 1226.040246][ T308] 0 pages cma reserved [ 1226.044882][ T308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=32758,uid=0 [ 1226.059918][ T308] Out of memory: Killed process 32758 (syz-executor.0) total-vm:75356kB, anon-rss:16572kB, file-rss:34708kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1226.179743][ T204] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1226.191043][ T204] CPU: 1 PID: 204 Comm: systemd-journal Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1226.201089][ T204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1226.211117][ T204] Call Trace: [ 1226.214384][ T204] dump_stack+0x14a/0x1ce [ 1226.218689][ T204] ? devkmsg_release+0x11c/0x11c [ 1226.223608][ T204] ? show_regs_print_info+0x12/0x12 [ 1226.228774][ T204] ? radix_tree_cpu_dead+0x160/0x160 [ 1226.234026][ T204] ? _raw_spin_lock+0xa1/0x170 [ 1226.238845][ T204] ? _raw_spin_trylock_bh+0x190/0x190 [ 1226.244189][ T204] dump_header+0xdb/0x700 [ 1226.248575][ T204] oom_kill_process+0xd3/0x280 [ 1226.253416][ T204] out_of_memory+0x5b6/0x890 [ 1226.257977][ T204] ? unregister_oom_notifier+0x20/0x20 [ 1226.263404][ T204] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1226.268930][ T204] ? get_page_from_freelist+0x7c0/0x7c0 [ 1226.274450][ T204] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1226.279790][ T204] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1226.285300][ T204] pagecache_get_page+0x50f/0x880 [ 1226.290293][ T204] filemap_fault+0x1474/0x19d0 [ 1226.295024][ T204] ? generic_file_read_iter+0x20b0/0x20b0 [ 1226.300709][ T204] ? ___preempt_schedule+0x16/0x20 [ 1226.305787][ T204] ext4_filemap_fault+0x7b/0x90 [ 1226.310603][ T204] handle_mm_fault+0x2846/0x40b0 [ 1226.315519][ T204] ? finish_fault+0x230/0x230 [ 1226.320164][ T204] ? vmacache_find+0x205/0x4b0 [ 1226.324903][ T204] do_user_addr_fault+0x48a/0x9f0 [ 1226.329901][ T204] page_fault+0x2f/0x40 [ 1226.334039][ T204] RIP: 0033:0x7fd309f084b0 [ 1226.338431][ T204] Code: Bad RIP value. [ 1226.342468][ T204] RSP: 002b:00007ffd91e76f18 EFLAGS: 00010246 [ 1226.348501][ T204] RAX: 0000000000000001 RBX: 000055651cfd6200 RCX: 000000000003a397 [ 1226.356455][ T204] RDX: 000000004916ea17 RSI: 0000000000000001 RDI: 000055651cfd67a0 [ 1226.364392][ T204] RBP: 00007ffd91e77110 R08: 00007ffd91e76ee0 R09: 00007ffd91e96118 [ 1226.372335][ T204] R10: 0000000000000000 R11: 0000000000036eb2 R12: 000055651cfd67a0 [ 1226.380278][ T204] R13: 0000000000000001 R14: 00007ffd91e76f2c R15: 00007ffd91e76f20 [ 1226.402288][ T204] Mem-Info: [ 1226.405544][ T204] active_anon:1440504 inactive_anon:4691 isolated_anon:0 [ 1226.405544][ T204] active_file:279 inactive_file:245 isolated_file:0 [ 1226.405544][ T204] unevictable:0 dirty:16 writeback:0 unstable:0 [ 1226.405544][ T204] slab_reclaimable:7225 slab_unreclaimable:72592 [ 1226.405544][ T204] mapped:55763 shmem:4764 pagetables:29877 bounce:0 [ 1226.405544][ T204] free:10240 free_pcp:0 free_cma:0 [ 1226.450342][ T204] Node 0 active_anon:5762016kB inactive_anon:18764kB active_file:844kB inactive_file:836kB unevictable:0kB isolated(anon):0kB isolated(file):112kB mapped:222652kB dirty:64kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1226.474708][ T204] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1226.501041][ T204] lowmem_reserve[]: 0 2912 6416 6416 [ 1226.525074][ T204] DMA32 free:17264kB min:4644kB low:7624kB high:10604kB active_anon:2852312kB inactive_anon:4kB active_file:0kB inactive_file:392kB unevictable:0kB writepending:28kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6944kB pagetables:20416kB bounce:0kB free_pcp:824kB local_pcp:500kB free_cma:0kB [ 1226.554056][ T204] lowmem_reserve[]: 0 0 3504 3504 [ 1226.559095][ T204] Normal free:6476kB min:9688kB low:13276kB high:16864kB active_anon:2910312kB inactive_anon:18760kB active_file:804kB inactive_file:0kB unevictable:0kB writepending:136kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29728kB pagetables:99092kB bounce:0kB free_pcp:2600kB local_pcp:1116kB free_cma:0kB [ 1226.588948][ T204] lowmem_reserve[]: 0 0 0 0 [ 1226.593481][ T204] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1226.606972][ T204] DMA32: 13*4kB (UM) 28*8kB (UM) 71*16kB (UM) 15*32kB (UM) 30*64kB (M) 38*128kB (M) 17*256kB (M) 8*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 17124kB [ 1226.621867][ T204] Normal: 183*4kB (UMEH) 33*8kB (EH) 38*16kB (UMEH) 9*32kB (UME) 6*64kB (UEH) 9*128kB (UMEH) 2*256kB (UH) 0*512kB 1*1024kB (U) 1*2048kB (U) 0*4096kB = 7012kB [ 1226.640951][ T204] 4885 total pagecache pages [ 1226.645613][ T204] 0 pages in swap cache [ 1226.649835][ T204] Swap cache stats: add 0, delete 0, find 0/0 [ 1226.655981][ T204] Free swap = 0kB [ 1226.659870][ T204] Total swap = 0kB [ 1226.663688][ T204] 1965979 pages RAM [ 1226.667805][ T204] 0 pages HighMem/MovableOnly [ 1226.672711][ T204] 318832 pages reserved [ 1226.677124][ T204] 0 pages cma reserved [ 1226.681505][ T204] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=28354,uid=0 [ 1226.695799][ T204] Out of memory: Killed process 28354 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1226.713322][ T23] oom_reaper: reaped process 28354 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:06:34 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x5, 0x0, 0x100000000}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:06:35 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:35 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:35 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:35 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, 0x0) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x10001ff) 03:06:35 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) lsetxattr$trusted_overlay_upper(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='trusted.overlay.upper\x00', &(0x7f0000000340)=ANY=[@ANYBLOB="00fb37010845fb809ef5fab83d9e789ea5beca75dc888284faa7a85f47f06d8a4cb5b7b2fd183f52dd8ac01d4ee81e5b3445f23c29"], 0x37, 0x3) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r4 = accept(r2, &(0x7f0000000100)=@in={0x2, 0x0, @local}, &(0x7f0000000180)=0x80) getsockopt$inet6_mtu(r4, 0x29, 0x17, 0xfffffffffffffffe, &(0x7f0000000200)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:35 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0), 0x0, 0x1) close(r3) splice(r2, 0x0, r3, 0x0, 0x0, 0x0) read$char_usb(r2, &(0x7f0000000900)=""/4096, 0x1000) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r4, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000100)={0x7, 0x79, 0x1}, 0x7) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') set_thread_area(&(0x7f0000000000)={0x7, 0x473e766ae31cbf57, 0x400, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1}) preadv(r5, &(0x7f0000000500), 0x37d, 0x0) ioctl$FS_IOC_GETFSMAP(r1, 0xc0c0583b, &(0x7f0000000580)=ANY=[@ANYBLOB="0000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000030000000900000000000000040000000000000000000000000000000500000000000000000000000000000000000000000000000000000000000000070000000900000000020000000000000100000000000000050000000000000032080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000071319199846254800"/520]) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:35 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000000)=0xfff, 0x4) getpid() r1 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write$UHID_INPUT2(r2, &(0x7f0000000200)=ANY=[@ANYBLOB="0c0000009d00da983e4ce6cf40ee42fc0b3c3703ba22a7775b1595a90750f45939cb770a31f9ec7a744385afd589f118dc7142a62fa5f06acca228423e7b3b86e468e9d2124e7974686053b31cf9e1a776c2aafa567f981a83774954672de1c877f4d5d0a98da82e351887484968f05c11a07af2aab88e1528fd05e9ae8ff5d351e1063dc5bc9a2067da57f9e90de8477372791732bb25ab9c097036dd241e03d3c700"], 0xa3) write(r3, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000140)=[{&(0x7f0000000080)=""/158}], 0x100000cc, 0x6) 03:06:35 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, 0x0) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x10001ff) 03:06:35 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, 0x0) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x10001ff) 03:06:35 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:35 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:39 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:06:39 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x38, &(0x7f00000008c0)=[{0x0, 0x18}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x41, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:40 executing program 0: prlimit64(0x0, 0x5, &(0x7f00000001c0)={0x8000000000000, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1235.170579][ T394] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1235.182934][ T394] CPU: 1 PID: 394 Comm: syz-executor.5 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1235.192885][ T394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1235.202908][ T394] Call Trace: [ 1235.206173][ T394] dump_stack+0x14a/0x1ce [ 1235.210471][ T394] ? devkmsg_release+0x11c/0x11c [ 1235.215386][ T394] ? show_regs_print_info+0x12/0x12 [ 1235.220592][ T394] ? radix_tree_cpu_dead+0x160/0x160 [ 1235.225845][ T394] ? _raw_spin_lock+0xa1/0x170 [ 1235.230586][ T394] ? _raw_spin_trylock_bh+0x190/0x190 [ 1235.235926][ T394] dump_header+0xdb/0x700 [ 1235.240223][ T394] oom_kill_process+0xd3/0x280 [ 1235.244950][ T394] out_of_memory+0x5b6/0x890 [ 1235.249509][ T394] ? unregister_oom_notifier+0x20/0x20 [ 1235.254937][ T394] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1235.260448][ T394] ? unwind_get_return_address+0x48/0x90 [ 1235.266168][ T394] ? get_page_from_freelist+0x7c0/0x7c0 [ 1235.271684][ T394] ? __zone_watermark_ok+0x96/0x260 [ 1235.276851][ T394] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1235.282190][ T394] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1235.287701][ T394] ? copy_process+0x5a4/0x5150 [ 1235.292425][ T394] ? copy_process+0x5a4/0x5150 [ 1235.297153][ T394] ? kmem_cache_alloc+0x1d2/0x260 [ 1235.302143][ T394] copy_process+0x5f3/0x5150 [ 1235.306701][ T394] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 1235.312215][ T394] ? _raw_spin_lock+0xa1/0x170 [ 1235.316971][ T394] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 1235.322762][ T394] ? fork_idle+0x290/0x290 [ 1235.327153][ T394] ? _raw_spin_unlock+0x5/0x20 [ 1235.331884][ T394] ? handle_mm_fault+0xb1e/0x40b0 [ 1235.336876][ T394] _do_fork+0x196/0x920 [ 1235.341001][ T394] ? dup_mm+0x300/0x300 [ 1235.345128][ T394] __x64_sys_clone+0x25f/0x2c0 [ 1235.349860][ T394] ? __ia32_sys_vfork+0x110/0x110 [ 1235.354852][ T394] ? do_user_addr_fault+0x55c/0x9f0 [ 1235.360150][ T394] do_syscall_64+0xcb/0x150 [ 1235.364624][ T394] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1235.370487][ T394] RIP: 0033:0x45f219 [ 1235.374350][ T394] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1235.393921][ T394] RSP: 002b:00007fff865c0e28 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1235.402300][ T394] RAX: ffffffffffffffda RBX: 00007f367402a700 RCX: 000000000045f219 [ 1235.410241][ T394] RDX: 00007f367402a9d0 RSI: 00007f3674029db0 RDI: 00000000003d0f00 [ 1235.418202][ T394] RBP: 00007fff865c1040 R08: 00007f367402a700 R09: 00007f367402a700 [ 1235.426144][ T394] R10: 00007f367402a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1235.434086][ T394] R13: 00007fff865c0edf R14: 00007f367402a9c0 R15: 000000000076bfac [ 1235.442872][ T394] Mem-Info: [ 1235.446178][ T394] active_anon:1440026 inactive_anon:4691 isolated_anon:0 [ 1235.446178][ T394] active_file:109 inactive_file:81 isolated_file:31 [ 1235.446178][ T394] unevictable:0 dirty:2 writeback:0 unstable:0 [ 1235.446178][ T394] slab_reclaimable:7217 slab_unreclaimable:72590 [ 1235.446178][ T394] mapped:55368 shmem:4764 pagetables:29811 bounce:0 [ 1235.446178][ T394] free:10970 free_pcp:489 free_cma:0 [ 1235.484340][ T394] Node 0 active_anon:5760104kB inactive_anon:18764kB active_file:104kB inactive_file:520kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221040kB dirty:8kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1235.508468][ T394] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1235.534422][ T394] lowmem_reserve[]: 0 2912 6416 6416 [ 1235.539749][ T394] DMA32 free:18392kB min:4644kB low:7624kB high:10604kB active_anon:2854656kB inactive_anon:4kB active_file:8kB inactive_file:1108kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6752kB pagetables:20400kB bounce:0kB free_pcp:640kB local_pcp:0kB free_cma:0kB [ 1235.568858][ T394] lowmem_reserve[]: 0 0 3504 3504 [ 1235.573919][ T394] Normal free:6116kB min:5592kB low:9180kB high:12768kB active_anon:2905448kB inactive_anon:18760kB active_file:1876kB inactive_file:2256kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29536kB pagetables:98844kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1235.603098][ T394] lowmem_reserve[]: 0 0 0 0 [ 1235.607592][ T394] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1235.620954][ T394] DMA32: 310*4kB (UMH) 82*8kB (UMH) 73*16kB (UM) 82*32kB (UMH) 14*64kB (UMH) 33*128kB (UM) 17*256kB (M) 8*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 19256kB [ 1235.636366][ T394] Normal: 318*4kB (UMEH) 183*8kB (UMEH) 106*16kB (UMEH) 30*32kB (UMEH) 5*64kB (UMH) 6*128kB (UMH) 1*256kB (H) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6736kB [ 1235.651836][ T394] 5155 total pagecache pages [ 1235.656404][ T394] 0 pages in swap cache [ 1235.660563][ T394] Swap cache stats: add 0, delete 0, find 0/0 [ 1235.666615][ T394] Free swap = 0kB [ 1235.670329][ T394] Total swap = 0kB [ 1235.674027][ T394] 1965979 pages RAM [ 1235.677797][ T394] 0 pages HighMem/MovableOnly [ 1235.682455][ T394] 318832 pages reserved [ 1235.686585][ T394] 0 pages cma reserved [ 1235.690651][ T394] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=374,uid=0 [ 1235.704710][ T394] Out of memory: Killed process 374 (syz-executor.0) total-vm:75356kB, anon-rss:16572kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1235.724114][ T23] oom_reaper: reaped process 374 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1238.334823][ T400] syz-executor.4 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1238.347187][ T400] CPU: 1 PID: 400 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1238.357143][ T400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1238.367175][ T400] Call Trace: [ 1238.370444][ T400] dump_stack+0x14a/0x1ce [ 1238.374742][ T400] ? devkmsg_release+0x11c/0x11c [ 1238.379656][ T400] ? show_regs_print_info+0x12/0x12 [ 1238.384837][ T400] ? radix_tree_cpu_dead+0x160/0x160 [ 1238.390098][ T400] ? _raw_spin_lock+0xa1/0x170 [ 1238.394834][ T400] ? _raw_spin_trylock_bh+0x190/0x190 [ 1238.400193][ T400] dump_header+0xdb/0x700 [ 1238.404501][ T400] oom_kill_process+0xd3/0x280 [ 1238.409248][ T400] out_of_memory+0x5b6/0x890 [ 1238.413808][ T400] ? unregister_oom_notifier+0x20/0x20 [ 1238.419241][ T400] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1238.424761][ T400] ? get_page_from_freelist+0x7c0/0x7c0 [ 1238.430274][ T400] ? flush_tlb_func_common+0x45/0x570 [ 1238.435615][ T400] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1238.440959][ T400] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1238.446477][ T400] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 1238.452164][ T400] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 1238.457936][ T400] ? __lru_cache_add+0x1a1/0x1f0 [ 1238.462842][ T400] wp_page_copy+0x1cb/0x1120 [ 1238.467405][ T400] ? add_mm_rss_vec+0x270/0x270 [ 1238.472225][ T400] ? vm_normal_page+0x1c9/0x1d0 [ 1238.477074][ T400] do_wp_page+0x4c1/0x1530 [ 1238.481462][ T400] ? _raw_spin_lock+0xa1/0x170 [ 1238.486195][ T400] ? do_swap_page+0x1560/0x1560 [ 1238.491021][ T400] handle_mm_fault+0x1363/0x40b0 [ 1238.495927][ T400] ? finish_fault+0x230/0x230 [ 1238.500575][ T400] ? find_next_bit+0xf7/0x120 [ 1238.505224][ T400] ? vmacache_find+0x2d2/0x4b0 [ 1238.509961][ T400] do_user_addr_fault+0x48a/0x9f0 [ 1238.514960][ T400] page_fault+0x2f/0x40 [ 1238.519092][ T400] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 1238.525649][ T400] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 1238.545222][ T400] RSP: 0000:ffff888190137888 EFLAGS: 00010206 [ 1238.551255][ T400] RAX: ffffffff81f6e701 RBX: 0000000020f33500 RCX: 0000000000000500 [ 1238.559198][ T400] RDX: 0000000000001000 RSI: ffff8881924d7b00 RDI: 0000000020f33000 [ 1238.567140][ T400] RBP: ffff888190137da8 R08: dffffc0000000000 R09: ffffed103249b000 [ 1238.575082][ T400] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 1238.583032][ T400] R13: 0000000000001000 R14: ffff8881924d7000 R15: 0000000020f32500 [ 1238.591063][ T400] ? _copy_to_iter+0x1031/0x1060 [ 1238.595988][ T400] copyout+0x8e/0xb0 [ 1238.599854][ T400] copy_page_to_iter+0x393/0xbd0 [ 1238.604759][ T400] pipe_to_user+0xa3/0x130 [ 1238.609145][ T400] __splice_from_pipe+0x2d3/0x870 [ 1238.614138][ T400] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 1238.619649][ T400] do_vmsplice+0x252/0xee0 [ 1238.624033][ T400] ? avc_ss_reset+0x3a0/0x3a0 [ 1238.628675][ T400] ? write_pipe_buf+0x1d0/0x1d0 [ 1238.633496][ T400] ? __rcu_read_lock+0x50/0x50 [ 1238.638244][ T400] ? check_stack_object+0x5a/0x90 [ 1238.643235][ T400] ? _copy_from_user+0xa4/0xe0 [ 1238.647963][ T400] ? rw_copy_check_uvector+0x2b3/0x310 [ 1238.653393][ T400] ? import_iovec+0x1c2/0x380 [ 1238.658032][ T400] ? dup_iter+0x110/0x110 [ 1238.662329][ T400] ? do_vfs_ioctl+0x780/0x1750 [ 1238.667060][ T400] __se_sys_vmsplice+0x1fb/0x300 [ 1238.671981][ T400] ? __x64_sys_vmsplice+0xa0/0xa0 [ 1238.676970][ T400] ? put_timespec64+0x109/0x150 [ 1238.681789][ T400] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1238.687391][ T400] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 1238.693092][ T400] do_syscall_64+0xcb/0x150 [ 1238.697578][ T400] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1238.703461][ T400] RIP: 0033:0x45c849 [ 1238.707334][ T400] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1238.726910][ T400] RSP: 002b:00007faf0c2acc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 1238.735288][ T400] RAX: ffffffffffffffda RBX: 00007faf0c2ad6d4 RCX: 000000000045c849 [ 1238.743226][ T400] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 1238.751165][ T400] RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000 [ 1238.759110][ T400] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1238.767057][ T400] R13: 0000000000000c47 R14: 00000000004ce688 R15: 000000000076c04c [ 1238.775771][ T400] Mem-Info: [ 1238.778906][ T400] active_anon:1441116 inactive_anon:4691 isolated_anon:0 [ 1238.778906][ T400] active_file:27 inactive_file:67 isolated_file:27 [ 1238.778906][ T400] unevictable:0 dirty:1 writeback:0 unstable:0 [ 1238.778906][ T400] slab_reclaimable:7207 slab_unreclaimable:72474 [ 1238.778906][ T400] mapped:55294 shmem:4764 pagetables:29789 bounce:0 [ 1238.778906][ T400] free:10291 free_pcp:403 free_cma:0 [ 1238.817101][ T400] Node 0 active_anon:5764464kB inactive_anon:18764kB active_file:408kB inactive_file:472kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221576kB dirty:4kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1238.841549][ T400] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1238.867523][ T400] lowmem_reserve[]: 0 2912 6416 6416 [ 1238.872949][ T400] DMA32 free:19124kB min:4644kB low:7624kB high:10604kB active_anon:2856084kB inactive_anon:4kB active_file:48kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6784kB pagetables:20420kB bounce:0kB free_pcp:608kB local_pcp:0kB free_cma:0kB [ 1238.901427][ T400] lowmem_reserve[]: 0 0 3504 3504 [ 1238.906469][ T400] Normal free:6076kB min:5592kB low:9180kB high:12768kB active_anon:2908380kB inactive_anon:18760kB active_file:24kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29504kB pagetables:98736kB bounce:0kB free_pcp:908kB local_pcp:0kB free_cma:0kB [ 1238.935476][ T400] lowmem_reserve[]: 0 0 0 0 [ 1238.939979][ T400] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1238.953271][ T400] DMA32: 240*4kB (UH) 94*8kB (UH) 94*16kB (UH) 66*32kB (UMH) 19*64kB (UMH) 29*128kB (UM) 17*256kB (M) 8*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 18704kB [ 1238.968478][ T400] Normal: 89*4kB (UEH) 33*8kB (MEH) 13*16kB (UEH) 27*32kB (UMEH) 38*64kB (UMH) 9*128kB (UMH) 1*256kB (H) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5532kB [ 1238.983600][ T400] 4801 total pagecache pages [ 1238.988170][ T400] 0 pages in swap cache [ 1238.992338][ T400] Swap cache stats: add 0, delete 0, find 0/0 [ 1238.998382][ T400] Free swap = 0kB [ 1239.002119][ T400] Total swap = 0kB [ 1239.005824][ T400] 1965979 pages RAM [ 1239.009624][ T400] 0 pages HighMem/MovableOnly [ 1239.014265][ T400] 318832 pages reserved [ 1239.018384][ T400] 0 pages cma reserved [ 1239.022436][ T400] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=28303,uid=0 [ 1239.036576][ T400] Out of memory: Killed process 28303 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:06:47 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x10001ff) 03:06:48 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0), 0x0, 0x1) close(r1) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$IP_VS_SO_SET_FLUSH(r2, 0x0, 0x485, 0x0, 0x0) splice(r0, 0x0, r1, 0x0, 0x0, 0x0) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x173e) r3 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) 03:06:48 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f00000000c0), 0x0, 0x1) close(r5) splice(r4, 0x0, r5, 0x0, 0x0, 0x0) write$P9_RLOCK(r5, &(0x7f0000000000)={0x8, 0x35, 0x1, 0x2}, 0x8) 03:06:48 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x10001ff) 03:06:51 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:06:51 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x10001ff) 03:06:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1250.559478][ T451] syz-executor.4 invoked oom-killer: gfp_mask=0x500cc2(GFP_HIGHUSER|__GFP_ACCOUNT), order=0, oom_score_adj=1000 [ 1250.571381][ T451] CPU: 1 PID: 451 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1250.581335][ T451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1250.591413][ T451] Call Trace: [ 1250.594677][ T451] dump_stack+0x14a/0x1ce [ 1250.598979][ T451] ? devkmsg_release+0x11c/0x11c [ 1250.603887][ T451] ? show_regs_print_info+0x12/0x12 [ 1250.609052][ T451] ? radix_tree_cpu_dead+0x160/0x160 [ 1250.614305][ T451] ? _raw_spin_lock+0xa1/0x170 [ 1250.619037][ T451] ? _raw_spin_trylock_bh+0x190/0x190 [ 1250.624380][ T451] dump_header+0xdb/0x700 [ 1250.628681][ T451] oom_kill_process+0xd3/0x280 [ 1250.633422][ T451] out_of_memory+0x5b6/0x890 [ 1250.637977][ T451] ? unregister_oom_notifier+0x20/0x20 [ 1250.643403][ T451] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1250.648920][ T451] ? get_page_from_freelist+0x7c0/0x7c0 [ 1250.654432][ T451] ? __zone_watermark_ok+0x96/0x260 [ 1250.659597][ T451] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1250.664941][ T451] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1250.670458][ T451] ? copy_page_from_iter+0x3f3/0x660 [ 1250.675712][ T451] pipe_write+0x4da/0xe40 [ 1250.680017][ T451] __vfs_write+0x59d/0x720 [ 1250.684411][ T451] ? __kernel_write+0x340/0x340 [ 1250.689229][ T451] ? security_file_permission+0x128/0x300 [ 1250.694947][ T451] vfs_write+0x217/0x4f0 [ 1250.699160][ T451] ksys_write+0x18c/0x2c0 [ 1250.703461][ T451] ? __ia32_sys_read+0x80/0x80 [ 1250.708214][ T451] do_syscall_64+0xcb/0x150 [ 1250.712698][ T451] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1250.718556][ T451] RIP: 0033:0x45c849 [ 1250.722430][ T451] Code: Bad RIP value. [ 1250.726465][ T451] RSP: 002b:00007faf0c2cdc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1250.734852][ T451] RAX: ffffffffffffffda RBX: 00007faf0c2ce6d4 RCX: 000000000045c849 [ 1250.742794][ T451] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000005 [ 1250.750734][ T451] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1250.758678][ T451] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1250.766621][ T451] R13: 0000000000000c4c R14: 00000000004ca06d R15: 000000000076bfac [ 1250.777380][ T451] Mem-Info: [ 1250.781492][ T451] active_anon:1440845 inactive_anon:4691 isolated_anon:0 [ 1250.781492][ T451] active_file:260 inactive_file:376 isolated_file:0 [ 1250.781492][ T451] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1250.781492][ T451] slab_reclaimable:7204 slab_unreclaimable:72506 [ 1250.781492][ T451] mapped:55710 shmem:4764 pagetables:29838 bounce:0 [ 1250.781492][ T451] free:10140 free_pcp:130 free_cma:0 [ 1250.828093][ T451] Node 0 active_anon:5763380kB inactive_anon:18764kB active_file:360kB inactive_file:408kB unevictable:0kB isolated(anon):0kB isolated(file):124kB mapped:221740kB dirty:0kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1250.852239][ T451] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1250.878310][ T451] lowmem_reserve[]: 0 2912 6416 6416 [ 1250.883601][ T451] DMA32 free:19028kB min:4644kB low:7624kB high:10604kB active_anon:2857132kB inactive_anon:4kB active_file:108kB inactive_file:848kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6848kB pagetables:20512kB bounce:0kB free_pcp:1376kB local_pcp:0kB free_cma:0kB [ 1250.912465][ T451] lowmem_reserve[]: 0 0 3504 3504 [ 1250.917591][ T451] Normal free:5504kB min:5592kB low:9180kB high:12768kB active_anon:2906252kB inactive_anon:18760kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29504kB pagetables:98840kB bounce:0kB free_pcp:1088kB local_pcp:0kB free_cma:0kB [ 1250.947124][ T451] lowmem_reserve[]: 0 0 0 0 [ 1250.951649][ T451] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1250.964962][ T451] DMA32: 70*4kB (MH) 60*8kB (UMH) 52*16kB (UMH) 73*32kB (UMH) 32*64kB (UMH) 27*128kB (UMH) 21*256kB (UMH) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 19416kB [ 1250.980616][ T451] Normal: 258*4kB (UMEH) 61*8kB (MEH) 24*16kB (MEH) 15*32kB (UMEH) 9*64kB (UMH) 3*128kB (MH) 3*256kB (UMH) 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 6160kB [ 1250.996186][ T451] 5238 total pagecache pages [ 1251.000773][ T451] 0 pages in swap cache [ 1251.004912][ T451] Swap cache stats: add 0, delete 0, find 0/0 [ 1251.010990][ T451] Free swap = 0kB [ 1251.014697][ T451] Total swap = 0kB [ 1251.018430][ T451] 1965979 pages RAM [ 1251.022226][ T451] 0 pages HighMem/MovableOnly [ 1251.026894][ T451] 318832 pages reserved [ 1251.031058][ T451] 0 pages cma reserved [ 1251.035111][ T451] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=428,uid=0 [ 1251.049089][ T451] Out of memory: Killed process 428 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:34740kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1251.077281][ T23] oom_reaper: reaped process 428 (syz-executor.0), now anon-rss:0kB, file-rss:34740kB, shmem-rss:0kB [ 1251.869668][ T454] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1251.882345][ T454] CPU: 1 PID: 454 Comm: syz-executor.0 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1251.892312][ T454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1251.902346][ T454] Call Trace: [ 1251.905627][ T454] dump_stack+0x14a/0x1ce [ 1251.909939][ T454] ? devkmsg_release+0x11c/0x11c [ 1251.914843][ T454] ? show_regs_print_info+0x12/0x12 [ 1251.920008][ T454] ? radix_tree_cpu_dead+0x160/0x160 [ 1251.925261][ T454] ? _raw_spin_lock+0xa1/0x170 [ 1251.929988][ T454] ? _raw_spin_trylock_bh+0x190/0x190 [ 1251.935324][ T454] dump_header+0xdb/0x700 [ 1251.939623][ T454] oom_kill_process+0xd3/0x280 [ 1251.944376][ T454] out_of_memory+0x5b6/0x890 [ 1251.948936][ T454] ? unregister_oom_notifier+0x20/0x20 [ 1251.954379][ T454] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1251.959893][ T454] ? get_page_from_freelist+0x7c0/0x7c0 [ 1251.965407][ T454] ? __zone_watermark_ok+0x96/0x260 [ 1251.970574][ T454] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1251.975910][ T454] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1251.981489][ T454] pte_alloc_one+0x1b/0xb0 [ 1251.985875][ T454] __pte_alloc+0x1d/0x1d0 [ 1251.990186][ T454] handle_mm_fault+0x370b/0x40b0 [ 1251.995091][ T454] ? rcu_note_context_switch+0x1076/0x11a0 [ 1252.000865][ T454] ? finish_fault+0x230/0x230 [ 1252.005509][ T454] do_user_addr_fault+0x48a/0x9f0 [ 1252.010499][ T454] page_fault+0x2f/0x40 [ 1252.014623][ T454] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 1252.021176][ T454] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 1252.040755][ T454] RSP: 0000:ffff88802fb47ab0 EFLAGS: 00010206 [ 1252.046795][ T454] RAX: ffffffff81f70501 RBX: 0000000020c00340 RCX: 0000000000000340 [ 1252.054824][ T454] RDX: 0000000000001000 RSI: 0000000020c00000 RDI: ffff888179cc5cc0 [ 1252.062765][ T454] RBP: ffff88802fb47cc8 R08: dffffc0000000000 R09: ffffed102f398c00 [ 1252.070754][ T454] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 1252.078714][ T454] R13: 0000000000001000 R14: 0000000020bff340 R15: ffff888179cc5000 [ 1252.086667][ T454] ? _copy_from_iter+0xa21/0xa60 [ 1252.091585][ T454] copyin+0x8e/0xb0 [ 1252.095362][ T454] copy_page_from_iter+0x37f/0x660 [ 1252.100449][ T454] pipe_write+0x525/0xe40 [ 1252.104762][ T454] __vfs_write+0x59d/0x720 [ 1252.109145][ T454] ? __kernel_write+0x340/0x340 [ 1252.113968][ T454] ? security_file_permission+0x128/0x300 [ 1252.119650][ T454] vfs_write+0x217/0x4f0 [ 1252.123855][ T454] ksys_write+0x18c/0x2c0 [ 1252.128157][ T454] ? __ia32_sys_read+0x80/0x80 [ 1252.132888][ T454] ? fput_many+0x42/0x1a0 [ 1252.137347][ T454] do_syscall_64+0xcb/0x150 [ 1252.141820][ T454] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1252.147677][ T454] RIP: 0033:0x45c849 [ 1252.151543][ T454] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1252.171111][ T454] RSP: 002b:00007f1b25738c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1252.179520][ T454] RAX: ffffffffffffffda RBX: 00007f1b257396d4 RCX: 000000000045c849 [ 1252.187466][ T454] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000004 [ 1252.195405][ T454] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1252.203346][ T454] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1252.211284][ T454] R13: 0000000000000c4c R14: 00000000004ca06d R15: 000000000076bf0c [ 1252.228329][ T454] Mem-Info: [ 1252.231722][ T454] active_anon:1441812 inactive_anon:4691 isolated_anon:0 [ 1252.231722][ T454] active_file:55 inactive_file:59 isolated_file:0 [ 1252.231722][ T454] unevictable:0 dirty:1 writeback:0 unstable:0 [ 1252.231722][ T454] slab_reclaimable:7204 slab_unreclaimable:72389 [ 1252.231722][ T454] mapped:55300 shmem:4764 pagetables:29867 bounce:0 [ 1252.231722][ T454] free:9517 free_pcp:255 free_cma:0 [ 1252.269501][ T454] Node 0 active_anon:5767248kB inactive_anon:18764kB active_file:220kB inactive_file:168kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221200kB dirty:4kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1252.293775][ T454] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1252.320230][ T454] lowmem_reserve[]: 0 2912 6416 6416 [ 1252.325746][ T454] DMA32 free:17840kB min:4644kB low:7624kB high:10604kB active_anon:2859616kB inactive_anon:4kB active_file:388kB inactive_file:184kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6848kB pagetables:20532kB bounce:0kB free_pcp:260kB local_pcp:104kB free_cma:0kB [ 1252.355346][ T454] lowmem_reserve[]: 0 0 3504 3504 [ 1252.360476][ T454] Normal free:3908kB min:5592kB low:9180kB high:12768kB active_anon:2907616kB inactive_anon:18760kB active_file:164kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29536kB pagetables:98936kB bounce:0kB free_pcp:1420kB local_pcp:876kB free_cma:0kB [ 1252.389797][ T454] lowmem_reserve[]: 0 0 0 0 [ 1252.394445][ T454] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1252.407972][ T454] DMA32: 68*4kB (UMH) 32*8kB (UH) 36*16kB (UMH) 76*32kB (UMH) 32*64kB (UMH) 20*128kB (UMH) 21*256kB (UMH) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 18128kB [ 1252.423669][ T454] Normal: 155*4kB (MEH) 84*8kB (UMEH) 26*16kB (UMEH) 11*32kB (UME) 7*64kB (UMH) 3*128kB (UMH) 3*256kB (UM) 1*512kB (U) 1*1024kB (M) 0*2048kB 0*4096kB = 5196kB [ 1252.439827][ T454] 4962 total pagecache pages [ 1252.444627][ T454] 0 pages in swap cache [ 1252.449040][ T454] Swap cache stats: add 0, delete 0, find 0/0 [ 1252.455542][ T454] Free swap = 0kB [ 1252.459615][ T454] Total swap = 0kB [ 1252.463362][ T454] 1965979 pages RAM [ 1252.467148][ T454] 0 pages HighMem/MovableOnly [ 1252.472049][ T454] 318832 pages reserved [ 1252.476189][ T454] 0 pages cma reserved [ 1252.480242][ T454] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=455,uid=0 [ 1252.494142][ T454] Out of memory: Killed process 455 (syz-executor.4) total-vm:74960kB, anon-rss:16548kB, file-rss:34764kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 03:06:59 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 03:07:00 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r0 = gettid() tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x10001ff) 03:07:02 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1255.259162][ T471] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1255.271416][ T471] CPU: 0 PID: 471 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1255.281375][ T471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1255.291421][ T471] Call Trace: [ 1255.294693][ T471] dump_stack+0x14a/0x1ce [ 1255.298995][ T471] ? devkmsg_release+0x11c/0x11c [ 1255.303913][ T471] ? show_regs_print_info+0x12/0x12 [ 1255.309092][ T471] ? radix_tree_cpu_dead+0x160/0x160 [ 1255.314349][ T471] ? _raw_spin_lock+0xa1/0x170 [ 1255.319086][ T471] ? _raw_spin_trylock_bh+0x190/0x190 [ 1255.324431][ T471] dump_header+0xdb/0x700 [ 1255.328739][ T471] oom_kill_process+0xd3/0x280 [ 1255.333484][ T471] out_of_memory+0x5b6/0x890 [ 1255.338062][ T471] ? unregister_oom_notifier+0x20/0x20 [ 1255.343497][ T471] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1255.349012][ T471] ? unwind_get_return_address+0x48/0x90 [ 1255.354616][ T471] ? get_page_from_freelist+0x7c0/0x7c0 [ 1255.360147][ T471] ? __zone_watermark_ok+0x96/0x260 [ 1255.365317][ T471] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1255.370661][ T471] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1255.376186][ T471] ? copy_process+0x5a4/0x5150 [ 1255.380916][ T471] ? kmem_cache_alloc+0x1d2/0x260 [ 1255.385925][ T471] copy_process+0x5f3/0x5150 [ 1255.390490][ T471] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 1255.396004][ T471] ? _raw_spin_lock+0xa1/0x170 [ 1255.400735][ T471] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 1255.406512][ T471] ? fork_idle+0x290/0x290 [ 1255.410895][ T471] ? _raw_spin_unlock+0x5/0x20 [ 1255.415630][ T471] ? handle_mm_fault+0xb1e/0x40b0 [ 1255.420621][ T471] _do_fork+0x196/0x920 [ 1255.424754][ T471] ? dup_mm+0x300/0x300 [ 1255.428875][ T471] ? do_mmap+0x9ad/0x1060 [ 1255.433171][ T471] __x64_sys_clone+0x25f/0x2c0 [ 1255.437902][ T471] ? __ia32_sys_vfork+0x110/0x110 [ 1255.442893][ T471] ? do_user_addr_fault+0x55c/0x9f0 [ 1255.448056][ T471] do_syscall_64+0xcb/0x150 [ 1255.452527][ T471] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1255.458388][ T471] RIP: 0033:0x45f219 [ 1255.462261][ T471] Code: Bad RIP value. [ 1255.466292][ T471] RSP: 002b:00007ffc8fd1c688 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1255.474666][ T471] RAX: ffffffffffffffda RBX: 00007faf0c28c700 RCX: 000000000045f219 [ 1255.482607][ T471] RDX: 00007faf0c28c9d0 RSI: 00007faf0c28bdb0 RDI: 00000000003d0f00 [ 1255.490558][ T471] RBP: 00007ffc8fd1c8a0 R08: 00007faf0c28c700 R09: 00007faf0c28c700 [ 1255.498497][ T471] R10: 00007faf0c28c9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1255.506438][ T471] R13: 00007ffc8fd1c73f R14: 00007faf0c28c9c0 R15: 000000000076c0ec [ 1255.527171][ T471] Mem-Info: [ 1255.530447][ T471] active_anon:1440974 inactive_anon:4691 isolated_anon:0 [ 1255.530447][ T471] active_file:76 inactive_file:65 isolated_file:20 [ 1255.530447][ T471] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1255.530447][ T471] slab_reclaimable:7202 slab_unreclaimable:72453 [ 1255.530447][ T471] mapped:55414 shmem:4764 pagetables:29893 bounce:0 [ 1255.530447][ T471] free:9931 free_pcp:666 free_cma:0 [ 1255.568075][ T471] Node 0 active_anon:5763896kB inactive_anon:18764kB active_file:16kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):36kB mapped:221056kB dirty:0kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1255.592063][ T471] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1255.618098][ T471] lowmem_reserve[]: 0 2912 6416 6416 [ 1255.623363][ T471] DMA32 free:18604kB min:4644kB low:7624kB high:10604kB active_anon:2858992kB inactive_anon:8kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6784kB pagetables:20512kB bounce:0kB free_pcp:884kB local_pcp:488kB free_cma:0kB [ 1255.652142][ T471] lowmem_reserve[]: 0 0 3504 3504 [ 1255.657154][ T471] Normal free:5720kB min:5592kB low:9180kB high:12768kB active_anon:2904904kB inactive_anon:18756kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29632kB pagetables:99060kB bounce:0kB free_pcp:1864kB local_pcp:588kB free_cma:0kB [ 1255.686195][ T471] lowmem_reserve[]: 0 0 0 0 [ 1255.690727][ T471] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1255.704038][ T471] DMA32: 27*4kB (UMH) 10*8kB (UH) 15*16kB (UMH) 72*32kB (UH) 46*64kB (UMH) 23*128kB (UMH) 21*256kB (UMH) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 18604kB [ 1255.719589][ T471] Normal: 218*4kB (MEH) 34*8kB (UMEH) 78*16kB (ME) 54*32kB (MEH) 5*64kB (MH) 2*128kB (UH) 2*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 5720kB [ 1255.734794][ T471] 4796 total pagecache pages [ 1255.739371][ T471] 0 pages in swap cache [ 1255.743505][ T471] Swap cache stats: add 0, delete 0, find 0/0 [ 1255.749546][ T471] Free swap = 0kB [ 1255.753230][ T471] Total swap = 0kB [ 1255.756914][ T471] 1965979 pages RAM [ 1255.760695][ T471] 0 pages HighMem/MovableOnly [ 1255.765336][ T471] 318832 pages reserved [ 1255.769570][ T471] 0 pages cma reserved [ 1255.773615][ T471] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=28144,uid=0 [ 1255.787731][ T471] Out of memory: Killed process 28144 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:07:04 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000000)) ptrace(0x10, r2) ptrace$getregset(0x4201, r2, 0x0, &(0x7f0000000080)={0x0}) prlimit64(r2, 0xd, &(0x7f0000000000)={0xffffffff, 0x7}, 0x0) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) truncate(&(0x7f0000000140)='./file0\x00', 0x401) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r3, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r4 = getpid() r5 = syz_open_procfs(r4, &(0x7f0000000100)='net/ip_vs_stats_percpu\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:04 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:04 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r0 = gettid() tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x10001ff) 03:07:04 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x15, 0xa, 0x401, 0x0, 0x0, {0xc, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x8811) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$netlink_NETLINK_RX_RING(r4, 0x10e, 0x6, &(0x7f0000000100)={0x6, 0x23, 0x0, 0x5}, 0x10) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:04 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r0 = gettid() tkill(r0, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x10001ff) [ 1256.295343][ T489] systemd-udevd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1256.325960][ T489] CPU: 1 PID: 489 Comm: systemd-udevd Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1256.335855][ T489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1256.345891][ T489] Call Trace: [ 1256.349161][ T489] dump_stack+0x14a/0x1ce [ 1256.353463][ T489] ? devkmsg_release+0x11c/0x11c [ 1256.358375][ T489] ? show_regs_print_info+0x12/0x12 [ 1256.363552][ T489] ? radix_tree_cpu_dead+0x160/0x160 [ 1256.368806][ T489] ? _raw_spin_lock+0xa1/0x170 [ 1256.373541][ T489] ? _raw_spin_trylock_bh+0x190/0x190 [ 1256.378909][ T489] dump_header+0xdb/0x700 [ 1256.383230][ T489] oom_kill_process+0xd3/0x280 [ 1256.387972][ T489] out_of_memory+0x5b6/0x890 [ 1256.392535][ T489] ? unregister_oom_notifier+0x20/0x20 [ 1256.397965][ T489] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1256.403479][ T489] ? get_page_from_freelist+0x7c0/0x7c0 [ 1256.409000][ T489] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1256.414341][ T489] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1256.419851][ T489] pagecache_get_page+0x50f/0x880 [ 1256.424841][ T489] filemap_fault+0x1474/0x19d0 [ 1256.429577][ T489] ? generic_file_read_iter+0x20b0/0x20b0 [ 1256.435281][ T489] ext4_filemap_fault+0x7b/0x90 [ 1256.440106][ T489] handle_mm_fault+0x2846/0x40b0 [ 1256.445013][ T489] ? finish_fault+0x230/0x230 [ 1256.449663][ T489] ? vmacache_update+0x9f/0xf0 [ 1256.454398][ T489] do_user_addr_fault+0x48a/0x9f0 [ 1256.459395][ T489] page_fault+0x2f/0x40 [ 1256.463522][ T489] RIP: 0033:0x7fe7087bbd8f [ 1256.467908][ T489] Code: 00 45 85 c9 0f 88 91 12 00 00 45 85 ff 0f 88 95 12 00 00 89 d8 c1 e8 1f 44 39 fb 0f 9f c2 08 c2 88 54 24 10 0f 85 ae 0f 00 00 <41> 8b 45 00 3d 45 52 43 50 74 46 3d 50 43 52 45 ba fc ff ff ff b8 [ 1256.487483][ T489] RSP: 002b:00007fff9cd59200 EFLAGS: 00010246 [ 1256.493527][ T489] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000e [ 1256.501483][ T489] RDX: 00007fff9cd5a000 RSI: 0000558aef13da70 RDI: 0000000000000000 [ 1256.509425][ T489] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1256.517376][ T489] R10: 00007fff9cd5a090 R11: 0000558aef13da70 R12: 00007fff9cd5a090 [ 1256.525326][ T489] R13: 00007fe709ff45a6 R14: 0000000000000000 R15: 000000000000000e [ 1256.537899][ T489] Mem-Info: [ 1256.541038][ T489] active_anon:1438703 inactive_anon:4690 isolated_anon:682 [ 1256.541038][ T489] active_file:898 inactive_file:894 isolated_file:91 [ 1256.541038][ T489] unevictable:0 dirty:33 writeback:0 unstable:0 [ 1256.541038][ T489] slab_reclaimable:7203 slab_unreclaimable:72553 [ 1256.541038][ T489] mapped:56910 shmem:4764 pagetables:29985 bounce:0 [ 1256.541038][ T489] free:9891 free_pcp:168 free_cma:0 [ 1256.593750][ T489] Node 0 active_anon:5757512kB inactive_anon:18760kB active_file:2956kB inactive_file:3576kB unevictable:0kB isolated(anon):28kB isolated(file):48kB mapped:226540kB dirty:132kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1256.737845][ T489] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1256.765285][ T489] lowmem_reserve[]: 0 2912 6416 6416 [ 1256.771191][ T489] DMA32 free:19944kB min:4644kB low:7624kB high:10604kB active_anon:2853616kB inactive_anon:4kB active_file:768kB inactive_file:1484kB unevictable:0kB writepending:96kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7136kB pagetables:20756kB bounce:0kB free_pcp:1536kB local_pcp:224kB free_cma:0kB [ 1256.800759][ T489] lowmem_reserve[]: 0 0 3504 3504 [ 1256.806091][ T489] Normal free:5540kB min:5592kB low:9180kB high:12768kB active_anon:2903924kB inactive_anon:18756kB active_file:916kB inactive_file:580kB unevictable:0kB writepending:60kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29600kB pagetables:99184kB bounce:0kB free_pcp:1488kB local_pcp:20kB free_cma:0kB [ 1256.837460][ T489] lowmem_reserve[]: 0 0 0 0 [ 1256.855322][ T489] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1256.869480][ T489] DMA32: 49*4kB (MEH) 160*8kB (UMEH) 94*16kB (UMEH) 80*32kB (UMEH) 62*64kB (UMEH) 23*128kB (UMEH) 12*256kB (UMEH) 8*512kB (UME) 2*1024kB (ME) 0*2048kB 0*4096kB = 21668kB [ 1256.886639][ T489] Normal: 992*4kB (UMEH) 83*8kB (UMEH) 35*16kB (UME) 61*32kB (UME) 5*64kB (M) 1*128kB (H) 2*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8104kB [ 1256.902358][ T489] 5294 total pagecache pages [ 1256.907104][ T489] 0 pages in swap cache [ 1256.912066][ T489] Swap cache stats: add 0, delete 0, find 0/0 [ 1256.918338][ T489] Free swap = 0kB [ 1256.922761][ T489] Total swap = 0kB [ 1256.926468][ T489] 1965979 pages RAM [ 1256.930523][ T489] 0 pages HighMem/MovableOnly [ 1256.935438][ T489] 318832 pages reserved [ 1256.939612][ T489] 0 pages cma reserved [ 1256.943665][ T489] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=480,uid=0 [ 1256.957587][ T489] Out of memory: Killed process 480 (syz-executor.0) total-vm:75224kB, anon-rss:16540kB, file-rss:34708kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 1256.980330][ T23] oom_reaper: reaped process 480 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 1257.269183][ T485] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1257.302566][ T485] CPU: 0 PID: 485 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1257.312616][ T485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1257.322649][ T485] Call Trace: [ 1257.325923][ T485] dump_stack+0x14a/0x1ce [ 1257.330238][ T485] ? devkmsg_release+0x11c/0x11c [ 1257.335162][ T485] ? show_regs_print_info+0x12/0x12 [ 1257.340332][ T485] ? radix_tree_cpu_dead+0x160/0x160 [ 1257.345591][ T485] ? _raw_spin_lock+0xa1/0x170 [ 1257.350331][ T485] ? _raw_spin_trylock_bh+0x190/0x190 [ 1257.355673][ T485] dump_header+0xdb/0x700 [ 1257.359976][ T485] oom_kill_process+0xd3/0x280 [ 1257.364710][ T485] out_of_memory+0x5b6/0x890 [ 1257.369272][ T485] ? unregister_oom_notifier+0x20/0x20 [ 1257.374705][ T485] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1257.380251][ T485] ? unwind_get_return_address+0x48/0x90 [ 1257.385863][ T485] ? get_page_from_freelist+0x7c0/0x7c0 [ 1257.391382][ T485] ? __zone_watermark_ok+0x96/0x260 [ 1257.396551][ T485] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1257.401900][ T485] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1257.407414][ T485] ? copy_process+0x5a4/0x5150 [ 1257.412146][ T485] ? copy_process+0x5a4/0x5150 [ 1257.416905][ T485] ? kmem_cache_alloc+0x1d2/0x260 [ 1257.421898][ T485] copy_process+0x5f3/0x5150 [ 1257.426458][ T485] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 1257.431973][ T485] ? _raw_spin_lock+0xa1/0x170 [ 1257.436709][ T485] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 1257.442480][ T485] ? fork_idle+0x290/0x290 [ 1257.446889][ T485] ? _raw_spin_unlock+0x5/0x20 [ 1257.451622][ T485] ? handle_mm_fault+0xb1e/0x40b0 [ 1257.456617][ T485] _do_fork+0x196/0x920 [ 1257.460763][ T485] ? dup_mm+0x300/0x300 [ 1257.464894][ T485] ? do_mmap+0x9ad/0x1060 [ 1257.469199][ T485] __x64_sys_clone+0x25f/0x2c0 [ 1257.473933][ T485] ? __ia32_sys_vfork+0x110/0x110 [ 1257.478928][ T485] ? do_user_addr_fault+0x55c/0x9f0 [ 1257.484104][ T485] do_syscall_64+0xcb/0x150 [ 1257.488580][ T485] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1257.494442][ T485] RIP: 0033:0x45f219 [ 1257.498310][ T485] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1257.517975][ T485] RSP: 002b:00007ffc8fd1c688 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1257.526351][ T485] RAX: ffffffffffffffda RBX: 00007faf0c28c700 RCX: 000000000045f219 [ 1257.534289][ T485] RDX: 00007faf0c28c9d0 RSI: 00007faf0c28bdb0 RDI: 00000000003d0f00 [ 1257.542230][ T485] RBP: 00007ffc8fd1c8a0 R08: 00007faf0c28c700 R09: 00007faf0c28c700 [ 1257.550176][ T485] R10: 00007faf0c28c9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1257.558117][ T485] R13: 00007ffc8fd1c73f R14: 00007faf0c28c9c0 R15: 000000000076c0ec [ 1257.668654][ T485] Mem-Info: [ 1257.676072][ T485] active_anon:1440253 inactive_anon:4690 isolated_anon:0 [ 1257.676072][ T485] active_file:244 inactive_file:261 isolated_file:0 [ 1257.676072][ T485] unevictable:0 dirty:12 writeback:0 unstable:0 [ 1257.676072][ T485] slab_reclaimable:7203 slab_unreclaimable:72504 [ 1257.676072][ T485] mapped:55758 shmem:4764 pagetables:29941 bounce:0 [ 1257.676072][ T485] free:9850 free_pcp:700 free_cma:0 [ 1257.729420][ T485] Node 0 active_anon:5761212kB inactive_anon:18760kB active_file:932kB inactive_file:916kB unevictable:0kB isolated(anon):0kB isolated(file):220kB mapped:222532kB dirty:48kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1257.754436][ T485] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1257.781590][ T485] lowmem_reserve[]: 0 2912 6416 6416 [ 1257.788932][ T485] DMA32 free:19540kB min:4644kB low:7624kB high:10604kB active_anon:2857040kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:20kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7008kB pagetables:20676kB bounce:0kB free_pcp:264kB local_pcp:0kB free_cma:0kB [ 1257.818290][ T485] lowmem_reserve[]: 0 0 3504 3504 [ 1257.824398][ T485] Normal free:5428kB min:5592kB low:9180kB high:12768kB active_anon:2903980kB inactive_anon:18756kB active_file:48kB inactive_file:36kB unevictable:0kB writepending:28kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29632kB pagetables:99088kB bounce:0kB free_pcp:1868kB local_pcp:500kB free_cma:0kB [ 1257.854689][ T485] lowmem_reserve[]: 0 0 0 0 [ 1257.859878][ T485] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1257.874488][ T485] DMA32: 54*4kB (UEH) 81*8kB (UMEH) 64*16kB (UMEH) 62*32kB (UMEH) 43*64kB (UMEH) 27*128kB (UMEH) 13*256kB (UMEH) 8*512kB (UME) 2*1024kB (ME) 0*2048kB 0*4096kB = 19552kB [ 1257.891985][ T485] Normal: 147*4kB (UMEH) 68*8kB (UMEH) 122*16kB (ME) 58*32kB (UMEH) 7*64kB (UM) 1*128kB (H) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5772kB [ 1257.931740][ T485] 5111 total pagecache pages [ 1257.936502][ T485] 0 pages in swap cache [ 1257.940721][ T485] Swap cache stats: add 0, delete 0, find 0/0 [ 1257.946835][ T485] Free swap = 0kB [ 1257.950594][ T485] Total swap = 0kB [ 1257.954354][ T485] 1965979 pages RAM [ 1257.958322][ T485] 0 pages HighMem/MovableOnly [ 1257.963024][ T485] 318832 pages reserved [ 1257.967212][ T485] 0 pages cma reserved [ 1257.986715][ T485] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=27920,uid=0 [ 1258.001410][ T485] Out of memory: Killed process 27920 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1258.029660][ T23] oom_reaper: reaped process 27920 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:07:06 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x0) 03:07:07 executing program 4: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:07 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0xfffffe47, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffd}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:07 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="5698a39ce88b3fff7f00000000000000014d0000000000000b520cfe5f"], 0x3}, 0x1, 0xfffffff0}, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') setxattr$trusted_overlay_opaque(&(0x7f0000000280)='./file0\x00', &(0x7f0000000340)='trusted.overlay.opaque\x00', &(0x7f0000000380)='y\x00', 0x2, 0x3) sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="3f020000000000000000014d0000000000000b520cfe5f"], 0x3}, 0x1, 0xfffffff0}, 0x0) sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x28, r3, 0x700, 0x70bd25, 0x25dfdbfd, {{}, {}, {0xc, 0x13, @l2={'ib', 0x3a, 'hsr0\x00'}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x400004c}, 0x4044048) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) syz_extract_tcp_res(&(0x7f0000000240), 0x20, 0x4) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:07:07 executing program 5: getpid() r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r0}], 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$getown(r1, 0x9) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000000)=r2) r3 = getpgrp(0x0) sched_setattr(r3, &(0x7f0000000040)={0x38, 0x1, 0x10000000}, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() ioctl$KDMKTONE(r5, 0x4b30, 0x9) write(r6, &(0x7f0000000340)="4c233caa3a593740241cb3f4d1ca54b2ef7e9db7ce1a41235acbe2b793f46fe71dfae9e564cabefe0f256aa63fa4c40400000065ad61261aa64d5431e21c48b08a2b271856a564fb5f6f950ebc69afebca36f838d822de82ed10f05ba074d2bbcd117fccfd4d717327da70a78f7083ed376406d7602203d634de66b13a7f58a185c5fc022cbe2e806a7164d04cfde61bbf40f36e2573cfa21f91444cb655c562b8f68ee4159065a3ef0fdc7c4cf7dc870ed0ea0d45f723941ac8737d6561e9ea1b3f18dfad6c5c9748936d9b88b63d51ee2f3a7eea", 0xd5) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x2000}, 0x0) r7 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r7, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:07 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x0) 03:07:07 executing program 4: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:07 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x80000000, 0x0) sendfile(r2, r0, 0x0, 0x0) [ 1259.878887][ T536] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1259.891545][ T536] CPU: 1 PID: 536 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1259.901505][ T536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1259.911532][ T536] Call Trace: [ 1259.914796][ T536] dump_stack+0x14a/0x1ce [ 1259.919098][ T536] ? devkmsg_release+0x11c/0x11c [ 1259.924002][ T536] ? show_regs_print_info+0x12/0x12 [ 1259.929167][ T536] ? radix_tree_cpu_dead+0x160/0x160 [ 1259.934481][ T536] ? _raw_spin_lock+0xa1/0x170 [ 1259.939241][ T536] ? _raw_spin_trylock_bh+0x190/0x190 [ 1259.944593][ T536] dump_header+0xdb/0x700 [ 1259.948901][ T536] oom_kill_process+0xd3/0x280 [ 1259.953649][ T536] out_of_memory+0x5b6/0x890 [ 1259.958215][ T536] ? unregister_oom_notifier+0x20/0x20 [ 1259.963649][ T536] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1259.969168][ T536] ? unwind_get_return_address+0x48/0x90 [ 1259.974772][ T536] ? get_page_from_freelist+0x7c0/0x7c0 [ 1259.980297][ T536] ? __zone_watermark_ok+0x96/0x260 [ 1259.985471][ T536] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1259.990813][ T536] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1259.996325][ T536] ? copy_process+0x5a4/0x5150 [ 1260.001055][ T536] ? kmem_cache_alloc+0x1d2/0x260 [ 1260.006046][ T536] copy_process+0x5f3/0x5150 [ 1260.010617][ T536] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 1260.016141][ T536] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 1260.021922][ T536] ? __mod_node_page_state+0x99/0xb0 [ 1260.027181][ T536] ? fork_idle+0x290/0x290 [ 1260.031572][ T536] ? _raw_spin_unlock+0x5/0x20 [ 1260.036310][ T536] ? handle_mm_fault+0xb1e/0x40b0 [ 1260.041319][ T536] _do_fork+0x196/0x920 [ 1260.045448][ T536] ? dup_mm+0x300/0x300 [ 1260.049575][ T536] ? do_mmap+0x9ad/0x1060 [ 1260.053880][ T536] __x64_sys_clone+0x25f/0x2c0 [ 1260.058614][ T536] ? __ia32_sys_vfork+0x110/0x110 [ 1260.063607][ T536] ? do_user_addr_fault+0x55c/0x9f0 [ 1260.068786][ T536] do_syscall_64+0xcb/0x150 [ 1260.073265][ T536] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1260.079137][ T536] RIP: 0033:0x45f219 [ 1260.083002][ T536] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1260.102576][ T536] RSP: 002b:00007ffc8fd1c688 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1260.110953][ T536] RAX: ffffffffffffffda RBX: 00007faf0c28c700 RCX: 000000000045f219 [ 1260.118910][ T536] RDX: 00007faf0c28c9d0 RSI: 00007faf0c28bdb0 RDI: 00000000003d0f00 [ 1260.126861][ T536] RBP: 00007ffc8fd1c8a0 R08: 00007faf0c28c700 R09: 00007faf0c28c700 [ 1260.134804][ T536] R10: 00007faf0c28c9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1260.142745][ T536] R13: 00007ffc8fd1c73f R14: 00007faf0c28c9c0 R15: 000000000076c0ec [ 1260.170517][ T536] Mem-Info: [ 1260.175563][ T536] active_anon:1440490 inactive_anon:4691 isolated_anon:0 [ 1260.175563][ T536] active_file:362 inactive_file:342 isolated_file:0 [ 1260.175563][ T536] unevictable:0 dirty:22 writeback:0 unstable:0 [ 1260.175563][ T536] slab_reclaimable:7223 slab_unreclaimable:72392 [ 1260.175563][ T536] mapped:55898 shmem:4764 pagetables:29982 bounce:0 [ 1260.175563][ T536] free:10118 free_pcp:122 free_cma:0 [ 1260.251420][ T536] Node 0 active_anon:5765460kB inactive_anon:18764kB active_file:504kB inactive_file:500kB unevictable:0kB isolated(anon):0kB isolated(file):140kB mapped:222192kB dirty:88kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1260.279836][ T536] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1260.322403][ T536] lowmem_reserve[]: 0 2912 6416 6416 [ 1260.347584][ T536] DMA32 free:18648kB min:4644kB low:7624kB high:10604kB active_anon:2856604kB inactive_anon:16kB active_file:436kB inactive_file:392kB unevictable:0kB writepending:8kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7168kB pagetables:21068kB bounce:0kB free_pcp:436kB local_pcp:252kB free_cma:0kB [ 1260.380389][ T536] lowmem_reserve[]: 0 0 3504 3504 [ 1260.385474][ T536] Normal free:4960kB min:5592kB low:9180kB high:12768kB active_anon:2908928kB inactive_anon:18752kB active_file:264kB inactive_file:52kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29536kB pagetables:98812kB bounce:0kB free_pcp:512kB local_pcp:288kB free_cma:0kB [ 1260.415053][ T536] lowmem_reserve[]: 0 0 0 0 [ 1260.423068][ T536] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1260.436908][ T536] DMA32: 164*4kB (UMEH) 73*8kB (MEH) 27*16kB (UMEH) 52*32kB (UMEH) 16*64kB (UEH) 12*128kB (UEH) 7*256kB (UMEH) 14*512kB (UME) 4*1024kB (ME) 0*2048kB 0*4096kB = 18952kB [ 1260.453989][ T536] Normal: 274*4kB (UME) 57*8kB (UME) 20*16kB (UE) 76*32kB (UME) 7*64kB (UM) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5008kB [ 1260.468713][ T536] 4864 total pagecache pages [ 1260.473464][ T536] 0 pages in swap cache [ 1260.477651][ T536] Swap cache stats: add 0, delete 0, find 0/0 [ 1260.483705][ T536] Free swap = 0kB [ 1260.487423][ T536] Total swap = 0kB [ 1260.491169][ T536] 1965979 pages RAM [ 1260.494957][ T536] 0 pages HighMem/MovableOnly [ 1260.502661][ T536] 318832 pages reserved [ 1260.506814][ T536] 0 pages cma reserved [ 1260.511213][ T536] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=510,uid=0 [ 1260.525298][ T536] Out of memory: Killed process 517 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 1260.542877][ T23] oom_reaper: reaped process 517 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1260.785518][ T536] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1260.817679][ T536] CPU: 1 PID: 536 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1260.827651][ T536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1260.837691][ T536] Call Trace: [ 1260.840967][ T536] dump_stack+0x14a/0x1ce [ 1260.845285][ T536] ? devkmsg_release+0x11c/0x11c [ 1260.850207][ T536] ? show_regs_print_info+0x12/0x12 [ 1260.855388][ T536] ? radix_tree_cpu_dead+0x160/0x160 [ 1260.860655][ T536] ? _raw_spin_lock+0xa1/0x170 [ 1260.865397][ T536] ? _raw_spin_trylock_bh+0x190/0x190 [ 1260.870753][ T536] dump_header+0xdb/0x700 [ 1260.875066][ T536] oom_kill_process+0xd3/0x280 [ 1260.879813][ T536] out_of_memory+0x5b6/0x890 [ 1260.884384][ T536] ? unregister_oom_notifier+0x20/0x20 [ 1260.889826][ T536] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1260.895357][ T536] ? unwind_get_return_address+0x48/0x90 [ 1260.900976][ T536] ? get_page_from_freelist+0x7c0/0x7c0 [ 1260.906502][ T536] ? __zone_watermark_ok+0x96/0x260 [ 1260.911670][ T536] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1260.917010][ T536] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1260.922522][ T536] ? copy_process+0x5a4/0x5150 [ 1260.927255][ T536] ? kmem_cache_alloc+0x1d2/0x260 [ 1260.932244][ T536] copy_process+0x5f3/0x5150 [ 1260.936927][ T536] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 1260.942449][ T536] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 1260.948307][ T536] ? __mod_node_page_state+0x99/0xb0 [ 1260.953559][ T536] ? fork_idle+0x290/0x290 [ 1260.957938][ T536] ? _raw_spin_unlock+0x5/0x20 [ 1260.962681][ T536] ? handle_mm_fault+0xb1e/0x40b0 [ 1260.967673][ T536] _do_fork+0x196/0x920 [ 1260.971795][ T536] ? dup_mm+0x300/0x300 [ 1260.975942][ T536] ? do_mmap+0x9ad/0x1060 [ 1260.980236][ T536] __x64_sys_clone+0x25f/0x2c0 [ 1260.984970][ T536] ? __ia32_sys_vfork+0x110/0x110 [ 1260.989962][ T536] ? do_user_addr_fault+0x55c/0x9f0 [ 1260.995128][ T536] do_syscall_64+0xcb/0x150 [ 1260.999719][ T536] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1261.005587][ T536] RIP: 0033:0x45f219 [ 1261.009467][ T536] Code: Bad RIP value. [ 1261.013504][ T536] RSP: 002b:00007ffc8fd1c688 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1261.021880][ T536] RAX: ffffffffffffffda RBX: 00007faf0c28c700 RCX: 000000000045f219 [ 1261.029823][ T536] RDX: 00007faf0c28c9d0 RSI: 00007faf0c28bdb0 RDI: 00000000003d0f00 [ 1261.037764][ T536] RBP: 00007ffc8fd1c8a0 R08: 00007faf0c28c700 R09: 00007faf0c28c700 [ 1261.045794][ T536] R10: 00007faf0c28c9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1261.053833][ T536] R13: 00007ffc8fd1c73f R14: 00007faf0c28c9c0 R15: 000000000076c0ec [ 1261.062799][ T536] Mem-Info: [ 1261.066384][ T536] active_anon:1441412 inactive_anon:4691 isolated_anon:0 [ 1261.066384][ T536] active_file:33 inactive_file:77 isolated_file:0 [ 1261.066384][ T536] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1261.066384][ T536] slab_reclaimable:7224 slab_unreclaimable:72358 [ 1261.066384][ T536] mapped:55311 shmem:4764 pagetables:29975 bounce:0 [ 1261.066384][ T536] free:10020 free_pcp:282 free_cma:0 [ 1261.112542][ T536] Node 0 active_anon:5765648kB inactive_anon:18764kB active_file:312kB inactive_file:232kB unevictable:0kB isolated(anon):0kB isolated(file):140kB mapped:221544kB dirty:0kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1261.136703][ T536] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1261.171391][ T536] lowmem_reserve[]: 0 2912 6416 6416 [ 1261.176694][ T536] DMA32 free:18508kB min:4644kB low:7624kB high:10604kB active_anon:2856716kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7072kB pagetables:20964kB bounce:0kB free_pcp:1620kB local_pcp:340kB free_cma:0kB [ 1261.205401][ T536] lowmem_reserve[]: 0 0 3504 3504 [ 1261.210454][ T536] Normal free:5164kB min:5592kB low:9180kB high:12768kB active_anon:2908932kB inactive_anon:18752kB active_file:0kB inactive_file:84kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29536kB pagetables:98936kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 1261.239319][ T536] lowmem_reserve[]: 0 0 0 0 [ 1261.243818][ T536] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1261.257118][ T536] DMA32: 59*4kB (UMEH) 38*8kB (UEH) 20*16kB (UMEH) 51*32kB (UMEH) 18*64kB (UMEH) 13*128kB (UEH) 7*256kB (UMEH) 14*512kB (UME) 4*1024kB (ME) 0*2048kB 0*4096kB = 18364kB [ 1261.273786][ T536] Normal: 311*4kB (UME) 58*8kB (UME) 20*16kB (UE) 76*32kB (UME) 7*64kB (UM) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5164kB [ 1261.288124][ T536] 4815 total pagecache pages [ 1261.292688][ T536] 0 pages in swap cache [ 1261.296805][ T536] Swap cache stats: add 0, delete 0, find 0/0 [ 1261.302839][ T536] Free swap = 0kB [ 1261.306519][ T536] Total swap = 0kB [ 1261.310213][ T536] 1965979 pages RAM [ 1261.313983][ T536] 0 pages HighMem/MovableOnly [ 1261.318632][ T536] 318832 pages reserved [ 1261.322767][ T536] 0 pages cma reserved [ 1261.326798][ T536] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=543,uid=0 [ 1261.340786][ T536] Out of memory: Killed process 543 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:34696kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1261.358187][ T23] oom_reaper: reaped process 543 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:07:09 executing program 1: 03:07:09 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{}], 0x1, 0x0) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$inet_msfilter(r4, 0x0, 0x29, &(0x7f0000000200)={@multicast2, @loopback, 0x0, 0x7, [@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @multicast2, @local, @multicast2]}, 0x2c) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x1, 0xfffffffc, 0x3, 0x0, 0x1, 0x80000001, 0x9, 0x4}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:10 executing program 1: 03:07:10 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x10000075, 0xfffffffc, 0x1, 0x0, 0x7, 0xffff, 0xfffffff8}, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0), 0x0, 0x1) close(r3) splice(r2, 0x0, r3, 0x0, 0x0, 0x0) write$FUSE_WRITE(r2, &(0x7f0000000700)={0x18, 0xfffffffffffffffe, 0x6, {0xbd50}}, 0x18) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) poll(&(0x7f0000000080)=[{r4}], 0x1, 0x0) r5 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$LOOP_SET_DIRECT_IO(r5, 0x4c08, 0x9) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) [ 1263.188303][ T429] syz-executor.1 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1263.202190][ T429] CPU: 0 PID: 429 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1263.212153][ T429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1263.222279][ T429] Call Trace: [ 1263.225551][ T429] dump_stack+0x14a/0x1ce [ 1263.229859][ T429] ? devkmsg_release+0x11c/0x11c [ 1263.234769][ T429] ? show_regs_print_info+0x12/0x12 [ 1263.239940][ T429] ? radix_tree_cpu_dead+0x160/0x160 [ 1263.245195][ T429] ? _raw_spin_lock+0xa1/0x170 [ 1263.249926][ T429] ? _raw_spin_trylock_bh+0x190/0x190 [ 1263.255269][ T429] dump_header+0xdb/0x700 [ 1263.259576][ T429] oom_kill_process+0xd3/0x280 [ 1263.264306][ T429] out_of_memory+0x5b6/0x890 [ 1263.268959][ T429] ? unregister_oom_notifier+0x20/0x20 [ 1263.274387][ T429] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1263.279902][ T429] ? get_page_from_freelist+0x7c0/0x7c0 [ 1263.285424][ T429] ? __zone_watermark_ok+0x96/0x260 [ 1263.290599][ T429] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1263.295941][ T429] ? __kasan_slab_free+0x181/0x230 [ 1263.301018][ T429] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1263.306527][ T429] ? avc_has_perm_noaudit+0x30c/0x400 [ 1263.311866][ T429] ? avc_denied+0x1c0/0x1c0 [ 1263.316335][ T429] alloc_slab_page+0x3a/0x3a0 [ 1263.320979][ T429] new_slab+0x3ef/0x430 [ 1263.325112][ T429] ? should_fail+0x18e/0x860 [ 1263.329674][ T429] ? getname_flags+0xb8/0x610 [ 1263.334322][ T429] ___slab_alloc+0x2e0/0x450 [ 1263.338885][ T429] ? getname_flags+0xb8/0x610 [ 1263.343527][ T429] ? getname_flags+0xb8/0x610 [ 1263.348180][ T429] kmem_cache_alloc+0x23c/0x260 [ 1263.353015][ T429] getname_flags+0xb8/0x610 [ 1263.357488][ T429] user_path_mountpoint_at+0x22/0x40 [ 1263.362742][ T429] ksys_umount+0x167/0xff0 [ 1263.367135][ T429] ? namespace_unlock+0x4e0/0x4e0 [ 1263.372124][ T429] ? __fpregs_load_activate+0x2d3/0x390 [ 1263.377664][ T429] ? switch_fpu_return+0x10/0x10 [ 1263.382566][ T429] ? getname_flags+0x20d/0x610 [ 1263.387297][ T429] __x64_sys_umount+0x56/0x60 [ 1263.391945][ T429] do_syscall_64+0xcb/0x150 [ 1263.396422][ T429] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1263.402280][ T429] RIP: 0033:0x45f277 [ 1263.406151][ T429] Code: Bad RIP value. [ 1263.410185][ T429] RSP: 002b:00007fff19d27c98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1263.418564][ T429] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045f277 [ 1263.426505][ T429] RDX: 0000000000402f28 RSI: 0000000000000002 RDI: 00007fff19d27d40 [ 1263.434443][ T429] RBP: 0000000000001712 R08: 0000000000000000 R09: 0000000000000011 [ 1263.442382][ T429] R10: 000000000000000a R11: 0000000000000246 R12: 00007fff19d28dd0 [ 1263.450325][ T429] R13: 0000000002a49940 R14: 0000000000000000 R15: 00007fff19d28dd0 [ 1263.458915][ T429] Mem-Info: [ 1263.462412][ T429] active_anon:1439203 inactive_anon:4689 isolated_anon:0 [ 1263.462412][ T429] active_file:91 inactive_file:141 isolated_file:0 [ 1263.462412][ T429] unevictable:0 dirty:1 writeback:0 unstable:0 [ 1263.462412][ T429] slab_reclaimable:7223 slab_unreclaimable:72539 [ 1263.462412][ T429] mapped:55385 shmem:4764 pagetables:29950 bounce:0 [ 1263.462412][ T429] free:11611 free_pcp:583 free_cma:0 [ 1263.500424][ T429] Node 0 active_anon:5756812kB inactive_anon:18756kB active_file:352kB inactive_file:844kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221432kB dirty:0kB writeback:4kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1263.524933][ T429] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1263.551354][ T429] lowmem_reserve[]: 0 2912 6416 6416 [ 1263.556989][ T429] DMA32 free:21892kB min:4644kB low:7624kB high:10604kB active_anon:2852696kB inactive_anon:4kB active_file:424kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6880kB pagetables:20908kB bounce:0kB free_pcp:1120kB local_pcp:96kB free_cma:0kB [ 1263.585871][ T429] lowmem_reserve[]: 0 0 3504 3504 [ 1263.591142][ T429] Normal free:8784kB min:5592kB low:9180kB high:12768kB active_anon:2904116kB inactive_anon:18752kB active_file:76kB inactive_file:268kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29536kB pagetables:98892kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1263.620243][ T429] lowmem_reserve[]: 0 0 0 0 [ 1263.625000][ T429] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1263.638517][ T429] DMA32: 37*4kB (UMEH) 31*8kB (UEH) 12*16kB (UEH) 49*32kB (UMEH) 50*64kB (UMEH) 20*128kB (UMEH) 7*256kB (UMEH) 15*512kB (UME) 4*1024kB (ME) 0*2048kB 0*4096kB = 21484kB [ 1263.655441][ T429] Normal: 476*4kB (UME) 90*8kB (UME) 146*16kB (UME) 72*32kB (UME) 11*64kB (UM) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8224kB [ 1263.670198][ T429] 5724 total pagecache pages [ 1263.674978][ T429] 0 pages in swap cache [ 1263.679310][ T429] Swap cache stats: add 0, delete 0, find 0/0 [ 1263.685556][ T429] Free swap = 0kB [ 1263.689685][ T429] Total swap = 0kB [ 1263.693636][ T429] 1965979 pages RAM [ 1263.697654][ T429] 0 pages HighMem/MovableOnly [ 1263.702447][ T429] 318832 pages reserved [ 1263.706725][ T429] 0 pages cma reserved [ 1263.710913][ T429] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=558,uid=0 [ 1263.724998][ T429] Out of memory: Killed process 558 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:07:12 executing program 1: 03:07:12 executing program 4: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:13 executing program 1: 03:07:13 executing program 1: creat(&(0x7f0000000a40)='./bus\x00', 0x0) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x12, r0, 0x0) mlock(&(0x7f0000004000/0x1000)=nil, 0x1000) r1 = memfd_create(&(0x7f0000000200)='\x00\x83\xc5\xcb\xc7\x108\xa4\x03\x9c0T3\xc5\x97\x95\xb5\x8fM\xddU\x10\xaaod\x96\xeeM\xbe\x0e\xe4\xcc\xc4\xcf,\x9f7\xcc(Z\x13`\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00c\r\x14\xd8g\x02S -\xfd\xb5a\xedf|\xc4\xf9\xd2J\xadi\xcc[\\P\xa6F\x8c^\xc7i)d\x9f\xfckW\x86\xe4Qg1\xbdD\x1c\x13O\\\x7fS/\xc9d!\x19\"\x16\xfdC\tz\xf1\xf3q\xfd\'.\xb4\x14\x14m_&\x88\x8cfI\x18&\xea5\xa0\x00\xd2\xcd\xf0\xd5\x03\x9f\x18\x8d6\xc9,\xc9Y\xb8\xc9\xdd\xadp3\xbe\x93C\xa3b\x18\xe7\xcdx\x86aA\x9e\x83\aKc\xba\x05\x19\xb1\x9cJ\xce2\x9fW\xd3', 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0) mlock(&(0x7f0000003000/0x3000)=nil, 0x3000) 03:07:13 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r0, 0x10, &(0x7f0000000100)={0x1}) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:13 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:13 executing program 1: sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x0) unshare(0x40040400) listen(0xffffffffffffffff, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r0, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b200080000001028e6c467144d2fa833"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r0, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=@newtfilter={0x54, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r0, {}, {}, {0xfff1}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x10, 0x1, 0x0, 0x0, {{}, '\x00'}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x401}}]}]}}]}, 0x54}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=@newtfilter={0x54, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xfff1}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0x10, 0x1, 0x0, 0x0, {{}, '\x00'}}]}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x401}}]}]}}]}, 0x54}}, 0x0) [ 1266.017112][ T389] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1266.041481][ T389] CPU: 1 PID: 389 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1266.051100][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1266.061124][ T389] Call Trace: [ 1266.064388][ T389] dump_stack+0x14a/0x1ce [ 1266.068689][ T389] ? devkmsg_release+0x11c/0x11c [ 1266.073593][ T389] ? show_regs_print_info+0x12/0x12 [ 1266.078759][ T389] ? radix_tree_cpu_dead+0x160/0x160 [ 1266.084010][ T389] ? _raw_spin_lock+0xa1/0x170 [ 1266.088748][ T389] ? _raw_spin_trylock_bh+0x190/0x190 [ 1266.094088][ T389] dump_header+0xdb/0x700 [ 1266.098394][ T389] oom_kill_process+0xd3/0x280 [ 1266.103132][ T389] out_of_memory+0x5b6/0x890 [ 1266.107698][ T389] ? unregister_oom_notifier+0x20/0x20 [ 1266.113121][ T389] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1266.118635][ T389] ? get_page_from_freelist+0x7c0/0x7c0 [ 1266.124156][ T389] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1266.129510][ T389] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1266.135046][ T389] pagecache_get_page+0x50f/0x880 [ 1266.140043][ T389] ? is_mmconf_reserved+0x410/0x410 [ 1266.145210][ T389] filemap_fault+0x1474/0x19d0 [ 1266.149954][ T389] ? generic_file_read_iter+0x20b0/0x20b0 [ 1266.155648][ T389] ? ___preempt_schedule+0x16/0x20 [ 1266.160732][ T389] ext4_filemap_fault+0x7b/0x90 [ 1266.165562][ T389] handle_mm_fault+0x2846/0x40b0 [ 1266.170469][ T389] ? finish_fault+0x230/0x230 [ 1266.175111][ T389] ? vmacache_find+0x3a2/0x4b0 [ 1266.179843][ T389] do_user_addr_fault+0x48a/0x9f0 [ 1266.184839][ T389] page_fault+0x2f/0x40 [ 1266.188962][ T389] RIP: 0033:0x72f1a9 [ 1266.192826][ T389] Code: cc 48 8b 44 24 08 48 8b 40 28 84 00 48 89 44 24 08 48 c7 44 24 10 00 00 00 00 e9 32 4f ff ff cc cc 48 8b 44 24 08 48 8b 40 28 <84> 00 48 89 44 24 08 c6 44 24 10 00 e9 66 4f ff ff cc cc cc cc cc [ 1266.212399][ T389] RSP: 002b:000000c431904200 EFLAGS: 00010202 [ 1266.218433][ T389] RAX: 00000000012bf720 RBX: 0000000000f453c0 RCX: 0000000000a486a0 [ 1266.226375][ T389] RDX: 000000000072f1a0 RSI: 0000000000000008 RDI: 000000c42f705260 [ 1266.234315][ T389] RBP: 000000c4319042a0 R08: 0000000000000000 R09: 0000000000000000 [ 1266.242254][ T389] R10: 00000000009f0182 R11: 0000000000000004 R12: 0000000000000000 [ 1266.250204][ T389] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 1266.310909][ T389] Mem-Info: [ 1266.337190][ T389] active_anon:1439208 inactive_anon:4691 isolated_anon:0 [ 1266.337190][ T389] active_file:304 inactive_file:307 isolated_file:43 [ 1266.337190][ T389] unevictable:0 dirty:3 writeback:0 unstable:0 [ 1266.337190][ T389] slab_reclaimable:7226 slab_unreclaimable:72585 [ 1266.337190][ T389] mapped:55945 shmem:4764 pagetables:29955 bounce:0 [ 1266.337190][ T389] free:11393 free_pcp:70 free_cma:0 [ 1266.375018][ T389] Node 0 active_anon:5756832kB inactive_anon:18764kB active_file:1216kB inactive_file:1228kB unevictable:0kB isolated(anon):0kB isolated(file):172kB mapped:223680kB dirty:12kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1266.399774][ T389] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1266.426819][ T389] lowmem_reserve[]: 0 2912 6416 6416 [ 1266.439850][ T389] DMA32 free:24696kB min:8740kB low:11720kB high:14700kB active_anon:2847968kB inactive_anon:8kB active_file:880kB inactive_file:760kB unevictable:0kB writepending:12kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7072kB pagetables:21024kB bounce:0kB free_pcp:976kB local_pcp:368kB free_cma:0kB [ 1266.522666][ T389] lowmem_reserve[]: 0 0 3504 3504 [ 1266.527874][ T389] Normal free:4988kB min:5592kB low:9180kB high:12768kB active_anon:2909380kB inactive_anon:18752kB active_file:220kB inactive_file:372kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29600kB pagetables:98912kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 1266.561422][ T389] lowmem_reserve[]: 0 0 0 0 [ 1266.566513][ T389] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1266.580706][ T389] DMA32: 27*4kB (H) 12*8kB (UH) 16*16kB (UMH) 23*32kB (UMH) 14*64kB (UH) 24*128kB (UMH) 7*256kB (UMH) 15*512kB (UM) 4*1024kB (UM) 0*2048kB 0*4096kB = 18732kB [ 1266.601763][ T389] Normal: 191*4kB (UME) 56*8kB (UME) 19*16kB (ME) 41*32kB (UME) 20*64kB (UM) 2*128kB (UM) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4620kB [ 1266.617460][ T389] 5107 total pagecache pages [ 1266.623139][ T389] 0 pages in swap cache [ 1266.628091][ T389] Swap cache stats: add 0, delete 0, find 0/0 [ 1266.634665][ T389] Free swap = 0kB [ 1266.638892][ T389] Total swap = 0kB [ 1266.643018][ T389] 1965979 pages RAM [ 1266.647336][ T389] 0 pages HighMem/MovableOnly [ 1266.652484][ T389] 318832 pages reserved [ 1266.657019][ T389] 0 pages cma reserved [ 1266.661458][ T389] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=27639,uid=0 [ 1266.675707][ T389] Out of memory: Killed process 27639 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:07:15 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:15 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x14, 0x15, 0xa, 0x401, 0x0, 0x0, {0xc, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xc0}, 0x8811) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$netlink_NETLINK_RX_RING(r4, 0x10e, 0x6, &(0x7f0000000100)={0x6, 0x23, 0x0, 0x5}, 0x10) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:15 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x4000, 0x0) ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x1) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:07:15 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{}], 0x1, 0x0) r1 = dup(0xffffffffffffffff) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18, 0x0, 0x5}, 0x18) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}}], 0x1, 0x10003, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x81}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:15 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r2}], 0x1, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) ioctl$TUNSETIFINDEX(r3, 0x400454da, &(0x7f0000000140)=r6) setsockopt$inet6_IPV6_PKTINFO(r2, 0x29, 0x32, &(0x7f0000000000)={@ipv4={[], [], @broadcast}, r6}, 0x14) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r7, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r8 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r8, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:15 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) r0 = getpid() r1 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x2c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r4, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000480)={r5}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r0, r2, 0x0, 0x6, &(0x7f0000000000)='stack\x00', r5}, 0x30) r6 = getpid() rt_tgsigqueueinfo(r6, r6, 0x16, &(0x7f0000000000)) ptrace(0x10, r6) ptrace$getregset(0x4201, r6, 0x0, &(0x7f0000000080)={0x0}) r7 = getpid() rt_tgsigqueueinfo(r7, r7, 0x16, &(0x7f0000000000)) ptrace(0x10, r7) r8 = syz_open_procfs(0x0, &(0x7f0000000100)='stack\x00') preadv(r8, &(0x7f0000000500), 0x37d, 0x0) 03:07:15 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1268.117042][T31998] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1268.128660][ T624] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=2, oom_score_adj=1000 [ 1268.167119][ T624] CPU: 1 PID: 624 Comm: syz-executor.5 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1268.177088][ T624] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1268.187115][ T624] Call Trace: [ 1268.190381][ T624] dump_stack+0x14a/0x1ce [ 1268.194680][ T624] ? devkmsg_release+0x11c/0x11c [ 1268.199594][ T624] ? show_regs_print_info+0x12/0x12 [ 1268.204756][ T624] ? radix_tree_cpu_dead+0x160/0x160 [ 1268.210008][ T624] ? _raw_spin_lock+0xa1/0x170 [ 1268.214742][ T624] ? _raw_spin_trylock_bh+0x190/0x190 [ 1268.220085][ T624] dump_header+0xdb/0x700 [ 1268.224386][ T624] oom_kill_process+0xd3/0x280 [ 1268.229126][ T624] out_of_memory+0x5b6/0x890 [ 1268.233712][ T624] ? unregister_oom_notifier+0x20/0x20 [ 1268.239143][ T624] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1268.244662][ T624] ? get_page_from_freelist+0x7c0/0x7c0 [ 1268.250175][ T624] ? __zone_watermark_ok+0x96/0x260 [ 1268.255362][ T624] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1268.260714][ T624] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1268.266237][ T624] ? __kasan_slab_free+0x1f2/0x230 [ 1268.271323][ T624] ? __kasan_slab_free+0x181/0x230 [ 1268.276405][ T624] ? slab_free_freelist_hook+0xd0/0x140 [ 1268.281918][ T624] ? kmem_cache_free+0xac/0x5f0 [ 1268.286738][ T624] ? do_sys_open+0x642/0x7d0 [ 1268.291306][ T624] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1268.297341][ T624] kmalloc_order_trace+0x2a/0xf0 [ 1268.302254][ T624] __kmalloc+0x265/0x2c0 [ 1268.306480][ T624] kmalloc_array+0x2b/0x50 [ 1268.310866][ T624] rw_copy_check_uvector+0x8a/0x310 [ 1268.316035][ T624] import_iovec+0x113/0x380 [ 1268.320518][ T624] ? dup_iter+0x110/0x110 [ 1268.324831][ T624] do_preadv+0x1d9/0x350 [ 1268.329058][ T624] ? do_writev+0x5b0/0x5b0 [ 1268.333458][ T624] do_syscall_64+0xcb/0x150 [ 1268.337939][ T624] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1268.343816][ T624] RIP: 0033:0x45c849 [ 1268.347695][ T624] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1268.367268][ T624] RSP: 002b:00007f3674008c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1268.375647][ T624] RAX: ffffffffffffffda RBX: 00007f36740096d4 RCX: 000000000045c849 [ 1268.383596][ T624] RDX: 000000000000037d RSI: 0000000020000500 RDI: 000000000000000b [ 1268.391539][ T624] RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000 [ 1268.399482][ T624] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1268.407424][ T624] R13: 000000000000085a R14: 00000000004cb1ac R15: 000000000076c04c [ 1268.446897][ T624] Mem-Info: [ 1268.454556][ T624] active_anon:1437309 inactive_anon:4691 isolated_anon:0 [ 1268.454556][ T624] active_file:157 inactive_file:140 isolated_file:61 [ 1268.454556][ T624] unevictable:0 dirty:5 writeback:0 unstable:0 [ 1268.454556][ T624] slab_reclaimable:7224 slab_unreclaimable:72587 [ 1268.454556][ T624] mapped:55645 shmem:4764 pagetables:30116 bounce:0 [ 1268.454556][ T624] free:12350 free_pcp:1155 free_cma:0 [ 1268.494219][ T624] Node 0 active_anon:5749236kB inactive_anon:18764kB active_file:628kB inactive_file:560kB unevictable:0kB isolated(anon):0kB isolated(file):244kB mapped:222580kB dirty:20kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1268.527605][ T624] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1268.554604][ T624] lowmem_reserve[]: 0 2912 6416 6416 [ 1268.560770][ T624] DMA32 free:27164kB min:4644kB low:7624kB high:10604kB active_anon:2842856kB inactive_anon:12kB active_file:272kB inactive_file:628kB unevictable:0kB writepending:16kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7392kB pagetables:21536kB bounce:0kB free_pcp:1720kB local_pcp:804kB free_cma:0kB [ 1268.590628][ T624] lowmem_reserve[]: 0 0 3504 3504 [ 1268.596343][ T624] Normal free:6836kB min:5592kB low:9180kB high:12768kB active_anon:2906692kB inactive_anon:18752kB active_file:56kB inactive_file:72kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29728kB pagetables:98928kB bounce:0kB free_pcp:1992kB local_pcp:504kB free_cma:0kB [ 1268.626195][ T624] lowmem_reserve[]: 0 0 0 0 [ 1268.631642][ T624] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1268.645594][ T624] DMA32: 279*4kB (UMH) 116*8kB (UMH) 106*16kB (UMH) 102*32kB (UMH) 58*64kB (MH) 6*128kB (UMH) 19*256kB (MH) 15*512kB (UM) 3*1024kB (M) 0*2048kB 0*4096kB = 27100kB [ 1268.687517][ T624] Normal: 589*4kB (UME) 90*8kB (UME) 51*16kB (UME) 56*32kB (UME) 17*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6900kB [ 1268.738584][ T624] 6548 total pagecache pages 03:07:16 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1268.773657][ T624] 0 pages in swap cache [ 1268.823545][ T624] Swap cache stats: add 0, delete 0, find 0/0 [ 1268.837071][T31998] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1268.846112][T31998] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1268.862065][T31998] usb 4-1: Product: syz [ 1268.866257][T31998] usb 4-1: Manufacturer: syz [ 1268.894982][T31998] usb 4-1: SerialNumber: syz [ 1268.911098][ T624] Free swap = 0kB [ 1268.937234][ T624] Total swap = 0kB [ 1268.945896][ T624] 1965979 pages RAM [ 1268.963135][ T624] 0 pages HighMem/MovableOnly [ 1268.983029][ T624] 318832 pages reserved [ 1268.993956][ T624] 0 pages cma reserved [ 1268.999011][ T624] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=596,uid=0 [ 1269.373232][ T211] systemd-udevd invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=-1000 [ 1269.384762][ T211] CPU: 1 PID: 211 Comm: systemd-udevd Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1269.394637][ T211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1269.404672][ T211] Call Trace: [ 1269.407967][ T211] dump_stack+0x14a/0x1ce [ 1269.412285][ T211] ? devkmsg_release+0x11c/0x11c [ 1269.417201][ T211] ? show_regs_print_info+0x12/0x12 [ 1269.422376][ T211] ? radix_tree_cpu_dead+0x160/0x160 [ 1269.427656][ T211] ? _raw_spin_lock+0xa1/0x170 [ 1269.432396][ T211] ? _raw_spin_trylock_bh+0x190/0x190 [ 1269.437748][ T211] dump_header+0xdb/0x700 [ 1269.442059][ T211] oom_kill_process+0xd3/0x280 [ 1269.446819][ T211] out_of_memory+0x5b6/0x890 [ 1269.451392][ T211] ? unregister_oom_notifier+0x20/0x20 [ 1269.456860][ T211] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1269.462389][ T211] ? get_page_from_freelist+0x7c0/0x7c0 [ 1269.467946][ T211] ? switch_mm_irqs_off+0x509/0xa10 [ 1269.473112][ T211] ? __zone_watermark_ok+0x96/0x260 [ 1269.478278][ T211] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1269.483617][ T211] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1269.489143][ T211] ? __seccomp_filter+0xa3f/0x1740 [ 1269.494446][ T211] ? __secure_computing+0x250/0x250 [ 1269.499622][ T211] alloc_slab_page+0x3a/0x3a0 [ 1269.504269][ T211] new_slab+0x3ef/0x430 [ 1269.508403][ T211] ? generic_bug_clear_once+0x1f0/0x1f0 [ 1269.513919][ T211] ___slab_alloc+0x2e0/0x450 [ 1269.518483][ T211] ? getname_flags+0xb8/0x610 [ 1269.523127][ T211] ? getname_flags+0xb8/0x610 [ 1269.527770][ T211] kmem_cache_alloc+0x23c/0x260 [ 1269.532589][ T211] ? _extract_crng+0x317/0x360 [ 1269.537316][ T211] getname_flags+0xb8/0x610 [ 1269.541784][ T211] do_sys_open+0x33d/0x7d0 [ 1269.546168][ T211] ? file_open_root+0x450/0x450 [ 1269.550988][ T211] ? __fpregs_load_activate+0x2d3/0x390 [ 1269.556539][ T211] do_syscall_64+0xcb/0x150 [ 1269.561022][ T211] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1269.566882][ T211] RIP: 0033:0x7fe7091c2840 [ 1269.571279][ T211] Code: Bad RIP value. [ 1269.575318][ T211] RSP: 002b:00007fff9cd5ab68 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1269.583699][ T211] RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fe7091c2840 [ 1269.591642][ T211] RDX: 00000000000001a4 RSI: 0000000000080141 RDI: 0000558aee578369 [ 1269.599583][ T211] RBP: 0000558aee578369 R08: c0c0fc0000000000 R09: 000000000000000a [ 1269.607528][ T211] R10: 9824ad4aba3adccf R11: 0000000000000246 R12: 0000558aef0e8a60 [ 1269.615477][ T211] R13: 00000000fffffffe R14: 0000000000000000 R15: 0000000000000001 [ 1269.626136][ T211] Mem-Info: [ 1269.630891][ T211] active_anon:1440216 inactive_anon:4691 isolated_anon:0 [ 1269.630891][ T211] active_file:28 inactive_file:526 isolated_file:0 [ 1269.630891][ T211] unevictable:0 dirty:15 writeback:0 unstable:0 [ 1269.630891][ T211] slab_reclaimable:7223 slab_unreclaimable:72621 [ 1269.630891][ T211] mapped:55559 shmem:4764 pagetables:30064 bounce:0 [ 1269.630891][ T211] free:10357 free_pcp:322 free_cma:0 [ 1269.669092][ T211] Node 0 active_anon:5761264kB inactive_anon:18764kB active_file:1000kB inactive_file:976kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:223136kB dirty:60kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1269.712713][ T211] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1269.738963][ T211] lowmem_reserve[]: 0 2912 6416 6416 [ 1269.744393][ T211] DMA32 free:18244kB min:4644kB low:7624kB high:10604kB active_anon:2851608kB inactive_anon:16kB active_file:440kB inactive_file:440kB unevictable:0kB writepending:52kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7200kB pagetables:21332kB bounce:0kB free_pcp:1252kB local_pcp:700kB free_cma:0kB [ 1269.773930][ T211] lowmem_reserve[]: 0 0 3504 3504 [ 1269.779521][ T211] Normal free:5812kB min:5592kB low:9180kB high:12768kB active_anon:2910164kB inactive_anon:18748kB active_file:0kB inactive_file:408kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29600kB pagetables:98924kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 1269.810747][ T211] lowmem_reserve[]: 0 0 0 0 [ 1269.815247][ T211] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1269.829150][ T211] DMA32: 89*4kB (UMH) 101*8kB (UMH) 10*16kB (UMH) 10*32kB (UMH) 36*64kB (UMH) 5*128kB (MH) 19*256kB (UMH) 14*512kB (UM) 3*1024kB (UM) 0*2048kB 0*4096kB = 19692kB [ 1269.845330][ T211] Normal: 159*4kB (UME) 73*8kB (UME) 34*16kB (UME) 85*32kB (UMEH) 17*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5700kB [ 1269.861336][ T211] 4827 total pagecache pages [ 1269.866132][ T211] 0 pages in swap cache [ 1269.870306][ T211] Swap cache stats: add 0, delete 0, find 0/0 [ 1269.876360][ T211] Free swap = 0kB [ 1269.880169][ T211] Total swap = 0kB [ 1269.883874][ T211] 1965979 pages RAM [ 1269.887687][ T211] 0 pages HighMem/MovableOnly [ 1269.892346][ T211] 318832 pages reserved [ 1269.896478][ T211] 0 pages cma reserved [ 1269.900545][ T211] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=633,uid=0 [ 1269.914460][ T211] Out of memory: Killed process 633 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:34696kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1270.098260][ T204] systemd-journal invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1270.115573][ T204] CPU: 1 PID: 204 Comm: systemd-journal Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1270.125629][ T204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1270.135670][ T204] Call Trace: [ 1270.138953][ T204] dump_stack+0x14a/0x1ce [ 1270.143270][ T204] ? devkmsg_release+0x11c/0x11c [ 1270.148179][ T204] ? show_regs_print_info+0x12/0x12 [ 1270.153354][ T204] ? radix_tree_cpu_dead+0x160/0x160 [ 1270.158602][ T204] ? _raw_spin_lock+0xa1/0x170 [ 1270.163332][ T204] ? _raw_spin_trylock_bh+0x190/0x190 [ 1270.168672][ T204] dump_header+0xdb/0x700 [ 1270.172968][ T204] oom_kill_process+0xd3/0x280 [ 1270.177696][ T204] out_of_memory+0x5b6/0x890 [ 1270.182250][ T204] ? unregister_oom_notifier+0x20/0x20 [ 1270.187675][ T204] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1270.193184][ T204] ? stack_trace_save+0x123/0x1f0 [ 1270.198195][ T204] ? get_page_from_freelist+0x7c0/0x7c0 [ 1270.203725][ T204] ? __zone_watermark_ok+0x96/0x260 [ 1270.208894][ T204] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1270.214363][ T204] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1270.219888][ T204] ? __kasan_kmalloc+0x189/0x1c0 [ 1270.224791][ T204] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 1270.230740][ T204] ? __kasan_kmalloc+0x12c/0x1c0 [ 1270.235644][ T204] ? __kmalloc+0xf7/0x2c0 [ 1270.239945][ T204] ? kvmalloc_node+0xc2/0x120 [ 1270.244590][ T204] ? seq_read+0x217/0xd30 [ 1270.248893][ T204] alloc_slab_page+0x3a/0x3a0 [ 1270.253545][ T204] new_slab+0x3ef/0x430 [ 1270.257673][ T204] ? should_fail+0x18e/0x860 [ 1270.262230][ T204] ___slab_alloc+0x2e0/0x450 [ 1270.266790][ T204] ? uevent_show+0x160/0x2f0 [ 1270.271346][ T204] ? uevent_show+0x160/0x2f0 [ 1270.275907][ T204] kmem_cache_alloc_trace+0x258/0x270 [ 1270.281258][ T204] uevent_show+0x160/0x2f0 [ 1270.285644][ T204] dev_attr_show+0x50/0xc0 [ 1270.290031][ T204] ? device_get_ownership+0xa0/0xa0 [ 1270.295197][ T204] sysfs_kf_seq_show+0x265/0x3e0 [ 1270.300107][ T204] seq_read+0x4aa/0xd30 [ 1270.304231][ T204] ? __secure_computing+0x250/0x250 [ 1270.309398][ T204] ? kernfs_notify_workfn+0x570/0x570 [ 1270.314738][ T204] __vfs_read+0xfa/0x710 [ 1270.318951][ T204] ? rw_verify_area+0x340/0x340 [ 1270.323770][ T204] ? __fsnotify_update_child_dentry_flags+0x2c0/0x2c0 [ 1270.330506][ T204] ? __fsnotify_parent+0x310/0x310 [ 1270.335587][ T204] ? security_file_permission+0x1e9/0x300 [ 1270.341271][ T204] vfs_read+0x166/0x380 [ 1270.345401][ T204] ksys_read+0x18c/0x2c0 [ 1270.349630][ T204] ? do_syscall_64+0x150/0x150 [ 1270.354362][ T204] ? vfs_write+0x4f0/0x4f0 [ 1270.358751][ T204] do_syscall_64+0xcb/0x150 [ 1270.363227][ T204] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1270.369087][ T204] RIP: 0033:0x7fd3095a3910 [ 1270.373575][ T204] Code: Bad RIP value. [ 1270.377611][ T204] RSP: 002b:00007ffd91e74528 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1270.385987][ T204] RAX: ffffffffffffffda RBX: 000055651cfe2fb0 RCX: 00007fd3095a3910 [ 1270.393938][ T204] RDX: 0000000000001000 RSI: 000055651cfe31e0 RDI: 0000000000000015 [ 1270.401878][ T204] RBP: 00007fd30985e440 R08: 0000000000000003 R09: 0000000000001010 [ 1270.409905][ T204] R10: 000055651cfe2fb0 R11: 0000000000000246 R12: 0000000000001000 [ 1270.417845][ T204] R13: 0000000000000d68 R14: 000055651cfe31e0 R15: 00007fd30985d900 [ 1270.426873][ T204] Mem-Info: [ 1270.430006][ T204] active_anon:1437984 inactive_anon:4690 isolated_anon:0 [ 1270.430006][ T204] active_file:69 inactive_file:109 isolated_file:0 [ 1270.430006][ T204] unevictable:0 dirty:4 writeback:0 unstable:0 [ 1270.430006][ T204] slab_reclaimable:7228 slab_unreclaimable:72474 [ 1270.430006][ T204] mapped:55399 shmem:4764 pagetables:30079 bounce:0 [ 1270.430006][ T204] free:12884 free_pcp:315 free_cma:0 [ 1270.471170][ T204] Node 0 active_anon:5751836kB inactive_anon:18760kB active_file:668kB inactive_file:6148kB unevictable:0kB isolated(anon):0kB isolated(file):256kB mapped:225996kB dirty:16kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1270.495744][ T204] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1270.536918][ T204] lowmem_reserve[]: 0 2912 6416 6416 [ 1270.542279][ T204] DMA32 free:24404kB min:8740kB low:11720kB high:14700kB active_anon:2842364kB inactive_anon:12kB active_file:1872kB inactive_file:2180kB unevictable:0kB writepending:12kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7296kB pagetables:21384kB bounce:0kB free_pcp:1340kB local_pcp:0kB free_cma:0kB [ 1270.595390][ T204] lowmem_reserve[]: 0 0 3504 3504 [ 1270.601670][ T204] Normal free:5968kB min:5592kB low:9180kB high:12768kB active_anon:2909572kB inactive_anon:18748kB active_file:32kB inactive_file:432kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29600kB pagetables:98932kB bounce:0kB free_pcp:704kB local_pcp:372kB free_cma:0kB [ 1270.633744][ T139] usb 4-1: USB disconnect, device number 19 [ 1270.644636][ T204] lowmem_reserve[]: 0 0 0 0 [ 1270.657366][ T204] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1270.686936][ T204] DMA32: 28*4kB (H) 103*8kB (UMH) 149*16kB (UMH) 68*32kB (MEH) 44*64kB (MH) 8*128kB (MEH) 18*256kB (MH) 14*512kB (ME) 3*1024kB (ME) 0*2048kB 0*4096kB = 24184kB [ 1270.718799][ T204] Normal: 97*4kB (UME) 65*8kB (UE) 33*16kB (UME) 95*32kB (UMEH) 18*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5756kB [ 1270.753326][ T204] 5923 total pagecache pages [ 1270.758854][ T204] 0 pages in swap cache [ 1270.763235][ T204] Swap cache stats: add 0, delete 0, find 0/0 [ 1270.769855][ T204] Free swap = 0kB [ 1270.774755][ T204] Total swap = 0kB [ 1270.779243][ T204] 1965979 pages RAM [ 1270.784258][ T204] 0 pages HighMem/MovableOnly [ 1270.789202][ T204] 318832 pages reserved [ 1270.793824][ T204] 0 pages cma reserved [ 1270.806915][ T204] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=27522,uid=0 [ 1270.840123][ T204] Out of memory: Killed process 27522 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:07:19 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:19 executing program 1: prlimit64(0x0, 0x5, &(0x7f00000001c0)={0x8000000000000, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:19 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) rmdir(&(0x7f0000000000)='./file0\x00') sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:07:20 executing program 0: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snd/timer\x00', 0x8100) ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, &(0x7f0000000140)) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) keyctl$invalidate(0x15, 0x0) 03:07:20 executing program 5: keyctl$KEYCTL_PKEY_DECRYPT(0x1a, &(0x7f0000000240)={0x0, 0x88, 0x48}, 0x0, &(0x7f00000004c0)="c14e8eba0e40013d1a5eaad0214c60bad1e67b19705643b75ff39f5f35bb08b7413f493470f913ab77ec9e1c29ef56b8e0ce8f3f1ad4b1c815793242b1f8e94fa235b0b31646fb44c77711b7ac91ce33ccf039446cd24e00405cfc60797311ed6a36c3e59f8a2a90f302a2afdf22192ab85e10557c68ee8623ffb1bcb1fd5365d51696746bf3812c", &(0x7f0000000580)=""/72) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0xffffffff) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r4}], 0x1, 0x0) ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(r4, 0x8982, &(0x7f0000000000)) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_ENABLE(r5, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0x154, r6, 0x8, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1e}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xac}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfffffffe}]}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x60}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7ff00000}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x10000}]}, @TIPC_NLA_BEARER={0xec, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xd9}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0xfff, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x10000}}, {0x14, 0x2, @in={0x2, 0x4e20, @remote}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x81}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'netpci0\x00'}}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1e3b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}]}, 0x154}, 0x1, 0x0, 0x0, 0x40001}, 0x40) 03:07:20 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000000c0), 0x0, 0x1) close(r2) splice(r1, 0x0, r2, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(r1, &(0x7f0000000000)='cpu.stat\x00', 0x0, 0x0) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000000c000000180005800c00028008000400fcffffff080001"], 0x3}}, 0x0) sendmsg$TIPC_NL_PUBL_GET(r3, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000080)={&(0x7f0000000340)={0x304, r4, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf83}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd42}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}]}, @TIPC_NLA_MEDIA={0x14, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xa623}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x100}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfff}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xffffffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}]}, @TIPC_NLA_LINK={0xd8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xa53}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x96}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}]}, @TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NET={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x5}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xffffffff}]}, @TIPC_NLA_BEARER={0xe8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x15, 0x1, @l2={'ib', 0x3a, 'veth0_to_bond\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7f}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7c7}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xbf}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0xfffffffa, @dev={0xfe, 0x80, [], 0xf}, 0x7}}, {0x14, 0x2, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x1, @dev={0xfe, 0x80, [], 0xb}, 0x9}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x8, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x23}}, 0xba6}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e21, 0x2, @mcast2, 0x3f48}}, {0x14, 0x2, @in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x44}}}}}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x75e6}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x40}, @TIPC_NLA_PUBL_TYPE={0x8}]}]}, 0x304}, 0x1, 0x0, 0x0, 0x20004801}, 0x20010810) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000500), 0x37d, 0x0) 03:07:20 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:20 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1276.339787][ T694] syz-executor.1 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1276.352094][ T694] CPU: 0 PID: 694 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1276.362041][ T694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1276.372073][ T694] Call Trace: [ 1276.375350][ T694] dump_stack+0x14a/0x1ce [ 1276.379642][ T694] ? devkmsg_release+0x11c/0x11c [ 1276.384541][ T694] ? show_regs_print_info+0x12/0x12 [ 1276.389707][ T694] ? radix_tree_cpu_dead+0x160/0x160 [ 1276.394956][ T694] ? _raw_spin_lock+0xa1/0x170 [ 1276.399685][ T694] ? _raw_spin_trylock_bh+0x190/0x190 [ 1276.405033][ T694] dump_header+0xdb/0x700 [ 1276.409334][ T694] oom_kill_process+0xd3/0x280 [ 1276.414064][ T694] out_of_memory+0x5b6/0x890 [ 1276.418618][ T694] ? unregister_oom_notifier+0x20/0x20 [ 1276.424041][ T694] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1276.429557][ T694] ? get_page_from_freelist+0x7c0/0x7c0 [ 1276.435068][ T694] ? flush_tlb_func_common+0x45/0x570 [ 1276.440420][ T694] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1276.445770][ T694] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1276.451287][ T694] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 1276.457321][ T694] ? __perf_event_task_sched_in+0x4f7/0x560 [ 1276.463175][ T694] wp_page_copy+0x1cb/0x1120 [ 1276.467730][ T694] ? add_mm_rss_vec+0x270/0x270 [ 1276.472546][ T694] ? __schedule+0x920/0xef0 [ 1276.477012][ T694] ? vm_normal_page+0x1c9/0x1d0 [ 1276.481854][ T694] do_wp_page+0x4c1/0x1530 [ 1276.486236][ T694] ? _raw_spin_lock+0xa1/0x170 [ 1276.490962][ T694] ? do_swap_page+0x1560/0x1560 [ 1276.495792][ T694] handle_mm_fault+0x1363/0x40b0 [ 1276.500809][ T694] ? finish_fault+0x230/0x230 [ 1276.505493][ T694] ? _raw_spin_unlock_irq+0x5/0x20 [ 1276.510578][ T694] ? vmacache_find+0x3a2/0x4b0 [ 1276.515319][ T694] do_user_addr_fault+0x48a/0x9f0 [ 1276.520352][ T694] page_fault+0x2f/0x40 [ 1276.524484][ T694] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 1276.531037][ T694] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 1276.550611][ T694] RSP: 0018:ffff88802989f888 EFLAGS: 00010206 [ 1276.556647][ T694] RAX: ffffffff81f6e701 RBX: 000000002041c500 RCX: 0000000000000500 [ 1276.564586][ T694] RDX: 0000000000001000 RSI: ffff8880535cab00 RDI: 000000002041c000 [ 1276.572539][ T694] RBP: ffff88802989fda8 R08: dffffc0000000000 R09: ffffed100a6b9600 [ 1276.580483][ T694] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 1276.588425][ T694] R13: 0000000000001000 R14: ffff8880535ca000 R15: 000000002041b500 [ 1276.596380][ T694] ? _copy_to_iter+0x1031/0x1060 [ 1276.601300][ T694] copyout+0x8e/0xb0 [ 1276.605174][ T694] copy_page_to_iter+0x393/0xbd0 [ 1276.610084][ T694] pipe_to_user+0xa3/0x130 [ 1276.614470][ T694] __splice_from_pipe+0x2d3/0x870 [ 1276.619474][ T694] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 1276.624984][ T694] do_vmsplice+0x252/0xee0 [ 1276.629370][ T694] ? __rcu_read_lock+0x50/0x50 [ 1276.634100][ T694] ? xas_find+0x61b/0x6f0 [ 1276.638397][ T694] ? write_pipe_buf+0x1d0/0x1d0 [ 1276.643214][ T694] ? filemap_map_pages+0x10ca/0x1140 [ 1276.648467][ T694] ? __rcu_read_lock+0x50/0x50 [ 1276.653200][ T694] ? check_stack_object+0x5a/0x90 [ 1276.658198][ T694] ? _copy_from_user+0xa4/0xe0 [ 1276.662931][ T694] ? rw_copy_check_uvector+0x2b3/0x310 [ 1276.668359][ T694] ? import_iovec+0x1c2/0x380 [ 1276.673007][ T694] ? dup_iter+0x110/0x110 [ 1276.677306][ T694] ? handle_mm_fault+0xb1e/0x40b0 [ 1276.682308][ T694] __se_sys_vmsplice+0x1fb/0x300 [ 1276.687212][ T694] ? __x64_sys_vmsplice+0xa0/0xa0 [ 1276.692202][ T694] ? put_timespec64+0x109/0x150 [ 1276.697032][ T694] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1276.702627][ T694] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 1276.708314][ T694] ? do_user_addr_fault+0x55c/0x9f0 [ 1276.713479][ T694] do_syscall_64+0xcb/0x150 [ 1276.717947][ T694] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1276.723812][ T694] RIP: 0033:0x45c849 [ 1276.727693][ T694] Code: Bad RIP value. [ 1276.731727][ T694] RSP: 002b:00007fbaa8d76c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 1276.740099][ T694] RAX: ffffffffffffffda RBX: 00007fbaa8d776d4 RCX: 000000000045c849 [ 1276.748036][ T694] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 1276.755973][ T694] RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000 [ 1276.763911][ T694] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1276.771849][ T694] R13: 0000000000000c47 R14: 00000000004ce688 R15: 000000000076c04c [ 1276.781585][ T694] Mem-Info: [ 1276.784779][ T694] active_anon:1441481 inactive_anon:4691 isolated_anon:0 [ 1276.784779][ T694] active_file:12 inactive_file:22 isolated_file:0 [ 1276.784779][ T694] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1276.784779][ T694] slab_reclaimable:7228 slab_unreclaimable:72332 [ 1276.784779][ T694] mapped:55352 shmem:4764 pagetables:30040 bounce:0 [ 1276.784779][ T694] free:9996 free_pcp:124 free_cma:0 [ 1276.822318][ T694] Node 0 active_anon:5765924kB inactive_anon:18764kB active_file:76kB inactive_file:180kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221408kB dirty:0kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1276.847782][ T694] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1276.874277][ T694] lowmem_reserve[]: 0 2912 6416 6416 [ 1276.879605][ T694] DMA32 free:18464kB min:4644kB low:7624kB high:10604kB active_anon:2851520kB inactive_anon:16kB active_file:112kB inactive_file:260kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7008kB pagetables:21240kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1276.908251][ T694] lowmem_reserve[]: 0 0 3504 3504 [ 1276.913264][ T694] Normal free:5508kB min:5592kB low:9180kB high:12768kB active_anon:2914404kB inactive_anon:18748kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29632kB pagetables:98920kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1276.942027][ T694] lowmem_reserve[]: 0 0 0 0 [ 1276.946767][ T694] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1276.960277][ T694] DMA32: 45*4kB (UEH) 23*8kB (UEH) 20*16kB (UEH) 37*32kB (UMEH) 14*64kB (UMEH) 4*128kB (UH) 4*256kB (UEH) 16*512kB (ME) 6*1024kB (UME) 0*2048kB 0*4096kB = 18636kB [ 1276.976682][ T694] Normal: 317*4kB (UMEH) 88*8kB (UMEH) 43*16kB (UME) 49*32kB (UME) 18*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5508kB [ 1276.991469][ T694] 4838 total pagecache pages [ 1276.996306][ T694] 0 pages in swap cache [ 1277.000578][ T694] Swap cache stats: add 0, delete 0, find 0/0 [ 1277.006739][ T694] Free swap = 0kB [ 1277.010575][ T694] Total swap = 0kB [ 1277.014369][ T694] 1965979 pages RAM [ 1277.018243][ T694] 0 pages HighMem/MovableOnly [ 1277.022996][ T694] 318832 pages reserved [ 1277.027281][ T694] 0 pages cma reserved [ 1277.031425][ T694] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=690,uid=0 [ 1277.045488][ T694] Out of memory: Killed process 690 (syz-executor.4) total-vm:75224kB, anon-rss:16560kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 1277.071034][ T23] oom_reaper: reaped process 690 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:07:25 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) timerfd_create(0x8, 0x80000) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:25 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:25 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:25 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') write$FUSE_IOCTL(r0, &(0x7f0000000000)={0x20, 0x0, 0x6, {0x8001, 0x4, 0x7fff, 0x100}}, 0x20) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0), 0x0, 0x1) close(r4) splice(r3, 0x0, r4, 0x0, 0x0, 0x0) ioctl$UI_GET_VERSION(r4, 0x8004552d, &(0x7f0000000040)) preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:07:25 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0), 0x0, 0x1) close(r3) splice(r2, 0x0, r3, 0x0, 0x0, 0x0) ioctl$ION_IOC_HEAP_QUERY(r3, 0xc0184908, &(0x7f0000000040)={0x34}) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:07:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0, 0xffffffea}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x1) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KDFONTOP_COPY(0xffffffffffffffff, 0x4b72, &(0x7f0000000100)={0x3, 0x1, 0x20, 0x10, 0x126, &(0x7f0000000340)}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1278.247449][ T712] modprobe invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1278.269805][ T712] CPU: 1 PID: 712 Comm: modprobe Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1278.279254][ T712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1278.289291][ T712] Call Trace: [ 1278.292567][ T712] dump_stack+0x14a/0x1ce [ 1278.296879][ T712] ? devkmsg_release+0x11c/0x11c [ 1278.301801][ T712] ? show_regs_print_info+0x12/0x12 [ 1278.306978][ T712] ? radix_tree_cpu_dead+0x160/0x160 [ 1278.312252][ T712] ? _raw_spin_lock+0xa1/0x170 [ 1278.317019][ T712] ? _raw_spin_trylock_bh+0x190/0x190 [ 1278.322367][ T712] dump_header+0xdb/0x700 [ 1278.326764][ T712] oom_kill_process+0xd3/0x280 [ 1278.331596][ T712] out_of_memory+0x5b6/0x890 [ 1278.336255][ T712] ? unregister_oom_notifier+0x20/0x20 [ 1278.341694][ T712] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1278.347231][ T712] ? get_page_from_freelist+0x7c0/0x7c0 [ 1278.352763][ T712] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1278.358114][ T712] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1278.363642][ T712] ? __rcu_read_lock+0x50/0x50 [ 1278.368388][ T712] ? ___preempt_schedule+0x16/0x20 [ 1278.373483][ T712] handle_mm_fault+0x1698/0x40b0 [ 1278.378411][ T712] ? finish_fault+0x230/0x230 [ 1278.383073][ T712] ? is_mmconf_reserved+0x410/0x410 [ 1278.388265][ T712] ? vmacache_update+0x9f/0xf0 [ 1278.393015][ T712] do_user_addr_fault+0x48a/0x9f0 [ 1278.398026][ T712] page_fault+0x2f/0x40 [ 1278.402160][ T712] RIP: 0033:0x7f27c130b325 [ 1278.406554][ T712] Code: 80 00 00 00 e8 dc ed 00 00 66 90 66 2e 0f 1f 84 00 00 00 00 00 41 57 41 56 41 55 41 54 55 53 48 81 ec 88 00 00 00 45 8b 61 08 <48> 89 3c 24 48 89 54 24 48 48 89 4c 24 08 4c 89 44 24 30 48 8b ac [ 1278.426133][ T712] RSP: 002b:00007ffce798afe0 EFLAGS: 00010202 [ 1278.432179][ T712] RAX: 0000000000000000 RBX: 00007f27c151f358 RCX: 00007f27c0f69b98 [ 1278.440129][ T712] RDX: 00007ffce798b120 RSI: 000000003de00ec7 RDI: 00007f27c0f788a9 [ 1278.448075][ T712] RBP: 00007ffce798b1c0 R08: 00007ffce798b130 R09: 00007f27c1527428 [ 1278.456021][ T712] R10: 00007f27c151f000 R11: 0000000000000010 R12: 0000000000000003 [ 1278.463974][ T712] R13: 0000000000000001 R14: 0000000000000000 R15: 00007ffce798b1e8 [ 1278.479400][ T712] Mem-Info: [ 1278.482559][ T712] active_anon:1440402 inactive_anon:4691 isolated_anon:0 [ 1278.482559][ T712] active_file:223 inactive_file:544 isolated_file:88 [ 1278.482559][ T712] unevictable:0 dirty:7 writeback:0 unstable:0 [ 1278.482559][ T712] slab_reclaimable:7231 slab_unreclaimable:72194 [ 1278.482559][ T712] mapped:56079 shmem:4764 pagetables:30176 bounce:0 [ 1278.482559][ T712] free:9912 free_pcp:160 free_cma:0 [ 1278.520351][ T712] Node 0 active_anon:5761608kB inactive_anon:18764kB active_file:892kB inactive_file:2176kB unevictable:0kB isolated(anon):0kB isolated(file):352kB mapped:224316kB dirty:28kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1278.544719][ T712] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1278.570796][ T712] lowmem_reserve[]: 0 2912 6416 6416 [ 1278.576192][ T712] DMA32 free:18604kB min:4644kB low:7624kB high:10604kB active_anon:2844540kB inactive_anon:16kB active_file:840kB inactive_file:1616kB unevictable:0kB writepending:20kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7616kB pagetables:21568kB bounce:0kB free_pcp:380kB local_pcp:0kB free_cma:0kB [ 1278.638389][ T712] lowmem_reserve[]: 0 0 3504 3504 [ 1278.652738][ T712] Normal free:5140kB min:5592kB low:9180kB high:12768kB active_anon:2917068kB inactive_anon:18748kB active_file:52kB inactive_file:164kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29728kB pagetables:99136kB bounce:0kB free_pcp:40kB local_pcp:0kB free_cma:0kB [ 1278.700246][ T712] lowmem_reserve[]: 0 0 0 0 [ 1278.707879][ T712] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1278.727935][ T712] DMA32: 169*4kB (MH) 30*8kB (UMH) 4*16kB (UMH) 9*32kB (UM) 10*64kB (UMH) 5*128kB (MH) 12*256kB (UMH) 14*512kB (UM) 5*1024kB (UM) 0*2048kB 0*4096kB = 17908kB [ 1278.744017][ T712] Normal: 220*4kB (UMEH) 110*8kB (UMEH) 33*16kB (UME) 17*32kB (UME) 12*64kB (UMH) 3*128kB (MH) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 5264kB [ 1278.760601][ T712] 4835 total pagecache pages [ 1278.765286][ T712] 0 pages in swap cache [ 1278.769727][ T712] Swap cache stats: add 0, delete 0, find 0/0 [ 1278.775871][ T712] Free swap = 0kB [ 1278.779757][ T712] Total swap = 0kB [ 1278.783623][ T712] 1965979 pages RAM [ 1278.787447][ T712] 0 pages HighMem/MovableOnly [ 1278.792125][ T712] 318832 pages reserved [ 1278.796669][ T712] 0 pages cma reserved [ 1278.800760][ T712] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=689,uid=0 [ 1278.814937][ T712] Out of memory: Killed process 689 (syz-executor.0) total-vm:75356kB, anon-rss:16572kB, file-rss:34752kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1279.179012][ T718] syz-executor.4 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1279.205975][ T718] CPU: 0 PID: 718 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1279.216115][ T718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1279.226142][ T718] Call Trace: [ 1279.229409][ T718] dump_stack+0x14a/0x1ce [ 1279.233711][ T718] ? devkmsg_release+0x11c/0x11c [ 1279.238619][ T718] ? show_regs_print_info+0x12/0x12 [ 1279.243788][ T718] ? radix_tree_cpu_dead+0x160/0x160 [ 1279.249045][ T718] ? _raw_spin_lock+0xa1/0x170 [ 1279.253778][ T718] ? _raw_spin_trylock_bh+0x190/0x190 [ 1279.259121][ T718] dump_header+0xdb/0x700 [ 1279.263423][ T718] oom_kill_process+0xd3/0x280 [ 1279.268173][ T718] out_of_memory+0x5b6/0x890 [ 1279.272740][ T718] ? unregister_oom_notifier+0x20/0x20 [ 1279.278166][ T718] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1279.283683][ T718] ? get_page_from_freelist+0x7c0/0x7c0 [ 1279.289213][ T718] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1279.294553][ T718] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1279.300064][ T718] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 1279.306099][ T718] ? __perf_event_task_sched_in+0x4f7/0x560 [ 1279.311961][ T718] wp_page_copy+0x1cb/0x1120 [ 1279.316518][ T718] ? add_mm_rss_vec+0x270/0x270 [ 1279.321334][ T718] ? __schedule+0x920/0xef0 [ 1279.325801][ T718] ? vm_normal_page+0x1c9/0x1d0 [ 1279.330616][ T718] do_wp_page+0x4c1/0x1530 [ 1279.334998][ T718] ? _raw_spin_lock+0xa1/0x170 [ 1279.339725][ T718] ? do_swap_page+0x1560/0x1560 [ 1279.344559][ T718] handle_mm_fault+0x1363/0x40b0 [ 1279.349468][ T718] ? finish_fault+0x230/0x230 [ 1279.354114][ T718] ? _raw_spin_unlock_irq+0x5/0x20 [ 1279.359194][ T718] ? vmacache_find+0x3a2/0x4b0 [ 1279.363929][ T718] do_user_addr_fault+0x48a/0x9f0 [ 1279.368929][ T718] page_fault+0x2f/0x40 [ 1279.373074][ T718] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 1279.379637][ T718] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 1279.399209][ T718] RSP: 0018:ffff88801b697888 EFLAGS: 00010206 [ 1279.405259][ T718] RAX: ffffffff81f6e701 RBX: 0000000020d56500 RCX: 0000000000000500 [ 1279.413200][ T718] RDX: 0000000000001000 RSI: ffff88801b7b2b00 RDI: 0000000020d56000 [ 1279.421138][ T718] RBP: ffff88801b697da8 R08: dffffc0000000000 R09: ffffed10036f6600 [ 1279.429079][ T718] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 1279.437019][ T718] R13: 0000000000001000 R14: ffff88801b7b2000 R15: 0000000020d55500 [ 1279.444959][ T718] ? _copy_to_iter+0x1031/0x1060 [ 1279.449862][ T718] copyout+0x8e/0xb0 [ 1279.453728][ T718] copy_page_to_iter+0x393/0xbd0 [ 1279.458636][ T718] pipe_to_user+0xa3/0x130 [ 1279.463024][ T718] __splice_from_pipe+0x2d3/0x870 [ 1279.468018][ T718] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 1279.473533][ T718] do_vmsplice+0x252/0xee0 [ 1279.477919][ T718] ? avc_ss_reset+0x3a0/0x3a0 [ 1279.482564][ T718] ? write_pipe_buf+0x1d0/0x1d0 [ 1279.487380][ T718] ? __rcu_read_lock+0x50/0x50 [ 1279.492121][ T718] ? check_stack_object+0x5a/0x90 [ 1279.497122][ T718] ? _copy_from_user+0xa4/0xe0 [ 1279.501860][ T718] ? rw_copy_check_uvector+0x2b3/0x310 [ 1279.507287][ T718] ? import_iovec+0x1c2/0x380 [ 1279.511951][ T718] ? dup_iter+0x110/0x110 [ 1279.516251][ T718] ? do_vfs_ioctl+0x780/0x1750 [ 1279.520984][ T718] __se_sys_vmsplice+0x1fb/0x300 [ 1279.525889][ T718] ? __x64_sys_vmsplice+0xa0/0xa0 [ 1279.530880][ T718] ? put_timespec64+0x109/0x150 [ 1279.535705][ T718] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1279.541313][ T718] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 1279.547013][ T718] do_syscall_64+0xcb/0x150 [ 1279.551490][ T718] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1279.557359][ T718] RIP: 0033:0x45c849 [ 1279.561243][ T718] Code: Bad RIP value. [ 1279.565278][ T718] RSP: 002b:00007faf0c2acc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 1279.573672][ T718] RAX: ffffffffffffffda RBX: 00007faf0c2ad6d4 RCX: 000000000045c849 [ 1279.581623][ T718] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 1279.589563][ T718] RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000 [ 1279.597505][ T718] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1279.605449][ T718] R13: 0000000000000c47 R14: 00000000004ce688 R15: 000000000076c04c [ 1279.614505][ T718] Mem-Info: [ 1279.618699][ T718] active_anon:1440562 inactive_anon:4691 isolated_anon:0 [ 1279.618699][ T718] active_file:288 inactive_file:268 isolated_file:32 [ 1279.618699][ T718] unevictable:0 dirty:5 writeback:0 unstable:0 [ 1279.618699][ T718] slab_reclaimable:7233 slab_unreclaimable:72126 [ 1279.618699][ T718] mapped:55842 shmem:4764 pagetables:30098 bounce:0 [ 1279.618699][ T718] free:10412 free_pcp:100 free_cma:0 [ 1279.688828][ T718] Node 0 active_anon:5762248kB inactive_anon:18764kB active_file:680kB inactive_file:652kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:222468kB dirty:20kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1279.713218][ T718] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1279.748383][ T718] lowmem_reserve[]: 0 2912 6416 6416 [ 1279.753808][ T718] DMA32 free:21412kB min:8740kB low:11720kB high:14700kB active_anon:2845332kB inactive_anon:16kB active_file:976kB inactive_file:560kB unevictable:0kB writepending:16kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7232kB pagetables:21228kB bounce:0kB free_pcp:120kB local_pcp:40kB free_cma:0kB [ 1279.783731][ T718] lowmem_reserve[]: 0 0 3504 3504 [ 1279.789734][ T718] Normal free:5144kB min:5592kB low:9180kB high:12768kB active_anon:2916916kB inactive_anon:18748kB active_file:76kB inactive_file:112kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29696kB pagetables:99164kB bounce:0kB free_pcp:1176kB local_pcp:240kB free_cma:0kB [ 1279.819192][ T718] lowmem_reserve[]: 0 0 0 0 [ 1279.823690][ T718] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1279.837542][ T718] DMA32: 138*4kB (MEH) 80*8kB (UMH) 34*16kB (UMH) 22*32kB (UMEH) 20*64kB (MEH) 7*128kB (MH) 13*256kB (MH) 14*512kB (ME) 5*1024kB (ME) 0*2048kB 0*4096kB = 20232kB [ 1279.853920][ T718] Normal: 115*4kB (UEH) 66*8kB (UEH) 32*16kB (UE) 22*32kB (UMEH) 11*64kB (UMH) 5*128kB (MH) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 4828kB [ 1279.869630][ T718] 5431 total pagecache pages [ 1279.874312][ T718] 0 pages in swap cache [ 1279.878586][ T718] Swap cache stats: add 0, delete 0, find 0/0 [ 1279.884751][ T718] Free swap = 0kB [ 1279.889633][ T718] Total swap = 0kB [ 1279.904590][ T718] 1965979 pages RAM [ 1279.914862][ T718] 0 pages HighMem/MovableOnly [ 1279.919886][ T718] 318832 pages reserved [ 1279.924295][ T718] 0 pages cma reserved [ 1279.928533][ T718] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=729,uid=0 [ 1279.943069][ T718] Out of memory: Killed process 729 (syz-executor.0) total-vm:75356kB, anon-rss:16572kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:07:28 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:29 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:30 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffe000/0x1000)=nil, 0x1000}, &(0x7f0000000040)=0x10) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) [ 1283.389206][ T736] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1283.405417][ T736] CPU: 0 PID: 736 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1283.415396][ T736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1283.425431][ T736] Call Trace: [ 1283.428707][ T736] dump_stack+0x14a/0x1ce [ 1283.433033][ T736] ? devkmsg_release+0x11c/0x11c [ 1283.437957][ T736] ? show_regs_print_info+0x12/0x12 [ 1283.443132][ T736] ? radix_tree_cpu_dead+0x160/0x160 [ 1283.448391][ T736] ? _raw_spin_lock+0xa1/0x170 [ 1283.453124][ T736] ? _raw_spin_trylock_bh+0x190/0x190 [ 1283.458468][ T736] dump_header+0xdb/0x700 [ 1283.462769][ T736] oom_kill_process+0xd3/0x280 [ 1283.467501][ T736] out_of_memory+0x5b6/0x890 [ 1283.472062][ T736] ? unregister_oom_notifier+0x20/0x20 [ 1283.477491][ T736] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1283.483022][ T736] ? unwind_get_return_address+0x48/0x90 [ 1283.488628][ T736] ? get_page_from_freelist+0x7c0/0x7c0 [ 1283.494143][ T736] ? __zone_watermark_ok+0x96/0x260 [ 1283.499311][ T736] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1283.504650][ T736] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1283.510166][ T736] ? copy_process+0x5a4/0x5150 [ 1283.514897][ T736] ? kmem_cache_alloc+0x1d2/0x260 [ 1283.519891][ T736] copy_process+0x5f3/0x5150 [ 1283.524534][ T736] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 1283.530048][ T736] ? _raw_spin_lock+0xa1/0x170 [ 1283.534792][ T736] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 1283.540567][ T736] ? fork_idle+0x290/0x290 [ 1283.544953][ T736] ? _raw_spin_unlock+0x5/0x20 [ 1283.549686][ T736] ? handle_mm_fault+0xb1e/0x40b0 [ 1283.554698][ T736] _do_fork+0x196/0x920 [ 1283.558824][ T736] ? dup_mm+0x300/0x300 [ 1283.562959][ T736] __x64_sys_clone+0x25f/0x2c0 [ 1283.567802][ T736] ? __ia32_sys_vfork+0x110/0x110 [ 1283.572801][ T736] ? do_user_addr_fault+0x55c/0x9f0 [ 1283.578059][ T736] do_syscall_64+0xcb/0x150 [ 1283.582533][ T736] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1283.588399][ T736] RIP: 0033:0x45f219 [ 1283.592263][ T736] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1283.611836][ T736] RSP: 002b:00007fff19d28aa8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1283.620212][ T736] RAX: ffffffffffffffda RBX: 00007fbaa8d56700 RCX: 000000000045f219 [ 1283.628148][ T736] RDX: 00007fbaa8d569d0 RSI: 00007fbaa8d55db0 RDI: 00000000003d0f00 [ 1283.636092][ T736] RBP: 00007fff19d28cc0 R08: 00007fbaa8d56700 R09: 00007fbaa8d56700 [ 1283.644037][ T736] R10: 00007fbaa8d569d0 R11: 0000000000000202 R12: 0000000000000000 [ 1283.651976][ T736] R13: 00007fff19d28b5f R14: 00007fbaa8d569c0 R15: 000000000076c0ec [ 1283.666307][ T736] Mem-Info: [ 1283.669746][ T736] active_anon:1440953 inactive_anon:4691 isolated_anon:0 [ 1283.669746][ T736] active_file:28 inactive_file:18 isolated_file:0 [ 1283.669746][ T736] unevictable:0 dirty:2 writeback:0 unstable:0 [ 1283.669746][ T736] slab_reclaimable:7237 slab_unreclaimable:72494 [ 1283.669746][ T736] mapped:55384 shmem:4764 pagetables:30063 bounce:0 [ 1283.669746][ T736] free:10063 free_pcp:222 free_cma:0 [ 1283.708136][ T736] Node 0 active_anon:5763812kB inactive_anon:18764kB active_file:312kB inactive_file:272kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221636kB dirty:8kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1283.740441][ T736] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1283.770259][ T736] lowmem_reserve[]: 0 2912 6416 6416 [ 1283.775566][ T736] DMA32 free:18180kB min:4644kB low:7624kB high:10604kB active_anon:2845220kB inactive_anon:12kB active_file:124kB inactive_file:276kB unevictable:0kB writepending:8kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7104kB pagetables:21208kB bounce:0kB free_pcp:484kB local_pcp:0kB free_cma:0kB [ 1283.804427][ T736] lowmem_reserve[]: 0 0 3504 3504 [ 1283.809569][ T736] Normal free:5528kB min:5592kB low:9180kB high:12768kB active_anon:2918020kB inactive_anon:18752kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29664kB pagetables:99044kB bounce:0kB free_pcp:932kB local_pcp:152kB free_cma:0kB [ 1283.838538][ T736] lowmem_reserve[]: 0 0 0 0 [ 1283.843025][ T736] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1283.856352][ T736] DMA32: 98*4kB (UMH) 38*8kB (UMH) 9*16kB (MEH) 25*32kB (UMEH) 40*64kB (UMH) 12*128kB (MH) 14*256kB (UMH) 13*512kB (UM) 3*1024kB (M) 0*2048kB 0*4096kB = 19048kB [ 1283.872428][ T736] Normal: 212*4kB (UME) 106*8kB (UMEH) 76*16kB (UEH) 13*32kB (UEH) 3*64kB (H) 4*128kB (MH) 4*256kB (MH) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 5568kB [ 1283.902775][ T736] 4867 total pagecache pages [ 1283.907447][ T736] 0 pages in swap cache [ 1283.911658][ T736] Swap cache stats: add 0, delete 0, find 0/0 [ 1283.917893][ T736] Free swap = 0kB [ 1283.921610][ T736] Total swap = 0kB [ 1283.925315][ T736] 1965979 pages RAM [ 1283.929156][ T736] 0 pages HighMem/MovableOnly [ 1283.933834][ T736] 318832 pages reserved [ 1283.937964][ T736] 0 pages cma reserved [ 1283.941995][ T736] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=731,uid=0 [ 1283.955920][ T736] Out of memory: Killed process 731 (syz-executor.4) total-vm:75092kB, anon-rss:16552kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 1283.973255][ T23] oom_reaper: reaped process 731 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:07:32 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0), 0x0, 0x1) close(r3) splice(r2, 0x0, r3, 0x0, 0x0, 0x0) ioctl$ION_IOC_HEAP_QUERY(r3, 0xc0184908, &(0x7f0000000040)={0x34}) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:07:32 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:32 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0), 0x0, 0x1) close(r4) splice(r3, 0x0, r4, 0x0, 0x0, 0x0) ioctl$HIDIOCGPHYS(r4, 0x80404812, &(0x7f0000000180)) getegid() write(r2, &(0x7f0000000340), 0x41395527) setxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)=@known='system.advise\x00', &(0x7f0000000140)='\x00', 0x1, 0x2) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$NS_GET_USERNS(0xffffffffffffffff, 0xb701, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x15, &(0x7f00000000c0)=0x2000000000000074, 0x4) 03:07:32 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f020000000000000000014d0000000000000b520cfe5f"], 0x3}, 0x1, 0xfffffff0}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r1, 0x400, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x81) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0xffffffff, 0x0, 0x0, 0x4b, 0x8}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1284.899928][ T768] systemd-udevd invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1284.920426][ T768] CPU: 0 PID: 768 Comm: systemd-udevd Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1284.930325][ T768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1284.940354][ T768] Call Trace: [ 1284.943618][ T768] dump_stack+0x14a/0x1ce [ 1284.947928][ T768] ? devkmsg_release+0x11c/0x11c [ 1284.952846][ T768] ? show_regs_print_info+0x12/0x12 [ 1284.958023][ T768] ? radix_tree_cpu_dead+0x160/0x160 [ 1284.963283][ T768] ? _raw_spin_lock+0xa1/0x170 [ 1284.968019][ T768] ? _raw_spin_trylock_bh+0x190/0x190 [ 1284.973360][ T768] dump_header+0xdb/0x700 [ 1284.977707][ T768] oom_kill_process+0xd3/0x280 [ 1284.982462][ T768] out_of_memory+0x5b6/0x890 [ 1284.987035][ T768] ? unregister_oom_notifier+0x20/0x20 [ 1284.992470][ T768] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1284.997990][ T768] ? get_page_from_freelist+0x7c0/0x7c0 [ 1285.003513][ T768] ? __zone_watermark_ok+0x96/0x260 [ 1285.008683][ T768] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1285.014031][ T768] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1285.019549][ T768] ? lockref_get+0x1c2/0x2b0 [ 1285.024124][ T768] ? blk_crypto_keyslot_evict+0x160/0x160 [ 1285.029817][ T768] ? find_inode_fast+0x3f9/0x4b0 [ 1285.034730][ T768] __get_free_pages+0xa/0x30 [ 1285.039297][ T768] inode_doinit_with_dentry+0x950/0x10e0 [ 1285.044907][ T768] ? __wake_up_bit+0x180/0x180 [ 1285.049643][ T768] ? sb_finish_set_opts+0x7e0/0x7e0 [ 1285.054809][ T768] ? current_time+0x1be/0x2f0 [ 1285.059470][ T768] ? atime_needs_update+0x570/0x570 [ 1285.064640][ T768] security_d_instantiate+0x90/0xf0 [ 1285.069808][ T768] d_splice_alias+0x71/0x590 [ 1285.074370][ T768] kernfs_iop_lookup+0x17a/0x1f0 [ 1285.079280][ T768] __lookup_slow+0x312/0x490 [ 1285.083850][ T768] ? lookup_one_len2+0x2d0/0x2d0 [ 1285.088762][ T768] walk_component+0x3ee/0x970 [ 1285.093415][ T768] ? follow_managed+0x950/0x950 [ 1285.098270][ T768] ? generic_permission+0x13a/0x4a0 [ 1285.103446][ T768] ? security_inode_permission+0xda/0x110 [ 1285.109137][ T768] link_path_walk+0x72b/0x1500 [ 1285.113875][ T768] ? path_init+0x887/0x1220 [ 1285.118443][ T768] ? path_init+0x1220/0x1220 [ 1285.123007][ T768] ? path_init+0x962/0x1220 [ 1285.127488][ T768] path_lookupat+0xd2/0xa60 [ 1285.131965][ T768] ? kmem_cache_alloc+0x1d2/0x260 [ 1285.136961][ T768] ? getname_flags+0xb8/0x610 [ 1285.141609][ T768] ? user_path_at_empty+0x28/0x50 [ 1285.146601][ T768] ? do_readlinkat+0x119/0x3c0 [ 1285.151330][ T768] ? __x64_sys_readlinkat+0x96/0xb0 [ 1285.156497][ T768] ? do_syscall_64+0xcb/0x150 [ 1285.161143][ T768] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1285.167178][ T768] ? filename_lookup+0x6e0/0x6e0 [ 1285.172083][ T768] filename_lookup+0x254/0x6e0 [ 1285.176813][ T768] ? hashlen_string+0x120/0x120 [ 1285.181629][ T768] ? getname_flags+0x20d/0x610 [ 1285.186358][ T768] do_readlinkat+0x119/0x3c0 [ 1285.190919][ T768] ? cp_old_stat+0x8a0/0x8a0 [ 1285.195490][ T768] ? do_syscall_64+0x150/0x150 [ 1285.200224][ T768] ? __fput+0x4fd/0x6c0 [ 1285.204348][ T768] __x64_sys_readlinkat+0x96/0xb0 [ 1285.209363][ T768] do_syscall_64+0xcb/0x150 [ 1285.213936][ T768] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1285.219806][ T768] RIP: 0033:0x7fe708ef00ba [ 1285.224198][ T768] Code: 48 8b 0d e1 bd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 49 89 ca b8 0b 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ae bd 2b 00 f7 d8 64 89 01 48 [ 1285.243772][ T768] RSP: 002b:00007fff9cd55928 EFLAGS: 00000206 ORIG_RAX: 000000000000010b [ 1285.252156][ T768] RAX: ffffffffffffffda RBX: 0000558aef199fa0 RCX: 00007fe708ef00ba [ 1285.260123][ T768] RDX: 0000558aef199fa0 RSI: 0000558aef19a570 RDI: 00000000ffffff9c [ 1285.268076][ T768] RBP: 0000000000000064 R08: 0000558aee578670 R09: 0000000000000070 [ 1285.276025][ T768] R10: 0000000000000063 R11: 0000000000000206 R12: 0000558aef19a570 [ 1285.283968][ T768] R13: 00000000ffffff9c R14: 00007fff9cd55980 R15: 0000000000000063 [ 1285.329848][ T768] Mem-Info: [ 1285.336073][ T768] active_anon:1440056 inactive_anon:4691 isolated_anon:0 [ 1285.336073][ T768] active_file:473 inactive_file:429 isolated_file:19 [ 1285.336073][ T768] unevictable:0 dirty:33 writeback:0 unstable:0 [ 1285.336073][ T768] slab_reclaimable:7237 slab_unreclaimable:72413 [ 1285.336073][ T768] mapped:56243 shmem:4764 pagetables:30156 bounce:0 [ 1285.336073][ T768] free:10010 free_pcp:39 free_cma:0 [ 1285.429709][ T768] Node 0 active_anon:5760760kB inactive_anon:18760kB active_file:952kB inactive_file:996kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:223620kB dirty:96kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1285.465946][ T768] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1285.492535][ T768] lowmem_reserve[]: 0 2912 6416 6416 [ 1285.498584][ T768] DMA32 free:18028kB min:4644kB low:7624kB high:10604kB active_anon:2842964kB inactive_anon:8kB active_file:1180kB inactive_file:1356kB unevictable:0kB writepending:84kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7520kB pagetables:21404kB bounce:0kB free_pcp:708kB local_pcp:456kB free_cma:0kB [ 1285.554356][ T768] lowmem_reserve[]: 0 0 3504 3504 [ 1285.568774][ T768] Normal free:5576kB min:24744kB low:28332kB high:31920kB active_anon:2917900kB inactive_anon:18752kB active_file:360kB inactive_file:764kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29792kB pagetables:99272kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1285.598456][ T768] lowmem_reserve[]: 0 0 0 0 [ 1285.603182][ T768] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1285.616725][ T768] DMA32: 102*4kB (UMH) 62*8kB (UMH) 8*16kB (UMEH) 15*32kB (UMEH) 36*64kB (UMH) 16*128kB (UMH) 13*256kB (MH) 13*512kB (M) 2*1024kB (M) 0*2048kB 0*4096kB = 17896kB [ 1285.633298][ T768] Normal: 219*4kB (UMEH) 112*8kB (UMEH) 84*16kB (UMEH) 22*32kB (UMEH) 8*64kB (UMH) 3*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 5996kB [ 1285.649096][ T768] 5263 total pagecache pages [ 1285.653866][ T768] 0 pages in swap cache [ 1285.658377][ T768] Swap cache stats: add 0, delete 0, find 0/0 [ 1285.664633][ T768] Free swap = 0kB [ 1285.668563][ T768] Total swap = 0kB [ 1285.672449][ T768] 1965979 pages RAM [ 1285.676471][ T768] 0 pages HighMem/MovableOnly [ 1285.681326][ T768] 318832 pages reserved [ 1285.685647][ T768] 0 pages cma reserved [ 1285.689930][ T768] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=27380,uid=0 [ 1285.704222][ T768] Out of memory: Killed process 27380 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:07:34 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:34 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:34 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r5}], 0x1, 0x0) read(r5, &(0x7f0000000340)=""/216, 0xd8) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:34 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1287.717735][ T790] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1287.749517][ T790] CPU: 1 PID: 790 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1287.759505][ T790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1287.769543][ T790] Call Trace: [ 1287.772837][ T790] dump_stack+0x14a/0x1ce [ 1287.777158][ T790] ? devkmsg_release+0x11c/0x11c [ 1287.782080][ T790] ? show_regs_print_info+0x12/0x12 [ 1287.787267][ T790] ? radix_tree_cpu_dead+0x160/0x160 [ 1287.792532][ T790] ? _raw_spin_lock+0xa1/0x170 [ 1287.797271][ T790] ? _raw_spin_trylock_bh+0x190/0x190 [ 1287.802618][ T790] dump_header+0xdb/0x700 [ 1287.806926][ T790] oom_kill_process+0xd3/0x280 [ 1287.811665][ T790] out_of_memory+0x5b6/0x890 [ 1287.816219][ T790] ? unregister_oom_notifier+0x20/0x20 [ 1287.821642][ T790] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1287.827151][ T790] ? unwind_get_return_address+0x48/0x90 [ 1287.832763][ T790] ? get_page_from_freelist+0x7c0/0x7c0 [ 1287.838274][ T790] ? __zone_watermark_ok+0x96/0x260 [ 1287.843453][ T790] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1287.848788][ T790] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1287.854302][ T790] ? copy_process+0x5a4/0x5150 [ 1287.859148][ T790] ? copy_process+0x5a4/0x5150 [ 1287.863878][ T790] ? kmem_cache_alloc+0x1d2/0x260 [ 1287.868869][ T790] copy_process+0x5f3/0x5150 [ 1287.873423][ T790] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 1287.878936][ T790] ? _raw_spin_lock+0xa1/0x170 [ 1287.883669][ T790] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 1287.889440][ T790] ? fork_idle+0x290/0x290 [ 1287.893850][ T790] ? _raw_spin_unlock+0x5/0x20 [ 1287.898584][ T790] ? handle_mm_fault+0xb1e/0x40b0 [ 1287.903575][ T790] _do_fork+0x196/0x920 [ 1287.907697][ T790] ? dup_mm+0x300/0x300 [ 1287.911813][ T790] __x64_sys_clone+0x25f/0x2c0 [ 1287.916571][ T790] ? __ia32_sys_vfork+0x110/0x110 [ 1287.921562][ T790] ? do_user_addr_fault+0x55c/0x9f0 [ 1287.926725][ T790] do_syscall_64+0xcb/0x150 [ 1287.931192][ T790] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1287.937062][ T790] RIP: 0033:0x45f219 [ 1287.940930][ T790] Code: Bad RIP value. [ 1287.944972][ T790] RSP: 002b:00007fff19d28aa8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1287.953347][ T790] RAX: ffffffffffffffda RBX: 00007fbaa8d35700 RCX: 000000000045f219 [ 1287.961283][ T790] RDX: 00007fbaa8d359d0 RSI: 00007fbaa8d34db0 RDI: 00000000003d0f00 [ 1287.969221][ T790] RBP: 00007fff19d28cc0 R08: 00007fbaa8d35700 R09: 00007fbaa8d35700 [ 1287.977161][ T790] R10: 00007fbaa8d359d0 R11: 0000000000000202 R12: 0000000000000000 [ 1287.985114][ T790] R13: 00007fff19d28b5f R14: 00007fbaa8d359c0 R15: 000000000076c18c [ 1288.002043][ T790] Mem-Info: [ 1288.009550][ T790] active_anon:1440613 inactive_anon:4691 isolated_anon:0 [ 1288.009550][ T790] active_file:78 inactive_file:199 isolated_file:28 [ 1288.009550][ T790] unevictable:0 dirty:3 writeback:0 unstable:0 [ 1288.009550][ T790] slab_reclaimable:7231 slab_unreclaimable:72507 [ 1288.009550][ T790] mapped:55592 shmem:4764 pagetables:30113 bounce:0 [ 1288.009550][ T790] free:10070 free_pcp:391 free_cma:0 [ 1288.063062][ T790] Node 0 active_anon:5762452kB inactive_anon:18764kB active_file:76kB inactive_file:200kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221668kB dirty:12kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1288.087377][ T790] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1288.113420][ T790] lowmem_reserve[]: 0 2912 6416 6416 [ 1288.118816][ T790] DMA32 free:18260kB min:4644kB low:7624kB high:10604kB active_anon:2842440kB inactive_anon:16kB active_file:180kB inactive_file:0kB unevictable:0kB writepending:12kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7168kB pagetables:21316kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 1288.156568][ T790] lowmem_reserve[]: 0 0 3504 3504 [ 1288.161695][ T790] Normal free:6236kB min:5592kB low:9180kB high:12768kB active_anon:2920184kB inactive_anon:18748kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29824kB pagetables:99136kB bounce:0kB free_pcp:236kB local_pcp:0kB free_cma:0kB [ 1288.190598][ T790] lowmem_reserve[]: 0 0 0 0 [ 1288.195137][ T790] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1288.208484][ T790] DMA32: 129*4kB (UMEH) 16*8kB (UMEH) 99*16kB (UMH) 14*32kB (UME) 6*64kB (UH) 7*128kB (UMH) 6*256kB (MH) 16*512kB (UM) 3*1024kB (M) 1*2048kB (M) 0*4096kB = 18804kB [ 1288.224906][ T790] Normal: 154*4kB (UMH) 129*8kB (UMEH) 90*16kB (UMEH) 26*32kB (UMEH) 10*64kB (UH) 3*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 6224kB [ 1288.240488][ T790] 4830 total pagecache pages [ 1288.245348][ T790] 0 pages in swap cache [ 1288.249580][ T790] Swap cache stats: add 0, delete 0, find 0/0 [ 1288.255641][ T790] Free swap = 0kB [ 1288.259337][ T790] Total swap = 0kB [ 1288.263041][ T790] 1965979 pages RAM [ 1288.266853][ T790] 0 pages HighMem/MovableOnly [ 1288.271504][ T790] 318832 pages reserved [ 1288.276103][ T790] 0 pages cma reserved [ 1288.280169][ T790] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=805,uid=0 [ 1288.294151][ T790] Out of memory: Killed process 805 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:34692kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1288.312875][ T23] oom_reaper: reaped process 805 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1289.399436][ T796] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1289.412691][ T796] CPU: 1 PID: 796 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1289.422677][ T796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1289.432708][ T796] Call Trace: [ 1289.435974][ T796] dump_stack+0x14a/0x1ce [ 1289.440275][ T796] ? devkmsg_release+0x11c/0x11c [ 1289.445192][ T796] ? show_regs_print_info+0x12/0x12 [ 1289.450361][ T796] ? radix_tree_cpu_dead+0x160/0x160 [ 1289.455618][ T796] ? _raw_spin_lock+0xa1/0x170 [ 1289.460350][ T796] ? _raw_spin_trylock_bh+0x190/0x190 [ 1289.465689][ T796] dump_header+0xdb/0x700 [ 1289.469986][ T796] oom_kill_process+0xd3/0x280 [ 1289.474719][ T796] out_of_memory+0x5b6/0x890 [ 1289.479277][ T796] ? unregister_oom_notifier+0x20/0x20 [ 1289.484719][ T796] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1289.490237][ T796] ? get_page_from_freelist+0x7c0/0x7c0 [ 1289.495753][ T796] ? __zone_watermark_ok+0x96/0x260 [ 1289.500920][ T796] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1289.506262][ T796] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1289.511778][ T796] ? copy_process+0x5a4/0x5150 [ 1289.516515][ T796] ? kmem_cache_alloc+0x1d2/0x260 [ 1289.521505][ T796] copy_process+0x5f3/0x5150 [ 1289.526067][ T796] ? security_file_alloc+0x32/0x200 [ 1289.531233][ T796] ? kmem_cache_alloc+0x1d2/0x260 [ 1289.536225][ T796] ? selinux_file_alloc_security+0x19/0x120 [ 1289.542084][ T796] ? __mutex_init+0x9d/0xf0 [ 1289.546566][ T796] ? percpu_counter_add_batch+0x12d/0x150 [ 1289.552252][ T796] ? fork_idle+0x290/0x290 [ 1289.556637][ T796] ? alloc_file+0x81/0x4a0 [ 1289.561025][ T796] ? errseq_sample+0x3b/0x60 [ 1289.565589][ T796] ? alloc_file+0x3c7/0x4a0 [ 1289.570074][ T796] _do_fork+0x196/0x920 [ 1289.574201][ T796] ? dup_mm+0x300/0x300 [ 1289.578329][ T796] ? ktime_get_raw+0x130/0x130 [ 1289.583062][ T796] __x64_sys_clone+0x25f/0x2c0 [ 1289.587795][ T796] ? __ia32_sys_vfork+0x110/0x110 [ 1289.592788][ T796] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1289.598391][ T796] do_syscall_64+0xcb/0x150 [ 1289.602882][ T796] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1289.608743][ T796] RIP: 0033:0x45c849 [ 1289.612619][ T796] Code: Bad RIP value. [ 1289.616657][ T796] RSP: 002b:00007fbaa8d97c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1289.625038][ T796] RAX: ffffffffffffffda RBX: 00007fbaa8d986d4 RCX: 000000000045c849 [ 1289.632984][ T796] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000103 [ 1289.640927][ T796] RBP: 000000000076bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 1289.648870][ T796] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1289.656810][ T796] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000076bfac [ 1289.666545][ T796] Mem-Info: [ 1289.673715][ T796] active_anon:1439616 inactive_anon:4691 isolated_anon:0 [ 1289.673715][ T796] active_file:34 inactive_file:537 isolated_file:53 [ 1289.673715][ T796] unevictable:0 dirty:1 writeback:0 unstable:0 [ 1289.673715][ T796] slab_reclaimable:7230 slab_unreclaimable:72511 [ 1289.673715][ T796] mapped:55756 shmem:4764 pagetables:30060 bounce:0 [ 1289.673715][ T796] free:10243 free_pcp:927 free_cma:0 [ 1289.726660][ T796] Node 0 active_anon:5758464kB inactive_anon:18764kB active_file:1460kB inactive_file:1476kB unevictable:0kB isolated(anon):0kB isolated(file):212kB mapped:223824kB dirty:4kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1289.751976][ T796] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1289.781498][ T796] lowmem_reserve[]: 0 2912 6416 6416 [ 1289.795972][ T796] DMA32 free:20028kB min:4644kB low:7624kB high:10604kB active_anon:2838944kB inactive_anon:16kB active_file:1136kB inactive_file:1204kB unevictable:0kB writepending:4kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6976kB pagetables:21104kB bounce:0kB free_pcp:296kB local_pcp:200kB free_cma:0kB [ 1289.835011][ T796] lowmem_reserve[]: 0 0 3504 3504 [ 1289.842854][ T796] Normal free:7440kB min:24744kB low:28332kB high:31920kB active_anon:2919520kB inactive_anon:18748kB active_file:284kB inactive_file:104kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29760kB pagetables:99136kB bounce:0kB free_pcp:16kB local_pcp:0kB free_cma:0kB [ 1289.872779][ T796] lowmem_reserve[]: 0 0 0 0 [ 1289.878309][ T796] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1289.892581][ T796] DMA32: 76*4kB (UMEH) 109*8kB (UMEH) 94*16kB (UMH) 17*32kB (UMEH) 10*64kB (UMH) 14*128kB (UMH) 6*256kB (MH) 16*512kB (UM) 3*1024kB (M) 1*2048kB (M) 0*4096kB = 20504kB [ 1289.909971][ T796] Normal: 189*4kB (UMEH) 139*8kB (UMEH) 101*16kB (UMEH) 30*32kB (UMEH) 10*64kB (UH) 3*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 6748kB [ 1289.926389][ T796] 4984 total pagecache pages [ 1289.930976][ T796] 0 pages in swap cache [ 1289.935123][ T796] Swap cache stats: add 0, delete 0, find 0/0 [ 1289.941198][ T796] Free swap = 0kB [ 1289.945542][ T796] Total swap = 0kB [ 1289.949242][ T796] 1965979 pages RAM [ 1289.953016][ T796] 0 pages HighMem/MovableOnly [ 1289.959059][ T796] 318832 pages reserved [ 1289.963304][ T796] 0 pages cma reserved [ 1289.967964][ T796] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=780,uid=0 [ 1289.981951][ T796] Out of memory: Killed process 780 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:34692kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1289.999822][ T23] oom_reaper: reaped process 780 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:07:38 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:38 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:39 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f0000000180)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r5, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r7, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000000100)="899694faa3ee89aed45eeabbe1", 0xd, 0x100000000}], 0x2, &(0x7f0000000340)=ANY=[@ANYBLOB='discard,data=writeback,grpjquota=./file0,nogrpid,norecovery,nouid32,journal_async_commit,euid=', @ANYRESDEC=0x0, @ANYBLOB=',uid<', @ANYRESDEC=0x0, @ANYBLOB="7953d23b4c5c7ae0032c7375626a5f75735bf21d932be1", @ANYRESDEC=0x0, @ANYBLOB=',uid=', @ANYRESDEC=0x0, @ANYBLOB=',fowner<', @ANYRESDEC=r3, @ANYBLOB=',euid<', @ANYRESDEC=r5, @ANYBLOB=',subj_type=).&,uid<', @ANYRESDEC=r7, @ANYBLOB=',fsmagic=0x00000000000001ff,\x00']) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:07:39 executing program 5: r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000080)=@req3={0x4b29}, 0x1c) bind(r0, 0x0, 0x0) close(r0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r3, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000000140)=r4) sendmmsg$sock(0xffffffffffffffff, &(0x7f00000070c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000100)="64e27c13f7d627f7557017e2fcb9821a4c77f76d3bd392dace53b09c31c5504664989329cd32ad158dca0fa06792a6c26e0e06239709d7c0527b991dc796357305e859cba7c2022414cea6b453fb71b138871e83ebfc73043f172253605f7623b435a2c18b15f551a5e6cb96f8a369dbcb85ea424a33707c70be3db04847546bb80ca4d7a7c357aea1ddb6a1304f3bae0d0dcdd0f6efa92210ab9ed4753c9469b36269c3dc91432c6259e658c9cb4acb9ef6e14e2537512526c69e103690466b3549842374105ad3173083d1e8e999ab8986e28926d9ef8e11bd", 0xda}, {&(0x7f0000000200)="200a894a41727b94fabc4dd8c0cd", 0xe}], 0x2, &(0x7f0000000340)=[@mark={{0x14, 0x1, 0x24, 0x80000001}}, @timestamping={{0x14, 0x1, 0x25, 0xd32e}}, @mark={{0x14, 0x1, 0x24, 0x7}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}], 0x60}}, {{&(0x7f00000003c0)=@nfc={0x27, 0x1, 0x2, 0x1}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000440)="b3481f823acb81cb92447ae41cb0d31f3ab3afe978e892c1a89c92bd63c126c02dcbd7ceeb499157dbc46ae44231b5e0b29a685962ff42c39577a95627032862fb2b2192d0440295f8af5b012bebfb029431694d998a3b008b290b17149e2d70c9499fb04dc12010a0b78dd3aa266eabcbbd71e8200341dbb61eae7831b6cdaf8db7f4a2011fd0d8fd7965ff6a2c61ef118dd411da547a23a5c531cccfb42ca5a8395e20920fb0aa2f4367bda8ffcfeab991f36988971cedaec5b5e39e417b17cfa55f87", 0xc4}, {&(0x7f0000000900)="9e9a696994f5e3fdf3260a0306071eeded6c5fb102ea34b161506d7b89b68a1d7547a2d15bff3ea9408ef12dddd4ee3a50c5901cfa8cc4576e501e42af81115a5306c01fbbaa26efb21cce6f48119e6446c09f91646cd89d0c49e48f4804508cebe42df53bfa0530aa5fc416745b8c49cebe8ac9febea61432f4aa719051b8705aa692302b71737b20cf37feb46d9e98b3312974ac478f838e2b6164176326544ba1f2bbb2d982ad349460537671a03db92e674ec347af0ec7767380740c34d1e890091a202a693dec3379b368a64137f22b5dd9db231f6104b19ca3c9627f3a45ba9d699ba79b3a16e7f26dcf9d02cdee5b788abc29600b73c261554a172a75d28fdf14f191ab4f49e7c59508aafb67a97210a6fdfea84566b6039c46326978d345352afbcd882a93af75a4ccaedd50bb867e3317c635882e63030287b1ec1fbd21ae7ab5a5164a3af877f8323d93cecc5f14e02944f467622eb1c82b95e95f31cd245a0d2b564b01e7a9f4d3a34c4e4ad2bae3557e079eaeeceabc207ce413aaf21098f064438075a4920ef5c4d0c1c3849434b82dbe382f68efb93980ee6a2bf8ab0e915c1baebe42db4adc00f5e8fde733af1f73ff43dbff6c2e3ec002f7187d994b90f5fd8fc162dfcde3734ff8675f3960412352cc3817550b83aca9d62fa2865e04c71e22f5361bea3c549e80c66fc5b47d3ad50b036087a3bb91bd136ea6e94b34e2970cd731344a754e59062bf13d5745a75f5bdc00dc6896287bd36523d80f11295f9857f48b14769bad8d1d997601fab0f92ed2cc0e9636db5f8880feee3cdc16962042c0566c8a1ecdd9cd82d79218f7212d19e057ffe3ee49316935c8a9d60c41e78e6d31b8cf4983d6cb907e264541dcb89b6f6232ab5ec0c295eca315e39427482d9f19c8910fb634d93a0f0a24b5bcb1d094e64190071f23c883a34fdede1d7055fdd738cbd8e4352acb89107a6afa28f8a3d2234f2d8de1cc2bdd6faa25a4aaa29f16e089cb09d1b5a346970a37092f836cd36f1f9ce4aa9ffa9065d1b49f729b70160a7922455c07591633a6944aad4d579a324d63a8e921b82b778e00e70aa064b3fe145bce7741d5f4ac92e3f15f834ab2a857aa204296350b5e82afe44b8f55b4450fd75f6effc2fcb433308b634af3975577f5d6f247bb0312a995eb1015c53add3339a94de4f889aa653d2209e2a315a184b593a068ac97c824c4466a15df755fa9df56f2a479dcc6a77f52a89e910978ea39c2571c01bb7af4ce6b6f6711142fe189ae7c481420bbdc181d56ab30a1a0797d2e735688b5c5b03b00f6a9488d197f23d5eb83dc64cd93d3467f9f07c602ceb43716024f25963bd1b5fc0fa297a5c69b7cd7b4870f33edb1c452968c5c365d6edeb3c4c53b37fc4eb77fd4167bc834ef5ea72e332e48928feccedb8b2a4f8b688d7055b367a88fc24309f029a27732434ba5d054684beb8d43c2090c93f1bf1753e7f5da2184a28f73b3c16217961ba6a388a1cf954c82d57b1d62e56138f1b8ae8f108621007b5152819965ddd4a916769c620c70814c7fa1ee709d69f56ff04d17f3cd44bd8dfd49f93b16ee8bf0debbbf91a604dc708320236bf2480c8824b3bb157c89edf00617a99c29a6801397c6e0f19203b62aeefc3e3c76a74b0b40112f7b3750fcd172385f16029c2cbe4656fcf52e1acdbdd16819d701477107c8553e214c853adad5bbd4ecd0bf954c528b03a681756bd81889506c71d54203875e12c4579cf2c815f9f1f1af54ed4513a2b7eed4d060edb8ff8813bb570bcf5313262bd2820c27b00042cbb3c3f5276f9db83cdec3e2128aea3cacc24cf1a5bf2518d1aec312709037e6621fed1dbcc8e9098a3c722cbbabbff71f94d23633ff514282323567012148178d78efdb5b3715b5e826b9c795c6ffa0d934982b3752ff97558d84fe8133894253239c7e513d678fede87ad6a17f5ccc44edbe4536112051f49d04878c54ceb079203757e4e792b27e1130bc1d7b6a629d337e1e76ea8a0d9bf5a5ac4c15fe11047753da85b58ef52804e2b53af47c1b032ca421e252e6bfa98cf73e91043c7ef94c61f0505dbaf9b8fd132db92c7e5966f649aacf0faaa70561fb6a394488f16180a1b7cbb203a726e413780be56ba521934fcd6a7486f93fa39a809bedafa9d0a1d4d72fa53e970390a016e06d2f9f4991b692aa5f86a0076175ffb4c786f9de4468138d2197d99fe0e1b1c434e2ce73be564b8b9b7caecfc5746e7a732a930d9a5d062691a78075b17ac7f7eeef24a2b7c87b43e8a86a6950cf4989d8cfefc97cacca6f82f7d0ecbdd8708cc5f6934fe6155b96a4255d6a0f6d1c6515321e2f5c83daecd999c22189ea865c07713195da5829109277a2399f12ab0e70fd04c77b072834ec86ec1a0b76f12ced046faf6d6dc3cbd2cc82c36cc26fb283edb732f1b794ff9d117866ae6967c1b227a7704158e9140318d07542ea0333d1d61a830d765d4296ef9b3a081726593582c56708ccacf7dde27ede76e1e4eb444481a8bec00e14c1707c275a715752040786aa1712db9f84e460e389ca7bec9b421c70082702e435632c217dcd4d183e17f26bb4866c9aeb335b313bd2a9c6be26d47dc7ab9b5e2e536b829f2661277afc3e4f65a62d5a39b8d253f8bda278f730bbd766adf0ebe0a0e4492c33e1d474147cb1156e518a949ac87eb0d04901c4ab58b33d04d2247faeaf99dc3b29c7250c52b30193b6da3d1c1cf456f0eba7a51fffaa85b5b460264860c9f367a7720d10d6395fa63f7a3383db7a9f09f825b53058934becbe013361ba6a3d4363ee0f5032a4f136eea51fef05156a35f6bb9062a0c8a8993dd1a7b697e2a6fe087f9e33734e012bec47cca48a91dfb5633c5847873cbbe3516186d30a83c02b1bd9675f48ae4ce0a261fb8119091f98035b8e8201d30c0862395a7e9c5df7b684a86af5a912b9b2f7128edd688e1ce70691a02f79730d6b521e9e925a3f44b4dd8f31634867cd95160fe528930e1c20c14ed624ccdf233cd6d299d0bb62f30f9e10a797794d8df9574f7180a746be2ce7a95b6ef3c01a29fb73216e39a85f61947ee3921e1709888f6ea02d7d750d4bb69cf2b91aec1108b94882be92cd6f1ee8da97c9c2b67200f99d0890b1b1983df18041fdda53e52a16c172047099521095bd1c487f3fa8a782632690cbc9d759a978212d7f8e28cc23c83fe2108ffff192fe2dc1f77b21d1a9cf484af037f4520d787da2fbef562a5fd8cdb9be9507d1e15141c7f7f5aa7eae232e089677452fde9ec71e923966e0df3f7373e7c873865ab58336f3422bf51d66522bf4df47fae9567e8578b68816f48d012a1771a543403b146697813fb96230011d71d020299f21d4b30b0727dcaad8806250ed807472c6565dcee4f1ffdc5ab7f9b4452d6ffb3953c407827590dd8cb39da224130b4426c04edaa74786c3e7a67d9f757b092753a4b710e6c2a5e6bec10bb01d9b6e73309831087f933e62f30055118b8b1196df0b53a0296462ebd93decdadde47a116595beaef0c136b5aa5c3b8221699b11596874fbbc437bcb0111d529a8040021ce8573e18121dfa761e45bd66780eb99371d2c6c7d31d531cf17a813e39e9cc41b8954db5b9695a4935ca9335e9ffff69681995a42e16880e184e873d4bba91eedeff9c383705486ff2e788851fd6942ea1823fe9bdc69c6c41ce90d9add507a888af2d37ae1745ec1318bbbf726097f99839ba35265901ae9040ca031fc3c0207811c6158e7c93ea5599a6b6f8683cf01485730dbec543936d95456abfbb217662ffcd6c1346ca26c6a1c2bbe0c199de5553ac1e7129aa5627a01bce429589859b6ec1fdd7cd9b5cce6541acd3d5dbd4a5465102cbc6911fbc3bcb7059a29213e7784a02e22bbb25c5ae532980acc236cd4887ec919bda9d71995e4e282fe19f5ec878b0545d2e96b2f8e4a37f4ba9d14889f60f28ada28291f7629458568c53001e0e3de7d2a723a60c859ac20901d061863a7c086ac571797cd43866f34bd12de01d803ea63cba67250b14a2d64223f1b6e87ec50931cc5e13f08884390686fac0f9f1f6c85380f0e0c2102edebc8f72a85e12aa4404d2c7bf021c3c8075bc0607a904dd113b449f19a83e660dadbc9251356c738c709b1184062dff6e03952373b9a5cd009ba8b61cd339ea6e50995eba7b25fd829faa396828dd1014d55b14bedbb00a075caa67febd1dd0dc97a6c0dc2f346ba26b1352e36429b41b02314a72349022c98c4c8f47801e574966374027f0615bfff4865fafc0a46a44ef2e4baae30c54fdda55054b80b5fecaa51beadfc6d4eaa2b91aa77e0abe6a567eb3645901ff331ecce297e3101b4571c48d083a20947406904b0273ba63e2732f6b2c4c75368f73b57b3521aeead22818e2687dabe1c7eb565dd7c9bf9b64b4f33a7b2fdf0a8ccf7f50021b8a78873dcc7859c188dd1f59e5550b822f0bf9fb106524b06e077bf49d4a9d5af4fc0c3bf9edd59bbbd72b551f53831646f3f8f7fc8cac2e997c61bbfc6382aa192604938ca517636d676c597cdd7756f6711ee216d9388bf2194d436eb2c2f5279b4db81e6d84def402191bb5eceb2201cce1910d0fb896e1adb10f8cb0bd09aa5c81e11b16b6bd7fe355765ce9d1c4b24fc988cfc9271d9403b82626cb28226bb165f4133481e7c954260f43f1f52119d35b8840408aaccdae9285ff777ff92ade94363b13f9b56bddb5c42e891e536369cde785abf5524d02b02f2c65f955ad3b00b4a9eca3a43906d26a113704836fc71ab3b767aad13df03ee6821956bc7d2ed71e963bb4712f07a83f42014774bfd2cf1390dc9667ff60afb68d9b61912cf1150bcb81fb5f3c7662417606b761935bef580d27dde32bea7d581f86889e3af9da3b2bee3394ad6e75a3885a8773229d6f0b1a87761165643fcfea7dce3967155fcb71997196ae9c6d52262661c501542bc36414753dd3c11344504506936077da9f5daf60edf3653a219a9e44b32799ba85864e9a70633cf3f12f1306a4feacbe2a121e83a233919657c06023410f7bd64b5f37f35da7d35b72b9abf0b23efabfe32f111cb9e129410d99526ad412def9966775863e559e973210bdd0ae61bab3341ed5d3e5c3a902b4b58c05ba0a078fffd2f59786a09e04acbf267295495e91bfdfa23761b628a2f7f12997517ad78545c1fa94b67062167511d9f4579ff5449390a916b6fc63774001800f1bf51f743466e7de7095bbfa27bcab28564c6574084a65a579d4e3d5d3b5e7403829afbecd65971e029f3a2df5039a7601ebb9db2b8374490eee74be1524e5fffd45610060309659ef9e1a910a9cb38156c10d9025a139b021050f2632a7e36b5d97596fd71bf9ce0a6a652126952d485de92c3d473aadb1f7e7cf9660de9679fd261d8ec4f35aaa75bb80e5050a83555aec4d23e4b8e406e75fb0ef116fa4de028f209bbcf2d7a80e67a238ddbe465c0520a4c014bd2e330611bb04f42be28292ee3b4372fd45f377f98bcf297fddae717b700b932464dd50dad69d48aeb4479c6894e6d2006a4ef51058ae927f7122b2300f0dc069cbbff0942636450e302d57c16decda4f960b53b9bc92a3a5fae5bc4705c41e211a9c077768260b5eb13e982d67293b6fe546d37a13da57ed0ca3cd66f0be45092a184d0a477960064b1f25d4bacd6bf819dc387f9e3b4ba086772cfe5a7ccbf23bf58656005c0701442514b2b065ad5d7f2cec0b826745c92071a6576", 0x1000}], 0x2}}, {{&(0x7f0000000540)=@in={0x2, 0x4e22, @local}, 0x80, &(0x7f0000000680)=[{&(0x7f00000005c0)="83757ceb0bf276c179f70eeacdfe10275d8f05e74e1490228d30b2b6c5866bf180097f92e11eab873054f6666483e7a69bfe95c63c5ab6391c3d37c030983aeeb2a4653479e964305ac24173297813f9c55559180e837098fd39f99a32eaded41bb5adb27c28524365946f49f668687187805f31d14302e515637f4da45458139a57545fffa058f3b684702eeee9f1274920bb0137bcefccc61482fbbb4efb3d6f59703b8914c957c14d531d14677f6bf16f8dda", 0xb4}], 0x1, &(0x7f00000006c0)=[@timestamping={{0x14}}, @mark={{0x14, 0x1, 0x24, 0xab}}, @txtime={{0x18, 0x1, 0x3d, 0x1}}, @mark={{0x14, 0x1, 0x24, 0x3ff}}], 0x60}}, {{&(0x7f0000000740)=@in6={0xa, 0x4e23, 0x8001, @mcast2, 0x2}, 0x80, &(0x7f0000001b80)=[{&(0x7f00000007c0)="818a23", 0x3}, {&(0x7f0000000800)="a26b8a012f2f901dfd1561d2d1968ab46063f0a22d3622da", 0x18}, {&(0x7f0000000840)="c33f71e8c14c673bacc17bfad9c2a3cb456de9a154212e61996a8548f6393236fcebcc329644f3db1c1b94f16e9deb5bd22c1c3df97da30dbd32a6e300084c858f0b450f2bfdc2264e4154f7665d9767ac", 0x51}, {&(0x7f0000001c80)="d9ece6158b03bf6a3b7ee94ee12eefe1afb1126643ed21f22461347b8ebc291e5b712c57aedab1b7bd2673f048e50df75ea414e529378f61bb0942f94398571dcda55f79f41a38b755abbf5e125de2d205fcf7a2a0be1197c1322c4b389896daf0cdd9127532cac6745aabf8b4ca436ae2da2cca05bff8e74bee565cacb7742540d08039de410628a853e8a8437b16be971f080affe4fc823f3685b96c9e0c1d7d8a362289559c66315aa294329d0d6dfac045b38244b206c651ef6db57431cf346e2326bd4a8503f3bd765dd3ade0b986fbeeee8458c3eaa8fcfaa34b3e3c175d9d9ec9b20fe954a9941148edda4781b312c65f62b5195c710193e4965912f5c4ae723f115a33cab9df55a55179a62323377cebfcd9184f8cc8af9b05a7b45ad230ba92f8240bcc7954b52ae2f24011c4f66fc21dea3468f0da63aab1797e48e511497a19a221f49215cc846c6c106a1793fbb891029da95052e4b8f84448c1a621b1a4541ce763da26c79b952e01ff4b784d39434776ccac8abe2a45591e9c7e7c31802a055f51da0172c78a9ba0654d8af03c3a16fef5f46e686ba4ffc912fb0679794689f8c5da0083d8d780058c886ffac4fcfec56c2801185aac797ef6bdbe2949ac604c3df9d21aa30c5f9f2381ca540477a9570fc160a14319cdd4a480afe9292a8e20770eac7d85c6e6e654bac8279ff8e29f0652bff6e4198465fbe21602698d98d8f4b5df5256230742d4412bea1f008d540d8c5cab9b133b1bfb455298155682210e89bfffab87d1d94b9fc60bd7ad8d167a6a65b08857fe2f398f68042cf4c4cd34703d5ff2b5f688a945a83798bc6d9a8752297c782c7f68ea57fda886bc506cd92839a1c6e6e825f772b988f591760e0bc50fa25558bf4d5c7078d0fb13f5fe33f31f7b061053507d4193615ab7ba661a5a1dfab55fe2b86e0aac03e45773ce53a1b3cd7ac887d1cf0ef2a819385720baf8064cbc716d5bf659628170f6c6c53ac7d3facd25efe461d1e9892e08a548972b502fc75a8185e0f4020333457dd1ff63aa09e5be2f8b6bc488b9e90e261160ad9365e923d30364dff1eab0f59549d061f553288127f25fbc27ca85ad409f9e46a54d08cb55d676426552a76a859047ca03ba7e48f4f4a1f733401c6d196cca0a83634be9c4e937e83e8fbee797e1c00e7cad9e639e80e34c55c766e20e203f360321f64bc8eb4c58b8e849f3ef385367a8cfcef2d3a28b21d3e9a560d4a0f9a1d7d5a66e9b43f8272d4b801a9d4388607a3a844898d01253df3aede6475eef0d56ca2c7f8e9b368f8a0e7bfdd8aef93026a16722704ccf02066495e7f41d1ea6866bc6bf114878f1bf97fd361fbbfbe0bfa2e1eb726da66fa79bc5b76c9371c485fe4026448c62dd0269b33467f623999e17b962fbe6d26ae53e3e494473c66ecb16ade4874187713d01007207eceb61316c3c6a29608bd3d9b5e7afba0271d2795000a2001daf1de57076e6fa7d987161485a676b7958409669c951c19552a86c46d34b1d987550e15d6aab8e917b7788082a31d019a40010dd87a0869d347f0460c722c89a62fa4fbf54feba03d61e885a45fd8d9c2d7743d7e9d747fcc5af1243e3090dcfe8ddb9e83f2781e329b9a1825c7848e7e3be3305f90d3017aded1002918378d25f7a570c2fb1b47ccf2d6d4880230838e1dfc723cae998600123ad9fcee68a5aa3ccaa8c21e654ce4557474d52aee509bb3179b52973442a800b8315faa138cedd1f3fa3aebbb6a086913f8c0e9377c1cdf63e5d216d9a8250409454769b1b6af17f6eca95b21897157a3b46df34b5574f7a1a57395893c1e5f2adedddaac520baee5549acad75f4c944cc4775f08661ef99a614791b2e92a9e8a029a3dbed4b6d5b44caaf4722c1f8fcb2510402d7895cfd0aca6c91bdee3e0fdc712bfe3534f896eac1d31de957fe29d32de2ee14275689c4d46c959e59497b6b91269ad404de92c9ea416f678fc7c869918cd7feafc61b1dd65559944ceead1ced6c206180d0214ef1ec90eff1252a9bae662f045b1eb542bdef3dd2f3b2d24f6394480f549099c71016b921ecc8a9f27b91a289157c77b650ecf6864e701c2ceebceef2dd31e87dfacfc6b6cc8bfb45085d92714b22bd592d8af619a6aedc5b6b0c9c2fad505704ba5bfa1c94b377e2fb77e7e8ea6cf7e404b18acf363e9be50106f07c2e480f11178d59138ea2a5948fd850176c8f62891a011841e6b94e430d6eb97ce93ff1025a48e111522b48ff5a8c9fc2bfb652998213f3bbe930c4135f358c445efb9aff0b3d737ea8506f7b19db555ec007d14bd1718d1f5b2a7879d3cfe30cc4443cfa3abb671236caabc4c5f991142d4575fc933b0304b938330f3cddaa6f7300a8798782e4ea0fc376b5461e3c390680e0ffd592722d24712a8b62d12ec966566d7597bcaa41a9123b2d946121e43cccd370b0e75eb6e79bdaedd5859f7171f3365ff6776ed9b007119f896604d5d59c64ed7608ffdd64ba9bfed68bd664d1c679c989de3e72e8d31b25dc8e14d4118c177bcea3f35a1db76016b0e201428cb7178405ea0558148e85e938b0ebf9385fc1c43a8ad284949925bb8f30111ef48bcf0537d5b7b9c778f8db51a0e57b49df7e4f24c7e3646292bf9d76f6a709b33e251c2f342b8bd0636b0bf294ebe393d915f13963d035639bfe5c59c3a17518ae5c1bf77fe682e9a0f7c0eec45645fb5deb507356eaf9bc1f6bd468a1e6dd8188893facdb5ec4fdb6ea84143fb533cb710a72e51940d3291ea0e7e1455370319c6aa2d2f37cca2c4d44586e51e55520f01a42e12c5a038b257ecc532f3626c3cf96beb21f4fee7db0056c79ac844e388d100cb5500bbbc75d24fe0ba9c885a5f7ea56d906f7f0038e554964068f3183870937b8c6b13224bb227eb9249e6965aa54289188c4df22c6a9dca8536b17be036e6771fb7154c831ba73a526a3c92a21dcbb9401419e0f8fdf2d1921a25c41b2e5fc902def5d67a4d464e7eed093cca1e438aa1ee37717da74bb145ddf9276ab222aceb90362c96b496d11e211192ca3eb2c7f92775fd8092f8d35a9db0d057a38771c10c0cd3b38e3042ea8404084ed60459955683c24041fc6610863a594d4220c53a09648f4c2c94abaa083142e657015b05897e9239999b9c336a3147803e83c145f12d7f4a5c71828515daa9a5ceb55fd493f91ce36ea44c5e543636b38cc29fab5240926b0bf4249231cf74ee006988f993a1b7f3d136b1d47e2ce0586f6c0e84c341b622e1ab81a92d0f688f0fca0f463085a455fe8b7e0db08da35391b0410f03fac7bfdb37f6147c4dc0af46364dfdfd4215bdad143daaafc79668f0f52c494dea559aa8db5b9ef867323ba7b6edacfa0d73082c9b0f3fcc3e220e31cb3db9e79002e78f0259d159f6c4a8d2f2814d41218f04f55811efddc4979ee6825b751160bf9fdc4bfbe46c8d099d4806f4dd4c98845331334a51323891f023c840d7cb9cacfe4a195bc091217e4b9f052407f2b67ab60cebbdea68417ed4457aa79808efb8421f5f37d64acbcc3d51fe0bcfae2fb77ec65b5dd7e96580786ad5fabe842fbb13a0b52e5abc2c5ecf4787805597a22bf1135d382fe57e7695953ebb2cf6d63391f25f5b071b8146b6f29c9b364176069a786880a00e7f0e7a233decd4f66937fc32c3ce61601ccaacbf8cd245fdebc5c81692d2ce696fd691b0118b4eb9b9c7f7fd8dceda22fa27050e5e859bc84e234aff4f2bc49210afb2cf234358c02c493530183d49165298c740cae3ba07d9cc7d8549978082d5e6fb8f5a0238628da4aabc3faa8c1c7066a55aafc27f8f0269bd82bdde060a209827ed0109d3c31302d1998fa2376a7ef2b043be6a2f0f4d0a4439fb6f39b9b88c207e3bf0c44e1f5d3f4cee09eefc0b1bbd871d73cf0e06604b4af2b9c5872b136fb4c3bf07cc71d335af0935e1dbe1b4668cc46b414246600d0006c5b495156990f00cb189ca16fe4895bef740513864dda6e034449b890fdd3d8e92b5385301854ac3d29c63c0c0630bfafd967ab824dd2f831270ce135c96908f1222a796c0476f5f3834868046d1cc3b35148dde4de70b491b2ef061ada93ebf624cf7134286711cd358dd7e7104e670f848c40a9faf7cce6973de647247c0ae15edd6c9a62a8791d9e7b4cf99a7b57b6e13de53752d21dd480f8a783b51cee9da5a53b2d9579a86e90059e49d1298ee5cd67d4c5c3fdedabe03d1462b3f6ca8cf6e658c7d347b716841cf1234895693dcc9308e615f22ff8931e5dd2442876ecdd7a38399f23fe282853fbd964c9736d7164280b85b76b9910b9050d50478f95a781a7de1e82ecd9c36ddef34ba265bd766d6036108a61414b44034dcfb2443996f81d00caa584e784d3453db2f2c6564dd80f4906373468370bc2b3f86be69c2d70c0b309fa32a41969079270d5bced9de5ef66617ceffa4dfe6b2815a2f046b2a82f473d315c66601f534039ff889b67dde4dda45131c5324dee418e97d772106c7c274c2ed69935fed0660b50b8f1f75fa916665b769d7c7c38a97a03a8839c773a4f5354ebd2c01b9427038df9dc40d447ac7e7b62022a15e8d3f8c51b4a2eee71cff2b6322237e202a7b6b57a9e1d5c0fe53bdff5f3b702b8b9fb9d2fe146f9f1779f0b93537ebbf9a87d08221faea581a38f49202520187a96b28fa754ce146dab8a55c709d642ea3227e941b20b4e70d2e359698fcab73d8337eb58595912f5233ef4496d862c39d6429e92e32856aad8d93b7cc1d7643949f1611e62aec0894645527324e5ff28f50ee8fe44baec8b061bd540e6b83dd0076270421837ef3c887562480897ee6d4fb17092644bc52e7d21ac35a0b019af501312e8b4efec0efc31508f5a8b6e59f4714e46b0d9bbefc9fa445ffda616349ad01342db1b71ccae8d5b4efae6e581a5c53eb7facc7a5b18bf07e59dc1c7366ebaee841dacb1096f148f48988f02fcf92160d59fd66e976cc7bf9cca5f1e292623c097d87c8af6728db5fc946e03fc52345353101f2b31444abde0144b263eaec46ca6c8c4e9d2171c37b8b12bbf614bbf407474bca2da31a87701a847eaa49e29f1753899641544199a70eeabbbda8619a02824ec61f80b166eecdc8ce3fe7efeb88a705e618f49fcd763a415d33e9d1364cf8fc7d7cc0efdb0ec83deea0d793c9d7ea6c561cbaa8907ae035397311ca9c82eb88598264d13d7a3934c9a3c3d02f6aa285d68c6f822a594ba73f5566243da68368cfe36143465b9c7654d22516058eb74219a6ff8c42ce87867aea9a46f8d01e0c00ad82d2b7d569bf8510e9648b5846aa2fbc1994a1b6e46bc14076f6e438aebfb908eadc145547ae57e438b91f9d2e50c5396e49b9d59d2c930843577dcb18e3825a15cce03537910a6ad7656ddd7f087597b8498368fa030e04e423cbd48e69c0b9650927f39e2c713925911da8aa3632d72cce7db99388a49925b53a38f9395a94951240f8d27f16374d62349826f1dded99816aac16b97858c7b8721d83916df041e931cfc84bd8f6af02dbab89da334825664c5bac2c5c91d34627e508af43633ae03f29679bb911b6807022187ca7bbb64415c442ac086717edb95d9d27e07419f349e666c1fad3f48c4613d17f615457b66a7899ec78e43303a5e9ca561aca18acd0412a1b638b50b15b1a539d0fd934d8f7385ed8a65a1bf07db19d02fd179e34680bc1e606c651b8257f779d8098dbffe51a0e0e93e73b5d9d7a9aca1fb1d9028fa", 0x1000}, {&(0x7f0000001900)="feca5449bab7cc0004d32eb81cfd395f914c72b50ed7a36be3723a8c7ed35167664f0931c0dbf497a67baae0db17c9e4c40db4b9e67a6112fb9a3a8b84a6f956b470b51bea7c0c1d8b1bd60621a3fc2bedb6a92a7759a19a4e222355f7be0d91d63451e72de99c23e8f721564bce28431eda2931a22f74407d662bce656d01ad6a674625d8b7e9ee0a7b4d4973e042359618350830260ee8c386d2d22e39d00dbe056f37660637340e503d7697437b405d4a52ac93f004efc324432c532b6889d40780ceb80562072d562a927c086638e7545fd3436a2ad1f64aa7243307d288c7a3a4b5b1037739f5", 0xe9}, {&(0x7f0000001a00)="db3b3014b7cea8f5eb8d83780e1dc224b718062d0b8fd30ec44cca4611f3e1bd117302ad92a33ae24b9a78d7d832ffac0fb8f68b6d2894283a787a9f2d7dbd56fbc490666fd6bd4cbbacd68426533df03556fc48284f9ead8ccc86b4a8df35d8e4566f2adbe9e891cd79b531bee8e9da599ab4a3d8640c860268e1fb15d3bb5ae597efeedf19700e", 0x88}, {&(0x7f0000001ac0)="a8b9398aa0902d953bd678eb04bb4592a2b3494d07689ef84b3fc5bbeab56b4c92385c9f5cd69bd1a6a96d3c7e8b9f43ecc15b9d7c9499d1569a3a8c910f9f1c17382ce459731c000baa4e780d6530933872198908e616f131a6086aff1e43f9993adb5a1d29f5c3f8544f5b61f4cb34a58c5b8b03695dc758f9457e398f84827e7a94fe3aef", 0x86}, {&(0x7f0000002c80)="53ff920932028499bd8a8469ae56df94713cc932aa6aad77e89bc0e6d0b3293a639db8eb87846a756b26c17231fc435b2d2d2f70420aa74b1910c43e131a24fccb8a5815433584e012e6528e90153f3bbbde287657386e81d239083073e3406ef53033a2499a7aba05eda106d893fa45ef4b191a5da5d3c56d505f392d36ff553de84a31ea24ab2c23641a65b85a1259498a32d27f1d588d3dedd4d2ad61f5acbbf5e1a566c188d8ae0f62c000d3c7be5c5397b4d72c3a920fe5b1943ba22ba78aeb22b97babc3050e5a832f289b601fe5d47f1a3cda71119f9de7ee76e8c35b98ec2d42b6073204148824cefd6b2a5a1089588c8802b3f72c5f2eba3d3a6b865d697ce540c6b890cfb70b957e6a88b829a5ac25fa36f247be01b6d89516e0b39cf10b82370d71dbce132e3cee37eb108ec371fc56b15561c0124bf57904850afed1e2e173b9449d15b5989f79442edbca738043a2c7ad93fed40a09a796434bcb8eecedc2227f7f75b3f719a37690d3112f127e3cc27252ec0499b0bece1f676d84735492d84500422ba75afebd9c6f2bfb3506ddc1a9d28061544fbbb5a23ba9e737be9e06d1016d73c6b9291d8cd096a387af1f1cf346c197eabc5bb4769f2369d9991cb9275065ca3f962c2a900ac1fbfa52cd02547c3f98fb145dbdd73698d1d93b60ce7d245aeda54f8d6e33032154d6e3ad039a6a60b3e4fb69cf11d4c74d07e32ccbef7553c9dbc2530e9005c1eafb8b855cdef1bdb3117eb27e753206a1b311568e6f646147099dee864786bc06f029c630a6acb629305732b22f4060ea2466c88a57e2bc4b16b552415d7f4f7d0b7266f638be3213f087e7d32281db5d7db34627616b1d823eb960872ab48895c097577099671b3599c7cccdb1f471ca1b9902a738dd79ad77cbad022a4d949df4b65f3a235e100669ba7423ba67fa8310783b61a1bbb8d2f0e465fbf05e19d25d8ef60d87a43b75a33a9c698b8100c946d04999d6f933629ec35055f965eb3c84373fef7e95a1c5046dcc2b80cef30c2ce477782f78e059feb36e6f1720c0caa35858b85cba122fbf53b1821aeff803fa3da436dc4879c373e5ce308d6e275e01df10675efe5b045e17657eb61bf0e4a377374861ed4c41e33919129e5b0686bbefecc89f0f0249368086b2e2e073ea49a731f834ba34dbf72dc35c0c40c9b977ad697b828341eb0553efbec7bbe8cb624b391f8607763ea96ef26f8b4b27878378ea386f1f6cd45bd4d0403bc7a59317f7a4c84b687a497288feb8de40b7e2c6714b5709f8f0c4a2f1cf320c291e777f686fa3d83814a9a6e2ffa3ff85db7ac7b340e8f4a090c3dc977aa847bbed06bf20b0758cfc57328f47b02d3c9db012478393bbecc2fdcc125d9270bd67e95f91170f84f0c1c0481f022b689babc928120aa5204bafd934a9b96911abc007f789425e2abac92ed9e8e8703d52b09380b21959987c9de0637fcf9944d0b0d701f81d9837b7c3c89b9b8a41f5897717ea3671798bc5a186475540f7f048362ddfc11cbe69edfafca799c3efbab504344acdf7abcb62956e19d661fcd531d48dd09da47958f1d54d1cae596280c388a5e457e8a7171044bb87bc5bed68a292ecda99da06599cd0667671495a18c7f7cd96bcdd284a740292aba0a53a2ef93e2adc488efba239c6430679f5322cb15ba629e9e55ea7610b4b04318db52124dae2592d0ddaa2541223ce7c3c1ea55ccf50ad9d16914adda732f1fa5c146121ad67ccac492bcb9965707598bf5fbcbd5205de15f05232e301c829039425e6d0952fdaa14e6c47dc0381c9180eb5596fc49265867f4fe6cef53fd1138552fcbf5379d950fbb32f91b0007e26d02493aabced5c38370d17cc5988cd0868b6c2c37d8344cfaeeaa803a5fb84fbc4af0e110801d1381ad51b240029bbfa4a450aaaae082e88722d8713dc58e2fea5928a4358338eb0ad0bd7564cdaac3413d8189cb46d495b8e3009045d859ec1d66d8bc4a918a8ca85a2a6699f1a9cf6f8fb3df83be1173deed65d05a8de89d86402476ec2f8a289b20a7e267ab1495a69b3fae79a2709742204e4afd749f57223fd416d4c6166d117454ac1c0e67ea34c7d596c026268a542dfddb358f0a57af815f2a1d8902e3df7a034c38929126667f26be6dbca844685932a6bf7aa6e0b0237256bab0ff68ee23661e86cc65e6093b6fc155ccb528636f5dce32628ce19c3b28f996f66c15ce4b79ff18f7d13dbb840e2fa941b7e7348bcfed98ca1a8cf34d0516e8da6964e75ce3558dcdaa43e64d55acf18008a1397458fe552d912a46b8897bb3d2eba48e10aaa25f440d8b197ea633b1b592bac49e4c39a1fe775367608628fb39fa4bad419f5aa8ba4dadeb8c7b5c2f189dac589ee90a06546b35fe5b2b1422d85ae0fe9b938f274c1b4ebd539331bfc939546020afc5473975fa3bce977838c7e7ff11c3a15286b5f06505f8c9fd35927fa40d871e21a283658c7fd6445503a981f46ce8d54e04503914ab5260e31ccb4d9bd3999d9fb0790a3089993a3c78d05b36aa42df536b7fbdbfcc1245cff4e053d0469848a730b3b439b7f3813cb660a69691881d3831618222a2d25d43d003c120a87af5004610415d33b75fe340072316fc57ba0ffa2b6a53cf51aa1e79d6848e4babdaa38daa5f3b2f3bd451f617e860a637d14852424ec97f76748eb35177fb6fb119b5b257267a8d62a941f29779263ba61b11c23ecf0dded38ccdf13f76e52a47d1c9ba50f9f9e8ec6d8bec3c2c1f59aa41390ca2141fea5ef5c5f4a5c0d213d70cd154a56c05a7d607c8c4e8b434252d961482e1fcb737bd5852bf0d5d90d22253f72ae0a20dcbeeb5048ec02f17fe37eda8134c52d50c23b5d803251d60e1c2c92fcbecfdcf64cfc95d0296f3d8bc7b7c054ac50eb0cbc937a3eef9679d66e89ddcd7fac6efff90391a961b4d65549b3454b5989de8f19d8a4152ecfb0ab48f5352b74bb921b3f20c6accd2e7909abbc72da2e746a7cc5a75bdaff84b8b602f0e698a911c2a8741a854df794f62a1b1ba517ff38068669f0d3a2ebb404bd003f603baef23db04a8601b851f674636d9a032bd8394e20e9b825283ba8eadb1fb83a3ebdcbbc25ae3fa65986a945e320d9d5f9754a4e0374e995f1be4dd6583a2a896569ddc5ac863daa9a8e04a4ef2be896c25522075744e09c98e67a378d2715748030a456417bdd6439ca948fae2718d0ca1788e9d8a474ad41d2c7c87a6e731f40c8e8251202747d8b06e061bfc8551f06be73bab22f7f189164bfb54095c30b33eb0cf3a8f5331607bc6f88961184b2482c86fdcd8b99d7ebd05bf5afc72cce6e81b251dcf45e29deae4e157f389cd67a2f060547424d529361a6ebb2a384b7796ad17d0310696fe8dfb3ef5ce3f7269d93850d84ccd11ad452349860aea68fb05242d385bf7cbb39ad541d1c3fd3c37753d01d6bd51ec301f46300fc13be9f652fee0c8a96e7ed259a6c17b056c0b7dcf46308b23f502644c2ce8d00a0cb12b09f69fd41c1b909f76f445839d64fb0ad895674bc14cf28dfb10ebba001c743bc34bdcbde82d800c60f78ddf2eed831976d2082447a47bd783039e6342c44b376d9b627789f7d32700393bc631f8103ea6109e6ca025fd3c7e714019e30956b695d7fce3813ac0c671ca7010719f60c3a53b77f6f7d7b5f07dd967dabbb50f760534d63bbb9dbe2c3eec2dbd82ea2ad0333ae02141852df5b30855c32abcb99954a0cfc5244d71e7c029f31b36a63d964ca56dd39978ba75f7f59895ee5c1c5a64a028407875e7a7b88298ae213f4f1e93a31d2ec5e6392ea095dff661274ff3832e5ec5c8b9ccb90306d6dabb88698cdda996bd231f1c2ecaa52231aa03c5861edb70b7dcdc59d1ed8b9f8a81c46e311e8a6f06632945bf4ab73025879378a5ea0c706bf43158779d62572283b04f21cf583ddb597a7013b6efa54fdaa2816ef632945318420a14321761d070d023e29c028ba9b61346ef0bedaecf78da8e76dc727b66d07adf962cc8c042d86c658c18c65d61219af44f2e25434281d8e773cdfaaf9fb4ce2b52a9b6c44a4c38c1a0ee93c26072f661cb48ab63c4a4c4ee276eb58c1058895dde53c91442488cad2580805be2bd15d69823bb8dfc7777697c570befed36dae9264ce08ef9ae29709f12c47d00fa05e494ad77dd8510ee262729b8c0dc74b884241381fdd3802e9ee2f3e382d2eaade2f2d371b2010306f00039f579d7b3ba0daa19f99af0712c6daece6fb3bd74ee799ef527119a74eabf73554bc2cafe3edce0948c990412c3caedd2fbd32dbde06177bdcd62185e7da69210a010d739c84cc9ba886aaaabd62050b526bdc8581aa646411ae76bdd320b2dd92be6a7c556b2cdd351713c2473e5671c33ce4ca3c2f8daa70872d05f5c9828d7e584358eb1a75546bbf4623014e25e45d61ee73430a5ae56382a171e97603f4c511b5c58461d7204847195ccc5038447fd222c4645c5dc5fa3d2f75baf4342fd7d63dd1d8ddc4852a3dc0f9bd83b0eb7cf02d7b4fcdb56ffa4bb3abebd9f85d3f8f0289ea8321370cb25606f4bce596219ea026192ae373c6945289039c7e393b3b8a7105c95a31cc68cf8a7409d4ca597c913406e3ff5afb29f795c8d76d25ee6a02c235c8622218dd532d9c3f94316726a98a1376d8d766482fa3b52c74e0c31b1abe77a99747e84982da0b7fa744bb75d33f655e7176eecca04be715c4f3c25ee9a94a1fc83d1d0a569204b6319a8382249c10b15fd85137708cf9d19cf638c9fb27e0c3a863d0e2b0680ae7e678105c0ddaffec56e44ebfbcf14b173e890ea3937294e54e7b5c808aae73279fc31c7fac17faf35296fa343fa704b3bd006b363f29725ebe2a52fe6bb63c12b5c194aee957811cd0a6d95f65dd8734c08f9576ec7a5d04f750dc3fef773705e8e19a659632ef0737acee49fda354d632d1eee2a329bbf6101f040bb9da54d6f5863efa675ccf6f4b95e9ab3046000ccf45895850ffe29948ce63eac4da2dd2c9996cbe7aa3207f133aa0f02f610fffb22fbe75edf41356b710f74481328ca45cb318f149c59ca6d6ce63095ab24a0b83469c59f00fe0400011109ed3b212c201aaeefd353791e40e1bae36b2a53efbec8557b031088adfbaa8a1e2799cc9a7afcbb46ba5d92ef73e843af26797427409f0791ed0aa5fcc88fe6af9697a53512290f5ea28151df8496029d33e5dce2504328186fb028226d088ad0ef686e55a24813c4f017b5900092eb27f03607fbf9f3419d806d471f7703b662082672cad191df184e92f84b7ea5bd37db1d8ee3afaadf24f2b1b93c7287ff407a5c9f38c1bb2a311a7088519bb0a5d348073cf8906cd5d7bcc3f3a93f476d2aaa4edcab1f74b35b7d3a0cc980842191795afb3253008286f47642742b720edf7f7231df495d3ce5e9b061ef6c97da549cd84ce0add97efa3634f8ef7d8a3373293cebc1ed6dcc32d8ef7f2df9afb3b07339c8a7fe7f015f1bf6b00f40627f801634ee4d22d53ac003b457f62b721f1d0852ec93e8873e6cf291c83c53e27cebdcd7317eab8c5664d5e3509d14376cb0b4451901844e5eede947334e635666a8066421400c088b4a6230cb3e2fe22bf1d9bf05882515c4a3877e13f0164d91162e70d486537b09027b206c1c7dbbffa2311ce7e6a3627c084f77e15d23346dc5d2c24008efe162d9f66250ee65d22b433afaa7db18c86e8e23b196643440d08c9eabc86854a9a7b46d34d5b0a3aced5", 0x1000}], 0x8}}, {{&(0x7f0000003c80)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(ccm(cipher_null-generic))\x00'}, 0x80, &(0x7f0000001c00)=[{&(0x7f0000003d00)="e582098ecdb59c07ca6ebfa1376c5eefa569ea9a4bfa4fc583b6718757fd2f16ce895e24215bc4911b9256ff32beda8cc24e677994db8b635f35142d71903aadfde600e2616f531853ae8f95e0eb142ea7182763734d9702ebc99af44e9b3772ae65720212d225f2a1643095c6c35a94a130286f177f9a31541e575c3e7509e353159fbe561392c232e2241625574302e49d1c25a43d00861738e6afadec6d8aa00539ba6598074d06c8f012a5d87e869ecc78fa2a815156b1cf61d112d249c646b9649d651fa1fb2b12e99915765e335d191abbfb4a04c0809d29a2e84bdf6e0b31aaba9405a233c9", 0xe9}, {&(0x7f0000003e00)="94196f72f68d0b296a7c25b96473821b4444cc45a1ee589fb3d93ca83112ab51b6e98f1fbc6333e27c08af49fa1999db34ff94dee3ad0fb48ed8150169955e7a0d71b939740209d2f3ab6191ee975e9539c6b2515e6cf3554345d3d79917", 0x5e}], 0x2, &(0x7f0000003e80)=[@timestamping={{0x14, 0x1, 0x25, 0xffffffff}}], 0x18}}, {{0x0, 0x0, &(0x7f0000005340)=[{&(0x7f0000003ec0)="c2f6f4bc23a2341b9e104b8067e26ad04a64a0134564b518f733f7d11cb0bde144c87f24bd9cfdccd4c4f72c355577f482ad4e4f1d10051e5b493b48d6fa82d824", 0x41}, {&(0x7f0000003f40)="195e6afbe5016b0a776a543217742b2f0fa38f7c708a", 0x16}, {&(0x7f0000003f80)="217a34d6f10c956a16a5545b99ec11143917bcfe2d96dae316c09151feb52e7d6386e909a65ccefbacc59ddd7f5dcffc0a8d7527c13555ca4a022e28cc9b121657fe7e014dca9d957d498359741971d0b3d64a8b2688dc0c1f8c40c400261e1e0f6369b60a2a66891cd6fb1a8f58e20a07c677997fbeea1b5cb792175cb93140659cea4bd077e150b5c6413dedc65878f5fc0c356aacf14301812797f42078ce866199", 0xa3}, {&(0x7f0000004040)="5abef27e00d0a34a65328e69c901632e611b12489d05395c45d02d662142d1bb9d425b323e771b555295aecb4f3744fa3dff4a5e4c344d58d2b8", 0x3a}, {&(0x7f0000004080)="09af1edf8acb0eeb1e3daaaa9cee4d3168ba827c2a470683234874b8a179561dcd0cc2c6668252f4ee739d3aa995c2df646bb8d0efffb8d67ccbb06bac458e35145b6b0ce4c669d5301055c8c04096690e1fcbb411fe9062ba03249bcf8222c65bd76e22c355ea0767e3313319645dc76e13f3a31b1b1c15fc539e9ac32765a5ab5d385b25d36546a4626545bf193a7652501fa1c5bc79f016d58ba2e7ca8864a03b680ac98967e93dd1f1bf", 0xac}, {&(0x7f0000004140)="72d3a9649150c3ac534d6757427e315a6f8e50aff0be89a26f7f36a7f9b477b873450dff23eaddafe134b21f52157c888363dc982df5f9f6f6adbac8345ad296fb7fbcdf2d577bd03547490f00b4269d62aecd7dc0f050a9cb3f89919ea59032ccb5bea9287808932267ced3314af73010285c76a51f5e62a4936ec9dc9b0c4aa0816d1f072b1b9a4a28e644baea677607a7e490766cedcb8c9a73f8e6c0233a10e362ab891de9e5c51e6c582bc34318bb0b9f36e5137cf97663250e9b0623b5393a87067dc652d25b92cf67d554949934b87ba95dbac16f78afe865b3d4dae364d242371c71e664b7445a90e3a94603441caf1e1a4e8a5a577074a587ad7440af25d6913355cbb790b5d8e40816d2f130c09e47f90f9a4605c866d928f6547ce695172dbb104bc96670a655c60817e16e7d6f738940c0d9c9718c942a5adbf3220221c6b38aad8b0e5367eb089af6bce2ccf79d2fe21dbd0d220ea287f5b032d3cd5abec1c2727740bf600160250629ee15ef18671af70963c6b13406c0b3c1317456bd91b867fc68deefb39a0a012d8d713d0b62635d5912657d39d968b5b7ae4ba2218fc0cb39ffdaf346b07f76d043bf014235552bd50402c917f41a117480758d1b612c19ff1cbfd8deaf145c418245fd4e6c001847c1ce2f09116b1774fea0714b995d7297ec445f5311f86210f8bf3d4e1ce3dbbb95c79a2351233faf1163e8632f19dfed155a940f750acf3b9b8793f855883fd31f74e70cfe6d73996044b34163152cb0425967019d4f5bfa2743ce73528e76916ec9d5ec15df438e33bf9c103945b9b1f09ffc2f7bf5e240935e6b2c903df296c8e04426bf7cca69908c3088eef28f710a75795121b95020c1237c4b7d4a64e2f7776759b6d7dd7a6ffb14130345c9d93d16e50449824837240e0d84b38baf5daa22a6240e6ca0fdad49516a62dd3392a15c757dedff0518667bc96212df699779886c92eb40b24285016829ba3ee84e3dd2d6fb61ec4a219cddeb333ac08fbe938b88b479bb5ffcc2f0650479889a626fa712e9f479e21e1be230e7b88628ff31603c4614353273f35a6ac76c05c8a0da0120c5e6943cfabab19acd76ab1255513a682f1599bf0976238d11bea75a9b65eedcbd619206a852dbed11fc2485a45f2bbf1ad67833bfcc6a7beae438f32ed6c85ab8955be287aae3ddb75ec4a01121644483dcf03592656af09e815cf5834ca1c44d3c926efa2a2fd32a988939953a714ea248753537b6d851385cc813cb529dcc2d62ceb84cf7de6f9d53c41e934acaaa0f5e24756b3946d4c10e6016bdb0110eafbf052983c9a4e7804d809b41b4b0fefc739e32d8e5c03a8a248457a957d98accb7f16aa058751ad044b2474b14ee06dcbb15ae7b96f39a7deca2bdf79c833f23be7be9ec6e00fcc768d6e2adc8ece0ec52aa31906abd03bfa784bf27da25a6edc68b057632f59ca01c97dbcca3a41914e0f709bc6f48ccfbfa90ab2f152919184472da424e7371fa11d7ef1c6995f7ee2879070448c426876e6ebb71e8bf7fd01339882b7f0ab997cec0f489f571ebabdcd50bf3eb93470cd03eb1b56cb573b98dac2cd119f9624526c12f14f734aec2bbb02cce3fdd71363fc4397ceea173ecf1a46f5d7b854ba4c7d25a82942789e10da65cec0b94efa8e30d750f3246fa2605416509caa47265fe00f7df9df538cd2b896eba0ff92dd673dcf2a6b62e0120b6c3bff4fc620cb7d489664e21bf3340a4956cd99c6c881d150e8b8462faf3505e044cd38aa3774e089c00671942a74d8f5f789736bf6a5fa59b6983093d6aceec57c2970c3320169f111b39b046b7912e79ce8b789b1f57de04e5189f7a9f7a012a18a69a5b7c07bb894e3eba9dde92d4a36e9c33b478ea82ac3a5fc37b7fec680a9723e778abdf0d976eedd22505940545ac7c85ead1259d9661cf8a1537d14018cfc6a48560bdb8e39302f0d5e589524db5a2f4a60b21ed815c9503d4f10f55c1587faa2def6d5bc46998a8aebc4a6424633cc7f67030dcbb00314aeee01e3def2d06d0e84c4e6c831f977377cad7173ad3ca73ba42f3c1f3834381624374609a8498eae323c55fad712c1705d04995ecfb75cc4d9a6880e854b8eceeed950e5de163b80b0adce134a1d54f0d0a5275d46f86195e6485af1f59b17927f26753b9e3423b1e40b8df40dc1e33083add6c1e30a85846bd459bf6ba73123b136e8399192600926b63092650fa06a6565a90b0a6af9935d869a97981eac1f9c19d0dbe90dc9d2f7be0c16459034ca468d196999a02e0eb375363cdbe48127813cb1f0bbcdf72228bedbc78630573a32a17c849d53f0e71815a4d6312a82c09ed29fb2c90041565a11cf9dc9dc52bfac219885cc6a043d1b45edc16365257277ecf83ed4fe347808e3ef1d144f6a2369abdf348e3199917f51d8c1d388b4de7305883430becc4d6ff69b4f0087b772f25fe248c68c3765b19638a992960ce8bf1c2ed054976fb18f2623adb6ae9e075cffa3b6b49edf8a8b3eeea5743d41c49340f93dadd392b8cc36286a6fef7a6b1f51df0c174f23c69f5b494d2e6934d3528f0a12c132d0b64fe92ce0145dc32457cb703ef72b69389b0817295abb2f4faf6b55edd8330521083e105a9e09a2d694751fd8655c69c078e217b2be86340b67254295830a7350101d7647f066f8fc90a4144ed96347a917a6af2a290027f121e2c41e1ef6f9b8b793ce49ca2cd460b9bc2cd6ac9c3b88e5024c9343b6141aae72a232080ae18eeb0c1f54a0408775dbb84153069d5ce18a52cd452a0ce0cd908dad6c30f889efad4ad0020202960327083a538e5ff93cff8edeb11860b4f683f7ac07d0b13f166c97527f332d10f8bd555e65142116c6b49cf1d3b0cb5d7c1940de969711ad544f7207109eeb64be7204b4966a450f46e7f855609ea7f59e92555b8745a5ed5602e546106fffe981d7fbedc9ca1e07ba6cc7f7a23ba31ca20db8b14e5532bc19d6692b5136afabffe4c6b89cd639d8fb69632005e5a5ac21fd09a0ae0c891e4dcbf6e6258491c6b7b94df735a0188edf3479ccd1ff319aba2388eda5e1397c7e6f58390429c97a8d66daedce89188a474f422b6658664c607a8a9805d4666f2346e128923378705a97b7dc4be2361995041148fb49316818b29db90d10fdcf8590662a43757147237f1d023ab031ef91f55221112c94d324e5c6cb0363dfb6534ebf1c989d7b1061282c8d7871d4ee4a5c5a68b5e4589f98d5a594235358992fba93aa06132afeb727f8856cd820b31cb62843eaa953b9e7c3fa38f54526826f4d834755f8462af7fe84ae22038d1baefc3b8ee8b67cd8a8ae06dc426139df86d08075ae50c9ba79a1b16f65ed24cd4758c50eaf8e88744f30ddf4667078e2953191cd9fe56010bb83dc15c7ed204fad990544048eb9651936c350b86870cecec85169e13fb265e275a3b7e4d15a720786767193bf591919f8ccb8b5f19e3992855f9cc9600b4ce0e58a52fd524e26e8156ea3d7186783e77fea5d5f46558629a27a694952422e08ccc6ec826068a6d72c3f804353ad726916332b2121b9ea9725c3abeb4e00f58cd1029d67af9f689b658b52505eb195ced3ca5e95735363d9467baf09066bce7b5126f8aac0b03a138277e8d41303e89f34c554c65552106067862a45fd3f56e0f00e5dc7454e5381ee1c446fc6bd4cbeef9a8c7ee3429378464eaab205d765960dfc6be06387f08423c2542679ae45c3ca704806878a891cb95fe5ad8af346e643f5646ebb7fcfca9d87026c47eb0eb310df535b6dda864292ef15b3f4784b4d15249d2ad6603b2b96b00395945c5463ab26e21d279d645860a1c7b8336b48fde0b1699effca89a305a555827f0c2d39ea96385f86609be2eefb842878ef1f3d25671ffd77d534baa37f5c587aecfc5181ba7cddcbecd7063f6543aa1cde3ae933f3f1b439bbf139d95129f4518a717007791871de1ec2af7c9e1d85c8df0c3d86a00630cb8ce867fa9f66f83a6e8471090a3419988035ca79bccb6e555a2757ac470004f834e415b288a756dac0644ca7bb01b1a70ba1a2310aa4d1dae71e64db7d12fe53d18cffd2af048f1aa5604b3b922fcf48fca7bb27cdd8774178656dbc4fed10374a973f34fd3a9ef144db1ae08ceab9853def0d5dd4ed0ab262e2fd37cf0166e88979728e11d7dc30dd20e943e166fe54a5e70bac0c6e546f4ec606151a8cdf31f4d4bd1d7f415640b7aa89dbd517da17e26fbb44d3454ae29fc7b115f05e258fd61e34f832f012e1edf855f0861f787e36940d0c0d608c0ad0df61f5499f5e283de45d7ca0f902f325f823a5fcb9f342735e7689762a99ff9e6b570a6a667ac004f6d80e106535ed5cb68c17d40f5c9641b68ae253d8c94a68674147e59ca4724f67520a09f02f0bc7c33d8ad77831bee2dc19d95e73e557d04d355f4522a1510fa7172d936b039360a5f23f2a029641b7aac36b81a80afae910b172344cf07f73103a3300a1eb7b3a07aa331116327247aafec55f4327de5835cb194e543007e8cfdd199234a3b7ff21d297b43de4a97c01bfc138d3dda396632ee5bfd1da86552a0ade0032d802a51290766d111469bb019e0cf31cdc5987adfe8f4033c349d7bcfd32473f8d35f152e890795bcbf00628a1140de6f48b2d2b1d8a9db0e5d8a9622abd0fa2f4d86f347a98d756c6eb8c96550f44693c6e4c23d8e50f8bb9cdcc16542bdf08a9a62cd855ed42c9fcdb5bf7e5d38248ee150c89dbe327d17721db0c5a0a3eac43b636b9e90bc4b35881494596c75da41cfd36a107318c8bb1edb01ca57b0352d57fc95054be67c6f0b013af23a54b1933d29f9e3ca2456ace232a2fa562d279e2798f6a29cba64de570b54d99e6fe6ef745a281b3f133161e77565d6d876cb62df83294dd861afffb3ba99af0d7ce741f9ad663fd4faab291b6267bd46ed5c7fe8313e1aec1157f1ad73e1051d8a67784407812dee0538d485f00ea468b47821e2134929e7b69f9c90138d50ad21f51f1f018ee8aa791d034457988a6c2fbda17c1ac167efee18c059bcfb50e372b640243ae75599525b688bbc049a3d450aaa9e418d5ffadfcd9939c3d875b277129eb397dddfe563b6849c2f980e018c3952acc1d628a6202904fbdc5d818676acab71495a8af22ab22db9675a6b247b050a732e56a46f3fb8fce353c36a62b959d5263db205abf24d28705b6fbbd440a810680891ba610a192011fd9b511f93babc45ad0d0a20f584ac024e80757a3e72d7abf18d00c8b7964d501437036cc0b420dfe4577f422a8cc40fae2b0b89442d2077040d893274240f44960f9e75606d0b2d793d553d30e05fe9de76843527a91f2be581245eff695ff9ff9ffbfa5de7f5066570fabdcdfa9f1b1c105fe9d06c309f111eb764ee58689b0573959df96c98dbe34cafc2ec0bc126ac5da831e6a0366b7663eebc6a63a1043cd5e5696f13cf4319207553fe1c0237b492ab9a266fe5fec8c566e67b207685feb9aa4fdffb82057e72afd1812f868f91ff095280a6fa3265910318679620e682cdaa606b0ecbee356be4f568fa55d9a4b805275243f438f4c310dad8911bde2fd9ccf4f8ce896131a650edde228b3dc2c33bf50a57f61fb14c9dc76c2b0cc196a8edea547f41aa160101199172b42952df8fb3a1ed0b1d75e9a265bf9a98c64aa065603ad76a4a71e7d7ad89210642e79065cc9dff95a4231bd910a20e386a3eb814f41c161d795300c138906050d55ed5", 0x1000}, {&(0x7f0000005140)="bfc77830b3485c6cccae5ab4cc1edcd01265de0550f3b2101774cb03c2b982f97954c919fd39c01adeb83407b17b33995ee43eeca351f4f43fe89113e03e99e290f5e28d42082cf29bac15c4043fcd90468fe68cb16fe0047f64cd1e8925d90d81789dc6e6629dea4288438ae2e27b08c0cb3419bb2a5574d022ddea1d0aef6a16ad0c7c9566c4c3023418b11a6b7d3af1f78b16d3a974905c2e4a763ddb592e4a7a4b385a4d7116e31e689b4349b2a1b6c93f7a3b3fc7799ae4731b02cd68ef5ff37001bb", 0xc5}, {&(0x7f0000005240)="8e5508ecbc41480d771449cf7b9594b3e70af4360574a6094b4073db2c48e2c6a93304dd38b0f986594542b12e3cce944f1086ebb3325366f3c20e0754c978cedeb0640d61413925e69fabd0aff573e931dc5c86c0556209f0896aeb8e8367d61f5b0adaa1381af005a6ce066f3a69a17ac897aa8be7a2dcb88acac01102505e5438e7310eda9b81d8975b5388ffd52692b6c82624ee103ac1e5a00544165d386c1b6a41b3261f46a55c5bea75a94fa9ab6834a03314c91b3f2c4198087794b815d45eb3cf8779023a59c72df1e865e0c539", 0xd2}], 0x8, &(0x7f00000053c0)=[@mark={{0x14, 0x1, 0x24, 0xc3a}}, @mark={{0x14, 0x1, 0x24, 0x7fff}}, @txtime={{0x18, 0x1, 0x3d, 0xe666}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @timestamping={{0x14, 0x1, 0x25, 0x7ff}}], 0x78}}, {{&(0x7f0000005440)=@un=@file={0x0, './file0\x00'}, 0x80, &(0x7f0000005540)=[{&(0x7f00000054c0)="bb4d29dbe5b0da3b2767fac1f2e4948c01af080de0556d25cec63ace02f96c7592ac711a2c19270552e7f5c8192dbb517c79f68f4ef5a8f9a110a72fd89e87d2a79ed910086e5aeb830702439c15e326310314947215b50e82f826fcec21903a733bfb51c33c0c89dc61439b406dd51a85a9c9eadf7fdd", 0x77}], 0x1}}, {{&(0x7f0000005580)=@pppoe={0x18, 0x0, {0x2, @dev={[], 0x1d}, 'wg2\x00'}}, 0x80, &(0x7f0000005880)=[{&(0x7f0000005600)="c80e9be56ca2d4ed6b954400be22a09febf1f8f62674ac371e2cfa3620989b6e76582336c32e62df70e51b66ad28007d18e4e9fd6bd4a1a7e73ef169690af81ce609351ddb008cdbfeedea2b45d87c067c", 0x51}, {&(0x7f0000005680)="bea3f9d400b629fb9a3ccd4d16e02084161029e0fc924a209d8a24d002eafad4c87780776a844bb6cd4f25c8c9be42aa73dc703f19152c6f1e85838cc5dcb655e5ca54193d78a95b27b7f0dee4cb679e300a23bb833812ccce711abbf3", 0x5d}, {&(0x7f0000005700)="6e42de142caafc418de6c617a094824a40e9418cf4", 0x15}, {&(0x7f0000005740)="225a3a7bd38f2a06c89c19772e2c70932adb7ae716279aa503b6bce13f7b4c3af32e5fc85af727ae132c8860d0b98312e6f77c09393295fa1870621337f8ffe3a585f9f32178040fce9d7e30732beaa709afac0a8b797560cd46d0b712bf641526253e6a75e5938cd73df6f98afbccbe4366b2cb3d2ae63a5bc00c88d8f5188cea42a2536f6e090b446db7550122dbfa6606bd1d0bc0871d952abf6316b4dd48413f9929388b89702ec2795d812fa6133bddb765680b628f8dde4bde2a390bc5b907a9ecf5bba6a88a391658ea76cabe5c3d7543dd4296dbe9ecad811d5e0564b0d807ea9c", 0xe5}, {&(0x7f0000005840)="3fcd7cd32227cddc256a5a4a8c7186757309c34555f30d35b94934eff386455c8667503c4de6a31971230a4388b3e4972c9763534530", 0x36}], 0x5, &(0x7f0000005900)=[@mark={{0x14, 0x1, 0x24, 0x5}}, @mark={{0x14, 0x1, 0x24, 0x401}}, @timestamping={{0x14, 0x1, 0x25, 0xe5}}, @mark={{0x14, 0x1, 0x24, 0x22e}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}, @txtime={{0x18, 0x1, 0x3d, 0x3}}], 0x90}}, {{&(0x7f00000059c0)=@ll={0x11, 0xf5, r4, 0x1, 0x7, 0x6, @remote}, 0x80, &(0x7f0000006e40)=[{&(0x7f0000005a40)="16615cd5c585a13c06423a93be02ccdf5f633b3b1ee4780cbaae2c5d3027d784984b766a3e88a19fab2a61691ef3a3f0a883baa4386700559ad3cfabd63488ae9f560082462c54eda47814a087c2a51eb8ceddf81a7a6dd7df80e30bdd0291de56f957c30cdf0c3b46f5b030a8f4b757c7b4bc0c35b736949e6f3ec457e7a39f8fe8d5019b1d8845702ac384d65dd129172c9ebb8b88f532592402e5fa2bc385afae8122d27e75d6b6b03e7361eabf8e02ff4ee1294deab90230a798d1afcf03ce5e6c091a12270210ba28339ed824beb13dcdc72eabb57cae39e7033d217eb70af74efaac08e1096b6fd52277e245c17d24f060", 0xf4}, {&(0x7f0000005b40)="f1e8d91108fdc074516a0d922b4634e812099b4a6abd45ad2a13377a5f25ab7856fdf8d2fab0f5cbe28c1890ba1efa67638f8635c8262e65127153a9c8a6fb6d8055056ba680a8cc7416", 0x4a}, {&(0x7f0000005bc0)="04948b5b6b1826765b2502ed3aed46c6da5d0d8a50362de6b0e2f24cb8eb89057a227045d0abdb4789f238a3fb6fb8e6628b437a2cf05e049bce92161f24cee1337227a5ec86edee0b8e9dc2f4645037ccdad11cb0ea27d7646f9959189537bf7ec5547d43dc142164b091beb0d164ee37eb", 0x72}, {&(0x7f0000005c40)="96c36f386571b57a0753f39364d0de995dad1c24f19b3450d8d27423d3c3a1a64bcaf4505ab05b21b2fa3629add2ed3ba8064df42b13bc3028eba8b1bc7aad3e5f7d444cc9dac9c85b44c2df5a5b55991034ffb78e770fee3eb63690e3585157f3eaaef8a72cdd63dc340484f7825d368a579885e5236881e4473d89a869e35ef178f68f5d27eac0ff0e07da7e257ba571577b69ce039da8f03188be46c0de244b55c6cb021a184f97c20c4c7c9a13cd8bcaebe97dc152b0f427a8eaf32e2bf4fc090b6e6176d0ef72daf76f032beea58d5a7cf73fbe3b99dac9064933c8c179bc32c422943c3d18f4e7976320c77595c48aae99098e5228f68e523aeb9d33fe26e8f123f68ee7b7089470ce4327a9b35ac76b64efbc3969361389aacaf96e4dd8210404c8902b1d25d96e92ab1834cb69d0a0512183c787bf6e85bf1fdf2b113e8d0179b7b1c26ab24bbe272692305e7dd3de2f0b57dcc8163d6e10c9135d8641a806ae8692466e5a48d048b7e5690b7f2688871d65de1a30a363b03a7431971e8e94ba049c2e5fcfdef3456ab2d5523314f0d9d51ea40eb160c5ea246f0d55b779543cde1f6daa3a1b78bca658c9796eb6130b782d2e50c9f7e7b7c4d2970b9f857be1b45f4e6a40af45a25256beb22ac5303ad473e824993a80f3dc8480f41134db24c3b3d5c2ab4dce9bd48f33da9f338dea2581772b5fbbc1f570ab17acc3ab3b908c56473db1fb0875ab316ddfd96e71e45b998a5770eef6fb11be5499115f6339f706dc5d381846fcd170e6f53bc62d93a18a858f6d5da54863c8c81ef2403410eb7b9c5cbf7fec4b139c2207265ff2b20a766294cfa182aa89e33cc721ec0b44a1c1d1e41c09d1d3e1a8adbb335dcdf74abbe21e41cf6ca30c598bb4d57476e2377886901467cd108227afd99e6b82c0cdc0cd564b7890b0c017f134d07861b9b39ee70053743f20457a091e8ab631e3b3ed0dac6071ac5b15f8afbc641dafba3855900a85cd7bdf3a22082162380b60041ce032b17d38ee0c35b4b02a20548d61be34e832a015ff185829f24b8d9da928615cc5f3330c145bb3b37f2f66fe8f043ed00eed6c073d8f8478a377af94b852de063b6459e5fca4d6266ae9e4ddd35a2c89fd31675dfa260063e2f48d56a2f7329fb7273f617ac493e9a32700e9c1d0dfa37a7604c1c60fd95e8da9a1da3e9e3da392ea11b9d8e8479a49f01782e841f12d6a283f6fc6d13296978e8c50fb00da2b07f7a5b49bcd50f685dd3861968875d808f8b06118bc4024f58476c69866fe0046ff9a26ecefad39ee679fe43a72902b7fa10aa0b643f0766e08aea76c108f66fe3dc1840933a3004ac69065b775fa5c68f531ba64407e032fe3eca4cc1f176fc1ade87db6536bb926aff7f20ffd327cb011a4c3a2a0e188e8c51af92aac06cde549f88a3a6e26ade16b9fc97bc8960c96e16bf0b26d252d2235437177bc328f9905d523cc10268f1828f2904918a04846ebaafb37526289502f1a1eb14642502238b25b3a7ea7f47516cfb21a56cdf44b04f5da360af86d89d6b5ea0f42470b033538f9317127862138e5326695e57b548df3866409562673b761fbde82cb489d591f3a818425cca7f6f1c64701dd3863203ea2860cb345324c0acb03200d0545669ef8c4e1845f1736b986b114035bbfc6ebe5398912b55f4d5952eeb0d424fa2024b4299a80b8985a14f3482ee17383080e9465b2e05e34a89488af7258189d3762d4c6bdcc33d9a45acfdc45a6a884287bf8ffdd0345579232b7c0cfca89c728a15583ba9116586126d4acc8940620598918d0b4784437979c827d69d6436d088dc705ab1de29140e4fdaacc4d3d146781b55dee1948f25033539565f8d2f9c42398086c0713b37084a780707a2b83c34db17492a8993f02b478da7cb293e87f100936e9bd779defd544ef4d1355f96f3c7589b6eacafdd0cd9e84449b21e0ae73ef2a3b30c110589435560b0bc87a05b71a6181e707c0354d94be7aa1945fa281b9661af5576d3235cb9be3c4877b4a2764089e3f1109b910f824efb79546d17fc3ce80235ba576d04193dfdd3f4d398fea855c31174625ab0ff32359e96b29bcaa61b5a8653b6d0a2a10254b60114e987a9007e2c2b74f6af236db46eca71f4e67e8ad17f1acf7766c2950fb492bd1c857987431001e070993e43c2f9244e2de924c74b5c30bc8fc54f877c63f389ec2f20884ae4cc57de5b01cc23c0eeafce53708c9a740f8e9424250c8e2a8e39e88c639e9f5f0d8ce6aae54863d60747c4e87209a3f8a05dfcb304171884874546fc3765b16e0ace0614c0121ddad5bce930886af4602f3f06116b6258de20c8aaaaa428dc480f12a77467b995c2e012c60f19809765c1d8fe768ea8b6eec99557db8c35e877f2d221c450ee3eec7bdb34459d63024614aeeeb778d096a0c233a58e4cd24a797130772aec35f287a996c74116eaa28d80e38ebf311d05bbc09aacb43b615fbdab245390e4b1e2b91c7af465d5c1566f9f871d51b06393606b2920587f0fa63763f0549651cfe75f56a4f86f2f2182cc95b32fa51c1c6b0b29a527744452cd2e96b9f50acc7509064769b7388afd4b788f01f4dc1f6c36ac13766f5e5150c0effd22aa002121b52aad185f30b80cb004d51fea31777e98c5ebafd951f3b98de7721a262489a18b4f551021b756e933da72090dd0c194e5ef114dc83f1f79ff838522744f77caff887a62f22b2174aa178f175d2f7b6f6c4dff24eddd48441a2b65fd208c2e49c1e566baa5fb3a181d5246f03660b932238e736f929cd0fc0fa2232188c6fbc292a4aba962a8320fde5b7efa83cc8bacf27a27f5086d59356b2e90e5ccca96db265bb5e8b63315dac6d680ce711d5f20fa6a6dbee144ffb9b276fb20869fa0bbece7dd73256d307145608ed0f47dc45f93dc22ff93a0b4e233073ee0742ee751aaf1cdb57fdd9faed920e5676ca61d212b1a1b20f16049091966fd75b12839c3cb011e185cddd922cfebaf64896ca530e657d7c9adc8c80b1cb1f545a928754a77bd1419890e193f05bea3f1ef65ac06057ed9413f423fa1de003250641face555c49eefa148cba9edff022956a95bf5e58dc262ff55c9c0c3a79475c24277ef456385b40d5fe6fc3cba8952a0249336de593abdb6dd50eb8618204d04f672d70cf94b6c902b07d55c2ee12932e4394490b37d565416c11e47dd6e167eeb86216fe28cee0421fde09b3d078f5c4b634dc9ffe11db432690e52b9a8a292d1fb8e1d7635a2047ea8020fc715e9e80f70476caf2b8301723f8afab6a105fbe0b3b6d74d72fa30ba9b677fc3fabd9fa53bfd1d6b9c6a79ab4eff5c844549084167ffda37850f96c7219f78b8fe0ad7619bdd34262a4e60dbed8f5a33dc040adb3c8c804cfcd028ccfa4ac7a27524fac534e055a1523b8ddd50e66dac78a90cbbdaa50c4ce88079ca4f8b1a5d12272c737bd381793afe3df2a98c99eb11ac2987cb011092961193a76279d5a8c78ea739c100b531136f15f11964d3aed4af8739c62e8633695c651dc694c608212e2dc68b58c62e4713abbf950758d1515578babf28dd0b266f81858b6b25d6f4cb35ea5ae26f5f077acb5c66181c012a280b8a95253330aa8708fe5a765099a9ef134c041f1c90e5c84ee56aa7b422f8aea0d3c202fc18588e2b43720dd669b124c2878da6310f427b6799eff68600a9b77826806248d354529d8f8605c5dd52c6665762525a47f666549680d40663e984aa782d78c511a95fab915d32ffe904c081cf2ad068b33c9070ddbf2d51f692e943d226efe21366c2191d7c3a074313d54f19ed05bf176dd9f0b2c358e217d2c35f664746d4af8197dc17257978495fab18dec8a158f85c43ea6bb28f3bcafe70a72c8438bdc94a9c6d2f202f2387a0c415233fcb9d6f7498ae94bfa4a4f858854ddabbe12d650de85c675982f66afab7fec4a0a4a69f6e15c54b465f12ca4cb71dadd9a045f51304daa24892d2a553da4caec1638e6dee616469e9d08e80e6bed59623011857fd85f356cab6d6955c3b82da2852c6696ebc94fc51b9eb4470201048a8ed98cdfd569d658a8b339d9ff602db745a5239e11884f68dd8cf6e8fe59851d58fd88ffa0ad4fc9880ab2c5dc1841abf8a27e094bac1db2c47f990eef0a13586021ddbad7d4b0c453ee14cb4228e8fdf345b7e8dd07d580cc8be5c9c1c26a719c73d3426f4a112523c11e012aa34eb337b7d0eede263c9a67fad444d5a86556b48ee45c87500d4a68a31a0ffe945ec0cd9ea1004c869be059ddbac20ad7fffd83c1885fffe52ee2fda01b72f84f8c9be3d5a68634bdaf5f3e36e1817243fc9c5c1374ca101cd37c52bf7ea48f3f0deae8ed169542905e4172c41b754eb0402cd4796e7ca537f3afeafd8bfaf148560fee92f5f6b9935885e239827eac4e64202f56decc8e03220578790d01fb61a7b2b184c9038b8a2f37da68c6db5ab809800b78b0cb0ea06df7cee72795da3319c70e210be5848e03f944ca3a3cb0ea5462dab92806ecffe33e8f2a1aac5a1883edbb701605705073b02db3f8af42c591ef21807afc11b6ff35dc2a60112f2639909640f33aa7b9b31f658a00b64cd225253f89d266e8983c10c9668a204cf29b125d40c2ad63952cff1f880c49a33cb6ccbeefd40e21de5d5e81ce0ef816fb76cf58743765fe0b1264701e1d48a7eeb400082ecdbf04f62f07f6c3cbdc32003086b2eb983808b7d7fb700f6e65af01075176c581bf5b15836134aa3e27b6a0e33de6aa71b8068e83edfa3983134fcef31421c4e3d37c8009f0b448e92dfd98996e6a994dc029e2b887f7a41ed872d63e41b711d5f95036aeb96504be038024a420b8f25797e1543e0bffb6f6928333954ad993a0e444b9fbaf67ad1ffdf5de8dda8e414f13cf3bc5ffdd44721dad5fa311c7484feb6f46a91b64668df80f707dd695441e8c85611edcc2d3125f6bb543918e1f4093e7f6823b2a184fddce8d7e1ec8bd921d12064a008f62747a2b604afc343bfa998214597fed33534e728c39a91276d8b115f75e2aea6697d0ba816d12432cb7a7b00f3036268f2048ebf5a2ebb8d91cace640909701ca08a1859856e5159748208916013f9e8b1e6df90ec1d5ef17c5ce46f7f5dc3eee6c49ffb59e66fe6e0a709e3570818d16ac7c63db69d7eac84b18912cdf482796c95c71fa35f682df635edcfc5f0a477549ad1780c1272ecda6188aaf77207e80790cb4c051799a276efccfd50429088bb1e7dbd94283ddce8a5a779d3edde9e92ccc4b59febd306d0edd16f1403e78ea456e7e54125495904bdb759e7e83842b41e7b019f0884f46102d2df259edc3e968ec92847d52b29a05c422ebf0c6066454ffc723f059d7f0c47e1df644da2baa0fcf92ae4e056c4a406aeaf5c58633e5e39514037c5b2a8d72ea67142c3b544b77c7f6f412045237665e60632f95c026456c1a111be2758a40054523505afd8beb559320aab325d844acb5b61521c7aad4c1aab0da80c5c425e7aca45676aa4de683457585f7db36d4087bb099e1a0ab5e536b17dc7205b8884f0fc033d50bf372fc5ca180e8e21b186c15b3f8cf19b5dbf8ae1fd137edb08d022d0d11accabda82fad97fe38240bdf748b53c2fe638c9e00b6ceee6448c1a206da818df325d2172a65e5c869567e2d37c0cf7938e296c3b844bd96ca666b8a9c122358e387422ec20c543aa97aa6ddf2816cfd59a3b97ceb1f28cf56e5537e4a7d1d9b577426614ade", 0x1000}, {&(0x7f0000006c40)="9a270393bae3f6221e9ec7bc2f35c0154ebc36afb1931029ecc0def30691da11a04919f74c86f1ef0f67abe27c3a86a02393ca4e55e29f59ae100314fa992fe39f08a7530b8f23e0bd720517b5dd1cdeee1f72c7c10e3603551af9464ee45aedf69d753bde0bcf41dc411da105b287c92392dd8517ace6bf71c0f34a480d03", 0x7f}, {&(0x7f0000006cc0)="656f90a05834a01394f794b386967f2a3ba28217f3975b3723d50670f4c14fb27ed4", 0x22}, {&(0x7f0000006d00)="509a3706a7e54bfefca62e7c7da9fcd450140f0801db20a6d92c94da3332bac9b589ef2f88249adb4b48badc093420d9c0ae2b44db3805e5c5970d83144c8944d664014fe2835eced4d0e9a2acc7859506e455a158c562acac2570aef6e7bcfb8441a0f3ada4dc122eeca8051a85fb216e0d640c4611418a56a59998ab4e2f1695542ea88e0cf71a2a57b17647eaa573b4d978533d67fa8c393a2957ed3946a9a6be0310cb38eaf207d36387c549506a4f8acc4298c603e389292f895cbc869469e939b00e4aca40847a6887dd4f0b46238c5409139517b6da008af13ee94642a7e6b72c0e5c64ef78", 0xe9}, {&(0x7f0000006e00)="aa92e1fa56bf8c6827183f67ab6fc4d6f1589839bb422ff9cd85e1f0ba85759a2b795099949d80", 0x27}], 0x8, &(0x7f0000006ec0)=[@mark={{0x14, 0x1, 0x24, 0x7}}], 0x18}}, {{&(0x7f0000006f00)=@nl=@proc={0x10, 0x0, 0x25dfdbfe, 0x1000000}, 0x80, &(0x7f0000007080)=[{&(0x7f0000006f80)="a8fceb8b2aa583bd666127f2bd2df0f3768924f2fb0a3dd275250fb0215e350f930c30fd7a8196f2e0b05e2d008a84f99282555727b4c6f46dc776897774af215759cb58926d4569ac19e0c5e9ff330405d01d5004a80bf1c12f36aacfa6129ed883f0b5e346a095d035a3f7b3e8fe176e566473663650728cb973d50bd49e1dcd1f4dee2035698d2ed7f741a8407289ed528971ce861831465fdf3af0cdb0812ac72cb69f25dbe0ce9360d36440fa568a3837854e1cb7da6dcbd9472189a0f0b8e9cb27a78b478f80c6e0333ab5c1b8c8c5a31e", 0xd4}], 0x1}}], 0xa, 0x8000) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$inet_tcp_int(r6, 0x6, 0xc, &(0x7f00000000c0)=0x2000000000000074, 0xffffffffffffff05) 03:07:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() r1 = dup(0xffffffffffffffff) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000000140)=r2) sendmsg$NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x38, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x400, 0x1}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r3 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:39 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r5}], 0x1, 0x0) read(r5, &(0x7f0000000340)=""/216, 0xd8) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1291.657288][ T426] syz-executor.4 invoked oom-killer: gfp_mask=0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=0 [ 1291.670834][ T426] CPU: 0 PID: 426 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1291.680799][ T426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1291.690837][ T426] Call Trace: [ 1291.694102][ T426] dump_stack+0x14a/0x1ce [ 1291.698400][ T426] ? devkmsg_release+0x11c/0x11c [ 1291.703311][ T426] ? show_regs_print_info+0x12/0x12 [ 1291.708478][ T426] ? radix_tree_cpu_dead+0x160/0x160 [ 1291.713750][ T426] ? _raw_spin_lock+0xa1/0x170 [ 1291.718480][ T426] ? _raw_spin_trylock_bh+0x190/0x190 [ 1291.723820][ T426] dump_header+0xdb/0x700 [ 1291.728123][ T426] oom_kill_process+0xd3/0x280 [ 1291.732867][ T426] out_of_memory+0x5b6/0x890 [ 1291.737511][ T426] ? unregister_oom_notifier+0x20/0x20 [ 1291.742960][ T426] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1291.748479][ T426] ? get_page_from_freelist+0x7c0/0x7c0 [ 1291.753992][ T426] ? ipv6_getsockopt+0x1f3/0x300 [ 1291.758896][ T426] ? __zone_watermark_ok+0x96/0x260 [ 1291.764066][ T426] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1291.769420][ T426] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1291.774929][ T426] ? __vmalloc_node_range+0x439/0x7b0 [ 1291.780268][ T426] ? __vmalloc_node_range+0x439/0x7b0 [ 1291.785606][ T426] ? __kmalloc+0xf7/0x2c0 [ 1291.789909][ T426] ? __vmalloc_node_range+0x439/0x7b0 [ 1291.795265][ T426] __vmalloc_node_range+0x360/0x7b0 [ 1291.800441][ T426] vzalloc+0x70/0x80 [ 1291.804310][ T426] ? alloc_counters+0x66/0x520 [ 1291.809045][ T426] alloc_counters+0x66/0x520 [ 1291.813608][ T426] ? xt_find_table_lock+0x1b0/0x350 [ 1291.818868][ T426] do_ip6t_get_ctl+0x5c1/0xbd0 [ 1291.823614][ T426] ? alloc_file+0x81/0x4a0 [ 1291.828000][ T426] ? compat_do_ip6t_set_ctl+0x33c0/0x33c0 [ 1291.833692][ T426] ? memcpy+0x38/0x50 [ 1291.837654][ T426] ? mutex_lock+0xa6/0x110 [ 1291.842049][ T426] ? __module_get+0x130/0x130 [ 1291.847075][ T426] ? memset+0x1f/0x40 [ 1291.851029][ T426] ? selinux_socket_getsockopt+0x122/0x340 [ 1291.856809][ T426] nf_getsockopt+0x2c1/0x2f0 [ 1291.861375][ T426] ipv6_getsockopt+0x1f3/0x300 [ 1291.866112][ T426] ? compat_ipv6_setsockopt+0x1f0/0x1f0 [ 1291.871714][ T426] ? tcp_getsockopt+0x66/0xd0 [ 1291.876385][ T426] __sys_getsockopt+0x240/0x2b0 [ 1291.881212][ T426] __x64_sys_getsockopt+0xb1/0xc0 [ 1291.886207][ T426] do_syscall_64+0xcb/0x150 [ 1291.890694][ T426] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1291.896590][ T426] RIP: 0033:0x45f35a [ 1291.900457][ T426] Code: b8 34 01 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 8d 8b fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 37 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6a 8b fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1291.920030][ T426] RSP: 002b:00007ffc8fd1c1d8 EFLAGS: 00000212 ORIG_RAX: 0000000000000037 [ 1291.928416][ T426] RAX: ffffffffffffffda RBX: 00007ffc8fd1c200 RCX: 000000000045f35a [ 1291.936370][ T426] RDX: 0000000000000041 RSI: 0000000000000029 RDI: 0000000000000003 [ 1291.944878][ T426] RBP: 000000000071dca0 R08: 00007ffc8fd1c1fc R09: 0000000000004000 [ 1291.952832][ T426] R10: 00007ffc8fd1c300 R11: 0000000000000212 R12: 0000000000000003 [ 1291.960771][ T426] R13: 0000000000000000 R14: 0000000000000029 R15: 000000000071bae0 [ 1291.983328][ T426] Mem-Info: [ 1292.019879][ T426] active_anon:1439923 inactive_anon:4691 isolated_anon:0 [ 1292.019879][ T426] active_file:205 inactive_file:212 isolated_file:32 [ 1292.019879][ T426] unevictable:0 dirty:5 writeback:7 unstable:0 [ 1292.019879][ T426] slab_reclaimable:7228 slab_unreclaimable:72618 [ 1292.019879][ T426] mapped:55810 shmem:4764 pagetables:30185 bounce:0 [ 1292.019879][ T426] free:10280 free_pcp:75 free_cma:0 [ 1292.057977][ T426] Node 0 active_anon:5759692kB inactive_anon:18764kB active_file:820kB inactive_file:744kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:223240kB dirty:20kB writeback:28kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1292.083963][ T426] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1292.112945][ T426] lowmem_reserve[]: 0 2912 6416 6416 [ 1292.118640][ T426] DMA32 free:17344kB min:4644kB low:7624kB high:10604kB active_anon:2839284kB inactive_anon:16kB active_file:1120kB inactive_file:1380kB unevictable:0kB writepending:116kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7520kB pagetables:21604kB bounce:0kB free_pcp:576kB local_pcp:248kB free_cma:0kB [ 1292.171560][ T426] lowmem_reserve[]: 0 0 3504 3504 [ 1292.182977][ T426] Normal free:7176kB min:24744kB low:28332kB high:31920kB active_anon:2919964kB inactive_anon:18748kB active_file:504kB inactive_file:244kB unevictable:0kB writepending:32kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29728kB pagetables:99136kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1292.212526][ T426] lowmem_reserve[]: 0 0 0 0 [ 1292.217216][ T426] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1292.247318][ T426] DMA32: 395*4kB (UMEH) 59*8kB (UMEH) 36*16kB (UMH) 14*32kB (UMEH) 3*64kB (UMH) 9*128kB (UMH) 8*256kB (MH) 15*512kB (M) 3*1024kB (M) 1*2048kB (M) 0*4096kB = 19268kB [ 1292.264701][ T426] Normal: 177*4kB (UMH) 144*8kB (UEH) 98*16kB (UE) 30*32kB (UMEH) 13*64kB (UMH) 3*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 6884kB [ 1292.281635][ T426] 4965 total pagecache pages [ 1292.287586][ T426] 0 pages in swap cache [ 1292.293917][ T426] Swap cache stats: add 0, delete 0, find 0/0 [ 1292.301337][ T426] Free swap = 0kB [ 1292.305291][ T426] Total swap = 0kB [ 1292.309195][ T426] 1965979 pages RAM [ 1292.313198][ T426] 0 pages HighMem/MovableOnly [ 1292.318156][ T426] 318832 pages reserved [ 1292.322481][ T426] 0 pages cma reserved [ 1292.326745][ T426] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=26971,uid=0 [ 1292.341068][ T426] Out of memory: Killed process 26971 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:07:40 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:41 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:41 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) ioctl$RNDCLEARPOOL(r4, 0x5206, &(0x7f0000000100)=0x10001) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:41 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0), 0x0, 0x1) close(r1) splice(r0, 0x0, r1, 0x0, 0x0, 0x0) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000000)={0x200, 0x6fb1aaa2}) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) dup(r4) [ 1293.825639][ T405] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1293.836540][ T405] CPU: 1 PID: 405 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1293.846147][ T405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1293.856173][ T405] Call Trace: [ 1293.859455][ T405] dump_stack+0x14a/0x1ce [ 1293.863753][ T405] ? devkmsg_release+0x11c/0x11c [ 1293.868659][ T405] ? show_regs_print_info+0x12/0x12 [ 1293.873836][ T405] ? radix_tree_cpu_dead+0x160/0x160 [ 1293.879084][ T405] ? _raw_spin_lock+0xa1/0x170 [ 1293.883815][ T405] ? _raw_spin_trylock_bh+0x190/0x190 [ 1293.889155][ T405] dump_header+0xdb/0x700 [ 1293.893452][ T405] oom_kill_process+0xd3/0x280 [ 1293.898182][ T405] out_of_memory+0x5b6/0x890 [ 1293.902742][ T405] ? unregister_oom_notifier+0x20/0x20 [ 1293.908185][ T405] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1293.913718][ T405] ? get_page_from_freelist+0x7c0/0x7c0 [ 1293.919241][ T405] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1293.924589][ T405] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1293.930107][ T405] pagecache_get_page+0x50f/0x880 [ 1293.935103][ T405] ? is_mmconf_reserved+0x410/0x410 [ 1293.940273][ T405] filemap_fault+0x1474/0x19d0 [ 1293.945595][ T405] ? generic_file_read_iter+0x20b0/0x20b0 [ 1293.951283][ T405] ? ___preempt_schedule+0x16/0x20 [ 1293.956363][ T405] ext4_filemap_fault+0x7b/0x90 [ 1293.961191][ T405] handle_mm_fault+0x2846/0x40b0 [ 1293.966097][ T405] ? finish_fault+0x230/0x230 [ 1293.970741][ T405] ? vmacache_find+0x3a2/0x4b0 [ 1293.975472][ T405] do_user_addr_fault+0x48a/0x9f0 [ 1293.980468][ T405] page_fault+0x2f/0x40 [ 1293.984598][ T405] RIP: 0033:0x72f1a9 [ 1293.988483][ T405] Code: cc 48 8b 44 24 08 48 8b 40 28 84 00 48 89 44 24 08 48 c7 44 24 10 00 00 00 00 e9 32 4f ff ff cc cc 48 8b 44 24 08 48 8b 40 28 <84> 00 48 89 44 24 08 c6 44 24 10 00 e9 66 4f ff ff cc cc cc cc cc [ 1294.008063][ T405] RSP: 002b:000000c4319044d0 EFLAGS: 00010206 [ 1294.014101][ T405] RAX: 00000000012bdec0 RBX: 0000000000f43100 RCX: 0000000000a486a0 [ 1294.022045][ T405] RDX: 000000000072f1a0 RSI: 0000000000000002 RDI: 000000c424c11d20 [ 1294.029985][ T405] RBP: 000000c431904570 R08: 0000000000000000 R09: 0000000000000000 [ 1294.037926][ T405] R10: 00000000009f0182 R11: 0000000000000004 R12: 0000000000000000 [ 1294.045868][ T405] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 1294.075884][ T405] Mem-Info: [ 1294.079468][ T405] active_anon:1439663 inactive_anon:4691 isolated_anon:0 [ 1294.079468][ T405] active_file:306 inactive_file:311 isolated_file:17 [ 1294.079468][ T405] unevictable:0 dirty:15 writeback:0 unstable:0 [ 1294.079468][ T405] slab_reclaimable:7225 slab_unreclaimable:72516 [ 1294.079468][ T405] mapped:55908 shmem:4764 pagetables:30215 bounce:0 [ 1294.079468][ T405] free:10644 free_pcp:3 free_cma:0 [ 1294.117417][ T405] Node 0 active_anon:5758652kB inactive_anon:18764kB active_file:1224kB inactive_file:1244kB unevictable:0kB isolated(anon):0kB isolated(file):68kB mapped:223632kB dirty:60kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1294.142169][ T405] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1294.168463][ T405] lowmem_reserve[]: 0 2912 6416 6416 [ 1294.174002][ T405] DMA32 free:18096kB min:4644kB low:7624kB high:10604kB active_anon:2840060kB inactive_anon:16kB active_file:836kB inactive_file:872kB unevictable:0kB writepending:48kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7424kB pagetables:21492kB bounce:0kB free_pcp:100kB local_pcp:0kB free_cma:0kB [ 1294.207341][ T405] lowmem_reserve[]: 0 0 3504 3504 [ 1294.212607][ T405] Normal free:9108kB min:24744kB low:28332kB high:31920kB active_anon:2918672kB inactive_anon:18748kB active_file:276kB inactive_file:352kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29792kB pagetables:99372kB bounce:0kB free_pcp:104kB local_pcp:0kB free_cma:0kB [ 1294.242291][ T405] lowmem_reserve[]: 0 0 0 0 [ 1294.247236][ T405] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1294.260907][ T405] DMA32: 36*4kB (UME) 56*8kB (UME) 70*16kB (UMH) 11*32kB (ME) 8*64kB (UM) 5*128kB (UMH) 0*256kB 11*512kB (M) 9*1024kB (UM) 0*2048kB 0*4096kB = 18064kB [ 1294.276401][ T405] Normal: 509*4kB (UMEH) 170*8kB (UMEH) 117*16kB (UME) 44*32kB (UMEH) 12*64kB (UMH) 3*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 9108kB [ 1294.292326][ T405] 5223 total pagecache pages [ 1294.297144][ T405] 0 pages in swap cache [ 1294.301486][ T405] Swap cache stats: add 0, delete 0, find 0/0 [ 1294.307748][ T405] Free swap = 0kB [ 1294.311634][ T405] Total swap = 0kB [ 1294.315534][ T405] 1965979 pages RAM [ 1294.319586][ T405] 0 pages HighMem/MovableOnly [ 1294.324445][ T405] 318832 pages reserved [ 1294.329120][ T405] 0 pages cma reserved [ 1294.333401][ T405] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=847,uid=0 [ 1294.347638][ T405] Out of memory: Killed process 847 (syz-executor.0) total-vm:75356kB, anon-rss:16572kB, file-rss:34728kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1294.518566][ T851] syz-executor.3 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1294.556726][ T851] CPU: 0 PID: 851 Comm: syz-executor.3 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1294.566803][ T851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1294.576833][ T851] Call Trace: [ 1294.580126][ T851] dump_stack+0x14a/0x1ce [ 1294.584439][ T851] ? devkmsg_release+0x11c/0x11c [ 1294.589350][ T851] ? show_regs_print_info+0x12/0x12 [ 1294.594522][ T851] ? radix_tree_cpu_dead+0x160/0x160 [ 1294.599774][ T851] ? _raw_spin_lock+0xa1/0x170 [ 1294.604505][ T851] ? _raw_spin_trylock_bh+0x190/0x190 [ 1294.609865][ T851] dump_header+0xdb/0x700 [ 1294.614166][ T851] oom_kill_process+0xd3/0x280 [ 1294.618901][ T851] out_of_memory+0x5b6/0x890 [ 1294.623460][ T851] ? unregister_oom_notifier+0x20/0x20 [ 1294.628891][ T851] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1294.634413][ T851] ? get_page_from_freelist+0x7c0/0x7c0 [ 1294.639930][ T851] ? __zone_watermark_ok+0x96/0x260 [ 1294.645116][ T851] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1294.650463][ T851] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1294.655981][ T851] ? copy_process+0x5a4/0x5150 [ 1294.660723][ T851] ? copy_process+0x5a4/0x5150 [ 1294.665456][ T851] ? kmem_cache_alloc+0x1d2/0x260 [ 1294.670446][ T851] copy_process+0x5f3/0x5150 [ 1294.675005][ T851] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 1294.680522][ T851] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 1294.686554][ T851] ? fork_idle+0x290/0x290 [ 1294.690942][ T851] _do_fork+0x196/0x920 [ 1294.695064][ T851] ? switch_mm+0x100/0x100 [ 1294.699450][ T851] ? dup_mm+0x300/0x300 [ 1294.703581][ T851] __x64_sys_clone+0x25f/0x2c0 [ 1294.708314][ T851] ? __ia32_sys_vfork+0x110/0x110 [ 1294.713314][ T851] ? __fpregs_load_activate+0x2d3/0x390 [ 1294.718840][ T851] do_syscall_64+0xcb/0x150 [ 1294.723313][ T851] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1294.729175][ T851] RIP: 0033:0x45f219 [ 1294.733043][ T851] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1294.752618][ T851] RSP: 002b:00007ffcb9bf4a68 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1294.761004][ T851] RAX: ffffffffffffffda RBX: 00007f9df774b700 RCX: 000000000045f219 [ 1294.768949][ T851] RDX: 00007f9df774b9d0 RSI: 00007f9df774adb0 RDI: 00000000003d0f00 [ 1294.776892][ T851] RBP: 00007ffcb9bf4c80 R08: 00007f9df774b700 R09: 00007f9df774b700 [ 1294.784843][ T851] R10: 00007f9df774b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1294.792786][ T851] R13: 00007ffcb9bf4b1f R14: 00007f9df774b9c0 R15: 000000000076c0ec [ 1294.909082][ T851] Mem-Info: [ 1294.922696][ T851] active_anon:1438887 inactive_anon:4691 isolated_anon:0 [ 1294.922696][ T851] active_file:314 inactive_file:571 isolated_file:35 [ 1294.922696][ T851] unevictable:0 dirty:15 writeback:0 unstable:0 [ 1294.922696][ T851] slab_reclaimable:7225 slab_unreclaimable:72439 [ 1294.922696][ T851] mapped:56046 shmem:4764 pagetables:30216 bounce:0 [ 1294.922696][ T851] free:10833 free_pcp:666 free_cma:0 [ 1294.997824][ T851] Node 0 active_anon:5757348kB inactive_anon:18764kB active_file:1040kB inactive_file:952kB unevictable:0kB isolated(anon):0kB isolated(file):124kB mapped:223684kB dirty:60kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1295.035553][ T851] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1295.065503][ T851] lowmem_reserve[]: 0 2912 6416 6416 [ 1295.071911][ T851] DMA32 free:20912kB min:4644kB low:7624kB high:10604kB active_anon:2838060kB inactive_anon:16kB active_file:116kB inactive_file:332kB unevictable:0kB writepending:48kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7424kB pagetables:21492kB bounce:0kB free_pcp:860kB local_pcp:232kB free_cma:0kB [ 1295.101117][ T851] lowmem_reserve[]: 0 0 3504 3504 [ 1295.128480][ T851] Normal free:7652kB min:24744kB low:28332kB high:31920kB active_anon:2918392kB inactive_anon:18748kB active_file:976kB inactive_file:884kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29760kB pagetables:99360kB bounce:0kB free_pcp:652kB local_pcp:0kB free_cma:0kB [ 1295.201826][ T851] lowmem_reserve[]: 0 0 0 0 [ 1295.206612][ T851] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1295.219915][ T851] DMA32: 30*4kB (UEH) 6*8kB (UE) 15*16kB (UE) 17*32kB (UME) 14*64kB (UE) 6*128kB (UM) 5*256kB (UM) 12*512kB (UME) 8*1024kB (ME) 0*2048kB 0*4096kB = 18232kB [ 1295.235589][ T851] Normal: 69*4kB (UH) 151*8kB (UEH) 119*16kB (UE) 34*32kB (UEH) 10*64kB (UH) 3*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 6780kB [ 1295.253280][ T851] 4806 total pagecache pages [ 1295.257896][ T851] 0 pages in swap cache [ 1295.262034][ T851] Swap cache stats: add 0, delete 0, find 0/0 [ 1295.268092][ T851] Free swap = 0kB [ 1295.271793][ T851] Total swap = 0kB [ 1295.275505][ T851] 1965979 pages RAM [ 1295.279289][ T851] 0 pages HighMem/MovableOnly [ 1295.283941][ T851] 318832 pages reserved [ 1295.288091][ T851] 0 pages cma reserved [ 1295.292140][ T851] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=850,uid=0 [ 1295.376891][ T863] syz-executor.1 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1295.389457][ T863] CPU: 1 PID: 863 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1295.399530][ T863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1295.409562][ T863] Call Trace: [ 1295.412831][ T863] dump_stack+0x14a/0x1ce [ 1295.417126][ T863] ? devkmsg_release+0x11c/0x11c [ 1295.422029][ T863] ? show_regs_print_info+0x12/0x12 [ 1295.427206][ T863] ? radix_tree_cpu_dead+0x160/0x160 [ 1295.432472][ T863] ? _raw_spin_lock+0xa1/0x170 [ 1295.437216][ T863] ? _raw_spin_trylock_bh+0x190/0x190 [ 1295.442566][ T863] dump_header+0xdb/0x700 [ 1295.446861][ T863] oom_kill_process+0xd3/0x280 [ 1295.451586][ T863] out_of_memory+0x5b6/0x890 [ 1295.456228][ T863] ? unregister_oom_notifier+0x20/0x20 [ 1295.461654][ T863] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1295.467168][ T863] ? get_page_from_freelist+0x7c0/0x7c0 [ 1295.472679][ T863] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1295.478018][ T863] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1295.483526][ T863] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 1295.489560][ T863] ? __perf_event_task_sched_in+0x4f7/0x560 [ 1295.495420][ T863] wp_page_copy+0x1cb/0x1120 [ 1295.499978][ T863] ? add_mm_rss_vec+0x270/0x270 [ 1295.504815][ T863] ? __schedule+0x920/0xef0 [ 1295.509287][ T863] ? vm_normal_page+0x1c9/0x1d0 [ 1295.514105][ T863] do_wp_page+0x4c1/0x1530 [ 1295.518506][ T863] ? _raw_spin_lock+0xa1/0x170 [ 1295.523238][ T863] ? do_swap_page+0x1560/0x1560 [ 1295.528055][ T863] handle_mm_fault+0x1363/0x40b0 [ 1295.532967][ T863] ? finish_fault+0x230/0x230 [ 1295.537610][ T863] ? _raw_spin_unlock_irq+0x5/0x20 [ 1295.542684][ T863] ? vmacache_find+0x205/0x4b0 [ 1295.547414][ T863] do_user_addr_fault+0x48a/0x9f0 [ 1295.552406][ T863] page_fault+0x2f/0x40 [ 1295.556538][ T863] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 1295.563098][ T863] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 1295.582672][ T863] RSP: 0018:ffff888030e77888 EFLAGS: 00010206 [ 1295.588704][ T863] RAX: ffffffff81f6e701 RBX: 00000000208be500 RCX: 0000000000000500 [ 1295.596642][ T863] RDX: 0000000000001000 RSI: ffff888017f24b00 RDI: 00000000208be000 [ 1295.604582][ T863] RBP: ffff888030e77da8 R08: dffffc0000000000 R09: ffffed1002fe4a00 [ 1295.612525][ T863] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 1295.620468][ T863] R13: 0000000000001000 R14: ffff888017f24000 R15: 00000000208bd500 [ 1295.628416][ T863] ? _copy_to_iter+0x1031/0x1060 [ 1295.633323][ T863] copyout+0x8e/0xb0 [ 1295.637186][ T863] copy_page_to_iter+0x393/0xbd0 [ 1295.642370][ T863] pipe_to_user+0xa3/0x130 [ 1295.646758][ T863] __splice_from_pipe+0x2d3/0x870 [ 1295.651750][ T863] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 1295.657265][ T863] do_vmsplice+0x252/0xee0 [ 1295.661649][ T863] ? futex_exit_release+0xc0/0xc0 [ 1295.666642][ T863] ? avc_ss_reset+0x3a0/0x3a0 [ 1295.671283][ T863] ? write_pipe_buf+0x1d0/0x1d0 [ 1295.676100][ T863] ? __rcu_read_lock+0x50/0x50 [ 1295.680868][ T863] ? check_stack_object+0x5a/0x90 [ 1295.685858][ T863] ? _copy_from_user+0xa4/0xe0 [ 1295.690588][ T863] ? rw_copy_check_uvector+0x2b3/0x310 [ 1295.696012][ T863] ? import_iovec+0x1c2/0x380 [ 1295.700661][ T863] ? dup_iter+0x110/0x110 [ 1295.704961][ T863] ? do_vfs_ioctl+0x780/0x1750 [ 1295.709726][ T863] __se_sys_vmsplice+0x1fb/0x300 [ 1295.714628][ T863] ? __x64_sys_vmsplice+0xa0/0xa0 [ 1295.719639][ T863] ? put_timespec64+0x109/0x150 [ 1295.724457][ T863] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1295.730053][ T863] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 1295.735735][ T863] do_syscall_64+0xcb/0x150 [ 1295.740203][ T863] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1295.746061][ T863] RIP: 0033:0x45c849 [ 1295.749964][ T863] Code: Bad RIP value. [ 1295.754003][ T863] RSP: 002b:00007fbaa8d76c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 1295.762378][ T863] RAX: ffffffffffffffda RBX: 00007fbaa8d776d4 RCX: 000000000045c849 [ 1295.770351][ T863] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 1295.778292][ T863] RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000 [ 1295.786273][ T863] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1295.794219][ T863] R13: 0000000000000c47 R14: 00000000004ce688 R15: 000000000076c04c [ 1295.804240][ T863] Mem-Info: [ 1295.807581][ T863] active_anon:1440790 inactive_anon:4691 isolated_anon:0 [ 1295.807581][ T863] active_file:35 inactive_file:3 isolated_file:0 [ 1295.807581][ T863] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1295.807581][ T863] slab_reclaimable:7223 slab_unreclaimable:72341 [ 1295.807581][ T863] mapped:55437 shmem:4764 pagetables:30190 bounce:0 [ 1295.807581][ T863] free:10300 free_pcp:70 free_cma:0 [ 1295.845657][ T863] Node 0 active_anon:5763408kB inactive_anon:18764kB active_file:44kB inactive_file:124kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221596kB dirty:0kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1295.874089][ T863] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1295.900301][ T863] lowmem_reserve[]: 0 2912 6416 6416 [ 1295.911784][ T863] DMA32 free:18624kB min:4644kB low:7624kB high:10604kB active_anon:2841868kB inactive_anon:16kB active_file:48kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7264kB pagetables:21388kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1295.940207][ T863] lowmem_reserve[]: 0 0 3504 3504 [ 1295.945317][ T863] Normal free:6440kB min:5592kB low:9180kB high:12768kB active_anon:2921668kB inactive_anon:18748kB active_file:112kB inactive_file:216kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29760kB pagetables:99372kB bounce:0kB free_pcp:756kB local_pcp:440kB free_cma:0kB [ 1295.974699][ T863] lowmem_reserve[]: 0 0 0 0 [ 1295.979286][ T863] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1295.992551][ T863] DMA32: 34*4kB (UMEH) 9*8kB (UME) 19*16kB (UME) 18*32kB (UME) 14*64kB (UE) 8*128kB (UM) 5*256kB (UM) 12*512kB (UME) 8*1024kB (ME) 0*2048kB 0*4096kB = 18624kB [ 1296.008500][ T863] Normal: 10*4kB (MH) 75*8kB (UH) 119*16kB (UE) 34*32kB (UEH) 10*64kB (UH) 3*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 5936kB [ 1296.023331][ T863] 4799 total pagecache pages [ 1296.028237][ T863] 0 pages in swap cache [ 1296.032479][ T863] Swap cache stats: add 0, delete 0, find 0/0 [ 1296.038660][ T863] Free swap = 0kB [ 1296.042429][ T863] Total swap = 0kB [ 1296.046208][ T863] 1965979 pages RAM [ 1296.050140][ T863] 0 pages HighMem/MovableOnly [ 1296.054842][ T863] 318832 pages reserved [ 1296.059001][ T863] 0 pages cma reserved [ 1296.063044][ T863] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=869,uid=0 [ 1296.076934][ T863] Out of memory: Killed process 869 (syz-executor.0) total-vm:75356kB, anon-rss:16572kB, file-rss:34744kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1296.094221][ T23] oom_reaper: reaped process 869 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:07:44 executing program 5: getpid() r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000880)={0x38, 0x0, 0x2f, 0x5, 0x2, 0x800, 0x2, 0x9, 0x0, 0xffffffff}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000003e00)=[{{&(0x7f0000000e00)=@in6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000e80)=""/110, 0x6e}, {&(0x7f0000000f00)=""/158, 0x9e}, {&(0x7f0000000fc0)=""/137, 0x89}], 0x3, &(0x7f0000001080)=""/241, 0xf1}, 0x2}, {{&(0x7f0000001180)=@rc, 0x80, &(0x7f0000002600)=[{&(0x7f0000001200)=""/159, 0x9f}, {&(0x7f00000027c0)=""/4097, 0x1001}, {&(0x7f00000022c0)=""/235, 0xeb}, {&(0x7f00000023c0)=""/102, 0x66}, {&(0x7f0000002440)=""/174, 0xae}, {&(0x7f0000002500)=""/227, 0xe3}, {&(0x7f00000008c0)=""/42, 0x2a}], 0x7, &(0x7f0000002680)=""/171, 0xffffffffffffffb4}, 0x9}, {{&(0x7f0000002740)=@l2tp={0x2, 0x0, @broadcast}, 0x80, &(0x7f0000003cc0), 0x0, &(0x7f0000003d40)=""/122, 0x81}, 0x9}], 0x3, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_timeval(r3, 0x1, 0x15, &(0x7f0000000000), 0x10) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r5}], 0x1, 0x0) recvmmsg(r5, &(0x7f0000000d00)=[{{&(0x7f0000000100)=@generic, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000180)=""/75, 0x4b}, {&(0x7f0000000200)=""/100, 0x64}, {&(0x7f0000000340)=""/254, 0xfe}, {&(0x7f0000000440)=""/165, 0xa5}, {&(0x7f0000000500)=""/254, 0xfe}, {&(0x7f0000000000)=""/36, 0x24}, {&(0x7f0000000600)=""/131, 0x83}], 0x7, &(0x7f0000000740)=""/135, 0x87}, 0x3ff}, {{&(0x7f0000000800)=@isdn, 0x80, &(0x7f0000000bc0)=[{&(0x7f0000000900)=""/102, 0x66}, {&(0x7f0000000280)=""/37, 0x25}, {&(0x7f0000000980)=""/158, 0x9e}, {&(0x7f0000000a40)=""/238, 0xee}, {&(0x7f0000000b40)=""/100, 0x64}], 0x5}, 0x81}, {{&(0x7f0000000c40)=@xdp, 0x80, &(0x7f0000000880), 0x0, &(0x7f0000000cc0)=""/25, 0x19}, 0x7f}], 0x3, 0x40000061, &(0x7f0000000dc0)={0x0, 0x989680}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:44 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:44 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) r0 = getpid() r1 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000200)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x2c}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r4, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000480)={r5}, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r0, r2, 0x0, 0x6, &(0x7f0000000000)='stack\x00', r5}, 0x30) r6 = getpid() rt_tgsigqueueinfo(r6, r6, 0x16, &(0x7f0000000000)) ptrace(0x10, r6) ptrace$getregset(0x4201, r6, 0x0, &(0x7f0000000080)={0x0}) r7 = getpid() rt_tgsigqueueinfo(r7, r7, 0x16, &(0x7f0000000000)) ptrace(0x10, r7) r8 = syz_open_procfs(0x0, &(0x7f0000000100)='stack\x00') preadv(r8, &(0x7f0000000500), 0x37d, 0x0) 03:07:44 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r0}], 0x1, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0), 0x0, 0x1) close(r3) splice(r2, 0x0, r3, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x3, 0x70, 0x3, 0x5, 0x2, 0x6c, 0x0, 0x1000, 0x2404, 0x6, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x4, @perf_config_ext={0x0, 0xf40}, 0x18480, 0x1, 0x6, 0x1, 0xaa8, 0x68b, 0x81}, r1, 0xd, r3, 0x3) r4 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r4, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r5, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:07:44 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x3f) prctl$PR_SVE_GET_VL(0x33, 0x1c285) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x1c, r5, 0xb0343aabd1184b87, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_DEL_STATION(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00042dbd7000fbdb5f2514000000050029000a0000000500e400000000000500c200000000006c7c36000900000034e738641db73d895db91a825b7e394384bf35aa2914331c6ac3739b596621be3b10d305ab1978fe6a58798cf7ec029fe5a1ef18fa2173484ac81016393e8b22f232d2d269e2d943f1252d0264c3a5a1f166670800000000000000d578b73a07642ed23a394d4047f2334cc418da4c561d89058f4e0f581c687669521ca9f8541000000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x40001}, 0x4c004) 03:07:44 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1297.912972][ T908] syz-executor.4 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1297.925274][ T908] CPU: 0 PID: 908 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1297.935221][ T908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1297.945431][ T908] Call Trace: [ 1297.948696][ T908] dump_stack+0x14a/0x1ce [ 1297.953006][ T908] ? devkmsg_release+0x11c/0x11c [ 1297.957910][ T908] ? show_regs_print_info+0x12/0x12 [ 1297.963074][ T908] ? radix_tree_cpu_dead+0x160/0x160 [ 1297.968328][ T908] ? _raw_spin_lock+0xa1/0x170 [ 1297.973061][ T908] ? _raw_spin_trylock_bh+0x190/0x190 [ 1297.978399][ T908] dump_header+0xdb/0x700 [ 1297.982695][ T908] oom_kill_process+0xd3/0x280 [ 1297.987425][ T908] out_of_memory+0x5b6/0x890 [ 1297.992008][ T908] ? unregister_oom_notifier+0x20/0x20 [ 1297.997434][ T908] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1298.002947][ T908] ? get_page_from_freelist+0x7c0/0x7c0 [ 1298.008474][ T908] ? flush_tlb_func_common+0x45/0x570 [ 1298.013814][ T908] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1298.019157][ T908] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1298.024672][ T908] ? __perf_event_task_sched_out+0xfe4/0x1110 [ 1298.030703][ T908] ? __perf_event_task_sched_in+0x4f7/0x560 [ 1298.036562][ T908] wp_page_copy+0x1cb/0x1120 [ 1298.041121][ T908] ? add_mm_rss_vec+0x270/0x270 [ 1298.045940][ T908] ? __schedule+0x920/0xef0 [ 1298.050411][ T908] ? vm_normal_page+0x1c9/0x1d0 [ 1298.055230][ T908] do_wp_page+0x4c1/0x1530 [ 1298.059626][ T908] ? _raw_spin_lock+0xa1/0x170 [ 1298.064363][ T908] ? do_swap_page+0x1560/0x1560 [ 1298.069187][ T908] handle_mm_fault+0x1363/0x40b0 [ 1298.074185][ T908] ? finish_fault+0x230/0x230 [ 1298.078834][ T908] ? _raw_spin_unlock_irq+0x5/0x20 [ 1298.083916][ T908] ? vmacache_find+0x2d2/0x4b0 [ 1298.088652][ T908] do_user_addr_fault+0x48a/0x9f0 [ 1298.093648][ T908] page_fault+0x2f/0x40 [ 1298.097774][ T908] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 1298.104333][ T908] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 1298.123904][ T908] RSP: 0000:ffff88801bdcf888 EFLAGS: 00010206 [ 1298.130049][ T908] RAX: ffffffff81f6e701 RBX: 0000000020781500 RCX: 0000000000000500 [ 1298.137990][ T908] RDX: 0000000000001000 RSI: ffff88801b49cb00 RDI: 0000000020781000 [ 1298.145932][ T908] RBP: ffff88801bdcfda8 R08: dffffc0000000000 R09: ffffed1003693a00 [ 1298.153871][ T908] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 1298.161833][ T908] R13: 0000000000001000 R14: ffff88801b49c000 R15: 0000000020780500 [ 1298.169792][ T908] ? _copy_to_iter+0x1031/0x1060 [ 1298.174709][ T908] copyout+0x8e/0xb0 [ 1298.178577][ T908] copy_page_to_iter+0x393/0xbd0 [ 1298.183594][ T908] pipe_to_user+0xa3/0x130 [ 1298.187993][ T908] __splice_from_pipe+0x2d3/0x870 [ 1298.192985][ T908] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 1298.198497][ T908] do_vmsplice+0x252/0xee0 [ 1298.202887][ T908] ? avc_ss_reset+0x3a0/0x3a0 [ 1298.207542][ T908] ? write_pipe_buf+0x1d0/0x1d0 [ 1298.212365][ T908] ? __rcu_read_lock+0x50/0x50 [ 1298.217103][ T908] ? check_stack_object+0x5a/0x90 [ 1298.222100][ T908] ? _copy_from_user+0xa4/0xe0 [ 1298.226836][ T908] ? rw_copy_check_uvector+0x2b3/0x310 [ 1298.232266][ T908] ? import_iovec+0x1c2/0x380 [ 1298.236912][ T908] ? dup_iter+0x110/0x110 [ 1298.241213][ T908] ? do_vfs_ioctl+0x780/0x1750 [ 1298.245950][ T908] __se_sys_vmsplice+0x1fb/0x300 [ 1298.250860][ T908] ? __x64_sys_vmsplice+0xa0/0xa0 [ 1298.255854][ T908] ? put_timespec64+0x109/0x150 [ 1298.260683][ T908] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1298.266291][ T908] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 1298.271980][ T908] do_syscall_64+0xcb/0x150 [ 1298.276456][ T908] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1298.282314][ T908] RIP: 0033:0x45c849 [ 1298.286178][ T908] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1298.305756][ T908] RSP: 002b:00007faf0c2acc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 1298.314143][ T908] RAX: ffffffffffffffda RBX: 00007faf0c2ad6d4 RCX: 000000000045c849 [ 1298.322093][ T908] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 1298.330045][ T908] RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000 [ 1298.337996][ T908] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1298.345946][ T908] R13: 0000000000000c47 R14: 00000000004ce688 R15: 000000000076c04c [ 1298.365792][ T908] Mem-Info: [ 1298.374848][ T908] active_anon:1438779 inactive_anon:4690 isolated_anon:0 [ 1298.374848][ T908] active_file:458 inactive_file:455 isolated_file:33 [ 1298.374848][ T908] unevictable:0 dirty:13 writeback:0 unstable:0 [ 1298.374848][ T908] slab_reclaimable:7216 slab_unreclaimable:72660 [ 1298.374848][ T908] mapped:56171 shmem:4764 pagetables:30188 bounce:0 [ 1298.374848][ T908] free:11275 free_pcp:0 free_cma:0 [ 1298.466456][ T908] Node 0 active_anon:5755172kB inactive_anon:18760kB active_file:308kB inactive_file:444kB unevictable:0kB isolated(anon):0kB isolated(file):124kB mapped:222348kB dirty:52kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1298.498533][ T908] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1298.527257][ T908] lowmem_reserve[]: 0 2912 6416 6416 [ 1298.532912][ T908] DMA32 free:19756kB min:4644kB low:7624kB high:10604kB active_anon:2833820kB inactive_anon:12kB active_file:332kB inactive_file:464kB unevictable:0kB writepending:40kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7072kB pagetables:21384kB bounce:0kB free_pcp:2852kB local_pcp:1368kB free_cma:0kB [ 1298.562686][ T908] lowmem_reserve[]: 0 0 3504 3504 [ 1298.569055][ T908] Normal free:9116kB min:5592kB low:9180kB high:12768kB active_anon:2921352kB inactive_anon:18748kB active_file:348kB inactive_file:288kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29792kB pagetables:99368kB bounce:0kB free_pcp:1468kB local_pcp:240kB free_cma:0kB [ 1298.621537][ T908] lowmem_reserve[]: 0 0 0 0 [ 1298.632104][ T908] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1298.655737][ T908] DMA32: 612*4kB (UMEH) 177*8kB (UMEH) 46*16kB (UMEH) 19*32kB (UMEH) 8*64kB (UMEH) 16*128kB (UMH) 4*256kB (UM) 13*512kB (ME) 5*1024kB (ME) 1*2048kB (M) 0*4096kB = 22616kB [ 1298.672911][ T908] Normal: 362*4kB (UMEH) 240*8kB (UMEH) 168*16kB (UME) 43*32kB (UMEH) 14*64kB (UMH) 3*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 9992kB [ 1298.704979][ T908] 5004 total pagecache pages [ 1298.709671][ T908] 0 pages in swap cache [ 1298.713880][ T908] Swap cache stats: add 0, delete 0, find 0/0 [ 1298.745021][ T908] Free swap = 0kB [ 1298.750826][ T908] Total swap = 0kB [ 1298.754622][ T908] 1965979 pages RAM [ 1298.758548][ T908] 0 pages HighMem/MovableOnly [ 1298.763313][ T908] 318832 pages reserved [ 1298.767567][ T908] 0 pages cma reserved [ 1298.771709][ T908] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=904,uid=0 [ 1298.793977][ T908] Out of memory: Killed process 904 (syz-executor.0) total-vm:75356kB, anon-rss:16568kB, file-rss:34704kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:07:47 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{}], 0x1, 0x0) r1 = dup(0xffffffffffffffff) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18, 0x0, 0x5}, 0x18) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}}], 0x1, 0x10003, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x81}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:47 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1299.985710][ T914] systemd-udevd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1299.996808][ T914] CPU: 1 PID: 914 Comm: systemd-udevd Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1300.006676][ T914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1300.016712][ T914] Call Trace: [ 1300.019993][ T914] dump_stack+0x14a/0x1ce [ 1300.024314][ T914] ? devkmsg_release+0x11c/0x11c [ 1300.029241][ T914] ? show_regs_print_info+0x12/0x12 [ 1300.034423][ T914] ? radix_tree_cpu_dead+0x160/0x160 [ 1300.039690][ T914] ? _raw_spin_lock+0xa1/0x170 [ 1300.044449][ T914] ? _raw_spin_trylock_bh+0x190/0x190 [ 1300.049809][ T914] dump_header+0xdb/0x700 [ 1300.054124][ T914] oom_kill_process+0xd3/0x280 [ 1300.058871][ T914] out_of_memory+0x5b6/0x890 [ 1300.063449][ T914] ? unregister_oom_notifier+0x20/0x20 [ 1300.068894][ T914] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1300.074437][ T914] ? get_page_from_freelist+0x7c0/0x7c0 [ 1300.079971][ T914] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1300.085325][ T914] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1300.090854][ T914] pagecache_get_page+0x50f/0x880 [ 1300.095861][ T914] filemap_fault+0x1474/0x19d0 [ 1300.100611][ T914] ? generic_file_read_iter+0x20b0/0x20b0 [ 1300.106308][ T914] ? ___preempt_schedule+0x16/0x20 [ 1300.111399][ T914] ext4_filemap_fault+0x7b/0x90 [ 1300.116242][ T914] handle_mm_fault+0x2846/0x40b0 [ 1300.121162][ T914] ? finish_fault+0x230/0x230 [ 1300.125817][ T914] ? vmacache_find+0x205/0x4b0 [ 1300.130564][ T914] do_user_addr_fault+0x48a/0x9f0 [ 1300.135567][ T914] page_fault+0x2f/0x40 [ 1300.139714][ T914] RIP: 0033:0x7fe709a244f0 [ 1300.144120][ T914] Code: Bad RIP value. [ 1300.148168][ T914] RSP: 002b:00007fff9cd54dd8 EFLAGS: 00010206 [ 1300.154214][ T914] RAX: 0000000000000000 RBX: 0000558aef1acac0 RCX: 0000000000000000 [ 1300.162169][ T914] RDX: 0000000000000000 RSI: 000000000000000f RDI: 0000558aef1acac0 [ 1300.170210][ T914] RBP: 000000000000000f R08: 0000558aee578670 R09: 0000000000000110 [ 1300.178391][ T914] R10: 00000000000000fb R11: 00007fe709a262f0 R12: 0000000000000000 [ 1300.186329][ T914] R13: 0000000000000000 R14: 0000558aef1989a0 R15: 000000000000000f [ 1300.227327][ T914] Mem-Info: [ 1300.231101][ T914] active_anon:1439825 inactive_anon:4689 isolated_anon:0 [ 1300.231101][ T914] active_file:135 inactive_file:106 isolated_file:32 [ 1300.231101][ T914] unevictable:0 dirty:8 writeback:0 unstable:0 [ 1300.231101][ T914] slab_reclaimable:7216 slab_unreclaimable:72568 [ 1300.231101][ T914] mapped:55632 shmem:4764 pagetables:30252 bounce:0 [ 1300.231101][ T914] free:10672 free_pcp:288 free_cma:0 [ 1300.268873][ T914] Node 0 active_anon:5759300kB inactive_anon:18756kB active_file:540kB inactive_file:424kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:222528kB dirty:32kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1300.293503][ T914] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1300.319531][ T914] lowmem_reserve[]: 0 2912 6416 6416 [ 1300.326080][ T914] DMA32 free:18940kB min:4644kB low:7624kB high:10604kB active_anon:2834828kB inactive_anon:8kB active_file:636kB inactive_file:0kB unevictable:0kB writepending:24kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7168kB pagetables:21556kB bounce:0kB free_pcp:416kB local_pcp:248kB free_cma:0kB [ 1300.355629][ T914] lowmem_reserve[]: 0 0 3504 3504 [ 1300.360766][ T914] Normal free:8976kB min:24744kB low:28332kB high:31920kB active_anon:2924204kB inactive_anon:18748kB active_file:36kB inactive_file:20kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29824kB pagetables:99456kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1300.390405][ T914] lowmem_reserve[]: 0 0 0 0 [ 1300.395129][ T914] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1300.408750][ T914] DMA32: 14*4kB (EH) 27*8kB (UMEH) 40*16kB (UEH) 42*32kB (UMEH) 17*64kB (MEH) 12*128kB (UMH) 4*256kB (UM) 13*512kB (ME) 4*1024kB (ME) 1*2048kB (U) 0*4096kB = 18704kB [ 1300.427961][ T914] Normal: 360*4kB (UMEH) 214*8kB (UMEH) 178*16kB (UME) 15*32kB (UEH) 14*64kB (UH) 3*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 9040kB [ 1300.443602][ T914] 5258 total pagecache pages [ 1300.448210][ T914] 0 pages in swap cache [ 1300.452351][ T914] Swap cache stats: add 0, delete 0, find 0/0 [ 1300.458431][ T914] Free swap = 0kB [ 1300.462138][ T914] Total swap = 0kB [ 1300.466013][ T914] 1965979 pages RAM [ 1300.469902][ T914] 0 pages HighMem/MovableOnly [ 1300.474667][ T914] 318832 pages reserved [ 1300.479027][ T914] 0 pages cma reserved [ 1300.483235][ T914] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=26369,uid=0 [ 1300.498097][ T914] Out of memory: Killed process 26369 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1300.524423][ T23] oom_reaper: reaped process 26369 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:07:49 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:49 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{}], 0x1, 0x0) r1 = dup(0xffffffffffffffff) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18, 0x0, 0x5}, 0x18) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}}], 0x1, 0x10003, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x81}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:49 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, 0x0, 0x1, 0x101, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_LABELS_MASK={0x10, 0x17, [0x1, 0x6, 0xffffffff]}, @CTA_TUPLE_MASTER={0x30, 0xe, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x40080) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:49 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f0000000340)={{{@in6=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@remote}}, &(0x7f0000000180)=0xe8) mount$bpf(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x60000, &(0x7f0000000440)={[{@mode={'mode', 0x3d, 0x9}}, {@mode={'mode', 0x3d, 0x100000000}}, {@mode={'mode', 0x3d, 0x935}}, {@mode={'mode', 0x3d, 0xfffffffffffffff9}}, {@mode={'mode'}}, {@mode={'mode', 0x3d, 0x5}}, {@mode={'mode'}}, {@mode={'mode', 0x3d, 0x8}}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'stack\x00'}}, {@euid_eq={'euid'}}, {@func={'func', 0x3d, 'CREDS_CHECK'}}, {@smackfstransmute={'smackfstransmute'}}, {@subj_role={'subj_role', 0x3d, ':\xae'}}, {@appraise='appraise'}, {@euid_gt={'euid>'}}, {@euid_gt={'euid>', r6}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}]}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:49 executing program 3: splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TIOCL_BLANKSCREEN(0xffffffffffffffff, 0x541c, &(0x7f0000000140)) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r2, 0x8982, &(0x7f0000000000)={0x3, 'rose0\x00', {0x7}, 0x3f}) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x7d8ca29f2401d8fa, 0x0, 0x0, 0x3}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r4}], 0x1, 0x0) r5 = accept4$tipc(r3, &(0x7f0000000180)=@name, &(0x7f0000000040)=0x10, 0x0) fcntl$dupfd(r4, 0x406, r5) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) [ 1302.489290][ T415] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1302.510863][ T415] CPU: 0 PID: 415 Comm: syz-executor.5 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1302.520929][ T415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1302.530966][ T415] Call Trace: [ 1302.534230][ T415] dump_stack+0x14a/0x1ce [ 1302.538540][ T415] ? devkmsg_release+0x11c/0x11c [ 1302.543466][ T415] ? show_regs_print_info+0x12/0x12 [ 1302.548648][ T415] ? radix_tree_cpu_dead+0x160/0x160 [ 1302.553920][ T415] ? _raw_spin_lock+0xa1/0x170 [ 1302.558668][ T415] ? _raw_spin_trylock_bh+0x190/0x190 [ 1302.564034][ T415] dump_header+0xdb/0x700 [ 1302.568356][ T415] oom_kill_process+0xd3/0x280 [ 1302.573104][ T415] out_of_memory+0x5b6/0x890 [ 1302.577666][ T415] ? unregister_oom_notifier+0x20/0x20 [ 1302.583104][ T415] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1302.588627][ T415] ? get_page_from_freelist+0x7c0/0x7c0 [ 1302.594144][ T415] ? __zone_watermark_ok+0x96/0x260 [ 1302.599313][ T415] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1302.604655][ T415] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1302.610169][ T415] ? lockref_get+0x1c2/0x2b0 [ 1302.614727][ T415] ? blk_crypto_keyslot_evict+0x160/0x160 [ 1302.620413][ T415] ? find_inode_fast+0x3f9/0x4b0 [ 1302.625333][ T415] __get_free_pages+0xa/0x30 [ 1302.629909][ T415] inode_doinit_with_dentry+0x950/0x10e0 [ 1302.635518][ T415] ? __wake_up_bit+0x180/0x180 [ 1302.640256][ T415] ? sb_finish_set_opts+0x7e0/0x7e0 [ 1302.645426][ T415] ? current_time+0x1be/0x2f0 [ 1302.650083][ T415] ? atime_needs_update+0x570/0x570 [ 1302.655256][ T415] security_d_instantiate+0x90/0xf0 [ 1302.660433][ T415] d_splice_alias+0x71/0x590 [ 1302.664998][ T415] kernfs_iop_lookup+0x17a/0x1f0 [ 1302.669910][ T415] __lookup_slow+0x312/0x490 [ 1302.674475][ T415] ? lookup_one_len2+0x2d0/0x2d0 [ 1302.679384][ T415] path_mountpoint+0x2ac/0x7a0 [ 1302.684116][ T415] ? success_walk_trace+0x430/0x430 [ 1302.689284][ T415] filename_mountpoint+0x239/0x680 [ 1302.694367][ T415] ? user_path_mountpoint_at+0x40/0x40 [ 1302.699798][ T415] ? getname_flags+0x20d/0x610 [ 1302.704532][ T415] ksys_umount+0x167/0xff0 [ 1302.708918][ T415] ? __down_read+0x240/0x240 [ 1302.713482][ T415] ? namespace_unlock+0x4e0/0x4e0 [ 1302.718493][ T415] ? do_user_addr_fault+0x55c/0x9f0 [ 1302.723661][ T415] __x64_sys_umount+0x56/0x60 [ 1302.728319][ T415] do_syscall_64+0xcb/0x150 [ 1302.732807][ T415] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1302.738671][ T415] RIP: 0033:0x45f277 [ 1302.742540][ T415] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1302.762114][ T415] RSP: 002b:00007fff865c0018 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1302.770491][ T415] RAX: ffffffffffffffda RBX: 000000000013dfa4 RCX: 000000000045f277 [ 1302.778433][ T415] RDX: 0000000000402f28 RSI: 0000000000000002 RDI: 00007fff865c00c0 [ 1302.786371][ T415] RBP: 0000000000000b5f R08: 0000000000000000 R09: 000000000000000c [ 1302.794323][ T415] R10: 0000000000000006 R11: 0000000000000246 R12: 00007fff865c1150 [ 1302.802266][ T415] R13: 0000000002355940 R14: 0000000000000000 R15: 00007fff865c1150 [ 1302.854945][ T415] Mem-Info: [ 1302.858503][ T415] active_anon:1439203 inactive_anon:4691 isolated_anon:0 [ 1302.858503][ T415] active_file:248 inactive_file:234 isolated_file:0 [ 1302.858503][ T415] unevictable:0 dirty:8 writeback:3 unstable:0 [ 1302.858503][ T415] slab_reclaimable:7217 slab_unreclaimable:72594 [ 1302.858503][ T415] mapped:55885 shmem:4764 pagetables:30221 bounce:0 [ 1302.858503][ T415] free:10783 free_pcp:151 free_cma:0 [ 1302.959355][ T415] Node 0 active_anon:5756912kB inactive_anon:18764kB active_file:984kB inactive_file:1800kB unevictable:0kB isolated(anon):0kB isolated(file):256kB mapped:224340kB dirty:32kB writeback:12kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1303.018330][ T415] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1303.047546][ T415] lowmem_reserve[]: 0 2912 6416 6416 [ 1303.053370][ T415] DMA32 free:18740kB min:4644kB low:7624kB high:10604kB active_anon:2834744kB inactive_anon:16kB active_file:624kB inactive_file:388kB unevictable:0kB writepending:28kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7168kB pagetables:21452kB bounce:0kB free_pcp:328kB local_pcp:120kB free_cma:0kB [ 1303.083208][ T415] lowmem_reserve[]: 0 0 3504 3504 [ 1303.088674][ T415] Normal free:9172kB min:5592kB low:9180kB high:12768kB active_anon:2921776kB inactive_anon:18748kB active_file:388kB inactive_file:664kB unevictable:0kB writepending:16kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29824kB pagetables:99432kB bounce:0kB free_pcp:1344kB local_pcp:260kB free_cma:0kB [ 1303.133432][ T415] lowmem_reserve[]: 0 0 0 0 [ 1303.139302][ T415] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1303.154553][ T415] DMA32: 206*4kB (UMH) 40*8kB (UMEH) 18*16kB (UM) 27*32kB (UMEH) 10*64kB (UME) 14*128kB (UMH) 5*256kB (UM) 15*512kB (UME) 5*1024kB (UME) 0*2048kB 0*4096kB = 18808kB [ 1303.172953][ T415] Normal: 161*4kB (UMEH) 255*8kB (UMEH) 162*16kB (UME) 28*32kB (UMEH) 18*64kB (UMH) 4*128kB (MH) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 9116kB [ 1303.189222][ T415] 5148 total pagecache pages [ 1303.194143][ T415] 0 pages in swap cache [ 1303.199861][ T415] Swap cache stats: add 0, delete 0, find 0/0 [ 1303.206674][ T415] Free swap = 0kB [ 1303.212342][ T415] Total swap = 0kB [ 1303.217241][ T415] 1965979 pages RAM [ 1303.223454][ T415] 0 pages HighMem/MovableOnly [ 1303.230591][ T415] 318832 pages reserved [ 1303.236513][ T415] 0 pages cma reserved [ 1303.241170][ T415] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=934,uid=0 [ 1306.589982][ T211] systemd-udevd invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=-1000 [ 1306.602227][ T211] CPU: 0 PID: 211 Comm: systemd-udevd Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1306.612204][ T211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1306.622246][ T211] Call Trace: [ 1306.625508][ T211] dump_stack+0x14a/0x1ce [ 1306.629834][ T211] ? devkmsg_release+0x11c/0x11c [ 1306.634744][ T211] ? show_regs_print_info+0x12/0x12 [ 1306.639912][ T211] ? radix_tree_cpu_dead+0x160/0x160 [ 1306.645167][ T211] ? _raw_spin_lock+0xa1/0x170 [ 1306.649905][ T211] ? _raw_spin_trylock_bh+0x190/0x190 [ 1306.655256][ T211] dump_header+0xdb/0x700 [ 1306.659725][ T211] oom_kill_process+0xd3/0x280 [ 1306.664462][ T211] out_of_memory+0x5b6/0x890 [ 1306.669025][ T211] ? unregister_oom_notifier+0x20/0x20 [ 1306.674458][ T211] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1306.679977][ T211] ? unwind_get_return_address+0x48/0x90 [ 1306.685587][ T211] ? get_page_from_freelist+0x7c0/0x7c0 [ 1306.691106][ T211] ? __zone_watermark_ok+0x96/0x260 [ 1306.696277][ T211] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1306.701626][ T211] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1306.707148][ T211] ? copy_process+0x5a4/0x5150 [ 1306.711886][ T211] ? kmem_cache_alloc+0x1d2/0x260 [ 1306.716886][ T211] copy_process+0x5f3/0x5150 [ 1306.721455][ T211] ? filemap_fault+0x19d0/0x19d0 [ 1306.726365][ T211] ? fork_idle+0x290/0x290 [ 1306.730757][ T211] ? handle_mm_fault+0xb1e/0x40b0 [ 1306.735762][ T211] _do_fork+0x196/0x920 [ 1306.739896][ T211] ? dup_mm+0x300/0x300 [ 1306.744028][ T211] __x64_sys_clone+0x25f/0x2c0 [ 1306.748763][ T211] ? __ia32_sys_vfork+0x110/0x110 [ 1306.753759][ T211] ? do_user_addr_fault+0x55c/0x9f0 [ 1306.759045][ T211] do_syscall_64+0xcb/0x150 [ 1306.763522][ T211] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1306.769441][ T211] RIP: 0033:0x7fe708ecb38b [ 1306.773834][ T211] Code: Bad RIP value. [ 1306.777868][ T211] RSP: 002b:00007fff9cd59ec0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1306.786247][ T211] RAX: ffffffffffffffda RBX: 00007fff9cd59ec0 RCX: 00007fe708ecb38b [ 1306.794204][ T211] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1306.802164][ T211] RBP: 00007fff9cd59f10 R08: 00007fe70a07b8c0 R09: 0000000000000210 [ 1306.810111][ T211] R10: 00007fe70a07bb90 R11: 0000000000000246 R12: 0000000000000000 [ 1306.818055][ T211] R13: 0000000000000020 R14: 0000000000000000 R15: 0000000000000000 [ 1306.826104][ T211] Mem-Info: [ 1306.829210][ T211] active_anon:1438852 inactive_anon:4691 isolated_anon:0 [ 1306.829210][ T211] active_file:170 inactive_file:1388 isolated_file:0 [ 1306.829210][ T211] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1306.829210][ T211] slab_reclaimable:7221 slab_unreclaimable:72906 [ 1306.829210][ T211] mapped:56359 shmem:4764 pagetables:30208 bounce:0 [ 1306.829210][ T211] free:10197 free_pcp:224 free_cma:0 [ 1306.866889][ T211] Node 0 active_anon:5755408kB inactive_anon:18764kB active_file:268kB inactive_file:576kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:222036kB dirty:0kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1306.890933][ T211] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1306.917030][ T211] lowmem_reserve[]: 0 2912 6416 6416 [ 1306.922312][ T211] DMA32 free:19296kB min:4644kB low:7624kB high:10604kB active_anon:2833684kB inactive_anon:16kB active_file:336kB inactive_file:448kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:6976kB pagetables:21508kB bounce:0kB free_pcp:1328kB local_pcp:0kB free_cma:0kB [ 1306.951210][ T211] lowmem_reserve[]: 0 0 3504 3504 [ 1306.956300][ T211] Normal free:6116kB min:5592kB low:9180kB high:12768kB active_anon:2921724kB inactive_anon:18748kB active_file:240kB inactive_file:3884kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29792kB pagetables:99324kB bounce:0kB free_pcp:244kB local_pcp:0kB free_cma:0kB [ 1306.985623][ T211] lowmem_reserve[]: 0 0 0 0 [ 1306.990122][ T211] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1307.003409][ T211] DMA32: 174*4kB (MH) 69*8kB (UMH) 16*16kB (M) 32*32kB (UMEH) 12*64kB (UME) 15*128kB (UMH) 5*256kB (UM) 15*512kB (UME) 5*1024kB (UME) 0*2048kB 0*4096kB = 19296kB [ 1307.019728][ T211] Normal: 10*4kB (H) 100*8kB (UH) 104*16kB (UE) 25*32kB (UEH) 14*64kB (UH) 3*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 5864kB [ 1307.034627][ T211] 6384 total pagecache pages [ 1307.039207][ T211] 0 pages in swap cache [ 1307.043349][ T211] Swap cache stats: add 0, delete 0, find 0/0 [ 1307.049449][ T211] Free swap = 0kB [ 1307.053155][ T211] Total swap = 0kB [ 1307.056874][ T211] 1965979 pages RAM [ 1307.060652][ T211] 0 pages HighMem/MovableOnly [ 1307.065313][ T211] 318832 pages reserved [ 1307.069438][ T211] 0 pages cma reserved [ 1307.073476][ T211] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=955,uid=0 [ 1307.087419][ T211] Out of memory: Killed process 955 (syz-executor.0) total-vm:75356kB, anon-rss:16572kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1307.105704][ T23] oom_reaper: reaped process 955 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:07:55 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:07:56 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:58 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:07:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$inet_tcp_int(r5, 0x6, 0x8, &(0x7f00000000c0)=0xddf, 0x4) [ 1312.545387][ T389] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1312.556493][ T389] CPU: 0 PID: 389 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1312.566107][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1312.576143][ T389] Call Trace: [ 1312.579404][ T389] dump_stack+0x14a/0x1ce [ 1312.583703][ T389] ? devkmsg_release+0x11c/0x11c [ 1312.588610][ T389] ? show_regs_print_info+0x12/0x12 [ 1312.593790][ T389] ? radix_tree_cpu_dead+0x160/0x160 [ 1312.599140][ T389] ? _raw_spin_lock+0xa1/0x170 [ 1312.603889][ T389] ? _raw_spin_trylock_bh+0x190/0x190 [ 1312.609234][ T389] dump_header+0xdb/0x700 [ 1312.613534][ T389] oom_kill_process+0xd3/0x280 [ 1312.618271][ T389] out_of_memory+0x5b6/0x890 [ 1312.622833][ T389] ? unregister_oom_notifier+0x20/0x20 [ 1312.628268][ T389] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1312.633798][ T389] ? get_page_from_freelist+0x7c0/0x7c0 [ 1312.639320][ T389] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1312.644664][ T389] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1312.650181][ T389] pagecache_get_page+0x50f/0x880 [ 1312.655178][ T389] filemap_fault+0x1474/0x19d0 [ 1312.659926][ T389] ? generic_file_read_iter+0x20b0/0x20b0 [ 1312.665621][ T389] ? mm_trace_rss_stat+0x41/0x1a0 [ 1312.670622][ T389] ext4_filemap_fault+0x7b/0x90 [ 1312.675446][ T389] handle_mm_fault+0x2846/0x40b0 [ 1312.680355][ T389] ? finish_fault+0x230/0x230 [ 1312.685004][ T389] ? vmacache_find+0x47a/0x4b0 [ 1312.689743][ T389] do_user_addr_fault+0x48a/0x9f0 [ 1312.694744][ T389] page_fault+0x2f/0x40 [ 1312.698874][ T389] RIP: 0033:0x6f73d5 [ 1312.702739][ T389] Code: 74 24 38 48 39 ca 0f 8c 3c ff ff ff 48 89 1c 24 e8 10 ec 01 00 48 8b 84 24 80 00 00 00 48 8b 08 48 8b 54 24 08 48 89 54 24 40 <48> 8b 89 90 00 00 00 48 8b 58 08 48 89 1c 24 ff d1 0f b6 44 24 08 [ 1312.722312][ T389] RSP: 002b:000000c43420d598 EFLAGS: 00010206 [ 1312.728349][ T389] RAX: 000000c42fff48d0 RBX: 00000000007240bc RCX: 0000000000a486a0 [ 1312.736293][ T389] RDX: 0000000000000010 RSI: 0000000000000002 RDI: 000000c426bf61b0 [ 1312.744236][ T389] RBP: 000000c43420d690 R08: 000000c420000180 R09: 0000000000000001 [ 1312.752178][ T389] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000 [ 1312.760119][ T389] R13: 0000000000000000 R14: 0000000000000075 R15: 0000000000000005 [ 1312.786413][ T389] Mem-Info: [ 1312.798344][ T389] active_anon:1439091 inactive_anon:4691 isolated_anon:0 [ 1312.798344][ T389] active_file:71 inactive_file:558 isolated_file:32 [ 1312.798344][ T389] unevictable:0 dirty:1 writeback:9 unstable:0 [ 1312.798344][ T389] slab_reclaimable:7223 slab_unreclaimable:73080 [ 1312.798344][ T389] mapped:55934 shmem:4764 pagetables:30206 bounce:0 [ 1312.798344][ T389] free:10694 free_pcp:53 free_cma:0 [ 1312.836338][ T389] Node 0 active_anon:5756364kB inactive_anon:18764kB active_file:284kB inactive_file:2332kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:223736kB dirty:4kB writeback:36kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1312.861165][ T389] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1312.894341][ T389] lowmem_reserve[]: 0 2912 6416 6416 [ 1312.901222][ T389] DMA32 free:19668kB min:4644kB low:7624kB high:10604kB active_anon:2830896kB inactive_anon:16kB active_file:148kB inactive_file:888kB unevictable:0kB writepending:36kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7072kB pagetables:21408kB bounce:0kB free_pcp:384kB local_pcp:296kB free_cma:0kB [ 1312.930880][ T389] lowmem_reserve[]: 0 0 3504 3504 [ 1312.936317][ T389] Normal free:7204kB min:24744kB low:28332kB high:31920kB active_anon:2925004kB inactive_anon:18748kB active_file:796kB inactive_file:236kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29824kB pagetables:99416kB bounce:0kB free_pcp:780kB local_pcp:72kB free_cma:0kB [ 1312.966147][ T389] lowmem_reserve[]: 0 0 0 0 [ 1312.970954][ T389] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1312.984866][ T389] DMA32: 12*4kB (EH) 9*8kB (EH) 7*16kB (ME) 13*32kB (MEH) 2*64kB (UH) 5*128kB (UMH) 11*256kB (UM) 18*512kB (M) 5*1024kB (UM) 0*2048kB 0*4096kB = 18568kB [ 1313.001386][ T389] Normal: 20*4kB (UH) 76*8kB (UH) 118*16kB (UE) 42*32kB (UEH) 21*64kB (UH) 3*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 6928kB [ 1313.028089][ T389] 5114 total pagecache pages [ 1313.032777][ T389] 0 pages in swap cache [ 1313.037010][ T389] Swap cache stats: add 0, delete 0, find 0/0 [ 1313.043145][ T389] Free swap = 0kB [ 1313.046946][ T389] Total swap = 0kB [ 1313.050721][ T389] 1965979 pages RAM [ 1313.054602][ T389] 0 pages HighMem/MovableOnly [ 1313.059349][ T389] 318832 pages reserved [ 1313.063607][ T389] 0 pages cma reserved [ 1313.067909][ T389] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=26226,uid=0 [ 1313.082098][ T389] Out of memory: Killed process 26226 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1313.100310][ T23] oom_reaper: reaped process 26226 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:08:01 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:01 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') r3 = getpid() rt_tgsigqueueinfo(r3, r3, 0x16, &(0x7f0000000000)) ptrace(0x10, r3) ptrace$getregset(0x4201, r3, 0x0, &(0x7f0000000080)={0x0}) syz_open_procfs(r3, &(0x7f0000000240)='net/rt6_stats\x00') r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r2, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="040000b1", @ANYRES16=r4, @ANYBLOB="100027bd7000fcdbdf250600000005002f000100000008003b00ffffff7f08002c000600000008003c000001000008002c00af0700000500300000000000"], 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x20000800) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:08:01 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) bind(r1, &(0x7f0000000100)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x3}, [@bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}, 0x80) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000000)=@req={0x6, 0x101, 0x9, 0x3}, 0x10) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:01 executing program 1: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, 0x0, 0x1, 0x101, 0x0, 0x0, {0x7, 0x0, 0x2}, [@CTA_LABELS_MASK={0x10, 0x17, [0x1, 0x6, 0xffffffff]}, @CTA_TUPLE_MASTER={0x30, 0xe, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x40080) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1314.473927][ T997] modprobe invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1314.485517][ T997] CPU: 1 PID: 997 Comm: modprobe Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1314.494957][ T997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1314.505001][ T997] Call Trace: [ 1314.508292][ T997] dump_stack+0x14a/0x1ce [ 1314.512620][ T997] ? devkmsg_release+0x11c/0x11c [ 1314.517538][ T997] ? show_regs_print_info+0x12/0x12 [ 1314.522728][ T997] ? radix_tree_cpu_dead+0x160/0x160 [ 1314.527993][ T997] ? _raw_spin_lock+0xa1/0x170 [ 1314.532856][ T997] ? _raw_spin_trylock_bh+0x190/0x190 [ 1314.538208][ T997] dump_header+0xdb/0x700 [ 1314.542519][ T997] oom_kill_process+0xd3/0x280 [ 1314.547274][ T997] out_of_memory+0x5b6/0x890 [ 1314.551852][ T997] ? unregister_oom_notifier+0x20/0x20 [ 1314.557293][ T997] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1314.562823][ T997] ? get_page_from_freelist+0x7c0/0x7c0 [ 1314.568361][ T997] ? mmap_region+0xa97/0x1bb0 [ 1314.573019][ T997] ? __zone_watermark_ok+0x96/0x260 [ 1314.578197][ T997] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1314.583553][ T997] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1314.589087][ T997] ? vma_gap_callbacks_rotate+0x203/0x210 [ 1314.594801][ T997] ? __rcu_read_lock+0x50/0x50 [ 1314.599555][ T997] get_zeroed_page+0x15/0x40 [ 1314.604122][ T997] __pud_alloc+0x33/0x180 [ 1314.608436][ T997] handle_mm_fault+0x34ad/0x40b0 [ 1314.613355][ T997] ? finish_fault+0x230/0x230 [ 1314.618011][ T997] ? do_mmap+0x9ad/0x1060 [ 1314.622321][ T997] ? up_read+0x10/0x10 [ 1314.626374][ T997] do_user_addr_fault+0x48a/0x9f0 [ 1314.631380][ T997] page_fault+0x2f/0x40 [ 1314.635522][ T997] RIP: 0010:clear_user+0x88/0xc0 [ 1314.640437][ T997] Code: 4c 89 f0 4c 01 e0 72 53 4c 39 f8 77 4e e8 e0 cb 7b fd 0f 1f 00 44 89 e0 83 e0 07 49 c1 ec 03 4c 89 e1 4c 89 f7 48 85 c9 74 0f <48> c7 07 00 00 00 00 48 83 c7 08 ff c9 75 f1 48 89 c1 85 c9 74 0a [ 1314.660021][ T997] RSP: 0018:ffff8881013b7a78 EFLAGS: 00010202 [ 1314.666060][ T997] RAX: 0000000000000000 RBX: 00007f6bb53eb000 RCX: 0000000000000008 [ 1314.674010][ T997] RDX: 0000000000000000 RSI: 00007ffffffff000 RDI: 00007f6bb53eafc0 [ 1314.682066][ T997] RBP: ffff8881013b7c88 R08: ffffffff83c5eb4e R09: ffffed10323897a1 [ 1314.690026][ T997] R10: ffffed10323897a1 R11: 0000000000000000 R12: 0000000000000008 [ 1314.697982][ T997] R13: ffff8881cfd07d50 R14: 00007f6bb53eafc0 R15: 00007ffffffff000 [ 1314.705948][ T997] ? clear_user+0x5e/0xc0 [ 1314.710267][ T997] ? clear_user+0x70/0xc0 [ 1314.714586][ T997] load_elf_binary+0x3343/0x3770 [ 1314.719513][ T997] ? load_elf_binary+0x811/0x3770 [ 1314.724527][ T997] ? load_script+0x990/0x990 [ 1314.729107][ T997] ? selinux_inode_follow_link+0x3c0/0x3c0 [ 1314.734903][ T997] ? __rcu_read_lock+0x50/0x50 [ 1314.739660][ T997] search_binary_handler+0x17c/0x590 [ 1314.744937][ T997] exec_binprm+0x90/0x380 [ 1314.749255][ T997] __do_execve_file+0x1296/0x1870 [ 1314.754271][ T997] ? do_execve_file+0x40/0x40 [ 1314.758932][ T997] ? getname_kernel+0x55/0x2f0 [ 1314.763686][ T997] ? getname_kernel+0x159/0x2f0 [ 1314.768521][ T997] do_execve+0x2f/0x40 [ 1314.772582][ T997] call_usermodehelper_exec_async+0x2dc/0x480 [ 1314.778641][ T997] ? proc_cap_handler+0x580/0x580 [ 1314.783652][ T997] ret_from_fork+0x1f/0x30 [ 1314.799945][ T997] Mem-Info: [ 1314.805486][ T997] active_anon:1438845 inactive_anon:4690 isolated_anon:0 [ 1314.805486][ T997] active_file:219 inactive_file:448 isolated_file:32 [ 1314.805486][ T997] unevictable:0 dirty:10 writeback:1 unstable:0 [ 1314.805486][ T997] slab_reclaimable:7229 slab_unreclaimable:72804 [ 1314.805486][ T997] mapped:55915 shmem:4764 pagetables:30330 bounce:0 [ 1314.805486][ T997] free:10751 free_pcp:121 free_cma:0 [ 1314.848141][ T997] Node 0 active_anon:5756580kB inactive_anon:18760kB active_file:160kB inactive_file:2012kB unevictable:0kB isolated(anon):0kB isolated(file):108kB mapped:223060kB dirty:40kB writeback:4kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1314.877844][ T997] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1314.917262][ T997] lowmem_reserve[]: 0 2912 6416 6416 [ 1314.922676][ T997] DMA32 free:18020kB min:4644kB low:7624kB high:10604kB active_anon:2829760kB inactive_anon:12kB active_file:360kB inactive_file:820kB unevictable:0kB writepending:28kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7360kB pagetables:21300kB bounce:0kB free_pcp:744kB local_pcp:56kB free_cma:0kB [ 1314.952168][ T997] lowmem_reserve[]: 0 0 3504 3504 [ 1314.957880][ T997] Normal free:7276kB min:5592kB low:9180kB high:12768kB active_anon:2927928kB inactive_anon:18748kB active_file:296kB inactive_file:776kB unevictable:0kB writepending:16kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29888kB pagetables:100028kB bounce:0kB free_pcp:496kB local_pcp:496kB free_cma:0kB [ 1314.988028][ T997] lowmem_reserve[]: 0 0 0 0 [ 1314.993534][ T997] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1315.007138][ T997] DMA32: 40*4kB (UMH) 79*8kB (MEH) 14*16kB (ME) 8*32kB (MEH) 9*64kB (UMH) 5*128kB (MH) 10*256kB (UM) 20*512kB (UM) 4*1024kB (UM) 0*2048kB 0*4096kB = 19384kB [ 1315.022930][ T997] Normal: 10*4kB (H) 6*8kB (H) 113*16kB (UE) 56*32kB (UE) 16*64kB (UH) 3*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 6376kB [ 1315.037784][ T997] 4905 total pagecache pages [ 1315.042812][ T997] 0 pages in swap cache [ 1315.047053][ T997] Swap cache stats: add 0, delete 0, find 0/0 [ 1315.053283][ T997] Free swap = 0kB [ 1315.058453][ T997] Total swap = 0kB [ 1315.062165][ T997] 1965979 pages RAM [ 1315.065961][ T997] 0 pages HighMem/MovableOnly [ 1315.070611][ T997] 318832 pages reserved [ 1315.074793][ T997] 0 pages cma reserved [ 1315.078847][ T997] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=982,uid=0 [ 1315.092768][ T997] Out of memory: Killed process 982 (syz-executor.0) total-vm:75356kB, anon-rss:16552kB, file-rss:34532kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 1315.116159][ T23] oom_reaper: reaped process 982 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:08:04 executing program 1: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='coredump_filter\x00') r1 = gettid() tkill(r1, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) wait4(0x0, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x10001ff) 03:08:04 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:04 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ptrace$setregs(0xf, r0, 0x8, &(0x7f0000000000)="5bfa978bbf58fa90d7df0444db0def3295398692cea44b3762459af91b65bd5ca6c7a8ee721278dcb9aa375fc5420871659908d028cb41b73437ff14763c91cf35d84698488599186ca06caf9ad70f896b0dc8accb7fa977d748382d1aa249130254539caaee75aa36747e532f63ac") write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:08:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:04 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) r5 = getpid() rt_tgsigqueueinfo(r5, r5, 0x16, &(0x7f0000000000)) ptrace(0x10, r5) ptrace$getregset(0x4201, r5, 0x0, &(0x7f0000000080)={0x0}) clone3(&(0x7f0000000380)={0x8028200, &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000140), {0x22}, &(0x7f0000000180)=""/9, 0x9, &(0x7f00000001c0)=""/113, &(0x7f0000000340)=[r0, r4, r5], 0x3}, 0x50) ioctl$HIDIOCGCOLLECTIONINFO(r3, 0xc0104811, &(0x7f0000000400)={0x8, 0x546, 0x7, 0x7}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:04 executing program 0: rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000000)) ptrace(0x10, 0x0) ptrace$getregset(0x4201, 0x0, 0x0, &(0x7f0000000080)={0x0}) prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x9, 0x400000008c}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x1a, 0x0, 0x9, 0x0, 0xffff}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x11, 0x0, 0x7, 0x0, 0x4, 0xfffffffffffffffb}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) keyctl$get_security(0x11, 0x0, &(0x7f0000000100)=""/81, 0x51) syz_open_procfs(0x0, &(0x7f0000000180)='stack\x00') fsync(0xffffffffffffffff) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1318.844593][ T1041] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 1318.856710][ T1041] CPU: 1 PID: 1041 Comm: syz-executor.0 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1318.866764][ T1041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1318.876792][ T1041] Call Trace: [ 1318.880055][ T1041] dump_stack+0x14a/0x1ce [ 1318.884359][ T1041] ? devkmsg_release+0x11c/0x11c [ 1318.889275][ T1041] ? show_regs_print_info+0x12/0x12 [ 1318.894450][ T1041] ? radix_tree_cpu_dead+0x160/0x160 [ 1318.899708][ T1041] ? _raw_spin_lock+0xa1/0x170 [ 1318.904445][ T1041] ? _raw_spin_trylock_bh+0x190/0x190 [ 1318.909826][ T1041] dump_header+0xdb/0x700 [ 1318.914125][ T1041] oom_kill_process+0xd3/0x280 [ 1318.918862][ T1041] out_of_memory+0x5b6/0x890 [ 1318.923425][ T1041] ? unregister_oom_notifier+0x20/0x20 [ 1318.928857][ T1041] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1318.934375][ T1041] ? get_page_from_freelist+0x7c0/0x7c0 [ 1318.939894][ T1041] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1318.945239][ T1041] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1318.950772][ T1041] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 1318.956495][ T1041] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 1318.962265][ T1041] ? page_remove_rmap+0xff/0x1c0 [ 1318.967301][ T1041] wp_page_copy+0x1fe/0x1120 [ 1318.971958][ T1041] ? add_mm_rss_vec+0x270/0x270 [ 1318.976785][ T1041] ? update_load_avg+0x410/0x8f0 [ 1318.981732][ T1041] do_wp_page+0x68b/0x1530 [ 1318.986122][ T1041] ? do_swap_page+0x1560/0x1560 [ 1318.990943][ T1041] handle_mm_fault+0x1363/0x40b0 [ 1318.995849][ T1041] ? switch_mm_irqs_off+0x329/0xa10 [ 1319.001102][ T1041] ? finish_fault+0x230/0x230 [ 1319.005743][ T1041] ? vmacache_find+0x2d2/0x4b0 [ 1319.010472][ T1041] do_user_addr_fault+0x48a/0x9f0 [ 1319.015468][ T1041] page_fault+0x2f/0x40 [ 1319.019604][ T1041] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 1319.026157][ T1041] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 1319.045727][ T1041] RSP: 0000:ffff888025cb7888 EFLAGS: 00010206 [ 1319.051760][ T1041] RAX: ffffffff81f6e701 RBX: 00000000206ea500 RCX: 0000000000000500 [ 1319.059699][ T1041] RDX: 0000000000001000 RSI: ffff888025c9eb00 RDI: 00000000206ea000 [ 1319.067636][ T1041] RBP: ffff888025cb7da8 R08: dffffc0000000000 R09: ffffed1004b93e00 [ 1319.075588][ T1041] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 1319.083526][ T1041] R13: 0000000000001000 R14: ffff888025c9e000 R15: 00000000206e9500 [ 1319.091471][ T1041] ? _copy_to_iter+0x1031/0x1060 [ 1319.096384][ T1041] copyout+0x8e/0xb0 [ 1319.100250][ T1041] copy_page_to_iter+0x393/0xbd0 [ 1319.105150][ T1041] pipe_to_user+0xa3/0x130 [ 1319.109536][ T1041] __splice_from_pipe+0x2d3/0x870 [ 1319.114524][ T1041] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 1319.120033][ T1041] do_vmsplice+0x252/0xee0 [ 1319.124419][ T1041] ? futex_exit_release+0xc0/0xc0 [ 1319.129411][ T1041] ? write_pipe_buf+0x1d0/0x1d0 [ 1319.134232][ T1041] ? __rcu_read_lock+0x50/0x50 [ 1319.138964][ T1041] ? check_stack_object+0x5a/0x90 [ 1319.143986][ T1041] ? _copy_from_user+0xa4/0xe0 [ 1319.148716][ T1041] ? rw_copy_check_uvector+0x2b3/0x310 [ 1319.154141][ T1041] ? import_iovec+0x1c2/0x380 [ 1319.158787][ T1041] ? dup_iter+0x110/0x110 [ 1319.163083][ T1041] ? kcalloc+0x32/0x60 [ 1319.167113][ T1041] __se_sys_vmsplice+0x1fb/0x300 [ 1319.172026][ T1041] ? __x64_sys_vmsplice+0xa0/0xa0 [ 1319.177014][ T1041] ? put_timespec64+0x109/0x150 [ 1319.181827][ T1041] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1319.187441][ T1041] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 1319.193126][ T1041] ? fput_many+0x42/0x1a0 [ 1319.197434][ T1041] do_syscall_64+0xcb/0x150 [ 1319.201937][ T1041] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1319.207803][ T1041] RIP: 0033:0x45c849 [ 1319.211678][ T1041] Code: Bad RIP value. [ 1319.215716][ T1041] RSP: 002b:00007f1b256f6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 1319.224093][ T1041] RAX: ffffffffffffffda RBX: 00007f1b256f76d4 RCX: 000000000045c849 [ 1319.232039][ T1041] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 1319.239985][ T1041] RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000 [ 1319.247931][ T1041] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1319.255875][ T1041] R13: 0000000000000c47 R14: 00000000004ce688 R15: 000000000076c04c [ 1319.264603][ T1041] Mem-Info: [ 1319.272084][ T1041] active_anon:1439829 inactive_anon:4691 isolated_anon:0 [ 1319.272084][ T1041] active_file:127 inactive_file:113 isolated_file:32 [ 1319.272084][ T1041] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1319.272084][ T1041] slab_reclaimable:7236 slab_unreclaimable:72607 [ 1319.272084][ T1041] mapped:55639 shmem:4764 pagetables:30263 bounce:0 [ 1319.272084][ T1041] free:10588 free_pcp:412 free_cma:0 [ 1319.311184][ T1041] Node 0 active_anon:5759316kB inactive_anon:18764kB active_file:76kB inactive_file:328kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:222068kB dirty:0kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1319.335556][ T1041] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1319.361541][ T1041] lowmem_reserve[]: 0 2912 6416 6416 [ 1319.366852][ T1041] DMA32 free:18876kB min:4644kB low:7624kB high:10604kB active_anon:2827148kB inactive_anon:16kB active_file:0kB inactive_file:276kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7104kB pagetables:21508kB bounce:0kB free_pcp:284kB local_pcp:0kB free_cma:0kB [ 1319.395905][ T1041] lowmem_reserve[]: 0 0 3504 3504 [ 1319.400979][ T1041] Normal free:7232kB min:5592kB low:9180kB high:12768kB active_anon:2932168kB inactive_anon:18748kB active_file:48kB inactive_file:408kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29888kB pagetables:99544kB bounce:0kB free_pcp:328kB local_pcp:0kB free_cma:0kB [ 1319.430707][ T1041] lowmem_reserve[]: 0 0 0 0 [ 1319.435522][ T1041] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1319.449174][ T1041] DMA32: 100*4kB (MH) 90*8kB (UMH) 16*16kB (UMEH) 9*32kB (UMEH) 14*64kB (MH) 15*128kB (UMH) 11*256kB (UM) 17*512kB (UM) 4*1024kB (UM) 0*2048kB 0*4096kB = 20096kB [ 1319.465604][ T1041] Normal: 12*4kB (UMH) 53*8kB (UH) 151*16kB (UEH) 52*32kB (UEH) 8*64kB (UH) 1*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 6472kB [ 1319.480763][ T1041] 4864 total pagecache pages [ 1319.485662][ T1041] 0 pages in swap cache [ 1319.490039][ T1041] Swap cache stats: add 0, delete 0, find 0/0 [ 1319.496312][ T1041] Free swap = 0kB [ 1319.500060][ T1041] Total swap = 0kB [ 1319.504176][ T1041] 1965979 pages RAM [ 1319.507969][ T1041] 0 pages HighMem/MovableOnly [ 1319.512616][ T1041] 318832 pages reserved [ 1319.516761][ T1041] 0 pages cma reserved [ 1319.520807][ T1041] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=1043,uid=0 [ 1319.534819][ T1041] Out of memory: Killed process 1043 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34740kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:08:08 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:08 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:09 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000000)=0x2000000000000074, 0x4) 03:08:09 executing program 0: prlimit64(0x0, 0x4, &(0x7f00000001c0)={0x100000000006, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x9, 0x7fff}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) r4 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg\x00', 0x4500, 0x0) ioctl$HIDIOCSFEATURE(r4, 0xc0404806, &(0x7f0000000140)="d84caf36a7bb97571bdd13a6638a71ba02673323862e78b5550c558acb4e5f22b9318f00fec7084816c3eb5aa96abcdcd5857a18ff2226f49380c736f820a6b0c555b4f54172b83938d5712c0ae36ef99f35ed65b9f3c93c72784a71ddbc") socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f0000000240)='net/nf_conntrack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1321.668334][ T211] systemd-udevd invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=-1000 [ 1321.694151][ T211] CPU: 1 PID: 211 Comm: systemd-udevd Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1321.704041][ T211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1321.714080][ T211] Call Trace: [ 1321.717356][ T211] dump_stack+0x14a/0x1ce [ 1321.721672][ T211] ? devkmsg_release+0x11c/0x11c [ 1321.726591][ T211] ? show_regs_print_info+0x12/0x12 [ 1321.731767][ T211] ? radix_tree_cpu_dead+0x160/0x160 [ 1321.737030][ T211] ? _raw_spin_lock+0xa1/0x170 [ 1321.741790][ T211] ? _raw_spin_trylock_bh+0x190/0x190 [ 1321.747154][ T211] dump_header+0xdb/0x700 [ 1321.751463][ T211] oom_kill_process+0xd3/0x280 [ 1321.756215][ T211] out_of_memory+0x5b6/0x890 [ 1321.760808][ T211] ? unregister_oom_notifier+0x20/0x20 [ 1321.766252][ T211] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1321.771787][ T211] ? get_page_from_freelist+0x7c0/0x7c0 [ 1321.777348][ T211] ? rw_copy_check_uvector+0x2b3/0x310 [ 1321.782793][ T211] ? __zone_watermark_ok+0x96/0x260 [ 1321.787977][ T211] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1321.793327][ T211] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1321.798848][ T211] ? __perf_event_task_sched_in+0x4f7/0x560 [ 1321.804711][ T211] alloc_slab_page+0x3a/0x3a0 [ 1321.809356][ T211] new_slab+0x3ef/0x430 [ 1321.813480][ T211] ? should_fail+0x18e/0x860 [ 1321.818035][ T211] ___slab_alloc+0x2e0/0x450 [ 1321.822594][ T211] ? getname_flags+0xb8/0x610 [ 1321.827239][ T211] ? getname_flags+0xb8/0x610 [ 1321.831882][ T211] kmem_cache_alloc+0x23c/0x260 [ 1321.836697][ T211] getname_flags+0xb8/0x610 [ 1321.841170][ T211] __x64_sys_unlink+0x38/0x50 [ 1321.845814][ T211] do_syscall_64+0xcb/0x150 [ 1321.850289][ T211] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1321.856148][ T211] RIP: 0033:0x7fe708ef00e7 [ 1321.860531][ T211] Code: f0 ff ff 73 01 c3 48 8b 0d ae bd 2b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 bd 2b 00 f7 d8 64 89 01 48 [ 1321.880104][ T211] RSP: 002b:00007fff9cd5aab8 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 1321.888496][ T211] RAX: ffffffffffffffda RBX: 0000558aef19a600 RCX: 00007fe708ef00e7 [ 1321.896442][ T211] RDX: 0000558aef0e8a78 RSI: 0000000000000000 RDI: 0000558aee578369 [ 1321.904382][ T211] RBP: 00000000000000d3 R08: 0000558aef1a6650 R09: 0000000000000018 [ 1321.912324][ T211] R10: 7bcbc001dfbbf1bf R11: 0000000000000246 R12: 0000000200000001 [ 1321.920265][ T211] R13: 00007fff9cd5ab60 R14: 00007fff9cd5ab10 R15: 00007fff9cd5ab0f [ 1321.929416][ T211] Mem-Info: [ 1321.932779][ T211] active_anon:1438188 inactive_anon:4689 isolated_anon:0 [ 1321.932779][ T211] active_file:285 inactive_file:263 isolated_file:34 [ 1321.932779][ T211] unevictable:0 dirty:22 writeback:0 unstable:0 [ 1321.932779][ T211] slab_reclaimable:7233 slab_unreclaimable:72781 [ 1321.932779][ T211] mapped:56002 shmem:4764 pagetables:30286 bounce:0 [ 1321.932779][ T211] free:11729 free_pcp:123 free_cma:0 [ 1321.971021][ T211] Node 0 active_anon:5752752kB inactive_anon:18756kB active_file:1140kB inactive_file:1052kB unevictable:0kB isolated(anon):0kB isolated(file):8kB mapped:224008kB dirty:88kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1322.008720][ T211] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1322.035342][ T211] lowmem_reserve[]: 0 2912 6416 6416 [ 1322.040747][ T211] DMA32 free:19000kB min:4644kB low:7624kB high:10604kB active_anon:2824036kB inactive_anon:8kB active_file:572kB inactive_file:712kB unevictable:0kB writepending:48kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7232kB pagetables:21632kB bounce:0kB free_pcp:1624kB local_pcp:1180kB free_cma:0kB [ 1322.073679][ T211] lowmem_reserve[]: 0 0 3504 3504 [ 1322.078719][ T211] Normal free:10808kB min:5592kB low:9180kB high:12768kB active_anon:2928648kB inactive_anon:18748kB active_file:340kB inactive_file:480kB unevictable:0kB writepending:40kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29824kB pagetables:99512kB bounce:0kB free_pcp:864kB local_pcp:376kB free_cma:0kB [ 1322.111889][ T211] lowmem_reserve[]: 0 0 0 0 [ 1322.116527][ T211] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1322.129949][ T211] DMA32: 239*4kB (MH) 87*8kB (UMH) 12*16kB (UMEH) 9*32kB (UMEH) 14*64kB (UMH) 20*128kB (MH) 10*256kB (UM) 15*512kB (UM) 3*1024kB (M) 0*2048kB 0*4096kB = 18900kB [ 1322.146157][ T211] Normal: 98*4kB (UMEH) 202*8kB (UMEH) 189*16kB (UMEH) 81*32kB (UMEH) 16*64kB (UM) 3*128kB (MH) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 10312kB [ 1322.168031][ T211] 5252 total pagecache pages [ 1322.172667][ T211] 0 pages in swap cache [ 1322.183402][ T211] Swap cache stats: add 0, delete 0, find 0/0 [ 1322.201907][ T211] Free swap = 0kB [ 1322.205631][ T211] Total swap = 0kB [ 1322.212472][ T211] 1965979 pages RAM [ 1322.216314][ T211] 0 pages HighMem/MovableOnly [ 1322.230042][ T211] 318832 pages reserved [ 1322.234206][ T211] 0 pages cma reserved [ 1322.238256][ T211] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=26084,uid=0 [ 1322.268883][ T211] Out of memory: Killed process 26084 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:08:10 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:10 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:10 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f00000000c0), 0x0, 0x1) close(r2) splice(r1, 0x0, r2, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000000100)={0x44, 0x7, 0x6, 0x900, 0x0, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x20001}, 0x4040045) ioctl$RTC_IRQP_SET(r2, 0x4008700c, 0x1578) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) [ 1323.608836][ T1084] syz-executor.0 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1323.621482][ T1084] CPU: 1 PID: 1084 Comm: syz-executor.0 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1323.631636][ T1084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1323.641670][ T1084] Call Trace: [ 1323.644937][ T1084] dump_stack+0x14a/0x1ce [ 1323.649237][ T1084] ? devkmsg_release+0x11c/0x11c [ 1323.654158][ T1084] ? show_regs_print_info+0x12/0x12 [ 1323.659323][ T1084] ? radix_tree_cpu_dead+0x160/0x160 [ 1323.664575][ T1084] ? _raw_spin_lock+0xa1/0x170 [ 1323.669309][ T1084] ? _raw_spin_trylock_bh+0x190/0x190 [ 1323.674654][ T1084] dump_header+0xdb/0x700 [ 1323.678967][ T1084] oom_kill_process+0xd3/0x280 [ 1323.683706][ T1084] out_of_memory+0x5b6/0x890 [ 1323.688281][ T1084] ? unregister_oom_notifier+0x20/0x20 [ 1323.693715][ T1084] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1323.699255][ T1084] ? get_page_from_freelist+0x7c0/0x7c0 [ 1323.704778][ T1084] ? flush_tlb_func_common+0x45/0x570 [ 1323.710130][ T1084] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1323.715471][ T1084] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1323.720987][ T1084] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 1323.726676][ T1084] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 1323.732451][ T1084] ? __lru_cache_add+0x1a1/0x1f0 [ 1323.737356][ T1084] wp_page_copy+0x1cb/0x1120 [ 1323.741919][ T1084] ? add_mm_rss_vec+0x270/0x270 [ 1323.746737][ T1084] ? vm_normal_page+0x1c9/0x1d0 [ 1323.751553][ T1084] do_wp_page+0x4c1/0x1530 [ 1323.756040][ T1084] ? _raw_spin_lock+0xa1/0x170 [ 1323.760787][ T1084] ? do_swap_page+0x1560/0x1560 [ 1323.765629][ T1084] handle_mm_fault+0x1363/0x40b0 [ 1323.770538][ T1084] ? finish_fault+0x230/0x230 [ 1323.775201][ T1084] ? find_next_bit+0xf7/0x120 [ 1323.779846][ T1084] ? vmacache_find+0x2d2/0x4b0 [ 1323.784578][ T1084] do_user_addr_fault+0x48a/0x9f0 [ 1323.789571][ T1084] page_fault+0x2f/0x40 [ 1323.793700][ T1084] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 1323.800257][ T1084] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 1323.819838][ T1084] RSP: 0018:ffff888025777888 EFLAGS: 00010206 [ 1323.825880][ T1084] RAX: ffffffff81f6e701 RBX: 0000000020fde500 RCX: 0000000000000500 [ 1323.833927][ T1084] RDX: 0000000000001000 RSI: ffff888009a05b00 RDI: 0000000020fde000 [ 1323.841868][ T1084] RBP: ffff888025777da8 R08: dffffc0000000000 R09: ffffed1001340c00 [ 1323.849811][ T1084] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 1323.857752][ T1084] R13: 0000000000001000 R14: ffff888009a05000 R15: 0000000020fdd500 [ 1323.865788][ T1084] ? _copy_to_iter+0x1031/0x1060 [ 1323.870698][ T1084] copyout+0x8e/0xb0 [ 1323.874565][ T1084] copy_page_to_iter+0x393/0xbd0 [ 1323.879609][ T1084] pipe_to_user+0xa3/0x130 [ 1323.884024][ T1084] __splice_from_pipe+0x2d3/0x870 [ 1323.889026][ T1084] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 1323.894543][ T1084] do_vmsplice+0x252/0xee0 [ 1323.898934][ T1084] ? avc_ss_reset+0x3a0/0x3a0 [ 1323.903583][ T1084] ? write_pipe_buf+0x1d0/0x1d0 [ 1323.908406][ T1084] ? filemap_map_pages+0x10ca/0x1140 [ 1323.913664][ T1084] ? __rcu_read_lock+0x50/0x50 [ 1323.918398][ T1084] ? check_stack_object+0x5a/0x90 [ 1323.923401][ T1084] ? _copy_from_user+0xa4/0xe0 [ 1323.928151][ T1084] ? rw_copy_check_uvector+0x2b3/0x310 [ 1323.933582][ T1084] ? import_iovec+0x1c2/0x380 [ 1323.938232][ T1084] ? dup_iter+0x110/0x110 [ 1323.942533][ T1084] ? do_vfs_ioctl+0x780/0x1750 [ 1323.947268][ T1084] __se_sys_vmsplice+0x1fb/0x300 [ 1323.952174][ T1084] ? __x64_sys_vmsplice+0xa0/0xa0 [ 1323.957165][ T1084] ? put_timespec64+0x109/0x150 [ 1323.961984][ T1084] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1323.967582][ T1084] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 1323.973268][ T1084] do_syscall_64+0xcb/0x150 [ 1323.977743][ T1084] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1323.983603][ T1084] RIP: 0033:0x45c849 [ 1323.987464][ T1084] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1324.007044][ T1084] RSP: 002b:00007f1b256f6c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 1324.015422][ T1084] RAX: ffffffffffffffda RBX: 00007f1b256f76d4 RCX: 000000000045c849 [ 1324.023365][ T1084] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000004 [ 1324.031305][ T1084] RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000 [ 1324.039247][ T1084] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1324.047188][ T1084] R13: 0000000000000c47 R14: 00000000004ce688 R15: 000000000076c04c [ 1324.073754][ T1084] Mem-Info: [ 1324.077287][ T1084] active_anon:1439417 inactive_anon:4691 isolated_anon:0 [ 1324.077287][ T1084] active_file:173 inactive_file:191 isolated_file:32 [ 1324.077287][ T1084] unevictable:0 dirty:2 writeback:0 unstable:0 [ 1324.077287][ T1084] slab_reclaimable:7231 slab_unreclaimable:72495 [ 1324.077287][ T1084] mapped:55772 shmem:4764 pagetables:30282 bounce:0 [ 1324.077287][ T1084] free:11213 free_pcp:62 free_cma:0 [ 1324.115737][ T1084] Node 0 active_anon:5757668kB inactive_anon:18764kB active_file:460kB inactive_file:736kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:222888kB dirty:8kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1324.140506][ T1084] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1324.166678][ T1084] lowmem_reserve[]: 0 2912 6416 6416 [ 1324.172240][ T1084] DMA32 free:19156kB min:4644kB low:7624kB high:10604kB active_anon:2826088kB inactive_anon:12kB active_file:372kB inactive_file:88kB unevictable:0kB writepending:8kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7104kB pagetables:21684kB bounce:0kB free_pcp:960kB local_pcp:248kB free_cma:0kB [ 1324.207344][ T1084] lowmem_reserve[]: 0 0 3504 3504 [ 1324.212875][ T1084] Normal free:9792kB min:5592kB low:9180kB high:12768kB active_anon:2931580kB inactive_anon:18752kB active_file:448kB inactive_file:260kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29856kB pagetables:99444kB bounce:0kB free_pcp:368kB local_pcp:52kB free_cma:0kB [ 1324.242689][ T1084] lowmem_reserve[]: 0 0 0 0 [ 1324.247752][ T1084] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1324.262632][ T1084] DMA32: 65*4kB (UH) 19*8kB (UMH) 19*16kB (UEH) 17*32kB (UMEH) 2*64kB (MH) 11*128kB (MH) 1*256kB (U) 15*512kB (UM) 4*1024kB (M) 0*2048kB 1*4096kB (M) = 18924kB [ 1324.279163][ T1084] Normal: 74*4kB (UH) 104*8kB (UMH) 154*16kB (UME) 76*32kB (UMEH) 16*64kB (U) 1*128kB (H) 3*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 8456kB [ 1324.295403][ T1084] 5084 total pagecache pages [ 1324.300378][ T1084] 0 pages in swap cache [ 1324.318727][ T1084] Swap cache stats: add 0, delete 0, find 0/0 [ 1324.327627][ T1084] Free swap = 0kB [ 1324.331616][ T1084] Total swap = 0kB [ 1324.335409][ T1084] 1965979 pages RAM [ 1324.339240][ T1084] 0 pages HighMem/MovableOnly [ 1324.343995][ T1084] 318832 pages reserved [ 1324.348171][ T1084] 0 pages cma reserved [ 1324.352272][ T1084] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=1082,uid=0 [ 1324.366336][ T1084] Out of memory: Killed process 1082 (syz-executor.1) total-vm:75224kB, anon-rss:16568kB, file-rss:34764kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000 03:08:12 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:12 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) [ 1325.860527][ T429] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1325.871849][ T429] CPU: 0 PID: 429 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1325.881812][ T429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1325.891837][ T429] Call Trace: [ 1325.895099][ T429] dump_stack+0x14a/0x1ce [ 1325.899396][ T429] ? devkmsg_release+0x11c/0x11c [ 1325.904302][ T429] ? show_regs_print_info+0x12/0x12 [ 1325.909471][ T429] ? radix_tree_cpu_dead+0x160/0x160 [ 1325.914725][ T429] dump_header+0xdb/0x700 [ 1325.919035][ T429] oom_kill_process+0xd3/0x280 [ 1325.923768][ T429] out_of_memory+0x5b6/0x890 [ 1325.928327][ T429] ? unregister_oom_notifier+0x20/0x20 [ 1325.933757][ T429] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1325.939289][ T429] ? get_page_from_freelist+0x7c0/0x7c0 [ 1325.944821][ T429] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1325.950169][ T429] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1325.955693][ T429] pagecache_get_page+0x50f/0x880 [ 1325.960691][ T429] filemap_fault+0x1474/0x19d0 [ 1325.965430][ T429] ? generic_file_read_iter+0x20b0/0x20b0 [ 1325.971119][ T429] ? enqueue_hrtimer+0x1cf/0x230 [ 1325.976044][ T429] ext4_filemap_fault+0x7b/0x90 [ 1325.980987][ T429] handle_mm_fault+0x2846/0x40b0 [ 1325.985898][ T429] ? finish_fault+0x230/0x230 [ 1325.990541][ T429] ? put_timespec64+0x109/0x150 [ 1325.995359][ T429] ? vmacache_find+0x205/0x4b0 [ 1326.000088][ T429] do_user_addr_fault+0x48a/0x9f0 [ 1326.005082][ T429] page_fault+0x2f/0x40 [ 1326.009215][ T429] RIP: 0033:0x41036e [ 1326.013077][ T429] Code: 89 c6 48 8b 05 33 23 87 00 4c 89 f3 44 8b 20 eb 48 0f 1f 00 bf e8 03 00 00 e8 6e c4 04 00 e8 19 31 ff ff 48 8b 15 12 23 87 00 <8b> 0a 48 89 c2 41 39 cc 48 0f 45 d8 4c 29 f2 48 81 fa 87 13 00 00 [ 1326.032649][ T429] RSP: 002b:00007fff19d28d90 EFLAGS: 00010206 [ 1326.038682][ T429] RAX: 0000000000143b6a RBX: 0000000000143a4e RCX: 00000000001437c8 [ 1326.046623][ T429] RDX: 0000001b2d820000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1326.054568][ T429] RBP: 000000000000178f R08: 0000000000000001 R09: 0000000002a48940 [ 1326.062515][ T429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 1326.070460][ T429] R13: 00007fff19d28dc0 R14: 00000000001437dc R15: 00007fff19d28dd0 [ 1326.127037][ T429] Mem-Info: [ 1326.130245][ T429] active_anon:1439838 inactive_anon:4690 isolated_anon:0 [ 1326.130245][ T429] active_file:122 inactive_file:110 isolated_file:32 [ 1326.130245][ T429] unevictable:0 dirty:10 writeback:2 unstable:0 [ 1326.130245][ T429] slab_reclaimable:7231 slab_unreclaimable:72559 [ 1326.130245][ T429] mapped:55667 shmem:4764 pagetables:30354 bounce:0 [ 1326.130245][ T429] free:10506 free_pcp:260 free_cma:0 [ 1326.168109][ T429] Node 0 active_anon:5759352kB inactive_anon:18760kB active_file:360kB inactive_file:292kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:222668kB dirty:40kB writeback:8kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1326.192409][ T429] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1326.218452][ T429] lowmem_reserve[]: 0 2912 6416 6416 [ 1326.227051][ T429] DMA32 free:17212kB min:4644kB low:7624kB high:10604kB active_anon:2826288kB inactive_anon:12kB active_file:464kB inactive_file:96kB unevictable:0kB writepending:20kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7232kB pagetables:22084kB bounce:0kB free_pcp:948kB local_pcp:248kB free_cma:0kB [ 1326.265445][ T429] lowmem_reserve[]: 0 0 3504 3504 [ 1326.270781][ T429] Normal free:8908kB min:5592kB low:9180kB high:12768kB active_anon:2931896kB inactive_anon:18748kB active_file:0kB inactive_file:768kB unevictable:0kB writepending:28kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30048kB pagetables:99332kB bounce:0kB free_pcp:828kB local_pcp:272kB free_cma:0kB [ 1326.300414][ T429] lowmem_reserve[]: 0 0 0 0 [ 1326.305288][ T429] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1326.318674][ T429] DMA32: 12*4kB (MH) 6*8kB (H) 8*16kB (UMEH) 5*32kB (UMEH) 3*64kB (UM) 10*128kB (UMH) 1*256kB (U) 15*512kB (UM) 5*1024kB (UM) 1*2048kB (U) 0*4096kB = 16960kB [ 1326.334542][ T429] Normal: 166*4kB (UEH) 111*8kB (UEH) 152*16kB (UEH) 75*32kB (UEH) 17*64kB (UH) 1*128kB (H) 2*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 8624kB [ 1326.393523][ T429] 4827 total pagecache pages [ 1326.398252][ T429] 0 pages in swap cache [ 1326.402777][ T429] Swap cache stats: add 0, delete 0, find 0/0 [ 1326.410657][ T429] Free swap = 0kB [ 1326.414404][ T429] Total swap = 0kB [ 1326.418140][ T429] 1965979 pages RAM [ 1326.421925][ T429] 0 pages HighMem/MovableOnly [ 1326.426629][ T429] 318832 pages reserved [ 1326.430762][ T429] 0 pages cma reserved [ 1326.434977][ T429] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=1090,uid=0 [ 1326.448974][ T429] Out of memory: Killed process 1090 (syz-executor.0) total-vm:75488kB, anon-rss:16584kB, file-rss:34696kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1327.155633][ T391] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1327.166727][ T391] CPU: 1 PID: 391 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1327.176343][ T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1327.186375][ T391] Call Trace: [ 1327.189638][ T391] dump_stack+0x14a/0x1ce [ 1327.193933][ T391] ? devkmsg_release+0x11c/0x11c [ 1327.198838][ T391] ? show_regs_print_info+0x12/0x12 [ 1327.204001][ T391] ? radix_tree_cpu_dead+0x160/0x160 [ 1327.209251][ T391] ? _raw_spin_lock+0xa1/0x170 [ 1327.213983][ T391] ? _raw_spin_trylock_bh+0x190/0x190 [ 1327.219338][ T391] dump_header+0xdb/0x700 [ 1327.223643][ T391] oom_kill_process+0xd3/0x280 [ 1327.228402][ T391] out_of_memory+0x5b6/0x890 [ 1327.233087][ T391] ? unregister_oom_notifier+0x20/0x20 [ 1327.238517][ T391] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1327.244029][ T391] ? get_page_from_freelist+0x7c0/0x7c0 [ 1327.249550][ T391] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1327.254887][ T391] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1327.260398][ T391] pagecache_get_page+0x50f/0x880 [ 1327.265430][ T391] ? is_mmconf_reserved+0x410/0x410 [ 1327.270596][ T391] filemap_fault+0x1474/0x19d0 [ 1327.275322][ T391] ? generic_file_read_iter+0x20b0/0x20b0 [ 1327.281022][ T391] ? ___preempt_schedule+0x16/0x20 [ 1327.286097][ T391] ext4_filemap_fault+0x7b/0x90 [ 1327.290912][ T391] handle_mm_fault+0x2846/0x40b0 [ 1327.295818][ T391] ? finish_fault+0x230/0x230 [ 1327.300456][ T391] ? vmacache_find+0x205/0x4b0 [ 1327.305193][ T391] do_user_addr_fault+0x48a/0x9f0 [ 1327.310181][ T391] page_fault+0x2f/0x40 [ 1327.314298][ T391] RIP: 0033:0x437920 [ 1327.318160][ T391] Code: Bad RIP value. [ 1327.322194][ T391] RSP: 002b:000000c420051f70 EFLAGS: 00010202 [ 1327.328230][ T391] RAX: 000000c420001800 RBX: 000000c420142480 RCX: 000000c420041400 [ 1327.336170][ T391] RDX: 0000000001ecea30 RSI: 0000000000000001 RDI: 0000000000433901 [ 1327.344108][ T391] RBP: 000000c420051f90 R08: 000000c420051fc0 R09: 00007ffda3bf70b8 [ 1327.352048][ T391] R10: 0000000000000000 R11: 000000000003b6ee R12: 00000134f3db4c36 [ 1327.359985][ T391] R13: 0000000000000001 R14: 000000c42e0a5ce0 R15: 0000000000000001 [ 1327.368205][ T391] Mem-Info: [ 1327.371466][ T391] active_anon:1439933 inactive_anon:4690 isolated_anon:0 [ 1327.371466][ T391] active_file:43 inactive_file:119 isolated_file:30 [ 1327.371466][ T391] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1327.371466][ T391] slab_reclaimable:7230 slab_unreclaimable:72600 [ 1327.371466][ T391] mapped:55518 shmem:4764 pagetables:30339 bounce:0 [ 1327.371466][ T391] free:10385 free_pcp:96 free_cma:0 [ 1327.409074][ T391] Node 0 active_anon:5759732kB inactive_anon:18760kB active_file:108kB inactive_file:148kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:221996kB dirty:0kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1327.433263][ T391] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1327.459374][ T391] lowmem_reserve[]: 0 2912 6416 6416 [ 1327.464721][ T391] DMA32 free:18548kB min:4644kB low:7624kB high:10604kB active_anon:2826452kB inactive_anon:12kB active_file:80kB inactive_file:12kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7104kB pagetables:22020kB bounce:0kB free_pcp:212kB local_pcp:0kB free_cma:0kB [ 1327.513056][ T391] lowmem_reserve[]: 0 0 3504 3504 [ 1327.518089][ T391] Normal free:7660kB min:24744kB low:28332kB high:31920kB active_anon:2933280kB inactive_anon:18748kB active_file:244kB inactive_file:368kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30016kB pagetables:99336kB bounce:0kB free_pcp:848kB local_pcp:276kB free_cma:0kB [ 1327.549230][ T391] lowmem_reserve[]: 0 0 0 0 [ 1327.553840][ T391] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1327.567168][ T391] DMA32: 12*4kB (UH) 8*8kB (UMH) 13*16kB (UMEH) 8*32kB (UE) 2*64kB (U) 11*128kB (UMH) 1*256kB (U) 15*512kB (UM) 5*1024kB (UM) 1*2048kB (U) 0*4096kB = 17216kB [ 1327.582979][ T391] Normal: 11*4kB (MH) 58*8kB (UH) 151*16kB (UEH) 78*32kB (UEH) 17*64kB (UH) 1*128kB (H) 2*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 7660kB [ 1327.597995][ T391] 4810 total pagecache pages [ 1327.602595][ T391] 0 pages in swap cache [ 1327.606801][ T391] Swap cache stats: add 0, delete 0, find 0/0 [ 1327.612923][ T391] Free swap = 0kB [ 1327.616623][ T391] Total swap = 0kB [ 1327.620349][ T391] 1965979 pages RAM [ 1327.625263][ T391] 0 pages HighMem/MovableOnly [ 1327.630018][ T391] 318832 pages reserved [ 1327.637936][ T391] 0 pages cma reserved [ 1327.641989][ T391] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=1087,uid=0 [ 1327.656209][ T391] Out of memory: Killed process 1087 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:34696kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1327.693667][ T23] oom_reaper: reaped process 1087 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:08:15 executing program 5: r0 = getpid() r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000000)) ptrace(0x10, r1) ptrace$getregset(0x4201, r1, 0x0, &(0x7f0000000080)={0x0}) sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x2, 0xfffffffe, 0x0, 0x0, 0x8, 0x2, 0x0, 0xfffffffd}, 0x0) r2 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$inet_tcp_TCP_QUEUE_SEQ(r4, 0x6, 0x15, &(0x7f0000000100)=0x4, 0x4) getegid() write(r3, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:15 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1327.915961][ T1115] modprobe invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 1327.935524][ T1115] CPU: 1 PID: 1115 Comm: modprobe Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1327.945053][ T1115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1327.955079][ T1115] Call Trace: [ 1327.958360][ T1115] dump_stack+0x14a/0x1ce [ 1327.962677][ T1115] ? devkmsg_release+0x11c/0x11c [ 1327.967593][ T1115] ? show_regs_print_info+0x12/0x12 [ 1327.972791][ T1115] ? radix_tree_cpu_dead+0x160/0x160 [ 1327.978061][ T1115] ? _raw_spin_lock+0xa1/0x170 [ 1327.982803][ T1115] ? _raw_spin_trylock_bh+0x190/0x190 [ 1327.988150][ T1115] dump_header+0xdb/0x700 [ 1327.992466][ T1115] oom_kill_process+0xd3/0x280 [ 1327.997297][ T1115] out_of_memory+0x5b6/0x890 [ 1328.001870][ T1115] ? unregister_oom_notifier+0x20/0x20 [ 1328.007315][ T1115] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1328.012842][ T1115] ? get_page_from_freelist+0x7c0/0x7c0 [ 1328.018372][ T1115] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1328.023748][ T1115] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1328.029283][ T1115] ? __rcu_read_lock+0x50/0x50 [ 1328.034039][ T1115] ? ___perf_sw_event+0x448/0x4a0 [ 1328.039047][ T1115] ? ___preempt_schedule+0x16/0x20 [ 1328.044141][ T1115] handle_mm_fault+0x1698/0x40b0 [ 1328.049065][ T1115] ? finish_fault+0x230/0x230 [ 1328.053730][ T1115] ? vmacache_update+0x9f/0xf0 [ 1328.058472][ T1115] do_user_addr_fault+0x48a/0x9f0 [ 1328.063478][ T1115] page_fault+0x2f/0x40 [ 1328.067613][ T1115] RIP: 0033:0x55a66513d461 [ 1328.072001][ T1115] Code: 54 41 89 fd 55 53 48 8d 3d 53 4c 01 00 48 89 f5 48 81 ec f8 11 00 00 64 48 8b 04 25 28 00 00 00 48 89 84 24 e8 11 00 00 31 c0 c2 d6 ff ff 48 85 c0 0f 84 48 07 00 00 49 89 c6 0f b6 00 84 c0 [ 1328.091580][ T1115] RSP: 002b:00007fff2df3ece0 EFLAGS: 00010246 [ 1328.097617][ T1115] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000070 [ 1328.105558][ T1115] RDX: 0000000000000000 RSI: 00007fff2df3ffe8 RDI: 000055a665152097 [ 1328.113592][ T1115] RBP: 00007fff2df3ffe8 R08: 000055a6651512c0 R09: 00007f31a8b14ba0 [ 1328.121531][ T1115] R10: 0000000000000002 R11: 0000000000000001 R12: 000055a66513b010 [ 1328.129469][ T1115] R13: 0000000000000004 R14: 0000000000000000 R15: 0000000000000000 [ 1328.139662][ T1115] Mem-Info: [ 1328.143696][ T1115] active_anon:1435935 inactive_anon:4690 isolated_anon:0 [ 1328.143696][ T1115] active_file:477 inactive_file:627 isolated_file:7 [ 1328.143696][ T1115] unevictable:0 dirty:3 writeback:0 unstable:0 [ 1328.143696][ T1115] slab_reclaimable:7230 slab_unreclaimable:72657 [ 1328.143696][ T1115] mapped:56294 shmem:4764 pagetables:30339 bounce:0 [ 1328.143696][ T1115] free:12859 free_pcp:851 free_cma:0 [ 1328.209175][ T1115] Node 0 active_anon:5743940kB inactive_anon:18760kB active_file:2164kB inactive_file:3508kB unevictable:0kB isolated(anon):0kB isolated(file):156kB mapped:226676kB dirty:112kB writeback:100kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1328.235343][ T1115] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1328.270133][ T1115] lowmem_reserve[]: 0 2912 6416 6416 [ 1328.278426][ T1115] DMA32 free:26900kB min:8740kB low:11720kB high:14700kB active_anon:2812580kB inactive_anon:12kB active_file:2756kB inactive_file:1956kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7104kB pagetables:22020kB bounce:0kB free_pcp:328kB local_pcp:0kB free_cma:0kB [ 1328.323013][ T1115] lowmem_reserve[]: 0 0 3504 3504 [ 1328.341059][ T1115] Normal free:8916kB min:5592kB low:9180kB high:12768kB active_anon:2931336kB inactive_anon:18748kB active_file:800kB inactive_file:616kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30080kB pagetables:99364kB bounce:0kB free_pcp:748kB local_pcp:360kB free_cma:0kB [ 1328.423937][ T1115] lowmem_reserve[]: 0 0 0 0 [ 1328.432992][ T1115] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1328.450651][ T1115] DMA32: 480*4kB (UMH) 403*8kB (UMEH) 160*16kB (UMH) 52*32kB (MH) 43*64kB (MH) 19*128kB (UME) 1*256kB (H) 14*512kB (M) 5*1024kB (UM) 0*2048kB 0*4096kB = 27096kB [ 1328.468122][ T1115] Normal: 163*4kB (UMH) 87*8kB (UME) 171*16kB (UMEH) 89*32kB (UMEH) 19*64kB (UM) 5*128kB (ME) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8788kB [ 1328.483675][ T1115] 5672 total pagecache pages [ 1328.488479][ T1115] 0 pages in swap cache [ 1328.498455][ T1115] Swap cache stats: add 0, delete 0, find 0/0 [ 1328.505032][ T1115] Free swap = 0kB [ 1328.508807][ T1115] Total swap = 0kB [ 1328.512570][ T1115] 1965979 pages RAM [ 1328.517001][ T1115] 0 pages HighMem/MovableOnly [ 1328.521933][ T1115] 318832 pages reserved [ 1328.529210][ T1115] 0 pages cma reserved [ 1328.533539][ T1115] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=26009,uid=0 [ 1328.548776][ T1115] Out of memory: Killed process 26009 (syz-executor.0) total-vm:75092kB, anon-rss:16556kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1328.566365][ T23] oom_reaper: reaped process 26009 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:08:17 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:17 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:08:17 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) r3 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x1, 0x400) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f00000000c0), 0x0, 0x1) close(r5) splice(r4, 0x0, r5, 0x0, 0x0, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f0000000040)=r5, 0x1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:08:17 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x100, 0x0, 0x200000000, 0xfffffffffffffffd, 0x4}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r4}], 0x1, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x4a000, 0x130) ioctl$EXT4_IOC_GROUP_ADD(r4, 0x40286608, &(0x7f0000000000)={0x7793, 0x7, 0x80000000, 0x1, 0x1, 0x2}) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000340)={0x124, r3, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x68, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x4c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3f}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x80000000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffff}]}, @TIPC_NLA_SOCK_ADDR={0x8}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8000}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xfff}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3ff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1000}]}, @TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffffff9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xffffffff}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x5}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x200}]}, @TIPC_NLA_MON={0x4}, @TIPC_NLA_BEARER={0x3c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0xffff, @loopback, 0x4}}, {0x14, 0x2, @in={0x2, 0x4e20, @empty}}}}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x20000000}, 0xc010) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:21 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:08:22 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1334.820780][ T405] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1334.831569][ T405] CPU: 0 PID: 405 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1334.841173][ T405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1334.851293][ T405] Call Trace: [ 1334.854559][ T405] dump_stack+0x14a/0x1ce [ 1334.858865][ T405] ? devkmsg_release+0x11c/0x11c [ 1334.863776][ T405] ? show_regs_print_info+0x12/0x12 [ 1334.868947][ T405] ? radix_tree_cpu_dead+0x160/0x160 [ 1334.874203][ T405] ? _raw_spin_lock+0xa1/0x170 [ 1334.878937][ T405] ? _raw_spin_trylock_bh+0x190/0x190 [ 1334.884293][ T405] dump_header+0xdb/0x700 [ 1334.888597][ T405] oom_kill_process+0xd3/0x280 [ 1334.893330][ T405] out_of_memory+0x5b6/0x890 [ 1334.897899][ T405] ? unregister_oom_notifier+0x20/0x20 [ 1334.903338][ T405] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1334.908859][ T405] ? get_page_from_freelist+0x7c0/0x7c0 [ 1334.914376][ T405] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1334.919723][ T405] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1334.925263][ T405] pagecache_get_page+0x50f/0x880 [ 1334.930272][ T405] filemap_fault+0x1474/0x19d0 [ 1334.935011][ T405] ? generic_file_read_iter+0x20b0/0x20b0 [ 1334.940698][ T405] ext4_filemap_fault+0x7b/0x90 [ 1334.945516][ T405] handle_mm_fault+0x2846/0x40b0 [ 1334.950421][ T405] ? finish_fault+0x230/0x230 [ 1334.955066][ T405] ? vmacache_find+0x47a/0x4b0 [ 1334.959801][ T405] do_user_addr_fault+0x48a/0x9f0 [ 1334.964792][ T405] page_fault+0x2f/0x40 [ 1334.968919][ T405] RIP: 0033:0x71f7f0 [ 1334.972792][ T405] Code: Bad RIP value. [ 1334.976841][ T405] RSP: 002b:000000c4319017f8 EFLAGS: 00010282 [ 1334.982870][ T405] RAX: 000000000102e4e0 RBX: 00000000008a70d1 RCX: 00000000008a70d1 [ 1334.990816][ T405] RDX: 0000000000000003 RSI: 000000c42b415d80 RDI: 000000c4200a5380 [ 1334.998758][ T405] RBP: 000000c431901978 R08: 0000000000000003 R09: 0000000000000001 [ 1335.006700][ T405] R10: 000000c420fe3558 R11: 0000000000000006 R12: 0000000000000000 [ 1335.014640][ T405] R13: 00000000000000f1 R14: 0000000000000011 R15: 00000000000000aa [ 1335.036152][ T405] Mem-Info: [ 1335.039505][ T405] active_anon:1439999 inactive_anon:4691 isolated_anon:0 [ 1335.039505][ T405] active_file:218 inactive_file:191 isolated_file:29 [ 1335.039505][ T405] unevictable:0 dirty:8 writeback:0 unstable:0 [ 1335.039505][ T405] slab_reclaimable:7237 slab_unreclaimable:72753 [ 1335.039505][ T405] mapped:55926 shmem:4764 pagetables:30383 bounce:0 [ 1335.039505][ T405] free:9927 free_pcp:0 free_cma:0 [ 1335.077104][ T405] Node 0 active_anon:5759996kB inactive_anon:18764kB active_file:744kB inactive_file:764kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:223604kB dirty:32kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1335.101334][ T405] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1335.127419][ T405] lowmem_reserve[]: 0 2912 6416 6416 [ 1335.132831][ T405] DMA32 free:17308kB min:4644kB low:7624kB high:10604kB active_anon:2820340kB inactive_anon:16kB active_file:564kB inactive_file:872kB unevictable:0kB writepending:24kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7200kB pagetables:21988kB bounce:0kB free_pcp:184kB local_pcp:0kB free_cma:0kB [ 1335.163854][ T405] lowmem_reserve[]: 0 0 3504 3504 [ 1335.169038][ T405] Normal free:6496kB min:24744kB low:28332kB high:31920kB active_anon:2938616kB inactive_anon:18748kB active_file:40kB inactive_file:292kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29984kB pagetables:99544kB bounce:0kB free_pcp:188kB local_pcp:0kB free_cma:0kB [ 1335.198552][ T405] lowmem_reserve[]: 0 0 0 0 [ 1335.204356][ T405] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1335.217803][ T405] DMA32: 47*4kB (UMH) 41*8kB (UMH) 73*16kB (UMEH) 56*32kB (UMEH) 10*64kB (UMEH) 5*128kB (UE) 3*256kB (UMH) 14*512kB (UM) 3*1024kB (UM) 1*2048kB (M) 0*4096kB = 17812kB [ 1335.234578][ T405] Normal: 188*4kB (UMEH) 126*8kB (UMEH) 132*16kB (UEH) 60*32kB (UMEH) 11*64kB (UME) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6624kB [ 1335.249687][ T405] 5003 total pagecache pages [ 1335.254403][ T405] 0 pages in swap cache [ 1335.258681][ T405] Swap cache stats: add 0, delete 0, find 0/0 [ 1335.264899][ T405] Free swap = 0kB [ 1335.268747][ T405] Total swap = 0kB [ 1335.272673][ T405] 1965979 pages RAM [ 1335.276610][ T405] 0 pages HighMem/MovableOnly [ 1335.281408][ T405] 318832 pages reserved [ 1335.287738][ T405] 0 pages cma reserved [ 1335.292699][ T405] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=1158,uid=0 [ 1335.308036][ T405] Out of memory: Killed process 1158 (syz-executor.0) total-vm:75356kB, anon-rss:16572kB, file-rss:34696kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:08:23 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) rt_tgsigqueueinfo(r0, r0, 0x3, &(0x7f0000000200)={0x1e, 0x7, 0x3ff}) recvmmsg(r1, &(0x7f0000001c40), 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000140)=[{&(0x7f0000000000)=""/116, 0x74}, {&(0x7f0000000100)=""/18, 0x12}], 0x2, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) [ 1335.583109][ T1169] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1335.595384][ T1169] CPU: 0 PID: 1169 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1335.605427][ T1169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1335.615460][ T1169] Call Trace: [ 1335.618733][ T1169] dump_stack+0x14a/0x1ce [ 1335.623053][ T1169] ? devkmsg_release+0x11c/0x11c [ 1335.627970][ T1169] ? show_regs_print_info+0x12/0x12 [ 1335.633166][ T1169] ? radix_tree_cpu_dead+0x160/0x160 [ 1335.638430][ T1169] ? _raw_spin_lock+0xa1/0x170 [ 1335.643190][ T1169] ? _raw_spin_trylock_bh+0x190/0x190 [ 1335.648542][ T1169] dump_header+0xdb/0x700 [ 1335.652850][ T1169] oom_kill_process+0xd3/0x280 [ 1335.657595][ T1169] out_of_memory+0x5b6/0x890 [ 1335.662169][ T1169] ? unregister_oom_notifier+0x20/0x20 [ 1335.667612][ T1169] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1335.673144][ T1169] ? get_page_from_freelist+0x7c0/0x7c0 [ 1335.678671][ T1169] ? __zone_watermark_ok+0x96/0x260 [ 1335.683852][ T1169] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1335.689203][ T1169] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1335.694729][ T1169] ? __rcu_read_lock+0x50/0x50 [ 1335.699480][ T1169] pte_alloc_one+0x1b/0xb0 [ 1335.703882][ T1169] handle_mm_fault+0x1ce5/0x40b0 [ 1335.708803][ T1169] ? finish_fault+0x230/0x230 [ 1335.713464][ T1169] ? __perf_event_task_sched_in+0x4f7/0x560 [ 1335.719341][ T1169] ? vmacache_update+0x9f/0xf0 [ 1335.724092][ T1169] do_user_addr_fault+0x48a/0x9f0 [ 1335.729103][ T1169] page_fault+0x2f/0x40 [ 1335.733242][ T1169] RIP: 0033:0x45c849 [ 1335.737126][ T1169] Code: Bad RIP value. [ 1335.741175][ T1169] RSP: 002b:00007fbaa8d55c78 EFLAGS: 00010246 [ 1335.747221][ T1169] RAX: 0000000000000000 RBX: 00007fbaa8d566d4 RCX: 000000000045c849 [ 1335.755169][ T1169] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1335.763125][ T1169] RBP: 000000000076c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1335.771080][ T1169] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1335.779033][ T1169] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000076c0ec [ 1335.789080][ T1169] Mem-Info: [ 1335.792847][ T1169] active_anon:1437000 inactive_anon:4691 isolated_anon:0 [ 1335.792847][ T1169] active_file:82 inactive_file:450 isolated_file:32 [ 1335.792847][ T1169] unevictable:0 dirty:4 writeback:0 unstable:0 [ 1335.792847][ T1169] slab_reclaimable:7237 slab_unreclaimable:72860 [ 1335.792847][ T1169] mapped:55893 shmem:4764 pagetables:30384 bounce:0 [ 1335.792847][ T1169] free:12179 free_pcp:745 free_cma:0 [ 1335.831126][ T1169] Node 0 active_anon:5748000kB inactive_anon:18764kB active_file:1428kB inactive_file:1020kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:223872kB dirty:16kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1335.855928][ T1169] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1335.882736][ T1169] lowmem_reserve[]: 0 2912 6416 6416 [ 1335.888669][ T1169] DMA32 free:25396kB min:4644kB low:7624kB high:10604kB active_anon:2811200kB inactive_anon:16kB active_file:1224kB inactive_file:732kB unevictable:0kB writepending:16kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7072kB pagetables:21980kB bounce:0kB free_pcp:1096kB local_pcp:316kB free_cma:0kB [ 1335.928384][ T1169] lowmem_reserve[]: 0 0 3504 3504 [ 1335.933920][ T1169] Normal free:7396kB min:5592kB low:9180kB high:12768kB active_anon:2936876kB inactive_anon:18748kB active_file:460kB inactive_file:348kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30016kB pagetables:99556kB bounce:0kB free_pcp:1776kB local_pcp:352kB free_cma:0kB [ 1335.963756][ T1169] lowmem_reserve[]: 0 0 0 0 [ 1335.969597][ T1169] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1335.983462][ T1169] DMA32: 202*4kB (UMH) 219*8kB (UMH) 162*16kB (UMEH) 92*32kB (UMEH) 23*64kB (UME) 7*128kB (UME) 4*256kB (UMH) 14*512kB (UM) 3*1024kB (UM) 1*2048kB (M) 0*4096kB = 23776kB [ 1336.000948][ T1169] Normal: 134*4kB (UMEH) 160*8kB (UMH) 139*16kB (UME) 70*32kB (UMEH) 11*64kB (UM) 3*128kB (MEH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7368kB [ 1336.016574][ T1169] 6151 total pagecache pages [ 1336.021542][ T1169] 0 pages in swap cache [ 1336.026484][ T1169] Swap cache stats: add 0, delete 0, find 0/0 [ 1336.073294][ T1169] Free swap = 0kB [ 1336.082725][ T1169] Total swap = 0kB [ 1336.103595][ T1169] 1965979 pages RAM [ 1336.113129][ T1169] 0 pages HighMem/MovableOnly [ 1336.142915][ T1169] 318832 pages reserved [ 1336.147744][ T1169] 0 pages cma reserved [ 1336.156625][ T1169] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=22556,uid=0 [ 1336.217698][ T1169] Out of memory: Killed process 22556 (syz-executor.1) total-vm:74960kB, anon-rss:16552kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000 03:08:25 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() socket$xdp(0x2c, 0x3, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:08:25 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:25 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:25 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fgetxattr(0xffffffffffffffff, &(0x7f0000000200)=@random={'system.', 'stack\x00'}, &(0x7f0000000240)=""/101, 0x65) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x2, 0x3, 0xf5, 0x5, 0x4, 0x0, 0x70bd2c, 0x25dfdbfd, [@sadb_spirange={0x2, 0x10, 0x4d6, 0x4d6}]}, 0x20}}, 0x20000000) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1337.578071][ T1203] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1337.612481][ T1203] CPU: 0 PID: 1203 Comm: syz-executor.0 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1337.622630][ T1203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1337.632672][ T1203] Call Trace: [ 1337.635951][ T1203] dump_stack+0x14a/0x1ce [ 1337.640270][ T1203] ? devkmsg_release+0x11c/0x11c [ 1337.645196][ T1203] ? show_regs_print_info+0x12/0x12 [ 1337.650383][ T1203] ? radix_tree_cpu_dead+0x160/0x160 [ 1337.655653][ T1203] ? _raw_spin_lock+0xa1/0x170 [ 1337.660400][ T1203] ? _raw_spin_trylock_bh+0x190/0x190 [ 1337.665763][ T1203] dump_header+0xdb/0x700 [ 1337.670077][ T1203] oom_kill_process+0xd3/0x280 [ 1337.674834][ T1203] out_of_memory+0x5b6/0x890 [ 1337.679410][ T1203] ? unregister_oom_notifier+0x20/0x20 [ 1337.684866][ T1203] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1337.690397][ T1203] ? get_page_from_freelist+0x7c0/0x7c0 [ 1337.695934][ T1203] ? __zone_watermark_ok+0x96/0x260 [ 1337.701123][ T1203] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1337.706478][ T1203] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1337.712032][ T1203] ? perf_swevent_put_recursion_context+0x60/0x60 [ 1337.718431][ T1203] ? __rcu_read_lock+0x50/0x50 [ 1337.723177][ T1203] pte_alloc_one+0x1b/0xb0 [ 1337.727581][ T1203] handle_mm_fault+0x1ce5/0x40b0 [ 1337.732503][ T1203] ? finish_fault+0x230/0x230 [ 1337.737157][ T1203] ? vmacache_update+0x9f/0xf0 [ 1337.741900][ T1203] do_user_addr_fault+0x48a/0x9f0 [ 1337.746916][ T1203] page_fault+0x2f/0x40 [ 1337.751055][ T1203] RIP: 0033:0x45c849 [ 1337.754938][ T1203] Code: Bad RIP value. [ 1337.758997][ T1203] RSP: 002b:00007f1b256d5c78 EFLAGS: 00010246 [ 1337.765040][ T1203] RAX: 0000000000000000 RBX: 00007f1b256d66d4 RCX: 000000000045c849 [ 1337.772991][ T1203] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1337.780947][ T1203] RBP: 000000000076c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1337.788902][ T1203] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1337.796857][ T1203] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000076c0ec [ 1337.824159][ T1203] Mem-Info: [ 1337.827309][ T1203] active_anon:1440328 inactive_anon:4691 isolated_anon:0 [ 1337.827309][ T1203] active_file:33 inactive_file:55 isolated_file:29 [ 1337.827309][ T1203] unevictable:0 dirty:6 writeback:0 unstable:0 [ 1337.827309][ T1203] slab_reclaimable:7233 slab_unreclaimable:72710 [ 1337.827309][ T1203] mapped:55610 shmem:4764 pagetables:30470 bounce:0 [ 1337.827309][ T1203] free:9726 free_pcp:426 free_cma:0 [ 1337.864745][ T1203] Node 0 active_anon:5761312kB inactive_anon:18764kB active_file:128kB inactive_file:120kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:222340kB dirty:24kB writeback:0kB shmem:19056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1337.888813][ T1203] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1337.915809][ T1203] lowmem_reserve[]: 0 2912 6416 6416 [ 1337.927096][ T1203] DMA32 free:16792kB min:4644kB low:7624kB high:10604kB active_anon:2820340kB inactive_anon:16kB active_file:264kB inactive_file:276kB unevictable:0kB writepending:24kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7584kB pagetables:22452kB bounce:0kB free_pcp:900kB local_pcp:0kB free_cma:0kB [ 1337.956609][ T1203] lowmem_reserve[]: 0 0 3504 3504 [ 1337.961900][ T1203] Normal free:5588kB min:5592kB low:9180kB high:12768kB active_anon:2940492kB inactive_anon:18748kB active_file:0kB inactive_file:64kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30016kB pagetables:99428kB bounce:0kB free_pcp:312kB local_pcp:52kB free_cma:0kB [ 1337.994817][ T1203] lowmem_reserve[]: 0 0 0 0 [ 1337.999346][ T1203] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1338.012761][ T1203] DMA32: 135*4kB (UMH) 26*8kB (UMH) 17*16kB (UMEH) 6*32kB (UEH) 18*64kB (UEH) 6*128kB (UEH) 1*256kB (U) 8*512kB (UM) 8*1024kB (UM) 1*2048kB (M) 0*4096kB = 17724kB [ 1338.029062][ T1203] Normal: 133*4kB (UMEH) 96*8kB (UMH) 127*16kB (UME) 65*32kB (UME) 10*64kB (UM) 2*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6308kB [ 1338.043846][ T1203] 4830 total pagecache pages [ 1338.048446][ T1203] 0 pages in swap cache [ 1338.052636][ T1203] Swap cache stats: add 0, delete 0, find 0/0 [ 1338.058808][ T1203] Free swap = 0kB [ 1338.068036][ T1203] Total swap = 0kB [ 1338.071781][ T1203] 1965979 pages RAM [ 1338.075828][ T1203] 0 pages HighMem/MovableOnly [ 1338.080506][ T1203] 318832 pages reserved [ 1338.084718][ T1203] 0 pages cma reserved [ 1338.089007][ T1203] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=22578,uid=0 [ 1338.103577][ T1203] Out of memory: Killed process 22578 (syz-executor.1) total-vm:74828kB, anon-rss:16544kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000 [ 1338.123454][ T23] oom_reaper: reaped process 22578 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:08:26 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x20002) poll(&(0x7f0000000080)=[{}], 0x1, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f0000000240)={0x4, &(0x7f0000000180)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}, 0x9) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000900)="41d8b5e7f7dc4bbb15b654ccce46f2b2e73712342d8def3e3041abdbe7c4532d7e1a8d313b75e6eaf19a9164b4915b08aee140bf5315166a19b4e59094027f7a4da4f3fd79a1b5db586818115362f37f7ea28ae710d0fbcb57f2ff09f41c97dd76ee066d0ad80f9e7e0d378ebc17e204a83f71d4c82d6a0fa537258ead6c23a78aa171cb22ef676f04098cbf42cb4eb929d0f216458b1982801cdcc019c995ba4d4c911b6ca353c2c4a4145563a49548b092633df2cd7f50e4e5897c2606c124c835b4438278e545ee6e5bf09c4b2ae2c5bc48e06c2fed77e3e2f9d7f438191e0c5f8a78a128b989a4e881cd40df6f03d29a4bc493e87c6edb0a786f3bc350a4526f5ab379c88ebd801df55e0aee374377a7f5a6c41838ce03f8994a9071718d09517e47e7ec2dae5e4e4f6a2f5d4cdd429bbf4942471d7ca83115681e23a5d3d84b2b615fd9f2890826e3c34f3c91fa1df339536ea563691fdac2158c231060c96ba30fe92484f6209213f2c310d743a906449e316c102a7a465897c58cfa4302e292cca4ea2985a17cc40811e13110ee2434a449fd3d2da28e7b96cbb176bbe660b6d9f5fd993c1bf3bedac0120057e4e171c5795182b686c266242209ec6f000b44677e51f4152edf29e9936ebd23e4382303555d27ad858bae9ff7f5572face4892458476738db5395b4ecbf262e742ce68fb7692a35bff40d818c20373d12b390513b9bdfa4d5935848388ac2035c9453af3e792aa6b696a4a51c6e08e0b0e054c1557d654df41e9d729e31b4f59585091b265f54cc2ae75c55ee8735e329d5f8c1b3f49588e663170d4ee29e32488bce8ba7ac42dea5245f6f295c20d3d2d3db3030b961791f73a7905b7ed6f797dc9fd09cd863b438cc6efbb7163d555e37387f14175702c40bab0c292195a92443a1e6e2ba554239860c580a905b7fb4e122ad45ffd89696ba9fcff9be31f55d7047c6a9f0c9f12e1bfcb3f658ef7646eb4f7b9e89f001c3bd50233b050e95af71df0d95e861994c546ed656b71647c5560445f3bccd2cb6124af06b46af81009efbceaf72c9e855b814ae7e8179737a054852330a2cefdad34970262168e8cf76f1831ebbecc48a5e107e4ef9ae8b3810d7d52823bf1914118640f04750cd9df8c1c0f042f44830edf591aab84fc15420fdaa43dfe8f9b4abb59c355e8b077d749a8caa2f6271925fd353d19e87f1a1a33f4853356ac3fb9a82695e61a0977ac7799f4968886472b9be3701cd0cdf49162487bcc987c10387379d5804f37ff11e807ac632930034d974ca2fcef46df450a400bfd4435d681d495c949c8a7973ee359053a969f77158d02bf2091efb60007f30eb2ee7ea83420dbfc3ce9c987d8a8980e7afb36b481c5416b036481177423e84f7be6e0216105c7fb787c8046cf9fb4e4230ea6fba32a915a2e10295e1b677f0cc49aee4dc1392d5c07ed95e55eccbc2a4b5c0b2b140f86c7a129168f414dd70d512d01ba3b348a4ed0b1d93c35c142d3350d045a4c3b17e364776fcb2261d1907587bd09cc6a2e251d0e7c4ee3aafb4146e14a8eec22d41bd6c9c9dbb0ec5d62889d33705eaa80cdd93a2e385f4537dc17edb2059a03f9fd766415077ce89cf1dafb67c83102b5c68b6c2a26553314ae61196b1a95fdc26258ee71d54e9e0336f5cba7a634ce7c2adce003df9c2db4bad02b2e981c88c73b9b56f5d4c4e1f6649b423886b18e92caac801b6d800d11c094ee31fb7f23dc5d60023fad0b6099e983fb17777f3297d3745df6c541928203f4c01a8892269671013077de58ea7404e1bc7802a5a01a2d4d3d65f05287d21e1953addffd9c6892db0f51f49a467694b95b6846f0164347188a841dad321735836ac1d6f11899e5c0353e2eac8a108ea007c8657efb41cc5e6c8779aadf4cc8cd041d089b0752063cb4462c9368de2bf405dee7c3833536326546b13ac91e391144d5e961569f7068c1edbf45dca7ba18097f032e0e130e62834de49398e791112f8e76a79a1d615b87816c262fe7529cf0b4b5d5efc1184b0956491ee768a62d1cd4dda37a0b86134bfa2e0380a2e8118c5ae830431ead4594ce925c6ee69cfd2199542294feaf9b6a84bccfc878de69010e6a6ee9096c9c98014195031cfd02c3fe551ebbd594b2cb2d4bdf81ae8f483aa69c5d37ffe039b8d7b6b1a1ffbeab71338d8fa85f4acf3cf37608559684fc97fbe200d988a57c94972a9d3254f18fe00fea1c417146ab99a208319581931c639c22dcb9141262407bfdce517e439d47037b8000556fdc77ba92d129ec0163ab51de31c85369f3c299a4e94f8329880f30f2f74a4ad66f58e487ff11c66f66130f111deb95603231fe237098bfdcc71c53cb3e35f17775d24e604665295d18de395ae0c5bf3a6fc7c6651711712e43e78f90d8ba0ba7e204e517257c49e143608d23782437e4c0318459734b6ccac5c391f4ec3a4095116aac4b7ae950c18864e9da56e86b8a1bb580d9efe466e9f7c42b9468314b525b0e7d5fef983a02b8aa7a33238ae6a274c69ab969844c7eaa76c2b31514738b372f8d9ca8a8169af0d407e50c22730bcada9a73732a162b733e836b15ed36e8a7ac31929b371be8eca7677f2ca414f594a26ee39ac399766336fc2e59732a1552da1ed4e8426650000559b92baa2d92ad42781d2ab3380565018b5f6aaa5b3e6945c723eb5fe44c74f04621094a815360e36691ca165759da37e9f039b7c165a560609abd91175fe48f81d2b670024fd40d4bf94f933de66135d6c46232dbfbeeb5e469dde54d753422df43140de03e0d28c62fd043b56b362949ee8a179490a6adf0da361af574c444d6bff2ff38a3185f5f3fd4528a71e116db81647449c711ad11a709c74703daac8a01843949966ba1579c37483e671f9d781dad2f10f9fe7ef49e4a0c7c6dfb056ef30633c1b91005b1ea0b8f3503bc9a383a8a0ad20e665f876a3bec087f3c7198f2541f49c380b8fdd695a8241eaceafc763af238d7b0c1ee3e753942e1a109d34966495353de2a80d086d7f101d13382e9617ae4ecdf90b88072b138349d50f38c38f34fd7c2f06054564051643c84ea52628a813cfd02eba8274ba963cd666ac6a95dca23a6216e3eec2bd4b4a6f80b11d30befeeb79ea02d133ba49191b304188cb59ccfce885addb9610ed5746515d68d6ee44f96f1b0c541a6a32b7e353a67ca2f77c6d294d16172e5f7cc91280004f5f476be8556cfa5a50dbfa3401a61bc5713beb99ee80238c88af58afb6a4d52bb8fd13bab40c88d08812971d7acb0f031d503d13b72c867d9a6d742218cfa5b3d46c8e323bc513cd35c40cd6896649f12e584edb3e739775ea2c5f0436815f1239f71a4d20e08dd6ecfaaecc9171e20011194adae4b8b57c2c1b7ed6863ccf86dd9c48a735bc729789d62f1e5d9288f0bd476bfc77a143baa98ecbb6320cc09696febf78404830b8b72294e1b93f40706877025ef6bf6867bc0c20caab994c449d3731d0dc4f64671428bd4b9f0a126bc00ae8d212fbbdad05b4109a32d126eb2e7f4060585ac462d9dad83c5ca961f110ec255330d838adb99008d636825741f9b852d27333f8ef29a45dc5c130ab684f8345acbd1501f38d2f410d916eec3ff230f9d7f8341d01e15f039bddaad61609bcdde64616098c0cdec5fab118b3b07c665aa8f2c5cfe82df2bab87084cfd5a65f9d14272fc258f5dce31d44427d9136cbca68ad59e333e95b6a09ccd69aa2a7d25dd56399a4015ad36ba7a3124bb4f121b931c92e9d5644f2fa2e2c766c32c3f92e4903545c2b8bd911f8c2e13a289ddd2ed1f5ed45027a308293cfc231028b3336ca071db28a3bf80c629181a3ef93f6f20f7cdaa6bbfbeb263067e02fb0d9d2741479e957d2e62545d183cda02a1a0fd7e2de9a02e8c188fde6aa6b94b51f2bfb6f675ea02868f01da08b02d08a9a24bbf582eb5bad6750ccde3ce3eded1d9bf3b4e95622baad74eecc45734ddc274d6fbe96bfe635add7495d3dd2f6b899bf2ce15ca510b312ceb649ec3a12ac054eb64c01526a24f73e96a84d589555a8f9d384f509dcfe47aabbcc3970d42e1c1247f38021891334f011e4c45f07efcc2264b8e9d0e56be3420b20aea201539fba8c12e1eb6a2d13f2f0e673b21668042f35705e4fac37c3b91513fed229409e512b690e162292f097b09b5f0bd36981ecb96c448c63302ed935b8142fd46bf9a58057ab94f49e84eac49ed37381b409ded0d7c73257d3d67ac2ad6c36660d4d227aaad0ec81e1a91543a3630cbe5d72860b4e842155ab778c3f30f26b012ab4dfa43bb89717584afcd1d6e0cb7238019c82b2b4ea5218b9881a787788288a244f6ccf034ebd37e26bbf8ed658de0ee70f2082b9536dece9be717c2f64be2537d920853c2008ea8eea0b13f34e2c23982aa1e6253aff24b4ff15cd2ba5998f0efacc47b7edf805a2a46f7cfde4d923b261be05088214164376fda353b09ffa1fc6fa5ced07d2c6cae6dde8cb84b90b0f7da1d329eb78760bd9eca1ff276392cf5ed728362d37da2a7d718598cda7d09f3c655298d16f176fd4b5f4dedc9d0a344b5466c627bf4d8b99e3028eafd27c3e577ae4f04f964f71f09268b11f2773d6c3109a0564889bc5d1a9ef23d96829067b6c7dfe2c180cbbbb0e06849e355b3aa057003cc923cfdcfa1f0ff2246d8d5deaa9ac596a225250575f625783bb062ff4abff8c5ba64e04e0b98158a739015d9863e6b95b21a45c283c435c7783f91dbff2fe1dbc3c2e74e7a41be7c31add51324988e3dd4970dbab8b9615c3d8c648541f24d181e7677481de51b11992b62b01aeb59edaa8a67a9071b5ef4bc10071212055c5efb7c2ee8cd43b76496938ba4ca85601fdbbe4958130ca23de30bf59c6c9a325940f70b5a2823af9947d0b8ca2e3cd31132c7f84e54aaaf66cfcc3e2e730e67421e5a30880b87953e5cb6a2c99043e37ab93a38f97ba91a590027137cb695bd05a7ca94161d6061bc7872ba20b346eeab29c4b54dbe5a7c14d1a077b31e57a9420be08a46b576d125707b647f30d9b8c9ff952a812b2343ec7906732de4254414d09a63d15f533d5d938c5e4ffcb7331e32e7dc9c68d26b7beb48624d84333d23a3ccab9a0cba0501ad4f580280e76207267b4bab4179686e8eecebdf56e011ffa35936dac826b6188fcda63ca07d40e2499a0ef8ef956dad9a3b70697d0b2035b118b11391f480dce59a81091a4daa832dba0805f09039f346ea011dad1e57709e749cfa09423184f01c9e9fbacefdd25b8c470ca70ade093248b0558e99abb2a18ce24f362478fd08fae25a1ed39688938281a05230c2af3e0eb3127f5f14509725d896d7f85155f9b12efd89e924748d088822e03d52d7e5a568a7a336a9c228cc6c9c6617d75681eb944e1847d4c03382ddc595f354aaf613c029c5ad3c34ced85ec8c1441e31043cebeadc232a4d79c7b97d07da752fd4d0e88f49ad1d7b97ff44e72b5b1ff20e8bb0290564260ea46f885c8a64f3e85750f96d7294a40444144aedac30abbf4764bb966a1c76c414d86ebcc0fdaef1d8e2bcf0fc9932fb5729d81a81052fe13db0150697d8a0d24006eb34e7d7bbf90c876670390c196e5605087247bf0c6ba12c0d35a62b5c2c17ac2f45a37aae7f116491e091f7e70c48d2c454e1c21c6734a4f8cb40d887563d0925f95a9519251d001d046f6b228204b26b5ee409955932b9a38d97df7ee00ee07dfb938a364461ef5d8b87bc42656b9", 0x1000) write(r2, &(0x7f0000000340), 0x41395527) r3 = getpid() rt_tgsigqueueinfo(r3, r3, 0x16, &(0x7f0000000000)) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x20000, 0x0) ptrace(0x10, r3) ptrace$getregset(0x4201, r3, 0x0, &(0x7f0000000080)={0x0}) sched_setattr(r3, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x6}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000280)=[{&(0x7f0000000340)=""/252, 0xfc}, {&(0x7f0000000500)=""/49, 0x31}, {&(0x7f0000000540)=""/84, 0x54}, {&(0x7f0000000440)=""/191, 0xbf}], 0x4, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1338.463351][ T3763] kworker/u4:10 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 1338.479114][ T3763] CPU: 1 PID: 3763 Comm: kworker/u4:10 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1338.489306][ T3763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1338.499362][ T3763] Workqueue: events_unbound call_usermodehelper_exec_work [ 1338.506450][ T3763] Call Trace: [ 1338.509733][ T3763] dump_stack+0x14a/0x1ce [ 1338.514061][ T3763] ? devkmsg_release+0x11c/0x11c [ 1338.518987][ T3763] ? show_regs_print_info+0x12/0x12 [ 1338.524167][ T3763] ? radix_tree_cpu_dead+0x160/0x160 [ 1338.529452][ T3763] ? _raw_spin_lock+0xa1/0x170 [ 1338.534205][ T3763] ? _raw_spin_trylock_bh+0x190/0x190 [ 1338.539562][ T3763] dump_header+0xdb/0x700 [ 1338.543889][ T3763] oom_kill_process+0xd3/0x280 [ 1338.548636][ T3763] out_of_memory+0x5b6/0x890 [ 1338.553311][ T3763] ? unregister_oom_notifier+0x20/0x20 [ 1338.558751][ T3763] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1338.564290][ T3763] ? get_page_from_freelist+0x7c0/0x7c0 [ 1338.569813][ T3763] ? worker_thread+0xa8f/0x1430 [ 1338.574649][ T3763] ? __zone_watermark_ok+0x96/0x260 [ 1338.579830][ T3763] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1338.585206][ T3763] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1338.590748][ T3763] ? copy_process+0x5a4/0x5150 [ 1338.595495][ T3763] ? kmem_cache_alloc+0x1d2/0x260 [ 1338.600501][ T3763] copy_process+0x5f3/0x5150 [ 1338.605077][ T3763] ? update_blocked_averages+0xea0/0xea0 [ 1338.610705][ T3763] ? fork_idle+0x290/0x290 [ 1338.615111][ T3763] _do_fork+0x196/0x920 [ 1338.619256][ T3763] ? _raw_spin_trylock_bh+0x190/0x190 [ 1338.624610][ T3763] ? kvm_sched_clock_read+0x15/0x40 [ 1338.629888][ T3763] ? dup_mm+0x300/0x300 [ 1338.634036][ T3763] ? _raw_spin_lock_irq+0xa2/0x180 [ 1338.639129][ T3763] kernel_thread+0x162/0x1d0 [ 1338.643708][ T3763] ? proc_cap_handler+0x580/0x580 [ 1338.648717][ T3763] ? legacy_clone_args_valid+0x50/0x50 [ 1338.654168][ T3763] ? kernel_sigaction+0x11b/0x200 [ 1338.659174][ T3763] ? proc_cap_handler+0x580/0x580 [ 1338.664185][ T3763] ? _raw_spin_unlock_irq+0x5/0x20 [ 1338.669277][ T3763] ? finish_task_switch+0x235/0x4c0 [ 1338.674458][ T3763] call_usermodehelper_exec_work+0xe0/0x350 [ 1338.680328][ T3763] ? call_usermodehelper_setup+0x210/0x210 [ 1338.686119][ T3763] ? read_word_at_a_time+0xe/0x20 [ 1338.691131][ T3763] ? strscpy+0xa6/0x260 [ 1338.695280][ T3763] process_one_work+0x777/0xf90 [ 1338.700115][ T3763] worker_thread+0xa8f/0x1430 [ 1338.704783][ T3763] kthread+0x2df/0x300 [ 1338.708832][ T3763] ? process_one_work+0xf90/0xf90 [ 1338.713936][ T3763] ? kthread_destroy_worker+0x280/0x280 [ 1338.719462][ T3763] ret_from_fork+0x1f/0x30 [ 1338.725087][ T3763] Mem-Info: [ 1338.731055][ T3763] active_anon:1435540 inactive_anon:6739 isolated_anon:0 [ 1338.731055][ T3763] active_file:167 inactive_file:631 isolated_file:29 [ 1338.731055][ T3763] unevictable:0 dirty:21 writeback:6 unstable:0 [ 1338.731055][ T3763] slab_reclaimable:7233 slab_unreclaimable:72514 [ 1338.731055][ T3763] mapped:55957 shmem:6812 pagetables:30386 bounce:0 [ 1338.731055][ T3763] free:11861 free_pcp:399 free_cma:0 [ 1338.772712][ T3763] Node 0 active_anon:5742160kB inactive_anon:26956kB active_file:1868kB inactive_file:2436kB unevictable:0kB isolated(anon):0kB isolated(file):116kB mapped:224728kB dirty:84kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1338.808630][ T3763] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1338.835931][ T3763] lowmem_reserve[]: 0 2912 6416 6416 [ 1338.841516][ T3763] DMA32 free:21200kB min:4644kB low:7624kB high:10604kB active_anon:2801516kB inactive_anon:8208kB active_file:2824kB inactive_file:2772kB unevictable:0kB writepending:96kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7264kB pagetables:22244kB bounce:0kB free_pcp:1816kB local_pcp:344kB free_cma:0kB [ 1338.885925][ T3763] lowmem_reserve[]: 0 0 3504 3504 [ 1338.891325][ T3763] Normal free:5756kB min:5592kB low:9180kB high:12768kB active_anon:2940644kB inactive_anon:18748kB active_file:144kB inactive_file:4kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29920kB pagetables:99300kB bounce:0kB free_pcp:1088kB local_pcp:288kB free_cma:0kB [ 1338.964898][ T3763] lowmem_reserve[]: 0 0 0 0 [ 1338.969510][ T3763] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1338.983285][ T3763] DMA32: 376*4kB (UMH) 88*8kB (UM) 48*16kB (UME) 50*32kB (UME) 31*64kB (UME) 9*128kB (UME) 2*256kB (UM) 2*512kB (U) 6*1024kB (UM) 2*2048kB (M) 1*4096kB (M) = 23584kB [ 1339.001375][ T3763] Normal: 45*4kB (UMH) 55*8kB (UMEH) 127*16kB (UME) 71*32kB (UMEH) 9*64kB (UM) 2*128kB (MH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5756kB [ 1339.016711][ T3763] 7905 total pagecache pages [ 1339.021349][ T3763] 0 pages in swap cache [ 1339.025695][ T3763] Swap cache stats: add 0, delete 0, find 0/0 [ 1339.032114][ T3763] Free swap = 0kB [ 1339.035996][ T3763] Total swap = 0kB [ 1339.040567][ T3763] 1965979 pages RAM [ 1339.050782][ T3763] 0 pages HighMem/MovableOnly [ 1339.060984][ T3763] 318832 pages reserved [ 1339.070506][ T3763] 0 pages cma reserved [ 1339.075223][ T3763] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=1184,uid=0 [ 1339.863002][ T1219] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1339.875871][ T1219] CPU: 1 PID: 1219 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1339.885924][ T1219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1339.896198][ T1219] Call Trace: [ 1339.899484][ T1219] dump_stack+0x14a/0x1ce [ 1339.903838][ T1219] ? devkmsg_release+0x11c/0x11c [ 1339.908743][ T1219] ? show_regs_print_info+0x12/0x12 [ 1339.913908][ T1219] ? radix_tree_cpu_dead+0x160/0x160 [ 1339.919177][ T1219] ? _raw_spin_lock+0xa1/0x170 [ 1339.923911][ T1219] ? _raw_spin_trylock_bh+0x190/0x190 [ 1339.929253][ T1219] dump_header+0xdb/0x700 [ 1339.933549][ T1219] oom_kill_process+0xd3/0x280 [ 1339.938277][ T1219] out_of_memory+0x5b6/0x890 [ 1339.942862][ T1219] ? unregister_oom_notifier+0x20/0x20 [ 1339.948307][ T1219] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1339.953823][ T1219] ? get_page_from_freelist+0x7c0/0x7c0 [ 1339.959347][ T1219] ? __zone_watermark_ok+0x96/0x260 [ 1339.964510][ T1219] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1339.969935][ T1219] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1339.975457][ T1219] pte_alloc_one+0x1b/0xb0 [ 1339.979845][ T1219] __pte_alloc+0x1d/0x1d0 [ 1339.984143][ T1219] handle_mm_fault+0x370b/0x40b0 [ 1339.989045][ T1219] ? rcu_note_context_switch+0x1076/0x11a0 [ 1339.994825][ T1219] ? finish_fault+0x230/0x230 [ 1339.999471][ T1219] do_user_addr_fault+0x48a/0x9f0 [ 1340.004465][ T1219] page_fault+0x2f/0x40 [ 1340.008627][ T1219] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 1340.015267][ T1219] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 1340.034843][ T1219] RSP: 0000:ffff8880375f7ab0 EFLAGS: 00010206 [ 1340.040878][ T1219] RAX: ffffffff81f70501 RBX: 0000000020a00340 RCX: 0000000000000340 [ 1340.048821][ T1219] RDX: 0000000000001000 RSI: 0000000020a00000 RDI: ffff888037734cc0 [ 1340.056796][ T1219] RBP: ffff8880375f7cc8 R08: dffffc0000000000 R09: ffffed1006ee6a00 [ 1340.064734][ T1219] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 1340.072671][ T1219] R13: 0000000000001000 R14: 00000000209ff340 R15: ffff888037734000 [ 1340.080622][ T1219] ? _copy_from_iter+0xa21/0xa60 [ 1340.085535][ T1219] copyin+0x8e/0xb0 [ 1340.089315][ T1219] copy_page_from_iter+0x37f/0x660 [ 1340.094400][ T1219] pipe_write+0x525/0xe40 [ 1340.098706][ T1219] __vfs_write+0x59d/0x720 [ 1340.103112][ T1219] ? __kernel_write+0x340/0x340 [ 1340.107972][ T1219] ? security_file_permission+0x128/0x300 [ 1340.113685][ T1219] vfs_write+0x217/0x4f0 [ 1340.117902][ T1219] ksys_write+0x18c/0x2c0 [ 1340.122208][ T1219] ? __ia32_sys_read+0x80/0x80 [ 1340.126947][ T1219] ? fput_many+0x42/0x1a0 [ 1340.131244][ T1219] do_syscall_64+0xcb/0x150 [ 1340.135740][ T1219] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1340.141604][ T1219] RIP: 0033:0x45c849 [ 1340.145486][ T1219] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1340.165076][ T1219] RSP: 002b:00007fbaa8d97c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1340.173467][ T1219] RAX: ffffffffffffffda RBX: 00007fbaa8d986d4 RCX: 000000000045c849 [ 1340.181407][ T1219] RDX: 0000000041395527 RSI: 0000000020000340 RDI: 0000000000000005 [ 1340.189347][ T1219] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 1340.197290][ T1219] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1340.205230][ T1219] R13: 0000000000000c4c R14: 00000000004ca06d R15: 000000000076bfac [ 1340.230751][ T1219] Mem-Info: [ 1340.235247][ T1219] active_anon:1438131 inactive_anon:6739 isolated_anon:0 [ 1340.235247][ T1219] active_file:248 inactive_file:277 isolated_file:30 [ 1340.235247][ T1219] unevictable:0 dirty:2 writeback:0 unstable:0 [ 1340.235247][ T1219] slab_reclaimable:7233 slab_unreclaimable:72438 [ 1340.235247][ T1219] mapped:55982 shmem:6812 pagetables:30392 bounce:0 [ 1340.235247][ T1219] free:10079 free_pcp:88 free_cma:0 [ 1340.276762][ T1219] Node 0 active_anon:5752524kB inactive_anon:26956kB active_file:844kB inactive_file:1052kB unevictable:0kB isolated(anon):0kB isolated(file):132kB mapped:223828kB dirty:8kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1340.301236][ T1219] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1340.327320][ T1219] lowmem_reserve[]: 0 2912 6416 6416 [ 1340.332724][ T1219] DMA32 free:18528kB min:4644kB low:7624kB high:10604kB active_anon:2810396kB inactive_anon:8208kB active_file:988kB inactive_file:660kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7232kB pagetables:22276kB bounce:0kB free_pcp:1752kB local_pcp:680kB free_cma:0kB [ 1340.364272][ T1219] lowmem_reserve[]: 0 0 3504 3504 [ 1340.369696][ T1219] Normal free:5380kB min:5592kB low:9180kB high:12768kB active_anon:2942224kB inactive_anon:18748kB active_file:24kB inactive_file:0kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29888kB pagetables:99300kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1340.399288][ T1219] lowmem_reserve[]: 0 0 0 0 [ 1340.404539][ T1219] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1340.419597][ T1219] DMA32: 13*4kB (UMH) 17*8kB (M) 22*16kB (UME) 20*32kB (ME) 26*64kB (UME) 12*128kB (UE) 1*256kB (U) 3*512kB (UM) 4*1024kB (UM) 2*2048kB (M) 1*4096kB (M) = 18460kB [ 1340.443145][ T1219] Normal: 189*4kB (UMH) 24*8kB (UMH) 99*16kB (UMH) 69*32kB (UMEH) 8*64kB (U) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5380kB [ 1340.457588][ T1219] 7047 total pagecache pages [ 1340.462824][ T1219] 0 pages in swap cache [ 1340.467396][ T1219] Swap cache stats: add 0, delete 0, find 0/0 [ 1340.483884][ T1219] Free swap = 0kB [ 1340.488844][ T1219] Total swap = 0kB [ 1340.492967][ T1219] 1965979 pages RAM [ 1340.497168][ T1219] 0 pages HighMem/MovableOnly [ 1340.502095][ T1219] 318832 pages reserved [ 1340.506499][ T1219] 0 pages cma reserved [ 1340.510833][ T1219] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=1210,uid=0 [ 1340.525232][ T1219] Out of memory: Killed process 1210 (syz-executor.0) total-vm:75356kB, anon-rss:16572kB, file-rss:34704kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1340.542724][ T23] oom_reaper: reaped process 1210 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:08:30 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:31 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1344.762286][ T1229] modprobe invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1344.772992][ T1229] CPU: 0 PID: 1229 Comm: modprobe Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1344.782522][ T1229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1344.792563][ T1229] Call Trace: [ 1344.795843][ T1229] dump_stack+0x14a/0x1ce [ 1344.800153][ T1229] ? devkmsg_release+0x11c/0x11c [ 1344.805063][ T1229] ? show_regs_print_info+0x12/0x12 [ 1344.810233][ T1229] ? radix_tree_cpu_dead+0x160/0x160 [ 1344.815488][ T1229] ? _raw_spin_lock+0xa1/0x170 [ 1344.820224][ T1229] ? _raw_spin_trylock_bh+0x190/0x190 [ 1344.825573][ T1229] dump_header+0xdb/0x700 [ 1344.829874][ T1229] oom_kill_process+0xd3/0x280 [ 1344.834619][ T1229] out_of_memory+0x5b6/0x890 [ 1344.839193][ T1229] ? unregister_oom_notifier+0x20/0x20 [ 1344.844666][ T1229] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1344.850179][ T1229] ? get_page_from_freelist+0x7c0/0x7c0 [ 1344.855792][ T1229] ? __alloc_pages_nodemask+0x5cb/0x7c0 [ 1344.861323][ T1229] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1344.866663][ T1229] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1344.872176][ T1229] ? pagecache_get_page+0x7c0/0x880 [ 1344.877354][ T1229] ? stack_trace_snprint+0x150/0x150 [ 1344.882624][ T1229] ? page_cache_sync_readahead+0xa3/0x390 [ 1344.888454][ T1229] generic_file_read_iter+0x1212/0x20b0 [ 1344.893983][ T1229] ? find_get_pages_range_tag+0xaf0/0xaf0 [ 1344.899676][ T1229] __vfs_read+0x59a/0x710 [ 1344.903977][ T1229] ? rw_verify_area+0x340/0x340 [ 1344.908792][ T1229] ? __fsnotify_update_child_dentry_flags+0x2c0/0x2c0 [ 1344.915523][ T1229] ? security_file_permission+0x1e9/0x300 [ 1344.921224][ T1229] vfs_read+0x166/0x380 [ 1344.925347][ T1229] ksys_read+0x18c/0x2c0 [ 1344.929561][ T1229] ? vfs_write+0x4f0/0x4f0 [ 1344.933942][ T1229] ? do_user_addr_fault+0x570/0x9f0 [ 1344.939106][ T1229] do_syscall_64+0xcb/0x150 [ 1344.943581][ T1229] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1344.949439][ T1229] RIP: 0033:0x7f25bd69b1d7 [ 1344.953828][ T1229] Code: Bad RIP value. [ 1344.957857][ T1229] RSP: 002b:00007ffc721ceb28 EFLAGS: 00000202 ORIG_RAX: 0000000000000000 [ 1344.966228][ T1229] RAX: ffffffffffffffda RBX: 00007ffc721cec10 RCX: 00007f25bd69b1d7 [ 1344.974164][ T1229] RDX: 0000000000000340 RSI: 00007ffc721cec18 RDI: 0000000000000000 [ 1344.982110][ T1229] RBP: 00007ffc721ceb80 R08: 0000000000000000 R09: 00007ffc721cebff [ 1344.990054][ T1229] R10: 00007ffc721cec10 R11: 0000000000000202 R12: 00007f25bd8a7170 [ 1344.998021][ T1229] R13: 0000000000000340 R14: 00007ffc721cebff R15: 0000000000000000 [ 1345.015443][ T1229] Mem-Info: [ 1345.018604][ T1229] active_anon:1438519 inactive_anon:6739 isolated_anon:0 [ 1345.018604][ T1229] active_file:45 inactive_file:98 isolated_file:28 [ 1345.018604][ T1229] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1345.018604][ T1229] slab_reclaimable:7245 slab_unreclaimable:72757 [ 1345.018604][ T1229] mapped:55649 shmem:6812 pagetables:30442 bounce:0 [ 1345.018604][ T1229] free:9490 free_pcp:254 free_cma:0 [ 1345.056591][ T1229] Node 0 active_anon:5754076kB inactive_anon:26956kB active_file:252kB inactive_file:228kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:222596kB dirty:0kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1345.080765][ T1229] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1345.130296][ T1229] lowmem_reserve[]: 0 2912 6416 6416 [ 1345.151698][ T1229] DMA32 free:17388kB min:4644kB low:7624kB high:10604kB active_anon:2811292kB inactive_anon:8208kB active_file:296kB inactive_file:148kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7296kB pagetables:22472kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1345.180873][ T1229] lowmem_reserve[]: 0 0 3504 3504 [ 1345.186064][ T1229] Normal free:5172kB min:5592kB low:9180kB high:12768kB active_anon:2943088kB inactive_anon:18748kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29984kB pagetables:99296kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 1345.215332][ T1229] lowmem_reserve[]: 0 0 0 0 [ 1345.220073][ T1229] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1345.233665][ T1229] DMA32: 94*4kB (UMH) 19*8kB (UME) 18*16kB (UMEH) 60*32kB (UME) 14*64kB (UME) 3*128kB (ME) 1*256kB (U) 3*512kB (M) 4*1024kB (M) 2*2048kB (M) 1*4096kB (E) = 18096kB [ 1345.250492][ T1229] Normal: 115*4kB (UMH) 10*8kB (UMEH) 100*16kB (UMEH) 70*32kB (UEH) 9*64kB (UH) 1*128kB (H) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5084kB [ 1345.277495][ T1229] 6918 total pagecache pages [ 1345.282086][ T1229] 0 pages in swap cache [ 1345.289969][ T1229] Swap cache stats: add 0, delete 0, find 0/0 [ 1345.296142][ T1229] Free swap = 0kB [ 1345.300281][ T1229] Total swap = 0kB [ 1345.303998][ T1229] 1965979 pages RAM [ 1345.307787][ T1229] 0 pages HighMem/MovableOnly [ 1345.313740][ T1229] 318832 pages reserved [ 1345.319565][ T1229] 0 pages cma reserved [ 1345.323634][ T1229] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=22535,uid=0 [ 1345.337724][ T1229] Out of memory: Killed process 22535 (syz-executor.1) total-vm:74828kB, anon-rss:16544kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000 [ 1345.365066][ T23] oom_reaper: reaped process 22535 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:08:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$TIPC_IMPORTANCE(r4, 0x10f, 0x7f, &(0x7f0000000100)=0x4, 0x4) sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:33 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1345.886136][ T1254] syz-executor.4 invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1345.898520][ T1254] CPU: 1 PID: 1254 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1345.908555][ T1254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1345.918586][ T1254] Call Trace: [ 1345.921857][ T1254] dump_stack+0x14a/0x1ce [ 1345.926160][ T1254] ? devkmsg_release+0x11c/0x11c [ 1345.931068][ T1254] ? show_regs_print_info+0x12/0x12 [ 1345.936234][ T1254] ? radix_tree_cpu_dead+0x160/0x160 [ 1345.941489][ T1254] ? _raw_spin_lock+0xa1/0x170 [ 1345.946221][ T1254] ? _raw_spin_trylock_bh+0x190/0x190 [ 1345.951646][ T1254] dump_header+0xdb/0x700 [ 1345.955946][ T1254] oom_kill_process+0xd3/0x280 [ 1345.960693][ T1254] out_of_memory+0x5b6/0x890 [ 1345.965254][ T1254] ? unregister_oom_notifier+0x20/0x20 [ 1345.970682][ T1254] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1345.976195][ T1254] ? get_page_from_freelist+0x7c0/0x7c0 [ 1345.981709][ T1254] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1345.987046][ T1254] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1345.992559][ T1254] ? mem_cgroup_commit_charge+0x1cc/0x2a0 [ 1345.998263][ T1254] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 1346.004039][ T1254] ? __lru_cache_add+0x1a1/0x1f0 [ 1346.008949][ T1254] wp_page_copy+0x1cb/0x1120 [ 1346.013511][ T1254] ? cpupri_find+0xfb/0x3c0 [ 1346.017983][ T1254] ? add_mm_rss_vec+0x270/0x270 [ 1346.022804][ T1254] ? find_lowest_rq+0xf8/0x430 [ 1346.027537][ T1254] ? vm_normal_page+0x1c9/0x1d0 [ 1346.032357][ T1254] do_wp_page+0x4c1/0x1530 [ 1346.036740][ T1254] ? _raw_spin_lock+0xa1/0x170 [ 1346.041471][ T1254] ? do_swap_page+0x1560/0x1560 [ 1346.046295][ T1254] handle_mm_fault+0x1363/0x40b0 [ 1346.051199][ T1254] ? finish_fault+0x230/0x230 [ 1346.055841][ T1254] ? vmacache_find+0x2d2/0x4b0 [ 1346.060573][ T1254] do_user_addr_fault+0x48a/0x9f0 [ 1346.065564][ T1254] page_fault+0x2f/0x40 [ 1346.069689][ T1254] RIP: 0010:copy_user_enhanced_fast_string+0xe/0x30 [ 1346.076247][ T1254] Code: 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 1f 00 c3 0f 1f 80 00 00 00 00 0f 1f 00 83 fa 40 0f 82 70 ff ff ff 89 d1 a4 31 c0 0f 1f 00 c3 66 2e 0f 1f 84 00 00 00 00 00 89 d1 f3 a4 [ 1346.095822][ T1254] RSP: 0018:ffff8880994d7888 EFLAGS: 00010206 [ 1346.101885][ T1254] RAX: ffffffff81f6e701 RBX: 0000000020600500 RCX: 0000000000000500 [ 1346.109834][ T1254] RDX: 0000000000001000 RSI: ffff88803768fb00 RDI: 0000000020600000 [ 1346.117799][ T1254] RBP: ffff8880994d7da8 R08: dffffc0000000000 R09: ffffed1006ed2000 [ 1346.125749][ T1254] R10: 0000000000000000 R11: 0000000000000000 R12: 00007ffffffff000 [ 1346.133693][ T1254] R13: 0000000000001000 R14: ffff88803768f000 R15: 00000000205ff500 [ 1346.141643][ T1254] ? _copy_to_iter+0x1031/0x1060 [ 1346.146636][ T1254] copyout+0x8e/0xb0 [ 1346.150511][ T1254] copy_page_to_iter+0x393/0xbd0 [ 1346.155423][ T1254] pipe_to_user+0xa3/0x130 [ 1346.159809][ T1254] __splice_from_pipe+0x2d3/0x870 [ 1346.164801][ T1254] ? user_page_pipe_buf_steal+0xc0/0xc0 [ 1346.170314][ T1254] do_vmsplice+0x252/0xee0 [ 1346.174698][ T1254] ? avc_ss_reset+0x3a0/0x3a0 [ 1346.179354][ T1254] ? write_pipe_buf+0x1d0/0x1d0 [ 1346.184177][ T1254] ? __rcu_read_lock+0x50/0x50 [ 1346.188919][ T1254] ? check_stack_object+0x5a/0x90 [ 1346.193912][ T1254] ? _copy_from_user+0xa4/0xe0 [ 1346.198646][ T1254] ? rw_copy_check_uvector+0x2b3/0x310 [ 1346.204074][ T1254] ? import_iovec+0x1c2/0x380 [ 1346.208719][ T1254] ? dup_iter+0x110/0x110 [ 1346.213022][ T1254] ? do_vfs_ioctl+0x780/0x1750 [ 1346.217769][ T1254] __se_sys_vmsplice+0x1fb/0x300 [ 1346.222684][ T1254] ? __x64_sys_vmsplice+0xa0/0xa0 [ 1346.227677][ T1254] ? put_timespec64+0x109/0x150 [ 1346.232510][ T1254] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1346.238110][ T1254] ? __ia32_sys_clock_settime+0x2a0/0x2a0 [ 1346.243800][ T1254] do_syscall_64+0xcb/0x150 [ 1346.248272][ T1254] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1346.254155][ T1254] RIP: 0033:0x45c849 [ 1346.258027][ T1254] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1346.277623][ T1254] RSP: 002b:00007faf0c2acc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000116 [ 1346.285999][ T1254] RAX: ffffffffffffffda RBX: 00007faf0c2ad6d4 RCX: 000000000045c849 [ 1346.293936][ T1254] RDX: 0000000000000001 RSI: 0000000020000000 RDI: 0000000000000003 [ 1346.301876][ T1254] RBP: 000000000076c040 R08: 0000000000000000 R09: 0000000000000000 [ 1346.309815][ T1254] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1346.317755][ T1254] R13: 0000000000000c47 R14: 00000000004ce688 R15: 000000000076c04c [ 1346.325782][ T1254] Mem-Info: [ 1346.328893][ T1254] active_anon:1437477 inactive_anon:6739 isolated_anon:0 [ 1346.328893][ T1254] active_file:366 inactive_file:394 isolated_file:0 [ 1346.328893][ T1254] unevictable:0 dirty:8 writeback:2 unstable:0 [ 1346.328893][ T1254] slab_reclaimable:7245 slab_unreclaimable:72766 [ 1346.328893][ T1254] mapped:56232 shmem:6812 pagetables:30345 bounce:0 [ 1346.328893][ T1254] free:9607 free_pcp:714 free_cma:0 [ 1346.366393][ T1254] Node 0 active_anon:5749908kB inactive_anon:26956kB active_file:1464kB inactive_file:1576kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:224928kB dirty:32kB writeback:8kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1346.390603][ T1254] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1346.416536][ T1254] lowmem_reserve[]: 0 2912 6416 6416 [ 1346.421866][ T1254] DMA32 free:17948kB min:8740kB low:11720kB high:14700kB active_anon:2805456kB inactive_anon:8208kB active_file:1600kB inactive_file:1764kB unevictable:0kB writepending:36kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7552kB pagetables:22212kB bounce:0kB free_pcp:2520kB local_pcp:1116kB free_cma:0kB [ 1346.451627][ T1254] lowmem_reserve[]: 0 0 3504 3504 [ 1346.456671][ T1254] Normal free:4576kB min:24744kB low:28332kB high:31920kB active_anon:2943576kB inactive_anon:18748kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29824kB pagetables:99168kB bounce:0kB free_pcp:496kB local_pcp:248kB free_cma:0kB [ 1346.485810][ T1254] lowmem_reserve[]: 0 0 0 0 [ 1346.490313][ T1254] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1346.503758][ T1254] DMA32: 149*4kB (UME) 50*8kB (UMEH) 26*16kB (UME) 10*32kB (UMEH) 3*64kB (UE) 2*128kB (UE) 1*256kB (U) 2*512kB (UM) 5*1024kB (UMH) 5*2048kB (MH) 0*4096kB = 18820kB [ 1346.520123][ T1254] Normal: 1*4kB (M) 8*8kB (U) 96*16kB (UE) 67*32kB (UE) 8*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4260kB [ 1346.533267][ T1254] 7090 total pagecache pages [ 1346.537842][ T1254] 0 pages in swap cache [ 1346.542001][ T1254] Swap cache stats: add 0, delete 0, find 0/0 [ 1346.548046][ T1254] Free swap = 0kB [ 1346.551745][ T1254] Total swap = 0kB [ 1346.555465][ T1254] 1965979 pages RAM [ 1346.559254][ T1254] 0 pages HighMem/MovableOnly [ 1346.563926][ T1254] 318832 pages reserved [ 1346.568080][ T1254] 0 pages cma reserved [ 1346.572145][ T1254] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=22845,uid=0 [ 1346.586255][ T1254] Out of memory: Killed process 22845 (syz-executor.1) total-vm:75092kB, anon-rss:16140kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 1346.628270][ T23] oom_reaper: reaped process 22845 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:08:35 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40), 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:35 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000140)='/dev/null\x00', 0x80000, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x50, 0x4, 0x8, 0x3, 0x0, 0x0, {0xc, 0x0, 0xa}, [@CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @gre=[@CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x3ff}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x76}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_GRE_REPLIED={0x8, 0x2, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x2}, @CTA_TIMEOUT_GRE_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x5}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x28, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') getsockopt$inet_buf(r3, 0x0, 0x2e, &(0x7f0000000000)=""/50, &(0x7f0000000040)=0x32) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x5, &(0x7f00000000c0), 0x4) ioctl$PPPIOCSDEBUG(r4, 0x40047440, &(0x7f0000000100)=0x200) 03:08:35 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r6, &(0x7f00000000c0), 0x0, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r8, 0x0) chown(&(0x7f0000000100)='./file0\x00', r8, r3) close(r6) splice(r5, 0x0, r6, 0x0, 0x0, 0x0) ioctl$RTC_RD_TIME(r6, 0x80247009, &(0x7f0000000000)) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:36 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40), 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:36 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) ptrace(0x10, 0x0) ptrace$getregset(0x4201, 0x0, 0x0, &(0x7f0000000080)={0x0}) sched_rr_get_interval(0x0, &(0x7f0000000140)) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_opts(r3, 0x29, 0x37, &(0x7f0000000100)=@fragment={0x3c, 0x0, 0xe3, 0x1, 0x0, 0x8, 0x66}, 0x8) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x0, 0xba6}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(r0, &(0x7f0000000180)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:36 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:36 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40), 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1349.386875][ T415] syz-executor.5 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1349.402054][ T415] CPU: 1 PID: 415 Comm: syz-executor.5 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1349.412022][ T415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1349.422076][ T415] Call Trace: [ 1349.425348][ T415] dump_stack+0x14a/0x1ce [ 1349.429657][ T415] ? devkmsg_release+0x11c/0x11c [ 1349.434575][ T415] ? show_regs_print_info+0x12/0x12 [ 1349.439751][ T415] ? radix_tree_cpu_dead+0x160/0x160 [ 1349.445043][ T415] ? _raw_spin_lock+0xa1/0x170 [ 1349.449796][ T415] ? _raw_spin_trylock_bh+0x190/0x190 [ 1349.455138][ T415] dump_header+0xdb/0x700 [ 1349.459441][ T415] oom_kill_process+0xd3/0x280 [ 1349.464175][ T415] out_of_memory+0x5b6/0x890 [ 1349.468733][ T415] ? unregister_oom_notifier+0x20/0x20 [ 1349.474167][ T415] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1349.479682][ T415] ? get_page_from_freelist+0x7c0/0x7c0 [ 1349.485195][ T415] ? filename_lookup+0x509/0x6e0 [ 1349.490135][ T415] ? __zone_watermark_ok+0x96/0x260 [ 1349.495297][ T415] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1349.500633][ T415] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1349.506141][ T415] ? __se_sys_newlstat+0x75e/0x8b0 [ 1349.511218][ T415] ? __x64_sys_newlstat+0x60/0x60 [ 1349.516213][ T415] alloc_slab_page+0x3a/0x3a0 [ 1349.520858][ T415] new_slab+0x3ef/0x430 [ 1349.524989][ T415] ? dput+0x518/0x5e0 [ 1349.528937][ T415] ? should_fail+0x18e/0x860 [ 1349.533495][ T415] ___slab_alloc+0x2e0/0x450 [ 1349.538066][ T415] ? getname_flags+0xb8/0x610 [ 1349.542715][ T415] ? getname_flags+0xb8/0x610 [ 1349.547477][ T415] kmem_cache_alloc+0x23c/0x260 [ 1349.552297][ T415] getname_flags+0xb8/0x610 [ 1349.556770][ T415] __x64_sys_unlink+0x38/0x50 [ 1349.561445][ T415] do_syscall_64+0xcb/0x150 [ 1349.565916][ T415] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1349.571895][ T415] RIP: 0033:0x45c597 [ 1349.575759][ T415] Code: 00 66 90 b8 58 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 57 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2d b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1349.595331][ T415] RSP: 002b:00007fff865c0018 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 1349.603702][ T415] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045c597 [ 1349.611640][ T415] RDX: 00007fff865c0030 RSI: 00007fff865c0030 RDI: 00007fff865c00c0 [ 1349.619576][ T415] RBP: 0000000000000b7d R08: 0000000000000000 R09: 0000000000000010 [ 1349.627511][ T415] R10: 000000000000000a R11: 0000000000000246 R12: 00007fff865c1150 [ 1349.635445][ T415] R13: 0000000002355940 R14: 0000000000000000 R15: 00007fff865c1150 [ 1349.646360][ T415] Mem-Info: [ 1349.649603][ T415] active_anon:1438448 inactive_anon:6739 isolated_anon:0 [ 1349.649603][ T415] active_file:27 inactive_file:15 isolated_file:32 [ 1349.649603][ T415] unevictable:0 dirty:1 writeback:0 unstable:0 [ 1349.649603][ T415] slab_reclaimable:7259 slab_unreclaimable:73037 [ 1349.649603][ T415] mapped:55572 shmem:6812 pagetables:30491 bounce:0 [ 1349.649603][ T415] free:9504 free_pcp:37 free_cma:0 [ 1349.720100][ T415] Node 0 active_anon:5753792kB inactive_anon:26956kB active_file:208kB inactive_file:88kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:222488kB dirty:4kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1349.744442][ T415] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1349.770591][ T415] lowmem_reserve[]: 0 2912 6416 6416 [ 1349.775927][ T415] DMA32 free:17700kB min:4644kB low:7624kB high:10604kB active_anon:2808832kB inactive_anon:8208kB active_file:12kB inactive_file:48kB unevictable:0kB writepending:4kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7552kB pagetables:22924kB bounce:0kB free_pcp:380kB local_pcp:0kB free_cma:0kB [ 1349.805032][ T415] lowmem_reserve[]: 0 0 3504 3504 [ 1349.810073][ T415] Normal free:3672kB min:5592kB low:9180kB high:12768kB active_anon:2944456kB inactive_anon:18748kB active_file:0kB inactive_file:28kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29920kB pagetables:99040kB bounce:0kB free_pcp:820kB local_pcp:0kB free_cma:0kB [ 1349.839116][ T415] lowmem_reserve[]: 0 0 0 0 [ 1349.843930][ T415] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1349.857959][ T415] DMA32: 656*4kB (UMH) 367*8kB (UMEH) 99*16kB (UMEH) 65*32kB (UMEH) 32*64kB (UMEH) 13*128kB (UMEH) 2*256kB (UH) 3*512kB (MH) 2*1024kB (M) 3*2048kB (MH) 1*4096kB (M) = 27272kB [ 1349.875864][ T415] Normal: 68*4kB (UMH) 7*8kB (M) 87*16kB (UMH) 65*32kB (UEH) 8*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4312kB [ 1349.889853][ T415] 7457 total pagecache pages [ 1349.972948][ T415] 0 pages in swap cache [ 1349.990520][ T415] Swap cache stats: add 0, delete 0, find 0/0 [ 1349.997024][ T415] Free swap = 0kB [ 1350.000982][ T415] Total swap = 0kB [ 1350.005291][ T415] 1965979 pages RAM [ 1350.016429][ T415] 0 pages HighMem/MovableOnly [ 1350.025016][ T415] 318832 pages reserved [ 1350.029346][ T415] 0 pages cma reserved [ 1350.033855][ T415] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=1301,uid=0 [ 1350.048828][ T415] Out of memory: Killed process 1304 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:35624kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 1350.067262][ T23] oom_reaper: reaped process 1304 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1360.297638][ T204] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1360.309086][ T204] CPU: 1 PID: 204 Comm: systemd-journal Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1360.319138][ T204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1360.329172][ T204] Call Trace: [ 1360.332470][ T204] dump_stack+0x14a/0x1ce [ 1360.336774][ T204] ? devkmsg_release+0x11c/0x11c [ 1360.341690][ T204] ? show_regs_print_info+0x12/0x12 [ 1360.346878][ T204] ? radix_tree_cpu_dead+0x160/0x160 [ 1360.352169][ T204] ? _raw_spin_lock+0xa1/0x170 [ 1360.356922][ T204] ? _raw_spin_trylock_bh+0x190/0x190 [ 1360.362278][ T204] dump_header+0xdb/0x700 [ 1360.366587][ T204] oom_kill_process+0xd3/0x280 [ 1360.371331][ T204] out_of_memory+0x5b6/0x890 [ 1360.375925][ T204] ? unregister_oom_notifier+0x20/0x20 [ 1360.381374][ T204] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1360.386898][ T204] ? get_page_from_freelist+0x7c0/0x7c0 [ 1360.392432][ T204] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1360.397787][ T204] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1360.403363][ T204] pagecache_get_page+0x50f/0x880 [ 1360.408754][ T204] filemap_fault+0x1474/0x19d0 [ 1360.413656][ T204] ? generic_file_read_iter+0x20b0/0x20b0 [ 1360.419361][ T204] ? mm_trace_rss_stat+0x41/0x1a0 [ 1360.424370][ T204] ext4_filemap_fault+0x7b/0x90 [ 1360.429292][ T204] handle_mm_fault+0x2846/0x40b0 [ 1360.434214][ T204] ? finish_fault+0x230/0x230 [ 1360.438874][ T204] ? vmacache_find+0x205/0x4b0 [ 1360.443625][ T204] do_user_addr_fault+0x48a/0x9f0 [ 1360.448633][ T204] page_fault+0x2f/0x40 [ 1360.452768][ T204] RIP: 0033:0x7fd30954be90 [ 1360.457190][ T204] Code: Bad RIP value. [ 1360.461284][ T204] RSP: 002b:00007ffd91e73fd8 EFLAGS: 00010202 [ 1360.467329][ T204] RAX: 00007ffd91e74290 RBX: 0000000000000000 RCX: 0000000000000010 [ 1360.475279][ T204] RDX: 0000000000000010 RSI: 00007ffd91e74270 RDI: 00007ffd91e74140 [ 1360.483328][ T204] RBP: 0000000000000001 R08: 0000000000000010 R09: 00007ffd91e74140 [ 1360.491370][ T204] R10: 00007ffd91e74360 R11: 00007fd309632060 R12: 00007ffd91e74270 [ 1360.499322][ T204] R13: 00007fd309fd4ee0 R14: 00007ffd91e74290 R15: 00007ffd91e74140 [ 1360.508472][ T204] Mem-Info: [ 1360.512265][ T204] active_anon:1436748 inactive_anon:6739 isolated_anon:0 [ 1360.512265][ T204] active_file:168 inactive_file:168 isolated_file:0 [ 1360.512265][ T204] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1360.512265][ T204] slab_reclaimable:7270 slab_unreclaimable:73534 [ 1360.512265][ T204] mapped:55844 shmem:6812 pagetables:30406 bounce:0 [ 1360.512265][ T204] free:10220 free_pcp:456 free_cma:0 [ 1360.550489][ T204] Node 0 active_anon:5746992kB inactive_anon:26956kB active_file:672kB inactive_file:772kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:223276kB dirty:0kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1360.576039][ T204] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1360.602866][ T204] lowmem_reserve[]: 0 2912 6416 6416 [ 1360.609605][ T204] DMA32 free:20012kB min:4644kB low:7624kB high:10604kB active_anon:2802356kB inactive_anon:8208kB active_file:196kB inactive_file:496kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7136kB pagetables:22588kB bounce:0kB free_pcp:1788kB local_pcp:412kB free_cma:0kB [ 1360.639612][ T204] lowmem_reserve[]: 0 0 3504 3504 [ 1360.645329][ T204] Normal free:5468kB min:5592kB low:9180kB high:12768kB active_anon:2944636kB inactive_anon:18748kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29824kB pagetables:99036kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1360.674348][ T204] lowmem_reserve[]: 0 0 0 0 [ 1360.678970][ T204] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1360.692523][ T204] DMA32: 212*4kB (UMEH) 326*8kB (MH) 97*16kB (UMEH) 43*32kB (MEH) 9*64kB (MEH) 8*128kB (UMH) 2*256kB (UH) 4*512kB (UMH) 3*1024kB (UM) 3*2048kB (MH) 0*4096kB = 19760kB [ 1360.709296][ T204] Normal: 91*4kB (UMH) 30*8kB (UM) 106*16kB (UMH) 81*32kB (UMEH) 9*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5468kB [ 1360.723445][ T204] 7566 total pagecache pages [ 1360.728149][ T204] 0 pages in swap cache [ 1360.732562][ T204] Swap cache stats: add 0, delete 0, find 0/0 [ 1360.738832][ T204] Free swap = 0kB [ 1360.742704][ T204] Total swap = 0kB [ 1360.746757][ T204] 1965979 pages RAM [ 1360.750681][ T204] 0 pages HighMem/MovableOnly [ 1360.755754][ T204] 318832 pages reserved [ 1360.760082][ T204] 0 pages cma reserved [ 1360.764313][ T204] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=1322,uid=0 [ 1360.778654][ T204] Out of memory: Killed process 1322 (syz-executor.0) total-vm:75224kB, anon-rss:16564kB, file-rss:34696kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 03:08:49 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:49 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) ptrace(0x10, 0x0) ptrace$getregset(0x4201, 0x0, 0x0, &(0x7f0000000080)={0x0}) sched_rr_get_interval(0x0, &(0x7f0000000140)) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_opts(r3, 0x29, 0x37, &(0x7f0000000100)=@fragment={0x3c, 0x0, 0xe3, 0x1, 0x0, 0x8, 0x66}, 0x8) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x0, 0xba6}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(r0, &(0x7f0000000180)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:49 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0), 0x0, 0x1) close(r4) splice(r3, 0x0, r4, 0x0, 0x0, 0x0) read$FUSE(r3, &(0x7f0000000900), 0x1000) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:49 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1361.803471][ T429] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 1361.815382][ T429] CPU: 1 PID: 429 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1361.825347][ T429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1361.835401][ T429] Call Trace: [ 1361.838748][ T429] dump_stack+0x14a/0x1ce [ 1361.843067][ T429] ? devkmsg_release+0x11c/0x11c [ 1361.847998][ T429] ? show_regs_print_info+0x12/0x12 [ 1361.853174][ T429] ? radix_tree_cpu_dead+0x160/0x160 [ 1361.858443][ T429] ? _raw_spin_lock+0xa1/0x170 [ 1361.863189][ T429] ? _raw_spin_trylock_bh+0x190/0x190 [ 1361.868539][ T429] dump_header+0xdb/0x700 [ 1361.872974][ T429] oom_kill_process+0xd3/0x280 [ 1361.877831][ T429] out_of_memory+0x5b6/0x890 [ 1361.882405][ T429] ? unregister_oom_notifier+0x20/0x20 [ 1361.887845][ T429] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1361.893440][ T429] ? get_page_from_freelist+0x7c0/0x7c0 [ 1361.898962][ T429] ? __zone_watermark_ok+0x96/0x260 [ 1361.904136][ T429] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1361.909494][ T429] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1361.915019][ T429] ? copy_process+0x5a4/0x5150 [ 1361.919762][ T429] ? copy_process+0x5a4/0x5150 [ 1361.924501][ T429] ? kmem_cache_alloc+0x1d2/0x260 [ 1361.929510][ T429] copy_process+0x5f3/0x5150 [ 1361.934078][ T429] ? filemap_fault+0x19d0/0x19d0 [ 1361.939078][ T429] ? fork_idle+0x290/0x290 [ 1361.943467][ T429] ? memset+0x1f/0x40 [ 1361.947431][ T429] ? _raw_spin_unlock+0x5/0x20 [ 1361.952284][ T429] ? handle_mm_fault+0xb1e/0x40b0 [ 1361.957289][ T429] _do_fork+0x196/0x920 [ 1361.961424][ T429] ? dup_mm+0x300/0x300 [ 1361.965551][ T429] ? ktime_get_raw+0x130/0x130 [ 1361.970291][ T429] __x64_sys_clone+0x25f/0x2c0 [ 1361.975038][ T429] ? __ia32_sys_vfork+0x110/0x110 [ 1361.980041][ T429] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1361.985650][ T429] ? do_user_addr_fault+0x55c/0x9f0 [ 1361.990830][ T429] do_syscall_64+0xcb/0x150 [ 1361.995311][ T429] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1362.001193][ T429] RIP: 0033:0x45ae1a [ 1362.005063][ T429] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1362.025020][ T429] RSP: 002b:00007fff19d28d40 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1362.033406][ T429] RAX: ffffffffffffffda RBX: 00007fff19d28d40 RCX: 000000000045ae1a [ 1362.041355][ T429] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1362.049302][ T429] RBP: 00007fff19d28d80 R08: 0000000000000001 R09: 0000000002a48940 [ 1362.057254][ T429] R10: 0000000002a48c10 R11: 0000000000000246 R12: 0000000000000001 [ 1362.065324][ T429] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff19d28dd0 [ 1362.075317][ T429] Mem-Info: [ 1362.080207][ T429] active_anon:1436805 inactive_anon:6739 isolated_anon:0 [ 1362.080207][ T429] active_file:93 inactive_file:445 isolated_file:0 [ 1362.080207][ T429] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1362.080207][ T429] slab_reclaimable:7269 slab_unreclaimable:73411 [ 1362.080207][ T429] mapped:55835 shmem:6812 pagetables:30461 bounce:0 [ 1362.080207][ T429] free:10137 free_pcp:77 free_cma:0 [ 1362.140671][ T429] Node 0 active_anon:5736120kB inactive_anon:26956kB active_file:376kB inactive_file:1448kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:223640kB dirty:0kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1362.165472][ T429] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1362.191589][ T429] lowmem_reserve[]: 0 2912 6416 6416 [ 1362.196875][ T429] DMA32 free:28628kB min:4644kB low:7624kB high:10604kB active_anon:2792652kB inactive_anon:8208kB active_file:524kB inactive_file:1376kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7360kB pagetables:22696kB bounce:0kB free_pcp:2112kB local_pcp:1204kB free_cma:0kB [ 1362.226312][ T429] lowmem_reserve[]: 0 0 3504 3504 [ 1362.231362][ T429] Normal free:4640kB min:5592kB low:9180kB high:12768kB active_anon:2943984kB inactive_anon:18748kB active_file:108kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29888kB pagetables:99148kB bounce:0kB free_pcp:1660kB local_pcp:1448kB free_cma:0kB [ 1362.261848][ T429] lowmem_reserve[]: 0 0 0 0 [ 1362.266350][ T429] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1362.279896][ T429] DMA32: 506*4kB (UMEH) 391*8kB (UMH) 168*16kB (UMEH) 113*32kB (MEH) 63*64kB (MEH) 14*128kB (MH) 3*256kB (UH) 3*512kB (MH) 3*1024kB (UM) 3*2048kB (MH) 0*4096kB = 28800kB [ 1362.296851][ T429] Normal: 98*4kB (UMH) 9*8kB (UM) 85*16kB (UMH) 79*32kB (UMEH) 9*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4928kB [ 1362.310877][ T429] 7182 total pagecache pages [ 1362.315460][ T429] 0 pages in swap cache [ 1362.319598][ T429] Swap cache stats: add 0, delete 0, find 0/0 [ 1362.325651][ T429] Free swap = 0kB [ 1362.329426][ T429] Total swap = 0kB [ 1362.333129][ T429] 1965979 pages RAM [ 1362.336910][ T429] 0 pages HighMem/MovableOnly [ 1362.341570][ T429] 318832 pages reserved [ 1362.345695][ T429] 0 pages cma reserved [ 1362.349752][ T429] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=1325,uid=0 [ 1363.412207][ T405] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1363.423335][ T405] CPU: 0 PID: 405 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1363.432959][ T405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1363.443025][ T405] Call Trace: [ 1363.446297][ T405] dump_stack+0x14a/0x1ce [ 1363.450603][ T405] ? devkmsg_release+0x11c/0x11c [ 1363.455518][ T405] ? show_regs_print_info+0x12/0x12 [ 1363.460724][ T405] ? radix_tree_cpu_dead+0x160/0x160 [ 1363.465985][ T405] ? _raw_spin_lock+0xa1/0x170 [ 1363.471228][ T405] ? _raw_spin_trylock_bh+0x190/0x190 [ 1363.476584][ T405] dump_header+0xdb/0x700 [ 1363.480901][ T405] oom_kill_process+0xd3/0x280 [ 1363.485649][ T405] out_of_memory+0x5b6/0x890 [ 1363.490231][ T405] ? unregister_oom_notifier+0x20/0x20 [ 1363.495675][ T405] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1363.501205][ T405] ? get_page_from_freelist+0x7c0/0x7c0 [ 1363.506734][ T405] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1363.512095][ T405] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1363.517713][ T405] pagecache_get_page+0x50f/0x880 [ 1363.522721][ T405] filemap_fault+0x1474/0x19d0 [ 1363.527464][ T405] ? generic_file_read_iter+0x20b0/0x20b0 [ 1363.533173][ T405] ext4_filemap_fault+0x7b/0x90 [ 1363.538011][ T405] handle_mm_fault+0x2846/0x40b0 [ 1363.542938][ T405] ? finish_fault+0x230/0x230 [ 1363.547609][ T405] ? vmacache_find+0x2d2/0x4b0 [ 1363.552357][ T405] do_user_addr_fault+0x48a/0x9f0 [ 1363.557368][ T405] page_fault+0x2f/0x40 [ 1363.561506][ T405] RIP: 0033:0x44911b [ 1363.565467][ T405] Code: 89 0c 24 e8 b7 5c fc ff 48 8b 44 24 58 48 89 04 24 48 8b 44 24 60 48 89 44 24 08 48 8b 44 24 28 48 89 44 24 10 48 8b 54 24 50 <48> 8b 02 ff d0 48 8b 44 24 78 48 89 04 24 e8 e2 5a fc ff 48 8b 44 [ 1363.585053][ T405] RSP: 002b:000000c420039f60 EFLAGS: 00010202 [ 1363.591102][ T405] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 1363.599155][ T405] RDX: 00000000009c12c0 RSI: 00000000007f74c0 RDI: 000000c430083d08 [ 1363.607117][ T405] RBP: 000000c420039f58 R08: 0000000000000001 R09: 0000000000000005 [ 1363.615076][ T405] R10: 0000014af2440523 R11: 0000000000000001 R12: 0000013d559fb436 [ 1363.623030][ T405] R13: 0000000000000001 R14: 00000000000000fe R15: 0000000000000066 [ 1363.631865][ T405] Mem-Info: [ 1363.635383][ T405] active_anon:1437151 inactive_anon:6739 isolated_anon:0 [ 1363.635383][ T405] active_file:359 inactive_file:271 isolated_file:32 [ 1363.635383][ T405] unevictable:0 dirty:6 writeback:2 unstable:0 [ 1363.635383][ T405] slab_reclaimable:7269 slab_unreclaimable:73299 [ 1363.635383][ T405] mapped:56118 shmem:6812 pagetables:30433 bounce:0 [ 1363.635383][ T405] free:9909 free_pcp:21 free_cma:0 [ 1363.673015][ T405] Node 0 active_anon:5748604kB inactive_anon:26956kB active_file:1436kB inactive_file:1084kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:224472kB dirty:24kB writeback:8kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1363.697492][ T405] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1363.723540][ T405] lowmem_reserve[]: 0 2912 6416 6416 [ 1363.744178][ T405] DMA32 free:17312kB min:4644kB low:7624kB high:10604kB active_anon:2805092kB inactive_anon:8208kB active_file:1356kB inactive_file:1180kB unevictable:0kB writepending:28kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7264kB pagetables:22592kB bounce:0kB free_pcp:896kB local_pcp:248kB free_cma:0kB [ 1363.773813][ T405] lowmem_reserve[]: 0 0 3504 3504 [ 1363.778946][ T405] Normal free:5904kB min:17880kB low:21468kB high:25056kB active_anon:2944028kB inactive_anon:18748kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29888kB pagetables:99140kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1363.807950][ T405] lowmem_reserve[]: 0 0 0 0 [ 1363.812609][ T405] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1363.826091][ T405] DMA32: 185*4kB (UMEH) 52*8kB (UMH) 12*16kB (UMEH) 10*32kB (UMEH) 52*64kB (MEH) 15*128kB (UMH) 2*256kB (UH) 3*512kB (MH) 3*1024kB (UM) 3*2048kB (MH) 0*4096kB = 18180kB [ 1363.843435][ T405] Normal: 93*4kB (UMEH) 12*8kB (UE) 106*16kB (UMEH) 85*32kB (UMEH) 10*64kB (UM) 1*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5652kB [ 1363.858414][ T405] 7140 total pagecache pages [ 1363.863085][ T405] 0 pages in swap cache [ 1363.867321][ T405] Swap cache stats: add 0, delete 0, find 0/0 [ 1363.873462][ T405] Free swap = 0kB [ 1363.877258][ T405] Total swap = 0kB [ 1363.881063][ T405] 1965979 pages RAM [ 1363.884954][ T405] 0 pages HighMem/MovableOnly [ 1363.889696][ T405] 318832 pages reserved [ 1363.893929][ T405] 0 pages cma reserved [ 1363.898085][ T405] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=28239,uid=0 [ 1363.918752][ T405] Out of memory: Killed process 28239 (syz-executor.4) total-vm:75092kB, anon-rss:16096kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 03:08:52 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:52 executing program 5: perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000040), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) add_key$keyring(&(0x7f0000000540)='keyring\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x17) prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000000)) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:52 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44840}, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:08:52 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1365.070166][ T1359] modprobe invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1365.111755][ T1359] CPU: 1 PID: 1359 Comm: modprobe Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1365.121310][ T1359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1365.131346][ T1359] Call Trace: [ 1365.134630][ T1359] dump_stack+0x14a/0x1ce [ 1365.138947][ T1359] ? devkmsg_release+0x11c/0x11c [ 1365.143858][ T1359] ? show_regs_print_info+0x12/0x12 [ 1365.149026][ T1359] ? radix_tree_cpu_dead+0x160/0x160 [ 1365.154280][ T1359] ? _raw_spin_lock+0xa1/0x170 [ 1365.159025][ T1359] ? _raw_spin_trylock_bh+0x190/0x190 [ 1365.164367][ T1359] dump_header+0xdb/0x700 [ 1365.168668][ T1359] oom_kill_process+0xd3/0x280 [ 1365.173403][ T1359] out_of_memory+0x5b6/0x890 [ 1365.177962][ T1359] ? unregister_oom_notifier+0x20/0x20 [ 1365.183389][ T1359] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1365.188922][ T1359] ? get_page_from_freelist+0x7c0/0x7c0 [ 1365.194445][ T1359] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1365.199784][ T1359] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1365.205299][ T1359] pagecache_get_page+0x50f/0x880 [ 1365.210296][ T1359] filemap_fault+0x1474/0x19d0 [ 1365.215057][ T1359] ? generic_file_read_iter+0x20b0/0x20b0 [ 1365.220747][ T1359] ext4_filemap_fault+0x7b/0x90 [ 1365.225569][ T1359] handle_mm_fault+0x2846/0x40b0 [ 1365.230480][ T1359] ? finish_fault+0x230/0x230 [ 1365.235139][ T1359] ? vmacache_update+0x9f/0xf0 [ 1365.239873][ T1359] do_user_addr_fault+0x48a/0x9f0 [ 1365.244872][ T1359] page_fault+0x2f/0x40 [ 1365.248997][ T1359] RIP: 0033:0x7f7a97fca5fc [ 1365.253394][ T1359] Code: d2 0f 84 f7 00 00 00 48 83 fa 01 0f 8e bd 00 00 00 48 29 fe 49 89 d2 49 83 fa 20 0f 8d e0 00 00 00 49 f7 c2 01 00 00 00 74 1d <0f> b6 07 0f b6 14 37 49 83 ea 01 0f 84 99 00 00 00 48 83 c7 01 29 [ 1365.272977][ T1359] RSP: 002b:00007ffceb159458 EFLAGS: 00010202 [ 1365.279027][ T1359] RAX: 00007f7a981ce000 RBX: 0000561bb445cc81 RCX: 00007f7a97fc82b7 [ 1365.286976][ T1359] RDX: 000000000000000b RSI: ffffffffffdfe9ab RDI: 00007f7a981ce000 [ 1365.294928][ T1359] RBP: 00007ffceb1594c0 R08: 0000000000000000 R09: 0000000000000000 [ 1365.302875][ T1359] R10: 000000000000000b R11: 0000000000000207 R12: 00007f7a981d4170 [ 1365.310814][ T1359] R13: 00007f7a981ce000 R14: 0000000000003c06 R15: 0000000000000000 [ 1365.497249][ T1359] Mem-Info: [ 1365.501879][ T1359] active_anon:1434431 inactive_anon:6739 isolated_anon:0 [ 1365.501879][ T1359] active_file:274 inactive_file:285 isolated_file:32 [ 1365.501879][ T1359] unevictable:0 dirty:7 writeback:1 unstable:0 [ 1365.501879][ T1359] slab_reclaimable:7260 slab_unreclaimable:73310 [ 1365.501879][ T1359] mapped:56001 shmem:6812 pagetables:30520 bounce:0 [ 1365.501879][ T1359] free:12159 free_pcp:508 free_cma:0 [ 1365.542358][ T1359] Node 0 active_anon:5738024kB inactive_anon:26956kB active_file:976kB inactive_file:1188kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:223804kB dirty:28kB writeback:4kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1365.633910][ T1359] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1365.671853][ T1359] lowmem_reserve[]: 0 2912 6416 6416 [ 1365.677562][ T1359] DMA32 free:26048kB min:4644kB low:7624kB high:10604kB active_anon:2791168kB inactive_anon:8208kB active_file:2608kB inactive_file:2592kB unevictable:0kB writepending:132kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7616kB pagetables:22936kB bounce:0kB free_pcp:960kB local_pcp:276kB free_cma:0kB [ 1365.709101][ T1359] lowmem_reserve[]: 0 0 3504 3504 [ 1365.715984][ T1359] Normal free:4148kB min:24744kB low:28332kB high:31920kB active_anon:2944972kB inactive_anon:18748kB active_file:12kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29856kB pagetables:99144kB bounce:0kB free_pcp:1052kB local_pcp:532kB free_cma:0kB [ 1365.760613][ T1359] lowmem_reserve[]: 0 0 0 0 [ 1365.765257][ T1359] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1365.779563][ T1359] DMA32: 921*4kB (UMEH) 349*8kB (UMH) 149*16kB (UMEH) 106*32kB (UMEH) 73*64kB (UMEH) 37*128kB (UMH) 11*256kB (MH) 7*512kB (MH) 3*1024kB (UM) 2*2048kB (MH) 0*4096kB = 35228kB [ 1365.799542][ T1359] Normal: 135*4kB (UMEH) 38*8kB (UM) 87*16kB (UMH) 87*32kB (UMEH) 18*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6172kB [ 1365.814365][ T1359] 9449 total pagecache pages [ 1365.818944][ T1359] 0 pages in swap cache [ 1365.823375][ T1359] Swap cache stats: add 0, delete 0, find 0/0 [ 1365.829661][ T1359] Free swap = 0kB [ 1365.840590][ T1359] Total swap = 0kB [ 1365.844300][ T1359] 1965979 pages RAM [ 1365.848421][ T1359] 0 pages HighMem/MovableOnly [ 1365.853473][ T1359] 318832 pages reserved [ 1365.857623][ T1359] 0 pages cma reserved [ 1365.862019][ T1359] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=1343,uid=0 03:08:54 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:54 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:54 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:54 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1366.700656][ T1372] systemd-udevd invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1366.723055][ T1372] CPU: 1 PID: 1372 Comm: systemd-udevd Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1366.733038][ T1372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1366.743075][ T1372] Call Trace: [ 1366.746341][ T1372] dump_stack+0x14a/0x1ce [ 1366.750641][ T1372] ? devkmsg_release+0x11c/0x11c [ 1366.755546][ T1372] ? show_regs_print_info+0x12/0x12 [ 1366.760711][ T1372] ? radix_tree_cpu_dead+0x160/0x160 [ 1366.765966][ T1372] ? _raw_spin_lock+0xa1/0x170 [ 1366.770702][ T1372] ? _raw_spin_trylock_bh+0x190/0x190 [ 1366.776050][ T1372] dump_header+0xdb/0x700 [ 1366.780346][ T1372] oom_kill_process+0xd3/0x280 [ 1366.785076][ T1372] out_of_memory+0x5b6/0x890 [ 1366.789733][ T1372] ? unregister_oom_notifier+0x20/0x20 [ 1366.795168][ T1372] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1366.800692][ T1372] ? get_page_from_freelist+0x7c0/0x7c0 [ 1366.806210][ T1372] ? __zone_watermark_ok+0x96/0x260 [ 1366.811400][ T1372] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1366.816750][ T1372] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1366.822271][ T1372] ? __seccomp_filter+0xa3f/0x1740 [ 1366.827348][ T1372] ? _raw_spin_lock+0xa1/0x170 [ 1366.832093][ T1372] ? __rcu_read_lock+0x50/0x50 [ 1366.836825][ T1372] ? __secure_computing+0x250/0x250 [ 1366.841999][ T1372] alloc_slab_page+0x3a/0x3a0 [ 1366.846655][ T1372] ? alloc_set_pte+0x533/0x900 [ 1366.851386][ T1372] new_slab+0x3ef/0x430 [ 1366.855507][ T1372] ___slab_alloc+0x2e0/0x450 [ 1366.860066][ T1372] ? getname_flags+0xb8/0x610 [ 1366.864718][ T1372] ? getname_flags+0xb8/0x610 [ 1366.869369][ T1372] kmem_cache_alloc+0x23c/0x260 [ 1366.874219][ T1372] getname_flags+0xb8/0x610 [ 1366.878692][ T1372] do_sys_open+0x33d/0x7d0 [ 1366.883077][ T1372] ? file_open_root+0x450/0x450 [ 1366.887896][ T1372] do_syscall_64+0xcb/0x150 [ 1366.892370][ T1372] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1366.898342][ T1372] RIP: 0033:0x7fe708eee6f0 [ 1366.902729][ T1372] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 83 3d 19 30 2c 00 00 75 10 b8 02 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 fe 9d 01 00 48 89 04 24 [ 1366.922306][ T1372] RSP: 002b:00007fff9cd59d08 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1366.930687][ T1372] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe708eee6f0 [ 1366.938631][ T1372] RDX: 0000000000000180 RSI: 00000000000800c2 RDI: 0000558aef1a2db0 [ 1366.946582][ T1372] RBP: 000000000003a2f8 R08: 00007fff9cd59ce0 R09: 00007fff9cd900a8 [ 1366.954527][ T1372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000558aef1a2dc5 [ 1366.962471][ T1372] R13: 8421084210842109 R14: 00000000000800c2 R15: 00007fe708f7c540 [ 1366.975018][ T1372] Mem-Info: [ 1366.978197][ T1372] active_anon:1436276 inactive_anon:6738 isolated_anon:0 [ 1366.978197][ T1372] active_file:386 inactive_file:416 isolated_file:55 [ 1366.978197][ T1372] unevictable:0 dirty:4 writeback:0 unstable:0 [ 1366.978197][ T1372] slab_reclaimable:7257 slab_unreclaimable:73189 [ 1366.978197][ T1372] mapped:56270 shmem:6812 pagetables:30512 bounce:0 [ 1366.978197][ T1372] free:10445 free_pcp:0 free_cma:0 [ 1367.015743][ T1372] Node 0 active_anon:5745104kB inactive_anon:26952kB active_file:1544kB inactive_file:1664kB unevictable:0kB isolated(anon):0kB isolated(file):220kB mapped:225080kB dirty:16kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1367.040221][ T1372] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1367.066498][ T1372] lowmem_reserve[]: 0 2912 6416 6416 [ 1367.072117][ T1372] DMA32 free:17924kB min:4644kB low:7624kB high:10604kB active_anon:2802012kB inactive_anon:8204kB active_file:1960kB inactive_file:1940kB unevictable:0kB writepending:204kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7616kB pagetables:22908kB bounce:0kB free_pcp:568kB local_pcp:0kB free_cma:0kB [ 1367.109436][ T1372] lowmem_reserve[]: 0 0 3504 3504 [ 1367.118263][ T1372] Normal free:8456kB min:24744kB low:28332kB high:31920kB active_anon:2942952kB inactive_anon:18748kB active_file:144kB inactive_file:80kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29856kB pagetables:99140kB bounce:0kB free_pcp:28kB local_pcp:0kB free_cma:0kB [ 1367.150645][ T1372] lowmem_reserve[]: 0 0 0 0 [ 1367.156538][ T1372] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1367.170067][ T1372] DMA32: 45*4kB (UMEH) 82*8kB (UMH) 26*16kB (UMEH) 17*32kB (UMEH) 9*64kB (UMEH) 2*128kB (UH) 1*256kB (H) 8*512kB (UMH) 3*1024kB (M) 2*2048kB (MH) 1*4096kB (M) = 18244kB [ 1367.194186][ T1372] Normal: 224*4kB (UMEH) 43*8kB (UME) 128*16kB (UMEH) 122*32kB (UMEH) 17*64kB (UM) 4*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8792kB [ 1367.209602][ T1372] 7215 total pagecache pages [ 1367.215988][ T1372] 0 pages in swap cache [ 1367.227640][ T1372] Swap cache stats: add 0, delete 0, find 0/0 [ 1367.234457][ T1372] Free swap = 0kB [ 1367.239093][ T1372] Total swap = 0kB [ 1367.245679][ T1372] 1965979 pages RAM [ 1367.250141][ T1372] 0 pages HighMem/MovableOnly [ 1367.254984][ T1372] 318832 pages reserved [ 1367.259185][ T1372] 0 pages cma reserved [ 1367.263310][ T1372] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=1374,uid=0 03:08:55 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:55 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:55 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1367.761115][ T1401] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1367.773538][ T1401] CPU: 0 PID: 1401 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1367.783583][ T1401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1367.793709][ T1401] Call Trace: [ 1367.796976][ T1401] dump_stack+0x14a/0x1ce [ 1367.801284][ T1401] ? devkmsg_release+0x11c/0x11c [ 1367.806196][ T1401] ? show_regs_print_info+0x12/0x12 [ 1367.811365][ T1401] ? radix_tree_cpu_dead+0x160/0x160 [ 1367.816632][ T1401] ? _raw_spin_lock+0xa1/0x170 [ 1367.821371][ T1401] ? _raw_spin_trylock_bh+0x190/0x190 [ 1367.826725][ T1401] dump_header+0xdb/0x700 [ 1367.831026][ T1401] oom_kill_process+0xd3/0x280 [ 1367.835763][ T1401] out_of_memory+0x5b6/0x890 [ 1367.840322][ T1401] ? unregister_oom_notifier+0x20/0x20 [ 1367.845752][ T1401] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1367.851276][ T1401] ? unwind_get_return_address+0x48/0x90 [ 1367.856888][ T1401] ? get_page_from_freelist+0x7c0/0x7c0 [ 1367.862407][ T1401] ? __zone_watermark_ok+0x96/0x260 [ 1367.867577][ T1401] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1367.872918][ T1401] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1367.878435][ T1401] ? copy_process+0x5a4/0x5150 [ 1367.883165][ T1401] ? kmem_cache_alloc+0x1d2/0x260 [ 1367.888153][ T1401] copy_process+0x5f3/0x5150 [ 1367.892720][ T1401] ? get_mem_cgroup_from_mm+0x27b/0x2c0 [ 1367.898235][ T1401] ? _raw_spin_lock+0xa1/0x170 [ 1367.902964][ T1401] ? mem_cgroup_try_charge_delay+0x10/0x10 [ 1367.908738][ T1401] ? fork_idle+0x290/0x290 [ 1367.913126][ T1401] ? _raw_spin_unlock+0x5/0x20 [ 1367.917869][ T1401] ? handle_mm_fault+0xb1e/0x40b0 [ 1367.922865][ T1401] _do_fork+0x196/0x920 [ 1367.926988][ T1401] ? dup_mm+0x300/0x300 [ 1367.931121][ T1401] ? preempt_schedule_irq+0xe7/0x140 [ 1367.936375][ T1401] __x64_sys_clone+0x25f/0x2c0 [ 1367.941123][ T1401] ? __ia32_sys_vfork+0x110/0x110 [ 1367.946114][ T1401] ? __fpregs_load_activate+0x2d3/0x390 [ 1367.951631][ T1401] ? do_user_addr_fault+0x55c/0x9f0 [ 1367.956801][ T1401] do_syscall_64+0xcb/0x150 [ 1367.961277][ T1401] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1367.967135][ T1401] RIP: 0033:0x45f219 [ 1367.970998][ T1401] Code: ff 48 85 f6 0f 84 d7 8c fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8c fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1367.990582][ T1401] RSP: 002b:00007ffc8fd1c688 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1367.998978][ T1401] RAX: ffffffffffffffda RBX: 00007faf0c2ef700 RCX: 000000000045f219 [ 1368.006922][ T1401] RDX: 00007faf0c2ef9d0 RSI: 00007faf0c2eedb0 RDI: 00000000003d0f00 [ 1368.014863][ T1401] RBP: 00007ffc8fd1c8a0 R08: 00007faf0c2ef700 R09: 00007faf0c2ef700 [ 1368.022806][ T1401] R10: 00007faf0c2ef9d0 R11: 0000000000000202 R12: 0000000000000000 [ 1368.030747][ T1401] R13: 00007ffc8fd1c73f R14: 00007faf0c2ef9c0 R15: 000000000076bf0c [ 1368.101676][ T1401] Mem-Info: [ 1368.108286][ T1401] active_anon:1437484 inactive_anon:6739 isolated_anon:0 [ 1368.108286][ T1401] active_file:210 inactive_file:206 isolated_file:59 [ 1368.108286][ T1401] unevictable:0 dirty:46 writeback:0 unstable:0 [ 1368.108286][ T1401] slab_reclaimable:7246 slab_unreclaimable:73312 [ 1368.108286][ T1401] mapped:55975 shmem:6812 pagetables:30458 bounce:0 [ 1368.108286][ T1401] free:9890 free_pcp:0 free_cma:0 [ 1368.147496][ T1401] Node 0 active_anon:5749936kB inactive_anon:26956kB active_file:736kB inactive_file:672kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:223800kB dirty:184kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1368.172407][ T1401] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1368.198790][ T1401] lowmem_reserve[]: 0 2912 6416 6416 [ 1368.204339][ T1401] DMA32 free:17504kB min:4644kB low:7624kB high:10604kB active_anon:2803740kB inactive_anon:8208kB active_file:536kB inactive_file:144kB unevictable:0kB writepending:180kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7360kB pagetables:22684kB bounce:0kB free_pcp:736kB local_pcp:0kB free_cma:0kB [ 1368.233842][ T1401] lowmem_reserve[]: 0 0 3504 3504 [ 1368.239132][ T1401] Normal free:6152kB min:5592kB low:9180kB high:12768kB active_anon:2945900kB inactive_anon:18748kB active_file:12kB inactive_file:0kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29920kB pagetables:99148kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1368.300777][ T1401] lowmem_reserve[]: 0 0 0 0 [ 1368.318029][ T1401] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1368.332965][ T1401] DMA32: 641*4kB (UMEH) 354*8kB (UMH) 152*16kB (UMEH) 102*32kB (UMEH) 47*64kB (MEH) 13*128kB (MH) 2*256kB (MH) 9*512kB (UMH) 4*1024kB (UM) 3*2048kB (UMH) 0*4096kB = 31124kB [ 1368.351397][ T1401] Normal: 105*4kB (UMH) 29*8kB (UME) 107*16kB (UMEH) 89*32kB (UEH) 13*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6044kB [ 1368.365696][ T1401] 7232 total pagecache pages [ 1368.370278][ T1401] 0 pages in swap cache [ 1368.374438][ T1401] Swap cache stats: add 0, delete 0, find 0/0 [ 1368.380700][ T1401] Free swap = 0kB [ 1368.384394][ T1401] Total swap = 0kB [ 1368.388085][ T1401] 1965979 pages RAM [ 1368.391873][ T1401] 0 pages HighMem/MovableOnly [ 1368.396520][ T1401] 318832 pages reserved 03:08:56 executing program 0: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0), 0x0, 0x1) close(r4) splice(r3, 0x0, r4, 0x0, 0x0, 0x0) read$FUSE(r3, &(0x7f0000000900), 0x1000) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1368.400657][ T1401] 0 pages cma reserved [ 1368.404697][ T1401] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=1398,uid=0 03:08:56 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) socket$key(0xf, 0x3, 0x2) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:56 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f00000000c0)=0x2000000000000074, 0x4) ioctl$BLKFLSBUF(r3, 0x1261, &(0x7f0000000000)) 03:08:56 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) r4 = getpid() rt_tgsigqueueinfo(r4, r4, 0x16, &(0x7f0000000000)) ptrace(0x10, r4) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000180)) ptrace$getregset(0x4201, r4, 0x0, &(0x7f0000000080)={0x0}) sched_setattr(r4, &(0x7f0000000000)={0x38, 0x2, 0x43, 0x8, 0x3f, 0x9, 0x0, 0x6, 0x10001, 0x3}, 0x0) getsockopt$inet_tcp_int(r1, 0x6, 0x9, &(0x7f0000000100), &(0x7f0000000140)=0x4) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:08:56 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:57 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000001240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001200)={&(0x7f0000000100)={0x44, r2, 0x100, 0x70bd2b, 0x0, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xffffffff}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x800}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000}, 0x40000c0) sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, r2, 0x100, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0xffffff01}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x801}, 0x8080) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:08:57 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:57 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:57 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') setsockopt$TIPC_IMPORTANCE(r4, 0x10f, 0x7f, &(0x7f0000000100)=0x4, 0x4) sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x2, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:57 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x40000, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') write$P9_RWRITE(r3, &(0x7f0000000200)={0xb, 0x77, 0x1, 0x1}, 0xb) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, 0x4, 0x1, 0x101, 0x0, 0x0, {0xc, 0x0, 0x3}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20044084}, 0x41) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') sendmsg$nl_route(r5, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=@getrule={0x14, 0x22, 0x200, 0x70bd27, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x14}}, 0x8084) 03:08:57 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:57 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) socket$key(0xf, 0x3, 0x2) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:58 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:08:59 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) fgetxattr(0xffffffffffffffff, &(0x7f0000000200)=@random={'system.', 'stack\x00'}, &(0x7f0000000240)=""/101, 0x65) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x2, 0x3, 0xf5, 0x5, 0x4, 0x0, 0x70bd2c, 0x25dfdbfd, [@sadb_spirange={0x2, 0x10, 0x4d6, 0x4d6}]}, 0x20}}, 0x20000000) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1372.814108][ T388] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1372.880353][ T388] CPU: 0 PID: 388 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1372.890097][ T388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1372.900136][ T388] Call Trace: [ 1372.903417][ T388] dump_stack+0x14a/0x1ce [ 1372.907723][ T388] ? devkmsg_release+0x11c/0x11c [ 1372.912629][ T388] ? show_regs_print_info+0x12/0x12 [ 1372.917806][ T388] ? radix_tree_cpu_dead+0x160/0x160 [ 1372.923068][ T388] ? _raw_spin_lock+0xa1/0x170 [ 1372.927805][ T388] ? _raw_spin_trylock_bh+0x190/0x190 [ 1372.933148][ T388] dump_header+0xdb/0x700 [ 1372.937449][ T388] oom_kill_process+0xd3/0x280 [ 1372.942187][ T388] out_of_memory+0x5b6/0x890 [ 1372.946747][ T388] ? unregister_oom_notifier+0x20/0x20 [ 1372.952174][ T388] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1372.957693][ T388] ? get_page_from_freelist+0x7c0/0x7c0 [ 1372.963211][ T388] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1372.968554][ T388] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1372.974080][ T388] pagecache_get_page+0x50f/0x880 [ 1372.979074][ T388] filemap_fault+0x1474/0x19d0 [ 1372.983809][ T388] ? generic_file_read_iter+0x20b0/0x20b0 [ 1372.989501][ T388] ext4_filemap_fault+0x7b/0x90 [ 1372.994335][ T388] handle_mm_fault+0x2846/0x40b0 [ 1372.999248][ T388] ? finish_fault+0x230/0x230 [ 1373.003893][ T388] ? vmacache_find+0x3a2/0x4b0 [ 1373.008624][ T388] do_user_addr_fault+0x48a/0x9f0 [ 1373.013623][ T388] page_fault+0x2f/0x40 [ 1373.017749][ T388] RIP: 0033:0x72fc95 [ 1373.021618][ T388] Code: cc cc cc cc cc 48 8b 44 24 08 84 00 48 89 44 24 08 48 c7 44 24 10 00 00 00 00 e9 46 44 ff ff cc cc cc cc cc cc 48 8b 44 24 08 <84> 00 48 89 44 24 08 c6 44 24 10 00 e9 7a 44 ff ff cc cc cc cc cc [ 1373.041191][ T388] RSP: 002b:000000c4439262c0 EFLAGS: 00010202 [ 1373.047222][ T388] RAX: 00000000012d8b00 RBX: 00000000012d8b00 RCX: 0000000000a47f20 [ 1373.055163][ T388] RDX: 000000000072fc90 RSI: 0000000000000000 RDI: 000000c42b913500 [ 1373.063114][ T388] RBP: 000000c443926360 R08: 0000000000000000 R09: 0000000000000000 [ 1373.071063][ T388] R10: 00000000009f0182 R11: 0000000000000004 R12: 0000000000000000 [ 1373.079011][ T388] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 1373.109068][ T388] Mem-Info: [ 1373.119462][ T388] active_anon:1436807 inactive_anon:6739 isolated_anon:0 [ 1373.119462][ T388] active_file:291 inactive_file:286 isolated_file:65 [ 1373.119462][ T388] unevictable:0 dirty:6 writeback:0 unstable:0 [ 1373.119462][ T388] slab_reclaimable:7242 slab_unreclaimable:72978 [ 1373.119462][ T388] mapped:56185 shmem:6812 pagetables:30526 bounce:0 [ 1373.119462][ T388] free:10455 free_pcp:86 free_cma:0 [ 1373.178223][ T388] Node 0 active_anon:5747228kB inactive_anon:26956kB active_file:564kB inactive_file:612kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:223540kB dirty:24kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1373.202845][ T388] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1373.234413][ T388] lowmem_reserve[]: 0 2912 6416 6416 [ 1373.241536][ T388] DMA32 free:17832kB min:4644kB low:7624kB high:10604kB active_anon:2802412kB inactive_anon:8208kB active_file:540kB inactive_file:764kB unevictable:0kB writepending:24kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7360kB pagetables:22752kB bounce:0kB free_pcp:1316kB local_pcp:392kB free_cma:0kB [ 1373.272446][ T388] lowmem_reserve[]: 0 0 3504 3504 [ 1373.278963][ T388] Normal free:7968kB min:5592kB low:9180kB high:12768kB active_anon:2944516kB inactive_anon:18748kB active_file:348kB inactive_file:432kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:29952kB pagetables:99352kB bounce:0kB free_pcp:532kB local_pcp:152kB free_cma:0kB [ 1373.310335][ T388] lowmem_reserve[]: 0 0 0 0 [ 1373.319045][ T388] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1373.339651][ T388] DMA32: 142*4kB (UMEH) 49*8kB (UMH) 10*16kB (UMEH) 18*32kB (UMEH) 13*64kB (UEH) 14*128kB (M) 4*256kB (M) 11*512kB (MH) 3*1024kB (M) 2*2048kB (MH) 0*4096kB = 18144kB [ 1373.356439][ T388] Normal: 47*4kB (UH) 41*8kB (UE) 101*16kB (UEH) 100*32kB (UEH) 14*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6228kB [ 1373.370764][ T388] 7049 total pagecache pages [ 1373.376088][ T388] 0 pages in swap cache [ 1373.390768][ T388] Swap cache stats: add 0, delete 0, find 0/0 [ 1373.396932][ T388] Free swap = 0kB [ 1373.400726][ T388] Total swap = 0kB [ 1373.404504][ T388] 1965979 pages RAM [ 1373.408396][ T388] 0 pages HighMem/MovableOnly [ 1373.413222][ T388] 318832 pages reserved [ 1373.417445][ T388] 0 pages cma reserved [ 1373.421806][ T388] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.3,pid=14548,uid=0 [ 1373.436426][ T388] Out of memory: Killed process 14548 (syz-executor.3) total-vm:75224kB, anon-rss:16068kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 1373.468934][ T23] oom_reaper: reaped process 14548 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1373.472924][ T411] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 03:09:01 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1373.491739][ T411] CPU: 0 PID: 411 Comm: syz-executor.0 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1373.501704][ T411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1373.511741][ T411] Call Trace: [ 1373.515022][ T411] dump_stack+0x14a/0x1ce [ 1373.519354][ T411] ? devkmsg_release+0x11c/0x11c [ 1373.524284][ T411] ? show_regs_print_info+0x12/0x12 [ 1373.529467][ T411] ? radix_tree_cpu_dead+0x160/0x160 [ 1373.534733][ T411] ? _raw_spin_lock+0xa1/0x170 03:09:01 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) socket$key(0xf, 0x3, 0x2) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:01 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0), 0x0, 0x1) close(r4) splice(r3, 0x0, r4, 0x0, 0x0, 0x0) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1373.539696][ T411] ? _raw_spin_trylock_bh+0x190/0x190 [ 1373.545060][ T411] dump_header+0xdb/0x700 [ 1373.549380][ T411] oom_kill_process+0xd3/0x280 [ 1373.554134][ T411] out_of_memory+0x5b6/0x890 [ 1373.558713][ T411] ? unregister_oom_notifier+0x20/0x20 [ 1373.564161][ T411] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1373.569700][ T411] ? get_page_from_freelist+0x7c0/0x7c0 [ 1373.575234][ T411] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1373.580605][ T411] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1373.586141][ T411] pagecache_get_page+0x50f/0x880 [ 1373.591157][ T411] filemap_fault+0x1474/0x19d0 [ 1373.595915][ T411] ? generic_file_read_iter+0x20b0/0x20b0 [ 1373.601624][ T411] ? clockevents_program_event+0x214/0x2d0 [ 1373.607445][ T411] ext4_filemap_fault+0x7b/0x90 [ 1373.612281][ T411] handle_mm_fault+0x2846/0x40b0 [ 1373.617207][ T411] ? finish_fault+0x230/0x230 [ 1373.621881][ T411] ? vmacache_find+0x205/0x4b0 [ 1373.626626][ T411] do_user_addr_fault+0x48a/0x9f0 [ 1373.631640][ T411] page_fault+0x2f/0x40 [ 1373.635780][ T411] RIP: 0033:0x41036e [ 1373.639675][ T411] Code: Bad RIP value. [ 1373.643724][ T411] RSP: 002b:00007ffff9aff070 EFLAGS: 00010202 [ 1373.649782][ T411] RAX: 000000000014f561 RBX: 000000000014f523 RCX: 000000000014f348 [ 1373.657738][ T411] RDX: 0000001b2d320000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1373.665698][ T411] RBP: 00000000000010f6 R08: 0000000000000001 R09: 0000000001a19940 [ 1373.673653][ T411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000012 [ 1373.681608][ T411] R13: 00007ffff9aff0a0 R14: 000000000014f0a6 R15: 00007ffff9aff0b0 [ 1373.696028][ T411] Mem-Info: [ 1373.699244][ T411] active_anon:1433847 inactive_anon:6739 isolated_anon:24 [ 1373.699244][ T411] active_file:461 inactive_file:2343 isolated_file:105 [ 1373.699244][ T411] unevictable:0 dirty:7 writeback:0 unstable:0 [ 1373.699244][ T411] slab_reclaimable:7242 slab_unreclaimable:72974 [ 1373.699244][ T411] mapped:57984 shmem:6812 pagetables:30495 bounce:0 [ 1373.699244][ T411] free:10727 free_pcp:476 free_cma:0 [ 1373.739224][ T411] Node 0 active_anon:5735588kB inactive_anon:26956kB active_file:3344kB inactive_file:2792kB unevictable:0kB isolated(anon):96kB isolated(file):232kB mapped:227436kB dirty:28kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1373.773094][ T411] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1373.799727][ T411] lowmem_reserve[]: 0 2912 6416 6416 [ 1373.805160][ T411] DMA32 free:23736kB min:4644kB low:7624kB high:10604kB active_anon:2798080kB inactive_anon:8208kB active_file:0kB inactive_file:84kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7360kB pagetables:22752kB bounce:0kB free_pcp:1644kB local_pcp:1452kB free_cma:0kB [ 1373.835203][ T411] lowmem_reserve[]: 0 0 3504 3504 [ 1373.840472][ T411] Normal free:15868kB min:5592kB low:9180kB high:12768kB active_anon:2928796kB inactive_anon:18748kB active_file:2660kB inactive_file:3208kB unevictable:0kB writepending:24kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30080kB pagetables:99228kB bounce:0kB free_pcp:2524kB local_pcp:1140kB free_cma:0kB [ 1373.871184][ T411] lowmem_reserve[]: 0 0 0 0 [ 1373.876144][ T411] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1373.889747][ T411] DMA32: 594*4kB (UMEH) 194*8kB (UMH) 43*16kB (UMEH) 53*32kB (UMEH) 21*64kB (UMEH) 19*128kB (M) 4*256kB (M) 11*512kB (MH) 3*1024kB (M) 2*2048kB (MH) 0*4096kB = 23912kB [ 1373.906521][ T411] Normal: 1292*4kB (UMH) 179*8kB (UME) 150*16kB (UMEH) 127*32kB (UMEH) 22*64kB (UMH) 3*128kB (M) 1*256kB (M) 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 17160kB [ 1373.923145][ T411] 8095 total pagecache pages [ 1373.928449][ T411] 0 pages in swap cache [ 1373.932735][ T411] Swap cache stats: add 0, delete 0, find 0/0 [ 1373.938781][ T411] Free swap = 0kB [ 1373.942511][ T411] Total swap = 0kB [ 1373.946218][ T411] 1965979 pages RAM [ 1373.949993][ T411] 0 pages HighMem/MovableOnly [ 1373.954657][ T411] 318832 pages reserved [ 1373.958784][ T411] 0 pages cma reserved [ 1373.962877][ T411] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=16155,uid=0 [ 1373.978010][ T411] Out of memory: Killed process 16155 (syz-executor.5) total-vm:75224kB, anon-rss:16196kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 03:09:02 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:02 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:02 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="02002bbd7000fcdb73713065d1b8cbb9646796930cdf25130000000c009900020100db657dea000600ed00c60500000600140101000000caf5faf175e7ceeeff5a6298c68c40825670a2bdb1d9e84aad42af"], 0x30}, 0x1, 0x0, 0x0, 0x20000040}, 0x8008050) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:09:05 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:09:07 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:07 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:07 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:09:07 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f00000000c0), 0x0, 0x1) close(r3) splice(r2, 0x0, r3, 0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r3, 0x0, 0xed, 0x2b, &(0x7f0000000100)="2b1e51ef852ce6d5e2a5d9468aa9f536951a55a885e962938685a222f0d22255f8b09f4b94e6b3731f2d819bcd07829c6b31e91749763faed7a57b19ead4d3a53c847918731934f475e2ba41c39e0bc3755f632cb87d81cd460cc434892aaecd3cfe83f60276eb36dbf18f46862d93aafd76574a32a60931fc32d539f1b30d3198d64ef12ebb46def00420872a5d0617de7f1f1d7a3e4fa438a142fc254c130329981934e0bfe53cd1934498738e644ca90f65d68e8e47abf23cb9cf7ad2d67cd1309728ffb28007604dca1b472b5ef18d327fdb6b800ba20e36bc31e3b1d0ee91f1bebcb9ff043e8337ff7996", &(0x7f0000000000)=""/43, 0x1f, 0x0, 0x5b, 0x9a, &(0x7f0000000200)="8ec51baf4a628c2a152adf107a5d6e0423d95ab7710960ff546a909922f718e19901ee50f55ffb5e650fe789c4cd9cb10485db8b8aea6004558eef2f47446aa1405deeb5c39946ef969fc80777b7e2bdf7330b2810821decd63d01", &(0x7f0000000340)="767168cdbd9876a17a65874ccae4e4b5af718b597bc3fe10b88d4426ae76afc41243192086da88114bb578d354aea03c12d7aad384e0b1939bdda2abbeb5988034271c1fc66b7b3c301a0ded7cf2a29a159a18c67389275410b2b4e9cd36a8602b6e0f836d022190dd3b0fd29ad341cb0970b0efb4807a0189be270d005a1afdfc93234007be3dfade464aa62b647cdaa8b7c633947db903dcf0"}, 0x40) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r4, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r5, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:07 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x0, 0x2) [ 1380.338233][ T1569] modprobe invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 1380.349825][ T1569] CPU: 0 PID: 1569 Comm: modprobe Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1380.359355][ T1569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1380.369400][ T1569] Call Trace: [ 1380.372674][ T1569] dump_stack+0x14a/0x1ce [ 1380.376979][ T1569] ? devkmsg_release+0x11c/0x11c [ 1380.381884][ T1569] ? show_regs_print_info+0x12/0x12 [ 1380.387056][ T1569] ? radix_tree_cpu_dead+0x160/0x160 [ 1380.392309][ T1569] ? _raw_spin_lock+0xa1/0x170 [ 1380.397039][ T1569] ? _raw_spin_trylock_bh+0x190/0x190 [ 1380.402379][ T1569] dump_header+0xdb/0x700 [ 1380.406676][ T1569] oom_kill_process+0xd3/0x280 [ 1380.411421][ T1569] out_of_memory+0x5b6/0x890 [ 1380.415981][ T1569] ? unregister_oom_notifier+0x20/0x20 [ 1380.421409][ T1569] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1380.426930][ T1569] ? get_page_from_freelist+0x7c0/0x7c0 [ 1380.432460][ T1569] ? __zone_watermark_ok+0x96/0x260 [ 1380.437637][ T1569] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1380.442998][ T1569] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1380.448518][ T1569] ? anon_vma_interval_tree_insert+0x2f2/0x330 [ 1380.454640][ T1569] ? vma_interval_tree_augment_rotate+0x200/0x200 [ 1380.461021][ T1569] ? load_elf_binary+0x851/0x3770 [ 1380.466013][ T1569] __pmd_alloc+0x3a/0x1f0 [ 1380.470310][ T1569] move_page_tables+0xf37/0x1020 [ 1380.475246][ T1569] ? change_protection+0xd10/0xd10 [ 1380.480337][ T1569] setup_arg_pages+0x758/0x9b0 [ 1380.485180][ T1569] ? strlcpy+0x75/0xb0 [ 1380.489235][ T1569] ? copy_strings+0x920/0x920 [ 1380.493886][ T1569] ? get_random_u64+0x169/0x390 [ 1380.498710][ T1569] ? randomize_stack_top+0xab/0xf0 [ 1380.503793][ T1569] load_elf_binary+0x99b/0x3770 [ 1380.508614][ T1569] ? _raw_read_unlock+0x27/0x30 [ 1380.513432][ T1569] ? load_misc_binary+0x624/0x10d0 [ 1380.518518][ T1569] ? load_elf_binary+0x811/0x3770 [ 1380.523513][ T1569] ? load_script+0x1dc/0x990 [ 1380.528104][ T1569] ? bm_evict_inode+0xd0/0xd0 [ 1380.532765][ T1569] ? load_script+0x990/0x990 [ 1380.537329][ T1569] ? selinux_inode_follow_link+0x3c0/0x3c0 [ 1380.543107][ T1569] ? __rcu_read_lock+0x50/0x50 [ 1380.547838][ T1569] search_binary_handler+0x17c/0x590 [ 1380.553091][ T1569] exec_binprm+0x90/0x380 [ 1380.557386][ T1569] __do_execve_file+0x1296/0x1870 [ 1380.562379][ T1569] ? do_execve_file+0x40/0x40 [ 1380.567022][ T1569] ? getname_kernel+0x55/0x2f0 [ 1380.571753][ T1569] ? getname_kernel+0x159/0x2f0 [ 1380.576570][ T1569] do_execve+0x2f/0x40 [ 1380.580608][ T1569] call_usermodehelper_exec_async+0x2dc/0x480 [ 1380.586659][ T1569] ? proc_cap_handler+0x580/0x580 [ 1380.591656][ T1569] ret_from_fork+0x1f/0x30 [ 1380.612782][ T1569] Mem-Info: [ 1380.617960][ T1569] active_anon:1437626 inactive_anon:6739 isolated_anon:0 [ 1380.617960][ T1569] active_file:291 inactive_file:297 isolated_file:54 [ 1380.617960][ T1569] unevictable:0 dirty:24 writeback:0 unstable:0 [ 1380.617960][ T1569] slab_reclaimable:7259 slab_unreclaimable:72835 [ 1380.617960][ T1569] mapped:56053 shmem:6812 pagetables:30639 bounce:0 [ 1380.617960][ T1569] free:9286 free_pcp:162 free_cma:0 [ 1380.655740][ T1569] Node 0 active_anon:5750504kB inactive_anon:26956kB active_file:1164kB inactive_file:1032kB unevictable:0kB isolated(anon):0kB isolated(file):180kB mapped:224212kB dirty:96kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1380.680200][ T1569] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1380.706801][ T1569] lowmem_reserve[]: 0 2912 6416 6416 [ 1380.724480][ T1569] DMA32 free:17064kB min:4644kB low:7624kB high:10604kB active_anon:2807852kB inactive_anon:8200kB active_file:84kB inactive_file:112kB unevictable:0kB writepending:28kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7680kB pagetables:22616kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1380.753783][ T1569] lowmem_reserve[]: 0 0 3504 3504 [ 1380.759230][ T1569] Normal free:5156kB min:5592kB low:9180kB high:12768kB active_anon:2942456kB inactive_anon:18756kB active_file:980kB inactive_file:844kB unevictable:0kB writepending:68kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30208kB pagetables:99940kB bounce:0kB free_pcp:440kB local_pcp:0kB free_cma:0kB [ 1380.788766][ T1569] lowmem_reserve[]: 0 0 0 0 [ 1380.793519][ T1569] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1380.807978][ T1569] DMA32: 70*4kB (UMH) 38*8kB (UMEH) 8*16kB (UMH) 11*32kB (UMEH) 25*64kB (UMEH) 8*128kB (UM) 6*256kB (UM) 11*512kB (MH) 3*1024kB (M) 2*2048kB (MH) 0*4096kB = 18024kB [ 1380.825295][ T1569] Normal: 326*4kB (MH) 81*8kB (UMEH) 18*16kB (UMEH) 4*32kB (UE) 14*64kB (UMH) 0*128kB 4*256kB (M) 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 5824kB [ 1380.844728][ T1569] 7007 total pagecache pages [ 1380.849568][ T1569] 0 pages in swap cache [ 1380.853999][ T1569] Swap cache stats: add 0, delete 0, find 0/0 [ 1380.860323][ T1569] Free swap = 0kB [ 1380.864263][ T1569] Total swap = 0kB [ 1380.868194][ T1569] 1965979 pages RAM [ 1380.872983][ T1569] 0 pages HighMem/MovableOnly [ 1380.878794][ T1569] 318832 pages reserved [ 1380.884491][ T1569] 0 pages cma reserved [ 1380.888758][ T1569] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=11252,uid=0 [ 1380.903062][ T1569] Out of memory: Killed process 11252 (syz-executor.0) total-vm:75092kB, anon-rss:16048kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 1380.924056][ T23] oom_reaper: reaped process 11252 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:09:09 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:09 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:09 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:09:13 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:13 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:09:13 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1386.430573][ T426] syz-executor.4 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1386.441744][ T426] CPU: 1 PID: 426 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1386.451689][ T426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1386.461712][ T426] Call Trace: [ 1386.464972][ T426] dump_stack+0x14a/0x1ce [ 1386.469270][ T426] ? devkmsg_release+0x11c/0x11c [ 1386.474171][ T426] ? show_regs_print_info+0x12/0x12 [ 1386.479353][ T426] ? radix_tree_cpu_dead+0x160/0x160 [ 1386.484613][ T426] ? _raw_spin_lock+0xa1/0x170 [ 1386.489343][ T426] ? _raw_spin_trylock_bh+0x190/0x190 [ 1386.494692][ T426] dump_header+0xdb/0x700 [ 1386.499023][ T426] oom_kill_process+0xd3/0x280 [ 1386.503753][ T426] out_of_memory+0x5b6/0x890 [ 1386.508309][ T426] ? unregister_oom_notifier+0x20/0x20 [ 1386.513750][ T426] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1386.519267][ T426] ? get_page_from_freelist+0x7c0/0x7c0 [ 1386.524789][ T426] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1386.530127][ T426] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1386.535665][ T426] pagecache_get_page+0x50f/0x880 [ 1386.540667][ T426] filemap_fault+0x1474/0x19d0 [ 1386.545400][ T426] ? generic_file_read_iter+0x20b0/0x20b0 [ 1386.551085][ T426] ? enqueue_hrtimer+0x1cf/0x230 [ 1386.555988][ T426] ext4_filemap_fault+0x7b/0x90 [ 1386.560807][ T426] handle_mm_fault+0x2846/0x40b0 [ 1386.565716][ T426] ? finish_fault+0x230/0x230 [ 1386.570357][ T426] ? memset+0x1f/0x40 [ 1386.574303][ T426] ? hrtimer_init_sleeper+0x23a/0x380 [ 1386.579638][ T426] ? __x64_sys_nanosleep+0x60/0x60 [ 1386.584723][ T426] ? vmacache_update+0x9f/0xf0 [ 1386.589467][ T426] do_user_addr_fault+0x48a/0x9f0 [ 1386.594592][ T426] page_fault+0x2f/0x40 [ 1386.598744][ T426] RIP: 0033:0x45acf0 [ 1386.602612][ T426] Code: Bad RIP value. [ 1386.606642][ T426] RSP: 002b:00007ffc8fd1c948 EFLAGS: 00010246 [ 1386.612700][ T426] RAX: 0000000000000000 RBX: 0000000000152653 RCX: 000000000045acf0 [ 1386.620673][ T426] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffc8fd1c950 [ 1386.628612][ T426] RBP: 0000000000001599 R08: 0000000000000001 R09: 0000000001d4e940 [ 1386.636551][ T426] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000a [ 1386.644492][ T426] R13: 00007ffc8fd1c9a0 R14: 00000000001524f2 R15: 00007ffc8fd1c9b0 [ 1386.664042][ T426] Mem-Info: [ 1386.667162][ T426] active_anon:1438730 inactive_anon:6739 isolated_anon:0 [ 1386.667162][ T426] active_file:21 inactive_file:6 isolated_file:0 [ 1386.667162][ T426] unevictable:0 dirty:0 writeback:0 unstable:0 [ 1386.667162][ T426] slab_reclaimable:7276 slab_unreclaimable:72552 [ 1386.667162][ T426] mapped:55651 shmem:6812 pagetables:30611 bounce:0 [ 1386.667162][ T426] free:9225 free_pcp:66 free_cma:0 [ 1386.705967][ T426] Node 0 active_anon:5754920kB inactive_anon:26956kB active_file:84kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:222604kB dirty:0kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1386.730818][ T426] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1386.757429][ T426] lowmem_reserve[]: 0 2912 6416 6416 [ 1386.763503][ T426] DMA32 free:17536kB min:4644kB low:7624kB high:10604kB active_anon:2814016kB inactive_anon:8200kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7232kB pagetables:22612kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1386.798077][ T426] lowmem_reserve[]: 0 0 3504 3504 [ 1386.803436][ T426] Normal free:4196kB min:5592kB low:9180kB high:12768kB active_anon:2940756kB inactive_anon:18756kB active_file:60kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30496kB pagetables:99832kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1386.846331][ T426] lowmem_reserve[]: 0 0 0 0 [ 1386.853422][ T426] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1386.883603][ T426] DMA32: 78*4kB (UM) 50*8kB (UME) 15*16kB (UM) 48*32kB (UME) 39*64kB (UME) 16*128kB (UM) 3*256kB (U) 5*512kB (UM) 3*1024kB (M) 2*2048kB (M) 0*4096kB = 17528kB [ 1386.905999][ T426] Normal: 38*4kB (UM) 8*8kB (UM) 10*16kB (UME) 16*32kB (UM) 15*64kB (UM) 7*128kB (M) 1*256kB (M) 3*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 4536kB [ 1386.926631][ T426] 6861 total pagecache pages [ 1386.936318][ T426] 0 pages in swap cache [ 1386.945788][ T426] Swap cache stats: add 0, delete 0, find 0/0 [ 1386.956304][ T426] Free swap = 0kB [ 1386.974658][ T426] Total swap = 0kB [ 1386.978379][ T426] 1965979 pages RAM [ 1386.987671][ T426] 0 pages HighMem/MovableOnly [ 1387.005808][ T426] 318832 pages reserved [ 1387.012812][ T426] 0 pages cma reserved [ 1387.016854][ T426] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=10051,uid=0 [ 1387.037292][ T426] Out of memory: Killed process 10051 (syz-executor.5) total-vm:75092kB, anon-rss:16004kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 1387.075527][ T23] oom_reaper: reaped process 10051 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:09:16 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:16 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:09:16 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) getegid() write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r1, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1388.901287][ T1637] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1388.914355][ T1637] CPU: 1 PID: 1637 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1388.924412][ T1637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1388.934449][ T1637] Call Trace: [ 1388.937719][ T1637] dump_stack+0x14a/0x1ce [ 1388.942017][ T1637] ? devkmsg_release+0x11c/0x11c [ 1388.946923][ T1637] ? show_regs_print_info+0x12/0x12 [ 1388.952097][ T1637] ? radix_tree_cpu_dead+0x160/0x160 [ 1388.957350][ T1637] ? _raw_spin_lock+0xa1/0x170 [ 1388.962093][ T1637] ? _raw_spin_trylock_bh+0x190/0x190 [ 1388.967441][ T1637] dump_header+0xdb/0x700 [ 1388.971743][ T1637] oom_kill_process+0xd3/0x280 [ 1388.976480][ T1637] out_of_memory+0x5b6/0x890 [ 1388.981045][ T1637] ? unregister_oom_notifier+0x20/0x20 [ 1388.986475][ T1637] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1388.991995][ T1637] ? get_page_from_freelist+0x7c0/0x7c0 [ 1388.997520][ T1637] ? __zone_watermark_ok+0x96/0x260 [ 1389.002687][ T1637] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1389.008026][ T1637] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1389.013547][ T1637] ? filemap_fault+0x19d0/0x19d0 [ 1389.018458][ T1637] pte_alloc_one+0x1b/0xb0 [ 1389.022851][ T1637] __pte_alloc+0x1d/0x1d0 [ 1389.027152][ T1637] handle_mm_fault+0x370b/0x40b0 [ 1389.032084][ T1637] ? finish_fault+0x230/0x230 [ 1389.036733][ T1637] ? vmacache_update+0x9f/0xf0 [ 1389.041468][ T1637] do_user_addr_fault+0x48a/0x9f0 [ 1389.046467][ T1637] page_fault+0x2f/0x40 [ 1389.050787][ T1637] RIP: 0033:0x400684 [ 1389.054662][ T1637] Code: 01 e9 c9 00 00 00 48 8b 44 24 10 48 0b 44 24 28 be 08 00 00 00 48 8b 14 24 75 17 48 8b 7c 24 20 e8 d1 57 00 00 48 8b 4c 24 08 <48> 89 01 e9 9d 00 00 00 48 8b 44 24 08 48 8b 38 e8 b7 57 00 00 8a [ 1389.074325][ T1637] RSP: 002b:00007fff19d28ba0 EFLAGS: 00010202 [ 1389.080361][ T1637] RAX: 0000000000000009 RBX: 0000000000000000 RCX: 00000000200001c0 [ 1389.088435][ T1637] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000009 [ 1389.096500][ T1637] RBP: 0000000000770000 R08: 0000000000000000 R09: 0000000000000000 [ 1389.104446][ T1637] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 1389.112397][ T1637] R13: 0000000000770008 R14: 0000000000000000 R15: 00007fff19d28dd0 [ 1389.136362][ T1637] Mem-Info: [ 1389.144556][ T1637] active_anon:1437744 inactive_anon:6739 isolated_anon:0 [ 1389.144556][ T1637] active_file:102 inactive_file:165 isolated_file:59 [ 1389.144556][ T1637] unevictable:0 dirty:16 writeback:0 unstable:0 [ 1389.144556][ T1637] slab_reclaimable:7289 slab_unreclaimable:72766 [ 1389.144556][ T1637] mapped:55909 shmem:6812 pagetables:30587 bounce:0 [ 1389.144556][ T1637] free:9792 free_pcp:32 free_cma:0 [ 1389.182781][ T1637] Node 0 active_anon:5750976kB inactive_anon:26956kB active_file:408kB inactive_file:604kB unevictable:0kB isolated(anon):0kB isolated(file):236kB mapped:223536kB dirty:64kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1389.207615][ T1637] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1389.234220][ T1637] lowmem_reserve[]: 0 2912 6416 6416 [ 1389.240839][ T1637] DMA32 free:17548kB min:4644kB low:7624kB high:10604kB active_anon:2812696kB inactive_anon:8200kB active_file:44kB inactive_file:444kB unevictable:0kB writepending:8kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7264kB pagetables:22624kB bounce:0kB free_pcp:32kB local_pcp:0kB free_cma:0kB [ 1389.269991][ T1637] lowmem_reserve[]: 0 0 3504 3504 [ 1389.276419][ T1637] Normal free:5004kB min:5592kB low:9180kB high:12768kB active_anon:2937752kB inactive_anon:18756kB active_file:656kB inactive_file:420kB unevictable:0kB writepending:52kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30112kB pagetables:99724kB bounce:0kB free_pcp:920kB local_pcp:500kB free_cma:0kB [ 1389.322969][ T1637] lowmem_reserve[]: 0 0 0 0 [ 1389.328086][ T1637] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1389.342078][ T1637] DMA32: 129*4kB (UME) 74*8kB (UM) 3*16kB (UM) 16*32kB (UME) 44*64kB (UME) 21*128kB (UM) 5*256kB (UM) 5*512kB (UM) 3*1024kB (M) 2*2048kB (M) 0*4096kB = 18180kB [ 1389.358744][ T1637] Normal: 143*4kB (UM) 72*8kB (UMH) 21*16kB (M) 20*32kB (ME) 9*64kB (EH) 9*128kB (UMEH) 3*256kB (MEH) 2*512kB (ME) 0*1024kB 0*2048kB 0*4096kB = 5644kB [ 1389.386716][ T1637] 6941 total pagecache pages [ 1389.391604][ T1637] 0 pages in swap cache [ 1389.396256][ T1637] Swap cache stats: add 0, delete 0, find 0/0 [ 1389.402766][ T1637] Free swap = 0kB [ 1389.407017][ T1637] Total swap = 0kB [ 1389.411266][ T1637] 1965979 pages RAM [ 1389.415239][ T1637] 0 pages HighMem/MovableOnly [ 1389.420092][ T1637] 318832 pages reserved [ 1389.424370][ T1637] 0 pages cma reserved [ 1389.428592][ T1637] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=20778,uid=0 [ 1389.442878][ T1637] Out of memory: Killed process 20778 (syz-executor.1) total-vm:75092kB, anon-rss:15732kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 03:09:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:09:19 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:19 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) getegid() write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r1, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:21 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}], 0x2}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:21 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) getegid() write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r1, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:22 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:24 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x3, 0x7) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r1, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:24 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:26 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:26 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x3, 0x7) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r1, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:28 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:28 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r1, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:28 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') sendmsg$NFNL_MSG_ACCT_DEL(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2808800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x3, 0x7, 0x3, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x3}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) recvmmsg(r0, &(0x7f0000001c40), 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) [ 1400.823530][ T426] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 1400.835639][ T426] CPU: 1 PID: 426 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1400.845595][ T426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1400.856064][ T426] Call Trace: [ 1400.859324][ T426] dump_stack+0x14a/0x1ce [ 1400.863620][ T426] ? devkmsg_release+0x11c/0x11c [ 1400.868527][ T426] ? show_regs_print_info+0x12/0x12 [ 1400.873691][ T426] ? radix_tree_cpu_dead+0x160/0x160 [ 1400.878944][ T426] ? _raw_spin_lock+0xa1/0x170 [ 1400.883671][ T426] ? _raw_spin_trylock_bh+0x190/0x190 [ 1400.889020][ T426] dump_header+0xdb/0x700 [ 1400.893318][ T426] oom_kill_process+0xd3/0x280 [ 1400.898053][ T426] out_of_memory+0x5b6/0x890 [ 1400.902611][ T426] ? unregister_oom_notifier+0x20/0x20 [ 1400.908040][ T426] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1400.913554][ T426] ? get_page_from_freelist+0x7c0/0x7c0 [ 1400.919067][ T426] ? __zone_watermark_ok+0x96/0x260 [ 1400.924233][ T426] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1400.929587][ T426] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1400.935115][ T426] ? copy_process+0x5a4/0x5150 [ 1400.939855][ T426] ? copy_process+0x5a4/0x5150 [ 1400.944586][ T426] ? kmem_cache_alloc+0x1d2/0x260 [ 1400.949580][ T426] copy_process+0x5f3/0x5150 [ 1400.954247][ T426] ? __rcu_read_lock+0x50/0x50 [ 1400.958979][ T426] ? ___perf_sw_event+0x448/0x4a0 [ 1400.963968][ T426] ? fork_idle+0x290/0x290 [ 1400.968347][ T426] ? perf_swevent_put_recursion_context+0x60/0x60 [ 1400.974748][ T426] ? _raw_spin_unlock+0x5/0x20 [ 1400.979480][ T426] ? handle_mm_fault+0xb1e/0x40b0 [ 1400.984556][ T426] _do_fork+0x196/0x920 [ 1400.988774][ T426] ? dup_mm+0x300/0x300 [ 1400.992907][ T426] ? ktime_get_raw+0x130/0x130 [ 1400.997635][ T426] __x64_sys_clone+0x25f/0x2c0 [ 1401.002364][ T426] ? __ia32_sys_vfork+0x110/0x110 [ 1401.007355][ T426] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1401.012954][ T426] ? do_user_addr_fault+0x570/0x9f0 [ 1401.018118][ T426] do_syscall_64+0xcb/0x150 [ 1401.022590][ T426] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1401.028450][ T426] RIP: 0033:0x45ae1a [ 1401.032311][ T426] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1401.051891][ T426] RSP: 002b:00007ffc8fd1c920 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1401.060285][ T426] RAX: ffffffffffffffda RBX: 00007ffc8fd1c920 RCX: 000000000045ae1a [ 1401.068241][ T426] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1401.076304][ T426] RBP: 00007ffc8fd1c960 R08: 0000000000000001 R09: 0000000001d4e940 [ 1401.084244][ T426] R10: 0000000001d4ec10 R11: 0000000000000246 R12: 0000000000000001 [ 1401.092184][ T426] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc8fd1c9b0 [ 1401.100880][ T426] Mem-Info: [ 1401.104521][ T426] active_anon:1434113 inactive_anon:6739 isolated_anon:0 [ 1401.104521][ T426] active_file:211 inactive_file:314 isolated_file:0 [ 1401.104521][ T426] unevictable:0 dirty:6 writeback:0 unstable:0 [ 1401.104521][ T426] slab_reclaimable:7306 slab_unreclaimable:72444 [ 1401.104521][ T426] mapped:55924 shmem:6812 pagetables:30572 bounce:0 [ 1401.104521][ T426] free:13749 free_pcp:145 free_cma:0 [ 1401.143162][ T426] Node 0 active_anon:5736452kB inactive_anon:26956kB active_file:520kB inactive_file:956kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:223296kB dirty:24kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1401.168178][ T426] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1401.197783][ T426] lowmem_reserve[]: 0 2912 6416 6416 [ 1401.224555][ T426] DMA32 free:21412kB min:4644kB low:7624kB high:10604kB active_anon:2810192kB inactive_anon:8200kB active_file:40kB inactive_file:276kB unevictable:0kB writepending:16kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7232kB pagetables:22600kB bounce:0kB free_pcp:1908kB local_pcp:568kB free_cma:0kB [ 1401.261164][ T426] lowmem_reserve[]: 0 0 3504 3504 [ 1401.278179][ T426] Normal free:11332kB min:9688kB low:13276kB high:16864kB active_anon:2926260kB inactive_anon:18756kB active_file:2604kB inactive_file:3564kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30016kB pagetables:99688kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1401.337995][ T426] lowmem_reserve[]: 0 0 0 0 [ 1401.345540][ T426] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1401.366785][ T426] DMA32: 72*4kB (UEH) 61*8kB (UMH) 76*16kB (UMH) 44*32kB (UMEH) 60*64kB (UMEH) 23*128kB (UM) 7*256kB (UM) 5*512kB (UM) 3*1024kB (M) 2*2048kB (M) 0*4096kB = 21704kB [ 1401.383864][ T426] Normal: 430*4kB (UMH) 138*8kB (UMH) 26*16kB (M) 146*32kB (UMH) 37*64kB (UMH) 6*128kB (UMH) 3*256kB (MH) 2*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 12840kB [ 1401.400505][ T426] 7546 total pagecache pages [ 1401.405949][ T426] 0 pages in swap cache [ 1401.410379][ T426] Swap cache stats: add 0, delete 0, find 0/0 [ 1401.417153][ T426] Free swap = 0kB [ 1401.421193][ T426] Total swap = 0kB [ 1401.425196][ T426] 1965979 pages RAM [ 1401.429218][ T426] 0 pages HighMem/MovableOnly [ 1401.434522][ T426] 318832 pages reserved [ 1401.439842][ T426] 0 pages cma reserved [ 1401.444147][ T426] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=9827,uid=0 [ 1401.459863][ T426] Out of memory: Killed process 9827 (syz-executor.5) total-vm:75092kB, anon-rss:15712kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:164kB oom_score_adj:1000 [ 1401.484271][ T23] oom_reaper: reaped process 9827 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:09:31 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:31 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r1, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:32 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:33 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r1, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1405.927274][ T386] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1405.937982][ T386] CPU: 0 PID: 386 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1405.947692][ T386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1405.957714][ T386] Call Trace: [ 1405.960973][ T386] dump_stack+0x14a/0x1ce [ 1405.965267][ T386] ? devkmsg_release+0x11c/0x11c [ 1405.970171][ T386] ? show_regs_print_info+0x12/0x12 [ 1405.975334][ T386] ? radix_tree_cpu_dead+0x160/0x160 [ 1405.980592][ T386] ? _raw_spin_lock+0xa1/0x170 [ 1405.985337][ T386] ? _raw_spin_trylock_bh+0x190/0x190 [ 1405.990681][ T386] dump_header+0xdb/0x700 [ 1405.994981][ T386] oom_kill_process+0xd3/0x280 [ 1405.999715][ T386] out_of_memory+0x5b6/0x890 [ 1406.004273][ T386] ? unregister_oom_notifier+0x20/0x20 [ 1406.009703][ T386] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1406.015228][ T386] ? get_page_from_freelist+0x7c0/0x7c0 [ 1406.020758][ T386] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1406.026125][ T386] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1406.031742][ T386] pagecache_get_page+0x50f/0x880 [ 1406.036748][ T386] filemap_fault+0x1474/0x19d0 [ 1406.041496][ T386] ? generic_file_read_iter+0x20b0/0x20b0 [ 1406.047305][ T386] ext4_filemap_fault+0x7b/0x90 [ 1406.052137][ T386] handle_mm_fault+0x2846/0x40b0 [ 1406.057055][ T386] ? finish_fault+0x230/0x230 [ 1406.061716][ T386] ? vmacache_find+0x205/0x4b0 [ 1406.066465][ T386] do_user_addr_fault+0x48a/0x9f0 [ 1406.071472][ T386] page_fault+0x2f/0x40 [ 1406.075606][ T386] RIP: 0033:0x45ac23 [ 1406.079490][ T386] Code: Bad RIP value. [ 1406.083535][ T386] RSP: 002b:000000c42004ff08 EFLAGS: 00010202 [ 1406.089595][ T386] RAX: 0000000000000000 RBX: 0000000000000009 RCX: 000000000045ac23 [ 1406.097650][ T386] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1406.105608][ T386] RBP: 000000c42004ff18 R08: 000000c42004ff08 R09: 0000000000000000 [ 1406.113565][ T386] R10: 0000000000000000 R11: 0000000000000202 R12: 000000000042f0a0 [ 1406.121522][ T386] R13: 00000000000000f1 R14: 0000000000000011 R15: 0000000000000000 [ 1406.153396][ T386] Mem-Info: [ 1406.156524][ T386] active_anon:1438412 inactive_anon:6739 isolated_anon:0 [ 1406.156524][ T386] active_file:49 inactive_file:26 isolated_file:31 [ 1406.156524][ T386] unevictable:0 dirty:23 writeback:0 unstable:0 [ 1406.156524][ T386] slab_reclaimable:7322 slab_unreclaimable:72591 [ 1406.156524][ T386] mapped:55721 shmem:6812 pagetables:30649 bounce:0 [ 1406.156524][ T386] free:9384 free_pcp:30 free_cma:0 [ 1406.193969][ T386] Node 0 active_anon:5753720kB inactive_anon:26956kB active_file:108kB inactive_file:68kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:222768kB dirty:72kB writeback:28kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1406.218060][ T386] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1406.244051][ T386] lowmem_reserve[]: 0 2912 6416 6416 [ 1406.250145][ T386] DMA32 free:17640kB min:4644kB low:7624kB high:10604kB active_anon:2817652kB inactive_anon:8200kB active_file:4kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7264kB pagetables:22716kB bounce:0kB free_pcp:208kB local_pcp:208kB free_cma:0kB [ 1406.287996][ T386] lowmem_reserve[]: 0 0 3504 3504 [ 1406.293045][ T386] Normal free:4080kB min:5592kB low:9180kB high:12768kB active_anon:2936084kB inactive_anon:18756kB active_file:264kB inactive_file:540kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30304kB pagetables:99812kB bounce:0kB free_pcp:68kB local_pcp:28kB free_cma:0kB [ 1406.329307][ T386] lowmem_reserve[]: 0 0 0 0 [ 1406.333812][ T386] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1406.357435][ T386] DMA32: 111*4kB (UH) 74*8kB (UMEH) 28*16kB (UMEH) 25*32kB (UMEH) 49*64kB (UMEH) 23*128kB (UM) 8*256kB (UM) 2*512kB (U) 2*1024kB (M) 2*2048kB (M) 0*4096kB = 17580kB [ 1406.383848][ T386] Normal: 126*4kB (UMH) 28*8kB (UMH) 6*16kB (UMH) 8*32kB (UM) 3*64kB (MH) 7*128kB (UMH) 4*256kB (UMH) 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 4728kB [ 1406.399321][ T386] 6940 total pagecache pages [ 1406.404312][ T386] 0 pages in swap cache [ 1406.409247][ T386] Swap cache stats: add 0, delete 0, find 0/0 [ 1406.415534][ T386] Free swap = 0kB [ 1406.423772][ T386] Total swap = 0kB [ 1406.427501][ T386] 1965979 pages RAM [ 1406.431282][ T386] 0 pages HighMem/MovableOnly [ 1406.435932][ T386] 318832 pages reserved [ 1406.440125][ T386] 0 pages cma reserved [ 1406.444177][ T386] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=1723,uid=0 [ 1406.458217][ T386] Out of memory: Killed process 1723 (syz-executor.4) total-vm:75092kB, anon-rss:15852kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 03:09:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:35 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:35 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:36 executing program 1: write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:36 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:36 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:36 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x800, 0x7f) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r3, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000140)={0x0, r2, 0x12}, 0x10) r5 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$read(0xb, r5, &(0x7f0000000080)=""/17, 0x11) r6 = request_key(&(0x7f0000000180)='.request_key_auth\x00', &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000200)='\x00', r5) keyctl$clear(0x7, r6) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r7}], 0x1, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r7, 0x8982, &(0x7f0000000000)={0x1, 'veth1_virt_wifi\x00', {}, 0x5}) 03:09:36 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000000), 0x0) keyctl$revoke(0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) 03:09:37 executing program 1: write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:37 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:37 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:40 executing program 1: write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:41 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:41 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) getegid() write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:42 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:42 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x0, 0x0, 0x10000000000000}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:45 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:45 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:45 executing program 0: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) r5 = getpid() rt_tgsigqueueinfo(r5, r5, 0x16, &(0x7f0000000000)) ptrace(0x10, r5) ptrace$getregset(0x4201, r5, 0x0, &(0x7f0000000080)={0x0}) clone3(&(0x7f0000000380)={0x8028200, &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000140), {0x22}, &(0x7f0000000180)=""/9, 0x9, &(0x7f00000001c0)=""/113, &(0x7f0000000340)=[r0, r4, r5], 0x3}, 0x50) ioctl$HIDIOCGCOLLECTIONINFO(r3, 0xc0104811, &(0x7f0000000400)={0x8, 0x546, 0x7, 0x7}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:45 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r3, &(0x7f0000000340), 0x41395527) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000180)={r2, &(0x7f0000000000)="f3375268f91e36811d", &(0x7f0000000100)=""/110, 0x4}, 0x20) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:48 executing program 0: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0}, &(0x7f0000000280)=0xc) r5 = getpid() rt_tgsigqueueinfo(r5, r5, 0x16, &(0x7f0000000000)) ptrace(0x10, r5) ptrace$getregset(0x4201, r5, 0x0, &(0x7f0000000080)={0x0}) clone3(&(0x7f0000000380)={0x8028200, &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000140), {0x22}, &(0x7f0000000180)=""/9, 0x9, &(0x7f00000001c0)=""/113, &(0x7f0000000340)=[r0, r4, r5], 0x3}, 0x50) ioctl$HIDIOCGCOLLECTIONINFO(r3, 0xc0104811, &(0x7f0000000400)={0x8, 0x546, 0x7, 0x7}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:48 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:48 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:52 executing program 1: prlimit64(0x0, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:52 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) getegid() write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:54 executing program 0: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() getpgid(r0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:54 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:54 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) getegid() write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:56 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r5}], 0x1, 0x0) fcntl$setflags(r5, 0x2, 0x1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:56 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:09:58 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r1, 0x407, 0x0) getegid() write(r1, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:02 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:02 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:02 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r5}], 0x1, 0x0) fcntl$setflags(r5, 0x2, 0x1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:07 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0), 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:07 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1440.498871][ T3766] kworker/u4:11 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 1440.514911][ T3766] CPU: 0 PID: 3766 Comm: kworker/u4:11 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1440.524877][ T3766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1440.534928][ T3766] Workqueue: events_unbound call_usermodehelper_exec_work [ 1440.542009][ T3766] Call Trace: [ 1440.545268][ T3766] dump_stack+0x14a/0x1ce [ 1440.549573][ T3766] ? devkmsg_release+0x11c/0x11c [ 1440.554495][ T3766] ? show_regs_print_info+0x12/0x12 [ 1440.559659][ T3766] ? radix_tree_cpu_dead+0x160/0x160 [ 1440.564920][ T3766] ? _raw_spin_lock+0xa1/0x170 [ 1440.569661][ T3766] ? _raw_spin_trylock_bh+0x190/0x190 [ 1440.575004][ T3766] dump_header+0xdb/0x700 [ 1440.579302][ T3766] oom_kill_process+0xd3/0x280 [ 1440.584037][ T3766] out_of_memory+0x5b6/0x890 [ 1440.588598][ T3766] ? retint_kernel+0x1b/0x1b [ 1440.593158][ T3766] ? unregister_oom_notifier+0x20/0x20 [ 1440.598597][ T3766] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1440.604128][ T3766] ? get_page_from_freelist+0x7c0/0x7c0 [ 1440.609653][ T3766] ? worker_thread+0xa8f/0x1430 [ 1440.614487][ T3766] ? __zone_watermark_ok+0x96/0x260 [ 1440.619654][ T3766] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1440.625002][ T3766] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1440.630522][ T3766] ? copy_process+0x5a4/0x5150 [ 1440.635261][ T3766] ? copy_process+0x5a4/0x5150 [ 1440.639992][ T3766] ? kmem_cache_alloc+0x1d2/0x260 [ 1440.644983][ T3766] copy_process+0x5f3/0x5150 [ 1440.649550][ T3766] ? stack_trace_snprint+0x150/0x150 [ 1440.654824][ T3766] ? slab_free_freelist_hook+0xd0/0x140 [ 1440.660333][ T3766] ? kfree+0x12b/0x5f0 [ 1440.664369][ T3766] ? call_usermodehelper_exec_work+0x278/0x350 [ 1440.670485][ T3766] ? process_one_work+0x777/0xf90 [ 1440.675476][ T3766] ? worker_thread+0xa8f/0x1430 [ 1440.680295][ T3766] ? kthread+0x2df/0x300 [ 1440.684506][ T3766] ? ret_from_fork+0x1f/0x30 [ 1440.689089][ T3766] ? fork_idle+0x290/0x290 [ 1440.693477][ T3766] _do_fork+0x196/0x920 [ 1440.697609][ T3766] ? dup_mm+0x300/0x300 [ 1440.701743][ T3766] ? _raw_spin_lock_irq+0xa2/0x180 [ 1440.706824][ T3766] kernel_thread+0x162/0x1d0 [ 1440.711383][ T3766] ? proc_cap_handler+0x580/0x580 [ 1440.716375][ T3766] ? legacy_clone_args_valid+0x50/0x50 [ 1440.721799][ T3766] ? kernel_sigaction+0x11b/0x200 [ 1440.726794][ T3766] ? proc_cap_handler+0x580/0x580 [ 1440.731797][ T3766] ? _raw_spin_unlock_irq+0x5/0x20 [ 1440.736892][ T3766] ? finish_task_switch+0x235/0x4c0 [ 1440.742070][ T3766] call_usermodehelper_exec_work+0xe0/0x350 [ 1440.747942][ T3766] ? call_usermodehelper_setup+0x210/0x210 [ 1440.753728][ T3766] ? read_word_at_a_time+0xe/0x20 [ 1440.758736][ T3766] ? strscpy+0xa6/0x260 [ 1440.762881][ T3766] process_one_work+0x777/0xf90 [ 1440.767703][ T3766] worker_thread+0xa8f/0x1430 [ 1440.772352][ T3766] kthread+0x2df/0x300 [ 1440.776390][ T3766] ? process_one_work+0xf90/0xf90 [ 1440.781399][ T3766] ? kthread_destroy_worker+0x280/0x280 [ 1440.786918][ T3766] ret_from_fork+0x1f/0x30 [ 1440.792458][ T3766] Mem-Info: [ 1440.795644][ T3766] active_anon:1437793 inactive_anon:6739 isolated_anon:0 [ 1440.795644][ T3766] active_file:145 inactive_file:198 isolated_file:0 [ 1440.795644][ T3766] unevictable:0 dirty:4 writeback:0 unstable:0 [ 1440.795644][ T3766] slab_reclaimable:7501 slab_unreclaimable:72383 [ 1440.795644][ T3766] mapped:55959 shmem:6812 pagetables:30734 bounce:0 [ 1440.795644][ T3766] free:9519 free_pcp:257 free_cma:0 [ 1440.833531][ T3766] Node 0 active_anon:5751272kB inactive_anon:26956kB active_file:252kB inactive_file:168kB unevictable:0kB isolated(anon):0kB isolated(file):124kB mapped:223036kB dirty:16kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1440.857830][ T3766] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1440.884244][ T3766] lowmem_reserve[]: 0 2912 6416 6416 [ 1440.889616][ T3766] DMA32 free:18448kB min:4644kB low:7624kB high:10604kB active_anon:2818456kB inactive_anon:8204kB active_file:272kB inactive_file:420kB unevictable:0kB writepending:16kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7520kB pagetables:23032kB bounce:0kB free_pcp:1400kB local_pcp:116kB free_cma:0kB [ 1440.925670][ T3766] lowmem_reserve[]: 0 0 3504 3504 [ 1440.930715][ T3766] Normal free:4136kB min:5592kB low:9180kB high:12768kB active_anon:2932644kB inactive_anon:18752kB active_file:20kB inactive_file:140kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30240kB pagetables:99904kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1440.963070][ T3766] lowmem_reserve[]: 0 0 0 0 [ 1440.967629][ T3766] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1440.981089][ T3766] DMA32: 112*4kB (UMH) 53*8kB (MH) 38*16kB (UMH) 49*32kB (UMEH) 10*64kB (UMEH) 22*128kB (UM) 19*256kB (UME) 6*512kB (U) 0*1024kB 2*2048kB (ME) 0*4096kB = 18536kB [ 1440.997406][ T3766] Normal: 102*4kB (UMEH) 14*8kB (UMEH) 8*16kB (E) 7*32kB (UMEH) 51*64kB (UMEH) 5*128kB (UEH) 1*256kB (H) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5032kB [ 1441.012432][ T3766] 6861 total pagecache pages [ 1441.016997][ T3766] 0 pages in swap cache [ 1441.021119][ T3766] Swap cache stats: add 0, delete 0, find 0/0 [ 1441.027171][ T3766] Free swap = 0kB [ 1441.030885][ T3766] Total swap = 0kB [ 1441.034577][ T3766] 1965979 pages RAM [ 1441.038368][ T3766] 0 pages HighMem/MovableOnly [ 1441.043022][ T3766] 318832 pages reserved [ 1441.047163][ T3766] 0 pages cma reserved [ 1441.051213][ T3766] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.5,pid=16202,uid=0 [ 1441.065307][ T3766] Out of memory: Killed process 16202 (syz-executor.5) total-vm:75224kB, anon-rss:15804kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 03:10:11 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, 0x0, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:11 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r5}], 0x1, 0x0) fcntl$setflags(r5, 0x2, 0x1) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:12 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0), 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:12 executing program 2: prctl$PR_GET_THP_DISABLE(0x2a) prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) open$dir(&(0x7f0000000000)='./file0\x00', 0x80600, 0x1) set_tid_address(&(0x7f0000000040)) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PIO_UNISCRNMAP(0xffffffffffffffff, 0x4b6a, &(0x7f0000000340)="9ded656a9e594b6f51c2a1fe190518232b0aed0d7401537fc09cd20166789b7cb174b0010cc64e41849ba0c255a04f4b67c0b1a0134fa241ced4819417f3ff76d4e9a7588663e7395a1a657e10") r3 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$read(0xb, r3, &(0x7f0000000080)=""/17, 0x11) r4 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, r3) add_key(&(0x7f00000000c0)='trusted\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000200)="6b45f822d414aa4b674b25e8ad0752cd7445d16930de0297e5f828d98387ff754354f6e0ea1c163572a9b1f79eb1b7bb30daed37fc575c493e7128850014338a7467d20a144613ea54411da238e30e84a4b4cd362875ab5c5c58c35f59dcf3b72a708bccf857084ae6f0788ae1ce522a35f122b002b8e4d9257cae843546878def5d8c732be1412d9c8c7b0c0ed48cf44a8bd0e40b5a4e97de03c7822982", 0x9e, r4) preadv(r2, &(0x7f0000000500), 0x37d, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') [ 1445.143990][ T385] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1445.160156][ T385] CPU: 1 PID: 385 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1445.169786][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1445.179816][ T385] Call Trace: [ 1445.183080][ T385] dump_stack+0x14a/0x1ce [ 1445.187392][ T385] ? devkmsg_release+0x11c/0x11c [ 1445.192302][ T385] ? show_regs_print_info+0x12/0x12 [ 1445.197471][ T385] ? radix_tree_cpu_dead+0x160/0x160 [ 1445.202728][ T385] ? _raw_spin_lock+0xa1/0x170 [ 1445.207459][ T385] ? _raw_spin_trylock_bh+0x190/0x190 [ 1445.212931][ T385] dump_header+0xdb/0x700 [ 1445.217231][ T385] oom_kill_process+0xd3/0x280 [ 1445.221960][ T385] out_of_memory+0x5b6/0x890 [ 1445.226515][ T385] ? unregister_oom_notifier+0x20/0x20 [ 1445.231942][ T385] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1445.237461][ T385] ? get_page_from_freelist+0x7c0/0x7c0 [ 1445.242978][ T385] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1445.248318][ T385] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1445.253838][ T385] pagecache_get_page+0x50f/0x880 [ 1445.258833][ T385] filemap_fault+0x1474/0x19d0 [ 1445.263578][ T385] ? generic_file_read_iter+0x20b0/0x20b0 [ 1445.269268][ T385] ? memset+0x1f/0x40 [ 1445.273222][ T385] ext4_filemap_fault+0x7b/0x90 [ 1445.278039][ T385] handle_mm_fault+0x2846/0x40b0 [ 1445.282957][ T385] ? finish_fault+0x230/0x230 [ 1445.287612][ T385] ? ksys_read+0x25d/0x2c0 [ 1445.291990][ T385] ? vmacache_find+0x2d2/0x4b0 [ 1445.296735][ T385] do_user_addr_fault+0x48a/0x9f0 [ 1445.301748][ T385] page_fault+0x2f/0x40 [ 1445.305879][ T385] RIP: 0033:0x455c60 [ 1445.309758][ T385] Code: Bad RIP value. [ 1445.313798][ T385] RSP: 002b:00007ffda3beb528 EFLAGS: 00010206 [ 1445.319836][ T385] RAX: 000000c426bf6000 RBX: 00007ffda3beb530 RCX: 000000c426bf6000 [ 1445.327772][ T385] RDX: 000000c431901408 RSI: 00000000004571e0 RDI: 0000000000455c60 [ 1445.335728][ T385] RBP: 000000c431901420 R08: 000000c426bf6000 R09: 0000000000000000 [ 1445.343666][ T385] R10: 000000c42002a001 R11: 0000000000000212 R12: 0000000000000000 [ 1445.351605][ T385] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 1445.427816][ T385] Mem-Info: [ 1445.437914][ T385] active_anon:1437002 inactive_anon:6739 isolated_anon:0 [ 1445.437914][ T385] active_file:109 inactive_file:225 isolated_file:30 [ 1445.437914][ T385] unevictable:0 dirty:31 writeback:0 unstable:0 [ 1445.437914][ T385] slab_reclaimable:7519 slab_unreclaimable:72219 [ 1445.437914][ T385] mapped:55897 shmem:6812 pagetables:30736 bounce:0 [ 1445.437914][ T385] free:10630 free_pcp:42 free_cma:0 [ 1445.476309][ T385] Node 0 active_anon:5748008kB inactive_anon:26956kB active_file:436kB inactive_file:688kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:223488kB dirty:124kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1445.501140][ T385] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1445.541744][ T385] lowmem_reserve[]: 0 2912 6416 6416 [ 1445.591520][ T385] DMA32 free:22808kB min:4644kB low:7624kB high:10604kB active_anon:2814572kB inactive_anon:8208kB active_file:888kB inactive_file:2368kB unevictable:0kB writepending:24kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7360kB pagetables:22928kB bounce:0kB free_pcp:228kB local_pcp:188kB free_cma:0kB [ 1445.646217][ T385] lowmem_reserve[]: 0 0 3504 3504 [ 1445.651276][ T385] Normal free:8576kB min:5592kB low:9180kB high:12768kB active_anon:2922852kB inactive_anon:18748kB active_file:1236kB inactive_file:904kB unevictable:0kB writepending:100kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30368kB pagetables:100016kB bounce:0kB free_pcp:2588kB local_pcp:1316kB free_cma:0kB [ 1445.682222][ T385] lowmem_reserve[]: 0 0 0 0 [ 1445.691203][ T385] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1445.713821][ T385] DMA32: 126*4kB (UMH) 65*8kB (UMH) 79*16kB (UMH) 95*32kB (UMEH) 27*64kB (UMEH) 29*128kB (UMH) 15*256kB (UME) 6*512kB (U) 0*1024kB 2*2048kB (ME) 0*4096kB = 21776kB [ 1445.754619][ T385] Normal: 228*4kB (UMH) 47*8kB (MH) 21*16kB (UM) 47*32kB (UMEH) 7*64kB (UM) 44*128kB (UMH) 1*256kB (H) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9464kB [ 1445.780697][ T385] 7479 total pagecache pages [ 1445.785444][ T385] 0 pages in swap cache [ 1445.790239][ T385] Swap cache stats: add 0, delete 0, find 0/0 [ 1445.798289][ T385] Free swap = 0kB [ 1445.802581][ T385] Total swap = 0kB [ 1445.806395][ T385] 1965979 pages RAM [ 1445.810576][ T385] 0 pages HighMem/MovableOnly [ 1445.815330][ T385] 318832 pages reserved [ 1445.819576][ T385] 0 pages cma reserved [ 1445.825753][ T385] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=1960,uid=0 03:10:17 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:17 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0), 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r5}], 0x1, 0x0) fcntl$setflags(r5, 0x2, 0x1) [ 1450.430327][ T1997] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1450.442527][ T1997] CPU: 0 PID: 1997 Comm: syz-executor.0 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1450.452572][ T1997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1450.462614][ T1997] Call Trace: [ 1450.465894][ T1997] dump_stack+0x14a/0x1ce [ 1450.470208][ T1997] ? devkmsg_release+0x11c/0x11c [ 1450.475135][ T1997] ? show_regs_print_info+0x12/0x12 [ 1450.480320][ T1997] ? radix_tree_cpu_dead+0x160/0x160 [ 1450.485591][ T1997] ? _raw_spin_lock+0xa1/0x170 [ 1450.490338][ T1997] ? _raw_spin_trylock_bh+0x190/0x190 [ 1450.495693][ T1997] dump_header+0xdb/0x700 [ 1450.500008][ T1997] oom_kill_process+0xd3/0x280 [ 1450.504771][ T1997] out_of_memory+0x5b6/0x890 [ 1450.509345][ T1997] ? unregister_oom_notifier+0x20/0x20 [ 1450.514797][ T1997] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1450.520330][ T1997] ? get_page_from_freelist+0x7c0/0x7c0 [ 1450.525858][ T1997] ? __zone_watermark_ok+0x96/0x260 [ 1450.531040][ T1997] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1450.536399][ T1997] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1450.541925][ T1997] ? __rcu_read_lock+0x50/0x50 [ 1450.546673][ T1997] pte_alloc_one+0x1b/0xb0 [ 1450.551072][ T1997] handle_mm_fault+0x1ce5/0x40b0 [ 1450.556001][ T1997] ? finish_fault+0x230/0x230 [ 1450.560655][ T1997] ? __perf_event_task_sched_in+0x4f7/0x560 [ 1450.566530][ T1997] ? vmacache_update+0x9f/0xf0 [ 1450.571274][ T1997] do_user_addr_fault+0x48a/0x9f0 [ 1450.576283][ T1997] page_fault+0x2f/0x40 [ 1450.580424][ T1997] RIP: 0033:0x45c849 [ 1450.584310][ T1997] Code: Bad RIP value. [ 1450.588367][ T1997] RSP: 002b:00007f1b256d5c78 EFLAGS: 00010246 [ 1450.594416][ T1997] RAX: 0000000000000000 RBX: 00007f1b256d66d4 RCX: 000000000045c849 [ 1450.602401][ T1997] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1450.610349][ T1997] RBP: 000000000076c0e0 R08: ffffffffffffffff R09: 0000000000000000 [ 1450.618297][ T1997] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1450.626245][ T1997] R13: 0000000000000074 R14: 00000000004c3103 R15: 000000000076c0ec [ 1450.634657][ T1997] Mem-Info: [ 1450.638974][ T1997] active_anon:1437080 inactive_anon:6739 isolated_anon:0 [ 1450.638974][ T1997] active_file:92 inactive_file:243 isolated_file:0 [ 1450.638974][ T1997] unevictable:0 dirty:3 writeback:0 unstable:0 [ 1450.638974][ T1997] slab_reclaimable:7567 slab_unreclaimable:72082 [ 1450.638974][ T1997] mapped:55842 shmem:6812 pagetables:30763 bounce:0 [ 1450.638974][ T1997] free:10707 free_pcp:246 free_cma:0 [ 1450.677103][ T1997] Node 0 active_anon:5748320kB inactive_anon:26956kB active_file:252kB inactive_file:712kB unevictable:0kB isolated(anon):0kB isolated(file):80kB mapped:222904kB dirty:12kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1450.701418][ T1997] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1450.727506][ T1997] lowmem_reserve[]: 0 2912 6416 6416 [ 1450.733190][ T1997] DMA32 free:18184kB min:4644kB low:7624kB high:10604kB active_anon:2822252kB inactive_anon:8208kB active_file:316kB inactive_file:116kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7424kB pagetables:23048kB bounce:0kB free_pcp:1392kB local_pcp:1392kB free_cma:0kB [ 1450.762577][ T1997] lowmem_reserve[]: 0 0 3504 3504 [ 1450.767753][ T1997] Normal free:8360kB min:9688kB low:13276kB high:16864kB active_anon:2926068kB inactive_anon:18748kB active_file:436kB inactive_file:72kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30336kB pagetables:100004kB bounce:0kB free_pcp:624kB local_pcp:624kB free_cma:0kB [ 1450.797462][ T1997] lowmem_reserve[]: 0 0 0 0 [ 1450.802084][ T1997] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1450.815607][ T1997] DMA32: 34*4kB (UEH) 74*8kB (UMEH) 53*16kB (UMEH) 54*32kB (UMEH) 29*64kB (UMH) 32*128kB (UEH) 14*256kB (UM) 7*512kB (UM) 0*1024kB 1*2048kB (E) 0*4096kB = 18472kB [ 1450.831928][ T1997] Normal: 4*4kB (UH) 45*8kB (UMH) 14*16kB (MH) 21*32kB (UMH) 20*64kB (UMH) 37*128kB (UM) 1*256kB (H) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7544kB [ 1450.846614][ T1997] 6865 total pagecache pages [ 1450.851171][ T1997] 0 pages in swap cache [ 1450.855313][ T1997] Swap cache stats: add 0, delete 0, find 0/0 [ 1450.861348][ T1997] Free swap = 0kB [ 1450.865054][ T1997] Total swap = 0kB [ 1450.868747][ T1997] 1965979 pages RAM [ 1450.872519][ T1997] 0 pages HighMem/MovableOnly [ 1450.877182][ T1997] 318832 pages reserved [ 1450.881321][ T1997] 0 pages cma reserved [ 1450.885420][ T1997] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=319,uid=0 [ 1450.899360][ T1997] Out of memory: Killed process 319 (syz-executor.0) total-vm:75488kB, anon-rss:15800kB, file-rss:34692kB, shmem-rss:0kB, UID:0 pgtables:152kB oom_score_adj:1000 [ 1450.916917][ T23] oom_reaper: reaped process 319 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:10:19 executing program 2: openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x8000, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40), 0x1, 0x40002121, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) 03:10:19 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:19 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r5}], 0x1, 0x0) 03:10:19 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:19 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1452.086015][ T2018] syz-executor.1 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1452.136623][ T2018] CPU: 0 PID: 2018 Comm: syz-executor.1 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1452.146765][ T2018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1452.156790][ T2018] Call Trace: [ 1452.160049][ T2018] dump_stack+0x14a/0x1ce [ 1452.164347][ T2018] ? devkmsg_release+0x11c/0x11c [ 1452.169261][ T2018] ? show_regs_print_info+0x12/0x12 [ 1452.174424][ T2018] ? radix_tree_cpu_dead+0x160/0x160 [ 1452.179680][ T2018] ? _raw_spin_lock+0xa1/0x170 [ 1452.184408][ T2018] ? _raw_spin_trylock_bh+0x190/0x190 [ 1452.189757][ T2018] dump_header+0xdb/0x700 [ 1452.194063][ T2018] oom_kill_process+0xd3/0x280 [ 1452.198794][ T2018] out_of_memory+0x5b6/0x890 [ 1452.203355][ T2018] ? unregister_oom_notifier+0x20/0x20 [ 1452.208793][ T2018] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1452.214309][ T2018] ? get_page_from_freelist+0x7c0/0x7c0 [ 1452.219821][ T2018] ? __zone_watermark_ok+0x96/0x260 [ 1452.224991][ T2018] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1452.230348][ T2018] ? __kasan_slab_free+0x181/0x230 [ 1452.235430][ T2018] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1452.240947][ T2018] ? tun_chr_read_iter+0x1c8/0x240 [ 1452.246030][ T2018] ? __rcu_read_lock+0x50/0x50 [ 1452.250777][ T2018] __pmd_alloc+0x3a/0x1f0 [ 1452.255089][ T2018] handle_mm_fault+0x3525/0x40b0 [ 1452.260001][ T2018] ? __fsnotify_update_child_dentry_flags+0x2c0/0x2c0 [ 1452.266731][ T2018] ? finish_fault+0x230/0x230 [ 1452.271376][ T2018] ? ksys_read+0x24c/0x2c0 [ 1452.275765][ T2018] ? vmacache_update+0x9f/0xf0 [ 1452.280504][ T2018] do_user_addr_fault+0x48a/0x9f0 [ 1452.285498][ T2018] page_fault+0x2f/0x40 [ 1452.289622][ T2018] RIP: 0033:0x403667 [ 1452.293487][ T2018] Code: 00 00 00 48 83 ec 08 48 8b 15 35 f0 87 00 48 8b 05 26 f0 87 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 <89> 38 48 89 15 08 f0 87 00 48 83 c4 08 c3 48 89 c6 bf a8 f9 4c 00 [ 1452.313057][ T2018] RSP: 002b:00007fff19d28bd0 EFLAGS: 00010287 [ 1452.319093][ T2018] RAX: 0000001b2d820000 RBX: 0000000000000000 RCX: 0000001b2e820000 [ 1452.327040][ T2018] RDX: 0000001b2d820004 RSI: 00007fff19d28990 RDI: 0000000000000000 [ 1452.335006][ T2018] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004 [ 1452.342963][ T2018] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000000 [ 1452.350910][ T2018] R13: 00007fff19d28dc0 R14: 0000000000000000 R15: 00007fff19d28dd0 [ 1452.372257][ T2018] Mem-Info: [ 1452.380595][ T2018] active_anon:1435935 inactive_anon:6739 isolated_anon:0 [ 1452.380595][ T2018] active_file:321 inactive_file:578 isolated_file:60 [ 1452.380595][ T2018] unevictable:0 dirty:34 writeback:0 unstable:0 [ 1452.380595][ T2018] slab_reclaimable:7587 slab_unreclaimable:72145 [ 1452.380595][ T2018] mapped:56287 shmem:6812 pagetables:30700 bounce:0 [ 1452.380595][ T2018] free:11190 free_pcp:116 free_cma:0 [ 1452.452912][ T2018] Node 0 active_anon:5743716kB inactive_anon:26956kB active_file:1204kB inactive_file:2644kB unevictable:0kB isolated(anon):0kB isolated(file):248kB mapped:226060kB dirty:140kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1452.482231][ T2018] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1452.521495][ T2018] lowmem_reserve[]: 0 2912 6416 6416 [ 1452.526931][ T2018] DMA32 free:19204kB min:4644kB low:7624kB high:10604kB active_anon:2821996kB inactive_anon:8208kB active_file:240kB inactive_file:180kB unevictable:0kB writepending:68kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7456kB pagetables:23132kB bounce:0kB free_pcp:100kB local_pcp:100kB free_cma:0kB [ 1452.605865][ T2018] lowmem_reserve[]: 0 0 3504 3504 [ 1452.629353][ T2018] Normal free:11284kB min:13784kB low:17372kB high:20960kB active_anon:2921844kB inactive_anon:18748kB active_file:1100kB inactive_file:688kB unevictable:0kB writepending:24kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30304kB pagetables:99984kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1452.685834][ T2018] lowmem_reserve[]: 0 0 0 0 [ 1452.692508][ T2018] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1452.707793][ T2018] DMA32: 704*4kB (UMH) 211*8kB (UMEH) 65*16kB (UMH) 91*32kB (UMEH) 53*64kB (UMEH) 47*128kB (UMEH) 16*256kB (UM) 7*512kB (UM) 0*1024kB 1*2048kB (E) 0*4096kB = 27592kB [ 1452.725413][ T2018] Normal: 466*4kB (UMH) 151*8kB (UMH) 56*16kB (MH) 31*32kB (MH) 26*64kB (UM) 37*128kB (UM) 1*256kB (H) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11616kB [ 1452.740848][ T2018] 7048 total pagecache pages [ 1452.745552][ T2018] 0 pages in swap cache [ 1452.750749][ T2018] Swap cache stats: add 0, delete 0, find 0/0 [ 1452.756839][ T2018] Free swap = 0kB [ 1452.760595][ T2018] Total swap = 0kB [ 1452.764355][ T2018] 1965979 pages RAM [ 1452.768934][ T2018] 0 pages HighMem/MovableOnly [ 1452.773627][ T2018] 318832 pages reserved [ 1452.778387][ T2018] 0 pages cma reserved [ 1452.782457][ T2018] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=14078,uid=0 [ 1452.796885][ T2018] Out of memory: Killed process 14078 (syz-executor.1) total-vm:75092kB, anon-rss:15668kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 1452.824274][ T23] oom_reaper: reaped process 14078 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:10:21 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:21 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:21 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) 03:10:21 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) r0 = getpid() r1 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r3 = syz_open_procfs(r0, &(0x7f0000000040)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x2, 0x60400) ioctl$LOOP_GET_STATUS64(r5, 0x4c05, &(0x7f0000000200)) setsockopt$inet6_tcp_int(r4, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r4}], 0x1, 0x0) ioctl$FIGETBSZ(r4, 0x2, &(0x7f0000000000)) 03:10:21 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:22 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:23 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:23 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:23 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 03:10:23 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1455.923225][ T426] syz-executor.4 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=0 [ 1455.950875][ T426] CPU: 0 PID: 426 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1455.960841][ T426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1455.970869][ T426] Call Trace: [ 1455.974133][ T426] dump_stack+0x14a/0x1ce [ 1455.978435][ T426] ? devkmsg_release+0x11c/0x11c [ 1455.983343][ T426] ? show_regs_print_info+0x12/0x12 [ 1455.988608][ T426] ? radix_tree_cpu_dead+0x160/0x160 [ 1455.993871][ T426] ? _raw_spin_lock+0xa1/0x170 [ 1455.998611][ T426] ? _raw_spin_trylock_bh+0x190/0x190 [ 1456.003953][ T426] dump_header+0xdb/0x700 [ 1456.008264][ T426] oom_kill_process+0xd3/0x280 [ 1456.013010][ T426] out_of_memory+0x5b6/0x890 [ 1456.017570][ T426] ? unregister_oom_notifier+0x20/0x20 [ 1456.023012][ T426] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1456.028530][ T426] ? get_page_from_freelist+0x7c0/0x7c0 [ 1456.034043][ T426] ? __zone_watermark_ok+0x96/0x260 [ 1456.039212][ T426] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1456.044565][ T426] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1456.050095][ T426] ? __schedule+0x920/0xef0 [ 1456.054569][ T426] ? is_mmconf_reserved+0x410/0x410 [ 1456.059750][ T426] alloc_slab_page+0x3a/0x3a0 [ 1456.064399][ T426] new_slab+0x3ef/0x430 [ 1456.068532][ T426] ? should_fail+0x18e/0x860 [ 1456.073088][ T426] ? getname_flags+0xb8/0x610 [ 1456.077740][ T426] ___slab_alloc+0x2e0/0x450 [ 1456.082309][ T426] ? retint_kernel+0x1b/0x1b [ 1456.086870][ T426] ? getname_flags+0xb8/0x610 [ 1456.091518][ T426] ? getname_flags+0xb8/0x610 [ 1456.096168][ T426] kmem_cache_alloc+0x23c/0x260 [ 1456.100988][ T426] ? security_capable+0x75/0xd0 [ 1456.105820][ T426] getname_flags+0xb8/0x610 [ 1456.110296][ T426] user_path_mountpoint_at+0x22/0x40 [ 1456.115565][ T426] ksys_umount+0x167/0xff0 [ 1456.119954][ T426] ? namespace_unlock+0x4e0/0x4e0 [ 1456.124949][ T426] ? __fpregs_load_activate+0x2d3/0x390 [ 1456.130465][ T426] ? switch_fpu_return+0x10/0x10 [ 1456.135373][ T426] __x64_sys_umount+0x56/0x60 [ 1456.140019][ T426] do_syscall_64+0xcb/0x150 [ 1456.144490][ T426] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1456.150347][ T426] RIP: 0033:0x45f277 [ 1456.154208][ T426] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 2f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1456.173776][ T426] RSP: 002b:00007ffc8fd1b878 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1456.182153][ T426] RAX: ffffffffffffffda RBX: 00000000001636ea RCX: 000000000045f277 [ 1456.190096][ T426] RDX: 000000000000000c RSI: 0000000000000002 RDI: 00007ffc8fd1c9b0 [ 1456.198039][ T426] RBP: 0000000000001611 R08: 0000000000000001 R09: 0000000001d4e940 [ 1456.205995][ T426] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc8fd1c9b0 [ 1456.213952][ T426] R13: 00007ffc8fd1c9a0 R14: 0000000000000000 R15: 00007ffc8fd1c9b0 [ 1456.223170][ T426] Mem-Info: [ 1456.232309][ T426] active_anon:1434623 inactive_anon:6739 isolated_anon:0 [ 1456.232309][ T426] active_file:568 inactive_file:668 isolated_file:84 [ 1456.232309][ T426] unevictable:0 dirty:18 writeback:0 unstable:0 [ 1456.232309][ T426] slab_reclaimable:7617 slab_unreclaimable:72150 [ 1456.232309][ T426] mapped:56778 shmem:6812 pagetables:30758 bounce:0 [ 1456.232309][ T426] free:11957 free_pcp:0 free_cma:0 [ 1456.270411][ T426] Node 0 active_anon:5738492kB inactive_anon:26956kB active_file:2272kB inactive_file:2672kB unevictable:0kB isolated(anon):0kB isolated(file):336kB mapped:227112kB dirty:72kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1456.294960][ T426] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1456.323276][ T426] lowmem_reserve[]: 0 2912 6416 6416 [ 1456.329034][ T426] DMA32 free:19100kB min:4644kB low:7624kB high:10604kB active_anon:2822648kB inactive_anon:8204kB active_file:304kB inactive_file:328kB unevictable:0kB writepending:4kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7328kB pagetables:23028kB bounce:0kB free_pcp:48kB local_pcp:0kB free_cma:0kB [ 1456.385687][ T426] lowmem_reserve[]: 0 0 3504 3504 [ 1456.402744][ T426] Normal free:11912kB min:9688kB low:13276kB high:16864kB active_anon:2915440kB inactive_anon:18752kB active_file:2008kB inactive_file:2332kB unevictable:0kB writepending:24kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30368kB pagetables:100132kB bounce:0kB free_pcp:1400kB local_pcp:616kB free_cma:0kB [ 1456.457219][ T426] lowmem_reserve[]: 0 0 0 0 [ 1456.462385][ T426] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1456.475742][ T426] DMA32: 323*4kB (UMEH) 199*8kB (UMEH) 114*16kB (UMEH) 85*32kB (UMEH) 59*64kB (UMEH) 38*128kB (UMEH) 16*256kB (UM) 7*512kB (UM) 0*1024kB 1*2048kB (E) 0*4096kB = 25796kB [ 1456.492574][ T426] Normal: 623*4kB (MH) 350*8kB (UMH) 200*16kB (UMH) 71*32kB (UMH) 25*64kB (UMH) 44*128kB (UMH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 17996kB [ 1456.507878][ T426] 7569 total pagecache pages [ 1456.512451][ T426] 0 pages in swap cache [ 1456.516657][ T426] Swap cache stats: add 0, delete 0, find 0/0 [ 1456.522768][ T426] Free swap = 0kB [ 1456.526477][ T426] Total swap = 0kB [ 1456.530283][ T426] 1965979 pages RAM [ 1456.534195][ T426] 0 pages HighMem/MovableOnly [ 1456.539179][ T426] 318832 pages reserved [ 1456.543349][ T426] 0 pages cma reserved [ 1456.547477][ T426] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=2062,uid=0 03:10:26 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, 0x0) preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:27 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:27 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:29 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:32 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:33 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) 03:10:33 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:33 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:34 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1467.285848][ T385] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1467.296679][ T385] CPU: 1 PID: 385 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1467.306288][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1467.316318][ T385] Call Trace: [ 1467.319597][ T385] dump_stack+0x14a/0x1ce [ 1467.323903][ T385] ? devkmsg_release+0x11c/0x11c [ 1467.328805][ T385] ? show_regs_print_info+0x12/0x12 [ 1467.333976][ T385] ? radix_tree_cpu_dead+0x160/0x160 [ 1467.339235][ T385] ? _raw_spin_lock+0xa1/0x170 [ 1467.343968][ T385] ? _raw_spin_trylock_bh+0x190/0x190 [ 1467.349313][ T385] dump_header+0xdb/0x700 [ 1467.353624][ T385] oom_kill_process+0xd3/0x280 [ 1467.358359][ T385] out_of_memory+0x5b6/0x890 [ 1467.362917][ T385] ? unregister_oom_notifier+0x20/0x20 [ 1467.368345][ T385] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1467.373873][ T385] ? get_page_from_freelist+0x7c0/0x7c0 [ 1467.379388][ T385] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1467.384725][ T385] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1467.390239][ T385] pagecache_get_page+0x50f/0x880 [ 1467.395234][ T385] filemap_fault+0x1474/0x19d0 [ 1467.399964][ T385] ? generic_file_read_iter+0x20b0/0x20b0 [ 1467.405664][ T385] ? ___preempt_schedule+0x16/0x20 [ 1467.410745][ T385] ext4_filemap_fault+0x7b/0x90 [ 1467.415570][ T385] handle_mm_fault+0x2846/0x40b0 [ 1467.420476][ T385] ? finish_fault+0x230/0x230 [ 1467.425119][ T385] ? vmacache_find+0x205/0x4b0 [ 1467.429851][ T385] do_user_addr_fault+0x48a/0x9f0 [ 1467.434849][ T385] page_fault+0x2f/0x40 [ 1467.438974][ T385] RIP: 0033:0x458c53 [ 1467.442838][ T385] Code: 0f 6f d9 66 0f ef 0d 9c 3f a9 01 66 0f ef 15 a4 3f a9 01 66 0f ef 1d ac 3f a9 01 66 0f 38 dc c9 66 0f 38 dc d2 66 0f 38 dc db 0f 6f 20 f3 0f 6f 68 10 f3 0f 6f 74 08 e0 f3 0f 6f 7c 08 f0 66 [ 1467.462419][ T385] RSP: 002b:000000c431904988 EFLAGS: 00010287 [ 1467.468462][ T385] RAX: 000000000093dbae RBX: 0000000000458b10 RCX: 0000000000000039 [ 1467.476406][ T385] RDX: 000000c4319049a0 RSI: 0000000000000002 RDI: 000000c420001cb0 [ 1467.484348][ T385] RBP: 000000c4319049f0 R08: 000000c420000180 R09: 0000000000000012 [ 1467.492298][ T385] R10: 0000000000000113 R11: 000000000000011e R12: 0000000000000000 [ 1467.500240][ T385] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 1467.511364][ T385] Mem-Info: [ 1467.515147][ T385] active_anon:1436043 inactive_anon:6739 isolated_anon:0 [ 1467.515147][ T385] active_file:715 inactive_file:711 isolated_file:59 [ 1467.515147][ T385] unevictable:0 dirty:10 writeback:0 unstable:0 [ 1467.515147][ T385] slab_reclaimable:7661 slab_unreclaimable:72015 [ 1467.515147][ T385] mapped:56926 shmem:6812 pagetables:30813 bounce:0 [ 1467.515147][ T385] free:10564 free_pcp:103 free_cma:0 [ 1467.555812][ T385] Node 0 active_anon:5744172kB inactive_anon:26956kB active_file:2492kB inactive_file:2484kB unevictable:0kB isolated(anon):0kB isolated(file):236kB mapped:227204kB dirty:40kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1467.581417][ T385] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1467.639378][ T385] lowmem_reserve[]: 0 2912 6416 6416 [ 1467.646768][ T385] DMA32 free:22404kB min:4644kB low:7624kB high:10604kB active_anon:2821332kB inactive_anon:8204kB active_file:1124kB inactive_file:928kB unevictable:0kB writepending:28kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7456kB pagetables:23252kB bounce:0kB free_pcp:740kB local_pcp:508kB free_cma:0kB [ 1467.676566][ T385] lowmem_reserve[]: 0 0 3504 3504 [ 1467.682063][ T385] Normal free:5420kB min:5592kB low:9180kB high:12768kB active_anon:2922840kB inactive_anon:18752kB active_file:952kB inactive_file:360kB unevictable:0kB writepending:12kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30304kB pagetables:100000kB bounce:0kB free_pcp:1124kB local_pcp:464kB free_cma:0kB [ 1467.712132][ T385] lowmem_reserve[]: 0 0 0 0 [ 1467.716849][ T385] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1467.730547][ T385] DMA32: 195*4kB (UMH) 308*8kB (UMH) 110*16kB (UMH) 58*32kB (UMH) 33*64kB (UMH) 33*128kB (UMH) 16*256kB (U) 6*512kB (U) 0*1024kB 1*2048kB (M) 0*4096kB = 22412kB [ 1467.759324][ T385] Normal: 382*4kB (UMH) 42*8kB (UMH) 17*16kB (UMEH) 8*32kB (UMEH) 5*64kB (UMEH) 23*128kB (UMH) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5656kB [ 1467.774651][ T385] 7355 total pagecache pages [ 1467.779624][ T385] 0 pages in swap cache [ 1467.784148][ T385] Swap cache stats: add 0, delete 0, find 0/0 [ 1467.790636][ T385] Free swap = 0kB [ 1467.794463][ T385] Total swap = 0kB [ 1467.798376][ T385] 1965979 pages RAM [ 1467.806215][ T385] 0 pages HighMem/MovableOnly [ 1467.811647][ T385] 318832 pages reserved [ 1467.816378][ T385] 0 pages cma reserved [ 1467.821287][ T385] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=16295,uid=0 [ 1467.836442][ T385] Out of memory: Killed process 16295 (syz-executor.0) total-vm:75092kB, anon-rss:15588kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:160kB oom_score_adj:1000 [ 1467.857774][ T23] oom_reaper: reaped process 16295 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:10:36 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:36 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x0, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:36 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) [ 1468.918984][ T391] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1468.929817][ T391] CPU: 0 PID: 391 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1468.939459][ T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1468.949487][ T391] Call Trace: [ 1468.952752][ T391] dump_stack+0x14a/0x1ce [ 1468.957060][ T391] ? devkmsg_release+0x11c/0x11c [ 1468.961980][ T391] ? show_regs_print_info+0x12/0x12 [ 1468.967251][ T391] ? radix_tree_cpu_dead+0x160/0x160 [ 1468.972503][ T391] ? _raw_spin_lock+0xa1/0x170 [ 1468.977237][ T391] ? _raw_spin_trylock_bh+0x190/0x190 [ 1468.982579][ T391] dump_header+0xdb/0x700 [ 1468.986878][ T391] oom_kill_process+0xd3/0x280 [ 1468.991613][ T391] out_of_memory+0x5b6/0x890 [ 1468.996176][ T391] ? unregister_oom_notifier+0x20/0x20 [ 1469.001612][ T391] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1469.007129][ T391] ? get_page_from_freelist+0x7c0/0x7c0 [ 1469.012645][ T391] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1469.018003][ T391] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1469.023522][ T391] pagecache_get_page+0x50f/0x880 [ 1469.028516][ T391] filemap_fault+0x1474/0x19d0 [ 1469.033249][ T391] ? generic_file_read_iter+0x20b0/0x20b0 [ 1469.038936][ T391] ? ___preempt_schedule+0x16/0x20 [ 1469.044106][ T391] ext4_filemap_fault+0x7b/0x90 [ 1469.048923][ T391] handle_mm_fault+0x2846/0x40b0 [ 1469.053847][ T391] ? finish_fault+0x230/0x230 [ 1469.058496][ T391] ? vmacache_find+0x3a2/0x4b0 [ 1469.063227][ T391] do_user_addr_fault+0x48a/0x9f0 [ 1469.068220][ T391] page_fault+0x2f/0x40 [ 1469.072349][ T391] RIP: 0033:0x730175 [ 1469.076224][ T391] Code: cc cc cc cc cc 48 8b 44 24 08 84 00 48 89 44 24 08 c6 44 24 10 00 e9 6a 3e ff ff cc cc cc cc cc cc cc cc cc cc 48 8b 44 24 08 <84> 00 48 89 44 24 08 48 c7 44 24 10 00 00 00 00 e9 56 3e ff ff cc [ 1469.095914][ T391] RSP: 002b:000000c443922870 EFLAGS: 00010216 [ 1469.101954][ T391] RAX: 000000000167bb40 RBX: 0000000000000013 RCX: 0000000000730170 [ 1469.109901][ T391] RDX: 000000003c84c8af RSI: 0000000000000000 RDI: 000000c43069c620 [ 1469.117848][ T391] RBP: 000000c443922888 R08: 0000000000000000 R09: 0000000000000000 [ 1469.125806][ T391] R10: 00000000009f0182 R11: 0000000000000004 R12: 0000000000000000 [ 1469.133747][ T391] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 1469.153313][ T391] Mem-Info: [ 1469.161871][ T391] active_anon:1435046 inactive_anon:6739 isolated_anon:0 [ 1469.161871][ T391] active_file:227 inactive_file:232 isolated_file:0 [ 1469.161871][ T391] unevictable:0 dirty:21 writeback:0 unstable:0 [ 1469.161871][ T391] slab_reclaimable:7688 slab_unreclaimable:71961 [ 1469.161871][ T391] mapped:56087 shmem:6812 pagetables:30780 bounce:0 [ 1469.161871][ T391] free:12162 free_pcp:116 free_cma:0 [ 1469.200260][ T391] Node 0 active_anon:5740184kB inactive_anon:26956kB active_file:744kB inactive_file:1028kB unevictable:0kB isolated(anon):0kB isolated(file):108kB mapped:224248kB dirty:84kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1469.225111][ T391] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1469.251617][ T391] lowmem_reserve[]: 0 2912 6416 6416 [ 1469.257474][ T391] DMA32 free:21428kB min:8740kB low:11720kB high:14700kB active_anon:2824504kB inactive_anon:8208kB active_file:520kB inactive_file:308kB unevictable:0kB writepending:24kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7360kB pagetables:23116kB bounce:0kB free_pcp:240kB local_pcp:56kB free_cma:0kB [ 1469.290519][ T391] lowmem_reserve[]: 0 0 3504 3504 [ 1469.296250][ T391] Normal free:10604kB min:9688kB low:13276kB high:16864kB active_anon:2914804kB inactive_anon:18748kB active_file:708kB inactive_file:1716kB unevictable:0kB writepending:60kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30432kB pagetables:100004kB bounce:0kB free_pcp:900kB local_pcp:360kB free_cma:0kB [ 1469.326729][ T391] lowmem_reserve[]: 0 0 0 0 [ 1469.331697][ T391] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1469.345461][ T391] DMA32: 326*4kB (UMEH) 199*8kB (UMEH) 103*16kB (UMEH) 66*32kB (UMEH) 30*64kB (UMEH) 34*128kB (UMEH) 18*256kB (UME) 7*512kB (UE) 1*1024kB (E) 0*2048kB 0*4096kB = 22144kB [ 1469.380045][ T391] Normal: 4*4kB (MH) 3*8kB (MEH) 4*16kB (UH) 5*32kB (MEH) 3*64kB (MEH) 38*128kB (MEH) 9*256kB (M) 1*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 9160kB [ 1469.395734][ T391] 8015 total pagecache pages [ 1469.400441][ T391] 0 pages in swap cache [ 1469.441850][ T391] Swap cache stats: add 0, delete 0, find 0/0 [ 1469.461203][ T391] Free swap = 0kB [ 1469.465061][ T391] Total swap = 0kB [ 1469.468855][ T391] 1965979 pages RAM [ 1469.472951][ T391] 0 pages HighMem/MovableOnly [ 1469.477748][ T391] 318832 pages reserved [ 1469.482416][ T391] 0 pages cma reserved [ 1469.486937][ T391] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=2119,uid=0 03:10:39 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:39 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:39 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) 03:10:40 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 03:10:40 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1473.105510][ T391] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1473.117091][ T391] CPU: 1 PID: 391 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1473.126705][ T391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1473.136727][ T391] Call Trace: [ 1473.139989][ T391] dump_stack+0x14a/0x1ce [ 1473.144288][ T391] ? devkmsg_release+0x11c/0x11c [ 1473.149196][ T391] ? show_regs_print_info+0x12/0x12 [ 1473.154358][ T391] ? radix_tree_cpu_dead+0x160/0x160 [ 1473.159608][ T391] ? _raw_spin_lock+0xa1/0x170 [ 1473.164356][ T391] ? _raw_spin_trylock_bh+0x190/0x190 [ 1473.169699][ T391] dump_header+0xdb/0x700 [ 1473.174000][ T391] oom_kill_process+0xd3/0x280 [ 1473.178731][ T391] out_of_memory+0x5b6/0x890 [ 1473.183290][ T391] ? unregister_oom_notifier+0x20/0x20 [ 1473.188733][ T391] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1473.194250][ T391] ? get_page_from_freelist+0x7c0/0x7c0 [ 1473.199763][ T391] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1473.205116][ T391] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1473.210631][ T391] pagecache_get_page+0x50f/0x880 [ 1473.215625][ T391] filemap_fault+0x1474/0x19d0 [ 1473.220368][ T391] ? generic_file_read_iter+0x20b0/0x20b0 [ 1473.226057][ T391] ? mm_trace_rss_stat+0x41/0x1a0 [ 1473.231052][ T391] ext4_filemap_fault+0x7b/0x90 [ 1473.235876][ T391] handle_mm_fault+0x2846/0x40b0 [ 1473.240792][ T391] ? finish_fault+0x230/0x230 [ 1473.245440][ T391] ? vmacache_find+0x205/0x4b0 [ 1473.250185][ T391] do_user_addr_fault+0x48a/0x9f0 [ 1473.255272][ T391] page_fault+0x2f/0x40 [ 1473.259397][ T391] RIP: 0033:0x40fe6d [ 1473.263261][ T391] Code: 04 25 f8 ff ff ff 48 8b 40 30 48 8b b4 24 a0 00 00 00 48 8b 80 60 01 00 00 48 8b bc 24 a8 00 00 00 48 85 ff 0f 84 8f 07 00 00 <44> 0f b6 47 17 41 f6 c0 80 41 0f 95 c0 48 89 54 24 50 48 89 74 24 [ 1473.282834][ T391] RSP: 002b:000000c443926958 EFLAGS: 00010202 [ 1473.288869][ T391] RAX: 00007f384220e6c8 RBX: 0000000000000000 RCX: 000000c420001e00 [ 1473.296817][ T391] RDX: 000000c420041400 RSI: 0000000000000038 RDI: 000000000084f9e0 [ 1473.304764][ T391] RBP: 000000c4439269e8 R08: 000000c420001c80 R09: 0000000000000000 [ 1473.312707][ T391] R10: 00000000009f0182 R11: 0000000000000004 R12: 0000000000000000 [ 1473.320647][ T391] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 1473.332124][ T391] Mem-Info: [ 1473.335817][ T391] active_anon:1436431 inactive_anon:6739 isolated_anon:0 [ 1473.335817][ T391] active_file:97 inactive_file:343 isolated_file:55 [ 1473.335817][ T391] unevictable:0 dirty:1 writeback:0 unstable:0 [ 1473.335817][ T391] slab_reclaimable:7727 slab_unreclaimable:71803 [ 1473.335817][ T391] mapped:55937 shmem:6812 pagetables:30859 bounce:0 [ 1473.335817][ T391] free:10994 free_pcp:266 free_cma:0 [ 1473.374240][ T391] Node 0 active_anon:5745784kB inactive_anon:26956kB active_file:408kB inactive_file:1780kB unevictable:0kB isolated(anon):0kB isolated(file):168kB mapped:223928kB dirty:0kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1473.402438][ T391] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1473.433313][ T391] lowmem_reserve[]: 0 2912 6416 6416 [ 1473.454545][ T391] DMA32 free:19292kB min:8740kB low:11720kB high:14700kB active_anon:2826856kB inactive_anon:8208kB active_file:1084kB inactive_file:604kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7488kB pagetables:23168kB bounce:0kB free_pcp:508kB local_pcp:160kB free_cma:0kB [ 1473.484607][ T391] lowmem_reserve[]: 0 0 3504 3504 [ 1473.491179][ T391] Normal free:6580kB min:5592kB low:9180kB high:12768kB active_anon:2918996kB inactive_anon:18748kB active_file:348kB inactive_file:664kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30368kB pagetables:100164kB bounce:0kB free_pcp:1516kB local_pcp:260kB free_cma:0kB [ 1473.534449][ T391] lowmem_reserve[]: 0 0 0 0 [ 1473.543270][ T391] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1473.560130][ T391] DMA32: 516*4kB (UMH) 411*8kB (UMEH) 201*16kB (UMEH) 83*32kB (UMEH) 49*64kB (UMEH) 38*128kB (UMEH) 18*256kB (UM) 4*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 25880kB [ 1473.583044][ T391] Normal: 272*4kB (MEH) 59*8kB (UMEH) 32*16kB (UMH) 32*32kB (UMEH) 15*64kB (UMEH) 23*128kB (UMH) 9*256kB (ME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 9816kB [ 1473.599741][ T391] 7180 total pagecache pages [ 1473.604847][ T391] 0 pages in swap cache [ 1473.609278][ T391] Swap cache stats: add 0, delete 0, find 0/0 [ 1473.615809][ T391] Free swap = 0kB [ 1473.620042][ T391] Total swap = 0kB [ 1473.624134][ T391] 1965979 pages RAM [ 1473.629617][ T391] 0 pages HighMem/MovableOnly [ 1473.634917][ T391] 318832 pages reserved [ 1473.639342][ T391] 0 pages cma reserved [ 1473.643906][ T391] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=2144,uid=0 03:10:43 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:43 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 03:10:43 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1475.852005][ T1522] kworker/u4:2 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 1475.863775][ T1522] CPU: 1 PID: 1522 Comm: kworker/u4:2 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1475.873651][ T1522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1475.883683][ T1522] Workqueue: events_unbound call_usermodehelper_exec_work [ 1475.890759][ T1522] Call Trace: [ 1475.894020][ T1522] dump_stack+0x14a/0x1ce [ 1475.898319][ T1522] ? devkmsg_release+0x11c/0x11c [ 1475.903224][ T1522] ? show_regs_print_info+0x12/0x12 [ 1475.908402][ T1522] ? radix_tree_cpu_dead+0x160/0x160 [ 1475.913653][ T1522] ? _raw_spin_lock+0xa1/0x170 [ 1475.918391][ T1522] ? _raw_spin_trylock_bh+0x190/0x190 [ 1475.923737][ T1522] dump_header+0xdb/0x700 [ 1475.928041][ T1522] oom_kill_process+0xd3/0x280 [ 1475.932795][ T1522] out_of_memory+0x5b6/0x890 [ 1475.937352][ T1522] ? unregister_oom_notifier+0x20/0x20 [ 1475.942783][ T1522] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1475.948298][ T1522] ? get_page_from_freelist+0x7c0/0x7c0 [ 1475.953821][ T1522] ? __schedule+0x920/0xef0 [ 1475.958310][ T1522] ? __zone_watermark_ok+0x96/0x260 [ 1475.963482][ T1522] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1475.968838][ T1522] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1475.974354][ T1522] ? copy_process+0x5d2/0x5150 [ 1475.979088][ T1522] copy_process+0x5f3/0x5150 [ 1475.983652][ T1522] ? find_next_bit+0xd8/0x120 [ 1475.988300][ T1522] ? cpumask_next+0xc/0x20 [ 1475.992733][ T1522] ? wb_do_writeback+0xa1a/0xb50 [ 1475.997642][ T1522] ? fork_idle+0x290/0x290 [ 1476.002036][ T1522] ? wb_workfn+0x850/0x850 [ 1476.006419][ T1522] ? ptr_to_hashval+0x60/0x60 [ 1476.011065][ T1522] _do_fork+0x196/0x920 [ 1476.015192][ T1522] ? update_misfit_status+0x5e0/0x5e0 [ 1476.020534][ T1522] ? set_worker_desc+0x1b3/0x1f0 [ 1476.025439][ T1522] ? dup_mm+0x300/0x300 [ 1476.029563][ T1522] ? _raw_spin_lock_irq+0xa2/0x180 [ 1476.034643][ T1522] kernel_thread+0x162/0x1d0 [ 1476.039204][ T1522] ? proc_cap_handler+0x580/0x580 [ 1476.044195][ T1522] ? legacy_clone_args_valid+0x50/0x50 [ 1476.049628][ T1522] ? kernel_sigaction+0x11b/0x200 [ 1476.054620][ T1522] ? proc_cap_handler+0x580/0x580 [ 1476.059612][ T1522] ? _raw_spin_unlock_irq+0x5/0x20 [ 1476.064690][ T1522] ? finish_task_switch+0x235/0x4c0 [ 1476.069868][ T1522] call_usermodehelper_exec_work+0xe0/0x350 [ 1476.075823][ T1522] ? call_usermodehelper_setup+0x210/0x210 [ 1476.081636][ T1522] ? read_word_at_a_time+0xe/0x20 [ 1476.086663][ T1522] ? strscpy+0xa6/0x260 [ 1476.090790][ T1522] process_one_work+0x777/0xf90 [ 1476.095613][ T1522] worker_thread+0xa8f/0x1430 [ 1476.100260][ T1522] kthread+0x2df/0x300 [ 1476.104297][ T1522] ? process_one_work+0xf90/0xf90 [ 1476.109298][ T1522] ? kthread_destroy_worker+0x280/0x280 [ 1476.114821][ T1522] ret_from_fork+0x1f/0x30 [ 1476.119850][ T1522] Mem-Info: [ 1476.125782][ T1522] active_anon:1437776 inactive_anon:6739 isolated_anon:0 [ 1476.125782][ T1522] active_file:130 inactive_file:132 isolated_file:32 [ 1476.125782][ T1522] unevictable:0 dirty:1 writeback:9 unstable:0 [ 1476.125782][ T1522] slab_reclaimable:7747 slab_unreclaimable:71817 [ 1476.125782][ T1522] mapped:55854 shmem:6812 pagetables:30848 bounce:0 [ 1476.125782][ T1522] free:9784 free_pcp:256 free_cma:0 [ 1476.163683][ T1522] Node 0 active_anon:5751128kB inactive_anon:26956kB active_file:36kB inactive_file:308kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:222936kB dirty:0kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1476.188995][ T1522] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1476.214956][ T1522] lowmem_reserve[]: 0 2912 6416 6416 [ 1476.220261][ T1522] DMA32 free:18784kB min:4644kB low:7624kB high:10604kB active_anon:2828996kB inactive_anon:8208kB active_file:0kB inactive_file:428kB unevictable:0kB writepending:0kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7552kB pagetables:23240kB bounce:0kB free_pcp:1032kB local_pcp:1032kB free_cma:0kB [ 1476.250116][ T1522] lowmem_reserve[]: 0 0 3504 3504 [ 1476.257843][ T1522] Normal free:5012kB min:5592kB low:9180kB high:12768kB active_anon:2922132kB inactive_anon:18748kB active_file:44kB inactive_file:0kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30272kB pagetables:100068kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1476.287371][ T1522] lowmem_reserve[]: 0 0 0 0 [ 1476.301433][ T1522] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1476.315187][ T1522] DMA32: 418*4kB (UMH) 409*8kB (UMEH) 198*16kB (UMEH) 100*32kB (UMEH) 71*64kB (UMEH) 41*128kB (UMEH) 20*256kB (UM) 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 27248kB [ 1476.332701][ T1522] Normal: 173*4kB (UMH) 105*8kB (UMH) 43*16kB (UME) 39*32kB (MEH) 28*64kB (UMEH) 20*128kB (UMEH) 9*256kB (ME) 1*512kB (E) 0*1024kB 0*2048kB 0*4096kB = 10636kB [ 1476.349270][ T1522] 7103 total pagecache pages [ 1476.354599][ T1522] 0 pages in swap cache [ 1476.359167][ T1522] Swap cache stats: add 0, delete 0, find 0/0 [ 1476.365584][ T1522] Free swap = 0kB [ 1476.369622][ T1522] Total swap = 0kB [ 1476.379761][ T1522] 1965979 pages RAM [ 1476.384092][ T1522] 0 pages HighMem/MovableOnly [ 1476.389861][ T1522] 318832 pages reserved [ 1476.394721][ T1522] 0 pages cma reserved [ 1476.399535][ T1522] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=2161,uid=0 03:10:46 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 03:10:46 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:46 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1479.686411][ T426] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 [ 1479.736848][ T426] CPU: 0 PID: 426 Comm: syz-executor.4 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1479.746823][ T426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1479.756850][ T426] Call Trace: [ 1479.760126][ T426] dump_stack+0x14a/0x1ce [ 1479.764444][ T426] ? devkmsg_release+0x11c/0x11c [ 1479.769367][ T426] ? show_regs_print_info+0x12/0x12 [ 1479.774543][ T426] ? radix_tree_cpu_dead+0x160/0x160 [ 1479.779805][ T426] ? _raw_spin_lock+0xa1/0x170 [ 1479.784542][ T426] ? _raw_spin_trylock_bh+0x190/0x190 [ 1479.789887][ T426] dump_header+0xdb/0x700 [ 1479.794192][ T426] oom_kill_process+0xd3/0x280 [ 1479.798926][ T426] out_of_memory+0x5b6/0x890 [ 1479.803489][ T426] ? unregister_oom_notifier+0x20/0x20 [ 1479.808920][ T426] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1479.814442][ T426] ? get_page_from_freelist+0x7c0/0x7c0 [ 1479.819957][ T426] ? __zone_watermark_ok+0x96/0x260 [ 1479.825137][ T426] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1479.830482][ T426] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1479.835998][ T426] ? copy_process+0x5a4/0x5150 [ 1479.840731][ T426] ? kmem_cache_alloc+0x1d2/0x260 [ 1479.845738][ T426] copy_process+0x5f3/0x5150 [ 1479.850309][ T426] ? preempt_schedule+0x110/0x130 [ 1479.855301][ T426] ? filemap_fault+0x19d0/0x19d0 [ 1479.860202][ T426] ? fork_idle+0x290/0x290 [ 1479.864598][ T426] ? ___preempt_schedule+0x16/0x20 [ 1479.869699][ T426] ? _raw_spin_unlock+0x16/0x20 [ 1479.874522][ T426] ? handle_mm_fault+0xb1e/0x40b0 [ 1479.879642][ T426] _do_fork+0x196/0x920 [ 1479.883781][ T426] ? dup_mm+0x300/0x300 [ 1479.887924][ T426] ? ktime_get_raw+0x130/0x130 [ 1479.892660][ T426] __x64_sys_clone+0x25f/0x2c0 [ 1479.897395][ T426] ? __ia32_sys_vfork+0x110/0x110 [ 1479.902387][ T426] ? __x64_sys_clock_gettime+0x20d/0x260 [ 1479.907989][ T426] ? do_user_addr_fault+0x55c/0x9f0 [ 1479.913154][ T426] do_syscall_64+0xcb/0x150 [ 1479.917625][ T426] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1479.923485][ T426] RIP: 0033:0x45ae1a [ 1479.927346][ T426] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 1479.947040][ T426] RSP: 002b:00007ffc8fd1c920 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1479.955432][ T426] RAX: ffffffffffffffda RBX: 00007ffc8fd1c920 RCX: 000000000045ae1a [ 1479.963372][ T426] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 1479.971404][ T426] RBP: 00007ffc8fd1c960 R08: 0000000000000001 R09: 0000000001d4e940 [ 1479.979346][ T426] R10: 0000000001d4ec10 R11: 0000000000000246 R12: 0000000000000001 [ 1479.987291][ T426] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc8fd1c9b0 [ 1480.002961][ T426] Mem-Info: [ 1480.006137][ T426] active_anon:1437688 inactive_anon:6739 isolated_anon:0 [ 1480.006137][ T426] active_file:41 inactive_file:60 isolated_file:0 [ 1480.006137][ T426] unevictable:0 dirty:9 writeback:0 unstable:0 [ 1480.006137][ T426] slab_reclaimable:7785 slab_unreclaimable:71997 [ 1480.006137][ T426] mapped:55825 shmem:6812 pagetables:30818 bounce:0 [ 1480.006137][ T426] free:10046 free_pcp:156 free_cma:0 [ 1480.043588][ T426] Node 0 active_anon:5750752kB inactive_anon:26956kB active_file:164kB inactive_file:540kB unevictable:0kB isolated(anon):0kB isolated(file):108kB mapped:223400kB dirty:36kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1480.067876][ T426] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1480.094383][ T426] lowmem_reserve[]: 0 2912 6416 6416 [ 1480.100036][ T426] DMA32 free:18032kB min:4644kB low:7624kB high:10604kB active_anon:2829744kB inactive_anon:8208kB active_file:0kB inactive_file:796kB unevictable:0kB writepending:20kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7456kB pagetables:23220kB bounce:0kB free_pcp:1372kB local_pcp:252kB free_cma:0kB [ 1480.129563][ T426] lowmem_reserve[]: 0 0 3504 3504 [ 1480.134775][ T426] Normal free:5624kB min:5592kB low:9180kB high:12768kB active_anon:2920792kB inactive_anon:18748kB active_file:40kB inactive_file:256kB unevictable:0kB writepending:0kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30336kB pagetables:100052kB bounce:0kB free_pcp:432kB local_pcp:12kB free_cma:0kB [ 1480.164046][ T426] lowmem_reserve[]: 0 0 0 0 [ 1480.168542][ T426] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1480.181830][ T426] DMA32: 32*4kB (MEH) 202*8kB (UMEH) 66*16kB (UMEH) 48*32kB (UMEH) 57*64kB (UMH) 33*128kB (UMH) 18*256kB (U) 2*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 17840kB [ 1480.197780][ T426] Normal: 38*4kB (MH) 83*8kB (UMH) 23*16kB (UMH) 10*32kB (UM) 2*64kB (U) 8*128kB (UMH) 9*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 5472kB [ 1480.213006][ T426] 6913 total pagecache pages [ 1480.220013][ T426] 0 pages in swap cache [ 1480.224200][ T426] Swap cache stats: add 0, delete 0, find 0/0 [ 1480.230248][ T426] Free swap = 0kB [ 1480.233951][ T426] Total swap = 0kB [ 1480.237640][ T426] 1965979 pages RAM [ 1480.241450][ T426] 0 pages HighMem/MovableOnly [ 1480.246110][ T426] 318832 pages reserved [ 1480.250234][ T426] 0 pages cma reserved [ 1480.254485][ T426] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.4,pid=28039,uid=0 [ 1480.268586][ T426] Out of memory: Killed process 28039 (syz-executor.4) total-vm:75092kB, anon-rss:15476kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 1480.292958][ T23] oom_reaper: reaped process 28039 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:10:48 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:10:48 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') getsockopt$inet_mreqn(r0, 0x0, 0x20, &(0x7f0000000000)={@empty, @local}, &(0x7f0000000040)=0xc) getpid() r1 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f00000019c0)=[{&(0x7f0000000480)=""/230, 0xe6}, {&(0x7f0000000200)=""/100, 0x64}, {&(0x7f0000000580)=""/171, 0xab}, {&(0x7f0000000640)=""/127, 0x7f}, {&(0x7f0000000900)=""/4096, 0x1000}, {&(0x7f00000006c0)=""/232, 0xe8}, {&(0x7f00000007c0)=""/119, 0x77}, {&(0x7f0000001900)=""/138, 0x8a}, {&(0x7f0000001c80)=""/4096, 0x1000}], 0x9, 0x92e) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x1c, r5, 0xb0343aabd1184b87, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x400c08d) sendmsg$NL80211_CMD_NEW_MPATH(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xb3d601749505a83c}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="080028bd7000fddbdf251700000008000100040000000c00990000d00600ffffffff"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x40) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x1) close(0xffffffffffffffff) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000340)={0xce8, 0x1, "15f8b81d2ab898cc67eeb63257301b1e17094d61e377ae30cb9a5d6feca7e41dde4fb0df3187ff72678b16863f1018dfb3e0116d1c8c6ccc6cca46d160932ea3d4871a250bf7b07eda816bfc1e1b6afea7f8939054e2b2b7a25592f4462dba8772db0c334e074c6a46b838b4ff7806168ef19f217dc153280abb4c6e6a60cd88e4eb2c742083702ff3b66156843b59819b8169d353887d067514c8b4f01bf03ed2781f092bf34afa7256363ee81ef53cc20c11e0e1ca672f6d3681ad11c9d0dadcf92ee2d03190791b2e30453876d4fee2dd25531e8afaa90e94be41f77743de4f16b4e986aa0844703d676039eb1aa33da4995f9d37c8a3fb29c76e6400a184"}) 03:10:48 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:48 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:48 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:10:48 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:48 executing program 1: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x0, 0x400000008d}, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/route\x00') preadv(r0, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:10:50 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:50 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:50 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) [ 1482.810715][ T385] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1482.821684][ T385] CPU: 0 PID: 385 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1482.831297][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1482.841321][ T385] Call Trace: [ 1482.844582][ T385] dump_stack+0x14a/0x1ce [ 1482.848885][ T385] ? devkmsg_release+0x11c/0x11c [ 1482.853789][ T385] ? show_regs_print_info+0x12/0x12 [ 1482.858968][ T385] ? radix_tree_cpu_dead+0x160/0x160 [ 1482.864224][ T385] ? _raw_spin_lock+0xa1/0x170 [ 1482.868954][ T385] ? _raw_spin_trylock_bh+0x190/0x190 [ 1482.874304][ T385] dump_header+0xdb/0x700 [ 1482.878604][ T385] oom_kill_process+0xd3/0x280 [ 1482.883338][ T385] out_of_memory+0x5b6/0x890 [ 1482.887897][ T385] ? unregister_oom_notifier+0x20/0x20 [ 1482.893440][ T385] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1482.899068][ T385] ? get_page_from_freelist+0x7c0/0x7c0 [ 1482.904594][ T385] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1482.909938][ T385] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1482.915452][ T385] pagecache_get_page+0x50f/0x880 [ 1482.920447][ T385] filemap_fault+0x1474/0x19d0 [ 1482.925185][ T385] ? generic_file_read_iter+0x20b0/0x20b0 [ 1482.930878][ T385] ext4_filemap_fault+0x7b/0x90 [ 1482.935702][ T385] handle_mm_fault+0x2846/0x40b0 [ 1482.940607][ T385] ? finish_fault+0x230/0x230 [ 1482.945252][ T385] ? vmacache_find+0x205/0x4b0 [ 1482.951983][ T385] do_user_addr_fault+0x48a/0x9f0 [ 1482.956974][ T385] page_fault+0x2f/0x40 [ 1482.961094][ T385] RIP: 0033:0x458b8a [ 1482.964959][ T385] Code: 83 f9 40 0f 86 bb 00 00 00 48 81 f9 80 00 00 00 0f 86 4f 01 00 00 e9 d1 02 00 00 48 85 c9 74 4e 48 83 c0 10 66 a9 f0 0f 74 2c 0f 6f 48 f0 48 01 c9 48 8d 05 47 00 5f 00 66 0f db 0c c8 66 0f [ 1482.984545][ T385] RSP: 002b:000000c4439267f8 EFLAGS: 00010206 [ 1482.990576][ T385] RAX: 00000000008c11fa RBX: 0000000000458b10 RCX: 000000000000000c [ 1482.998521][ T385] RDX: 000000c443926810 RSI: 0000000000821aa0 RDI: 00000000008ed27c [ 1483.006466][ T385] RBP: 000000c443926860 R08: 0000000000000015 R09: 00000000008ed27c [ 1483.014408][ T385] R10: 00000000009f0182 R11: 0000000000000004 R12: 0000000000000000 [ 1483.022362][ T385] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 1483.034338][ T385] Mem-Info: [ 1483.041585][ T385] active_anon:1437129 inactive_anon:6739 isolated_anon:0 [ 1483.041585][ T385] active_file:468 inactive_file:431 isolated_file:64 [ 1483.041585][ T385] unevictable:0 dirty:5 writeback:0 unstable:0 [ 1483.041585][ T385] slab_reclaimable:7809 slab_unreclaimable:71966 [ 1483.041585][ T385] mapped:56476 shmem:6812 pagetables:30869 bounce:0 [ 1483.041585][ T385] free:9522 free_pcp:147 free_cma:0 [ 1483.080487][ T385] Node 0 active_anon:5732116kB inactive_anon:26956kB active_file:1860kB inactive_file:3824kB unevictable:0kB isolated(anon):0kB isolated(file):128kB mapped:227304kB dirty:20kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1483.110676][ T385] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1483.138273][ T385] lowmem_reserve[]: 0 2912 6416 6416 [ 1483.145430][ T385] DMA32 free:25372kB min:4644kB low:7624kB high:10604kB active_anon:2814896kB inactive_anon:8208kB active_file:1824kB inactive_file:3928kB unevictable:0kB writepending:12kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7648kB pagetables:23496kB bounce:0kB free_pcp:1992kB local_pcp:836kB free_cma:0kB [ 1483.252271][ T385] lowmem_reserve[]: 0 0 3504 3504 [ 1483.270752][ T385] Normal free:8152kB min:5592kB low:9180kB high:12768kB active_anon:2917352kB inactive_anon:18748kB active_file:748kB inactive_file:156kB unevictable:0kB writepending:8kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30368kB pagetables:99980kB bounce:0kB free_pcp:904kB local_pcp:208kB free_cma:0kB [ 1483.320019][ T385] lowmem_reserve[]: 0 0 0 0 [ 1483.329609][ T385] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1483.343725][ T385] DMA32: 811*4kB (UMEH) 547*8kB (UMEH) 285*16kB (UMEH) 94*32kB (UMEH) 60*64kB (UMEH) 70*128kB (UMEH) 22*256kB (UME) 3*512kB (ME) 1*1024kB (M) 0*2048kB 0*4096kB = 36180kB [ 1483.360782][ T385] Normal: 294*4kB (UMEH) 102*8kB (UMEH) 81*16kB (MEH) 56*32kB (MEH) 26*64kB (UME) 11*128kB (UMH) 7*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 10456kB [ 1483.376611][ T385] 8603 total pagecache pages [ 1483.381232][ T385] 0 pages in swap cache [ 1483.385357][ T385] Swap cache stats: add 0, delete 0, find 0/0 [ 1483.391432][ T385] Free swap = 0kB [ 1483.395138][ T385] Total swap = 0kB [ 1483.398842][ T385] 1965979 pages RAM [ 1483.402638][ T385] 0 pages HighMem/MovableOnly [ 1483.407290][ T385] 318832 pages reserved [ 1483.411432][ T385] 0 pages cma reserved [ 1483.415479][ T385] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=2222,uid=0 03:10:51 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:51 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:51 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:52 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_GET_INTERFACE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)={0x1c, r5, 0xb0343aabd1184b87, 0x0, 0x0, {}, [@NL80211_ATTR_WIPHY={0x8}]}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r3, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000340)={0x49c, r5, 0x2, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x7}, @NL80211_ATTR_SCAN_SUPP_RATES={0x47c, 0x7d, 0x0, 0x1, [@NL80211_BAND_60GHZ={0xcb, 0x2, "6f9837e57221daf7357fa804c524610e3409f3751d11cda4152d4cfefcb8d184e0730c9c5e6ee03622c912ec4c1f7a647612726e7e1d6a46102289143e8dab51ab0a2c116e08da67241e78c5822cb035c2ed11140ab282fb5615210a6d8b1b6d13d44f002d1c069f35ed14bef9181cda773a6d262352d626d3cee4b88d2b4a921b8770a816c47e873150d522584044ef264b2c95c0f0a8f88925dce70b9818c4f261a40b17d9570be337f8e9e4c930fca9a0242eaf4e31d2e8ff38cf730b9d476933564ba467d5"}, @NL80211_BAND_6GHZ={0x74, 0x3, "ca1f1c8612dcb869a3d59ca87bf8ef601f4e0f33952ad1f39f0a33b9063fa9d4a0727e68d1c3cb281dbbf689a21b198520111c37011b06266bb8049efdd803b9ce791c917f657e9674362a2c47ade1dd4039ac0c67c631967e9a171324ba3e5210c460821ae1da8594fdc310a5a70dda"}, @NL80211_BAND_6GHZ={0x77, 0x3, "0e3944d1da70f4b766b8f04d735dfd9f4323091406c751f2f1542fa67254025d78b4fe23fbcd2488d833bc733bc69c69ba8a4708505e48b39f2a03928fd9bc5b13777fcc3c7ac7e3ef6a8db08082b8981aa06482ad3b32a64c41da0528f1b972e87a6ed0b65f8d120933dd0203a48d3785f760"}, @NL80211_BAND_6GHZ={0xe2, 0x3, "beda85deb8c4357596bd9147a4ff4ebeb79fb63ed8eb053701ac485a9a1adb51cf73c7ae4ba118174904d54b9d6c36ec4084027d2f15c4e21a91be13928f7b3ce3448491b2353cafc0f1ab665dc6738d8a736a3de43b8d967400ea94e0e16a3b02b51fad9becc9a589d42e108ad24b6049d854a8ec333a3a5ddfcb9472809a9d533a4033d1a05f82085e72eb5539c625cd3d43c6a450e7e4f96cc8b741af148f88aab7bd0c95e31165fe004a856f56b816b53edb7c47787b8a82a2392919228591054154aed339c8286a7d2b1a7034ffbea46809a24c2bd930e2c5dd5f03"}, @NL80211_BAND_5GHZ={0x5f, 0x1, "8aaec907237acba7cbb4f72878f110c81502ce7c9afd6927cb819780944f4a15d8f38e65a2fe008555e08541f6dab4fd1825eb58c76ce3641689b8dce90132d1c649931bfb7f3479ab6f3c33921463eef97837d807f2fd5f707953"}, @NL80211_BAND_2GHZ={0xe3, 0x0, "d421dcbc729ca24b8a78600513412d32d664ecfdf2c394659696e69928bbd4713b8732fd49211783bb00da0622d1a6bf77a533485f71d68c82c1ab8097e8883d17042ed96812849bb1296e3ec6b8a805946c88a0c355fb8e70524c45df597bc7c0570d50b17167b519b2ce5e01c7483c71137a869b282d91325133f84f624a4343790ef9259ab65de35775955665c46e8faebf5c262e8ed0c17e0e5ddfcd3f9b155a651e02bd35d116699412ca883c592af2ed10378093f8bea54c581f6464cb737b837bbef8374b545acb3d088a11b242ae18adaa4e5ecd087faf44896a8e"}, @NL80211_BAND_6GHZ={0x98, 0x3, "a85e2bf97822699981b4895f64337f7d2c70ab51bc7e0e983d55a76b60b147d8a95cec8382871f875cec821759193d0bda67699368363a8bf2f9f1674cfaa98e396893b3544d854f6693bf767288df45a3bc315e0dd04ecdd01d48d88eef371eab0e43c36f02308315189d02f91fbf987ca51317ee0cb2c2586ade41432d7a4c29b2c201fdddbfb01c3db75556cb0e3a4651481f"}]}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}]}, 0x49c}, 0x1, 0x0, 0x0, 0x4008004}, 0x0) preadv(r2, &(0x7f0000000500), 0x37d, 0x0) [ 1484.427091][ T389] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1484.453414][ T389] CPU: 0 PID: 389 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1484.463037][ T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1484.473063][ T389] Call Trace: [ 1484.476327][ T389] dump_stack+0x14a/0x1ce [ 1484.480624][ T389] ? devkmsg_release+0x11c/0x11c [ 1484.485529][ T389] ? show_regs_print_info+0x12/0x12 [ 1484.490692][ T389] ? radix_tree_cpu_dead+0x160/0x160 [ 1484.495944][ T389] ? _raw_spin_lock+0xa1/0x170 [ 1484.500674][ T389] ? _raw_spin_trylock_bh+0x190/0x190 [ 1484.506018][ T389] dump_header+0xdb/0x700 [ 1484.510316][ T389] oom_kill_process+0xd3/0x280 [ 1484.515046][ T389] out_of_memory+0x5b6/0x890 [ 1484.519602][ T389] ? retint_kernel+0x1b/0x1b [ 1484.524170][ T389] ? unregister_oom_notifier+0x20/0x20 [ 1484.529600][ T389] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1484.535129][ T389] ? get_page_from_freelist+0x7c0/0x7c0 [ 1484.540646][ T389] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1484.545987][ T389] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1484.551502][ T389] pagecache_get_page+0x50f/0x880 [ 1484.556496][ T389] ? is_mmconf_reserved+0x410/0x410 [ 1484.561673][ T389] filemap_fault+0x1474/0x19d0 [ 1484.566427][ T389] ? generic_file_read_iter+0x20b0/0x20b0 [ 1484.572122][ T389] ? ___preempt_schedule+0x16/0x20 [ 1484.577206][ T389] ext4_filemap_fault+0x7b/0x90 [ 1484.582038][ T389] handle_mm_fault+0x2846/0x40b0 [ 1484.586951][ T389] ? finish_fault+0x230/0x230 [ 1484.591598][ T389] ? vmacache_find+0x2d2/0x4b0 [ 1484.596335][ T389] do_user_addr_fault+0x48a/0x9f0 [ 1484.601336][ T389] page_fault+0x2f/0x40 [ 1484.605471][ T389] RIP: 0033:0x458beb [ 1484.609336][ T389] Code: 05 1a 01 5f 00 66 0f 38 00 0c c8 eb d0 66 0f 38 dc c0 66 0f d6 02 c3 f3 0f 6f 08 eb c0 66 0f ef 0d ea 3f a9 01 66 0f 38 dc c9 0f 6f 10 f3 0f 6f 5c 08 f0 66 0f ef d0 66 0f ef d9 66 0f 38 dc [ 1484.628911][ T389] RSP: 002b:000000c4439227f8 EFLAGS: 00010287 [ 1484.634979][ T389] RAX: 00000000008e37e5 RBX: 0000000000458b10 RCX: 0000000000000013 [ 1484.642928][ T389] RDX: 000000c443922810 RSI: 0000000001020dd8 RDI: 000000c443922918 [ 1484.650876][ T389] RBP: 000000c443922860 R08: 0000000000000000 R09: 0000000000000000 [ 1484.658828][ T389] R10: 00000000009f0182 R11: 0000000000000004 R12: 0000000000000000 [ 1484.666786][ T389] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000100 [ 1484.677939][ T389] Mem-Info: [ 1484.684170][ T389] active_anon:1437632 inactive_anon:6739 isolated_anon:0 [ 1484.684170][ T389] active_file:242 inactive_file:362 isolated_file:65 [ 1484.684170][ T389] unevictable:0 dirty:2 writeback:0 unstable:0 [ 1484.684170][ T389] slab_reclaimable:7825 slab_unreclaimable:72094 [ 1484.684170][ T389] mapped:56224 shmem:6812 pagetables:30922 bounce:0 [ 1484.684170][ T389] free:9221 free_pcp:0 free_cma:0 [ 1484.728051][ T389] Node 0 active_anon:5750528kB inactive_anon:26956kB active_file:1068kB inactive_file:1448kB unevictable:0kB isolated(anon):0kB isolated(file):56kB mapped:224796kB dirty:8kB writeback:0kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1484.759740][ T389] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1484.795912][ T389] lowmem_reserve[]: 0 2912 6416 6416 [ 1484.801530][ T389] DMA32 free:28696kB min:4644kB low:7624kB high:10604kB active_anon:2815768kB inactive_anon:8208kB active_file:808kB inactive_file:844kB unevictable:0kB writepending:4kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7808kB pagetables:23704kB bounce:0kB free_pcp:1984kB local_pcp:1492kB free_cma:0kB [ 1484.831791][ T389] lowmem_reserve[]: 0 0 3504 3504 [ 1484.844287][ T389] Normal free:7404kB min:5592kB low:9180kB high:12768kB active_anon:2918740kB inactive_anon:18748kB active_file:160kB inactive_file:0kB unevictable:0kB writepending:4kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30400kB pagetables:99984kB bounce:0kB free_pcp:1288kB local_pcp:1268kB free_cma:0kB [ 1484.875903][ T389] lowmem_reserve[]: 0 0 0 0 [ 1484.881510][ T389] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1484.895575][ T389] DMA32: 332*4kB (MEH) 392*8kB (UMEH) 163*16kB (UMEH) 80*32kB (UMH) 58*64kB (UMEH) 46*128kB (UMEH) 19*256kB (U) 3*512kB (ME) 1*1024kB (M) 0*2048kB 0*4096kB = 26656kB [ 1484.921535][ T389] Normal: 317*4kB (MH) 130*8kB (MH) 56*16kB (UMH) 58*32kB (UMH) 24*64kB (MH) 5*128kB (UM) 7*256kB (M) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9540kB [ 1484.936811][ T389] 7711 total pagecache pages [ 1484.960183][ T389] 0 pages in swap cache [ 1484.965182][ T389] Swap cache stats: add 0, delete 0, find 0/0 [ 1484.972697][ T389] Free swap = 0kB [ 1484.977267][ T389] Total swap = 0kB [ 1484.981545][ T389] 1965979 pages RAM [ 1484.985723][ T389] 0 pages HighMem/MovableOnly [ 1484.991158][ T389] 318832 pages reserved [ 1484.995741][ T389] 0 pages cma reserved [ 1485.000261][ T389] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.0,pid=2242,uid=0 03:10:53 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:53 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:53 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:55 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:55 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:55 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:55 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0), 0x0, 0x1) close(r4) splice(r3, 0x0, r4, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'veth0_to_batadv\x00', 0x1000}) preadv(r2, &(0x7f0000000500), 0x37d, 0x0) [ 1487.353103][ T385] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1487.390164][ T385] CPU: 0 PID: 385 Comm: syz-fuzzer Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1487.399786][ T385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1487.409808][ T385] Call Trace: [ 1487.413068][ T385] dump_stack+0x14a/0x1ce [ 1487.417362][ T385] ? devkmsg_release+0x11c/0x11c [ 1487.422265][ T385] ? show_regs_print_info+0x12/0x12 [ 1487.427495][ T385] ? radix_tree_cpu_dead+0x160/0x160 [ 1487.432768][ T385] ? _raw_spin_lock+0xa1/0x170 [ 1487.437505][ T385] ? _raw_spin_trylock_bh+0x190/0x190 [ 1487.442862][ T385] dump_header+0xdb/0x700 [ 1487.447170][ T385] oom_kill_process+0xd3/0x280 [ 1487.451908][ T385] out_of_memory+0x5b6/0x890 [ 1487.456470][ T385] ? unregister_oom_notifier+0x20/0x20 [ 1487.461911][ T385] __alloc_pages_slowpath+0x16c2/0x1e50 [ 1487.467423][ T385] ? get_page_from_freelist+0x7c0/0x7c0 [ 1487.472937][ T385] __alloc_pages_nodemask+0x5cb/0x7c0 [ 1487.478288][ T385] ? gfp_pfmemalloc_allowed+0x130/0x130 [ 1487.483803][ T385] pagecache_get_page+0x50f/0x880 [ 1487.488800][ T385] filemap_fault+0x1474/0x19d0 [ 1487.493545][ T385] ? generic_file_read_iter+0x20b0/0x20b0 [ 1487.499233][ T385] ? ___preempt_schedule+0x16/0x20 [ 1487.504315][ T385] ext4_filemap_fault+0x7b/0x90 [ 1487.509144][ T385] handle_mm_fault+0x2846/0x40b0 [ 1487.514049][ T385] ? finish_fault+0x230/0x230 [ 1487.518695][ T385] ? vmacache_find+0x205/0x4b0 [ 1487.523435][ T385] do_user_addr_fault+0x48a/0x9f0 [ 1487.528481][ T385] page_fault+0x2f/0x40 [ 1487.532632][ T385] RIP: 0033:0x728e40 [ 1487.536519][ T385] Code: Bad RIP value. [ 1487.540550][ T385] RSP: 002b:000000c430fdd4c8 EFLAGS: 00010202 [ 1487.546581][ T385] RAX: 0000000000728e40 RBX: 0000000000000000 RCX: 000000c43a654480 [ 1487.554535][ T385] RDX: 000000c43a654900 RSI: 000000c430fdd510 RDI: 000000c42ed01408 [ 1487.562475][ T385] RBP: 000000c430fdd560 R08: 000000c41f897f5f R09: 000000c42ed01408 [ 1487.570433][ T385] R10: 000000c42002b5a0 R11: 0000000000000008 R12: 000000c42002c2a0 [ 1487.578388][ T385] R13: 000000c42002b590 R14: 000000c42ed01400 R15: 0000000000000005 [ 1487.606254][ T385] Mem-Info: [ 1487.609562][ T385] active_anon:1437612 inactive_anon:6739 isolated_anon:0 [ 1487.609562][ T385] active_file:372 inactive_file:41 isolated_file:54 [ 1487.609562][ T385] unevictable:0 dirty:32 writeback:1 unstable:0 [ 1487.609562][ T385] slab_reclaimable:7833 slab_unreclaimable:72067 [ 1487.609562][ T385] mapped:56182 shmem:6812 pagetables:30943 bounce:0 [ 1487.609562][ T385] free:9212 free_pcp:383 free_cma:0 [ 1487.647337][ T385] Node 0 active_anon:5750448kB inactive_anon:26956kB active_file:1488kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):216kB mapped:224628kB dirty:128kB writeback:4kB shmem:27248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1487.671838][ T385] DMA free:15904kB min:24kB low:36kB high:48kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1487.697957][ T385] lowmem_reserve[]: 0 2912 6416 6416 [ 1487.703401][ T385] DMA32 free:17216kB min:4644kB low:7624kB high:10604kB active_anon:2826028kB inactive_anon:8208kB active_file:1288kB inactive_file:180kB unevictable:0kB writepending:44kB present:3129332kB managed:2983756kB mlocked:0kB kernel_stack:7776kB pagetables:23484kB bounce:0kB free_pcp:1328kB local_pcp:248kB free_cma:0kB [ 1487.740666][ T385] lowmem_reserve[]: 0 0 3504 3504 [ 1487.746043][ T385] Normal free:3728kB min:5592kB low:9180kB high:12768kB active_anon:2923332kB inactive_anon:18748kB active_file:580kB inactive_file:252kB unevictable:0kB writepending:88kB present:4718592kB managed:3588928kB mlocked:0kB kernel_stack:30304kB pagetables:100288kB bounce:0kB free_pcp:576kB local_pcp:248kB free_cma:0kB [ 1487.775806][ T385] lowmem_reserve[]: 0 0 0 0 [ 1487.780514][ T385] DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 3*4096kB (M) = 15904kB [ 1487.794010][ T385] DMA32: 213*4kB (UMEH) 107*8kB (UMEH) 53*16kB (UMEH) 35*32kB (UMEH) 8*64kB (MEH) 44*128kB (UMEH) 23*256kB (UME) 4*512kB (ME) 1*1024kB (M) 0*2048kB 0*4096kB = 18780kB [ 1487.810789][ T385] Normal: 72*4kB (MH) 9*8kB (UMH) 26*16kB (UMEH) 44*32kB (UMEH) 7*64kB (UMEH) 1*128kB (M) 5*256kB (UM) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 4552kB [ 1487.826185][ T385] 7040 total pagecache pages [ 1487.830984][ T385] 0 pages in swap cache [ 1487.835303][ T385] Swap cache stats: add 0, delete 0, find 0/0 [ 1487.841552][ T385] Free swap = 0kB [ 1487.845416][ T385] Total swap = 0kB [ 1487.849291][ T385] 1965979 pages RAM [ 1487.853389][ T385] 0 pages HighMem/MovableOnly [ 1487.858228][ T385] 318832 pages reserved [ 1487.866070][ T385] 0 pages cma reserved [ 1487.870325][ T385] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/,task=syz-executor.1,pid=29452,uid=0 [ 1487.884586][ T385] Out of memory: Killed process 29452 (syz-executor.1) total-vm:74960kB, anon-rss:15344kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 03:10:56 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:56 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:56 executing program 5: r0 = getpid() socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8949, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ') r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00') fchdir(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000100)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f0000000200)={&(0x7f00000000c0), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, r4, 0x301}, 0x14}}, 0x0) sendmsg$SEG6_CMD_GET_TUNSRC(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r4, 0x800, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000004}, 0x40) sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10018442}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r4, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@SEG6_ATTR_DSTLEN={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8844}, 0x0) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r5 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r5, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r6, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r7 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r7, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:56 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:57 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:57 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:57 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r4, &(0x7f00000000c0), 0x0, 0x1) close(r4) splice(r3, 0x0, r4, 0x0, 0x0, 0x0) ioctl$TUNSETLINK(r3, 0x400454cd, 0x1) 03:10:57 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) [ 1489.886561][ T2331] ================================================================== [ 1489.894837][ T2331] BUG: KASAN: stack-out-of-bounds in unwind_next_frame+0x1075/0x2230 [ 1489.902884][ T2331] Read of size 8 at addr ffff88800923ead8 by task syz-executor.2/2331 [ 1489.911031][ T2331] [ 1489.913354][ T2331] CPU: 0 PID: 2331 Comm: syz-executor.2 Not tainted 5.4.29-syzkaller-00947-g10dd55a5cdda #0 [ 1489.923387][ T2331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1489.933421][ T2331] Call Trace: [ 1489.936696][ T2331] dump_stack+0x14a/0x1ce [ 1489.941018][ T2331] ? show_regs_print_info+0x12/0x12 [ 1489.946200][ T2331] ? printk+0xd2/0x114 [ 1489.950261][ T2331] print_address_description+0x93/0x620 [ 1489.955794][ T2331] ? preempt_schedule+0x110/0x130 [ 1489.960793][ T2331] ? schedule_preempt_disabled+0x20/0x20 [ 1489.966404][ T2331] __kasan_report+0x16d/0x1e0 [ 1489.971057][ T2331] ? unwind_next_frame+0x1075/0x2230 [ 1489.976313][ T2331] kasan_report+0x34/0x60 [ 1489.980646][ T2331] unwind_next_frame+0x1075/0x2230 [ 1489.985728][ T2331] ? preempt_schedule_irq+0xc8/0x140 [ 1489.990983][ T2331] ? retint_kernel+0x1b/0x1b [ 1489.995540][ T2331] ? unwind_get_return_address_ptr+0xa0/0xa0 [ 1490.001488][ T2331] ? unwind_next_frame+0x2230/0x2230 [ 1490.006743][ T2331] ? retint_kernel+0x1b/0x1b [ 1490.011309][ T2331] ? __schedule+0x918/0xef0 [ 1490.015785][ T2331] ? in_sched_functions+0x9/0x40 [ 1490.020695][ T2331] ? stack_trace_consume_entry_nosched+0x189/0x260 [ 1490.027164][ T2331] ? stack_trace_save_tsk+0x490/0x490 [ 1490.032511][ T2331] arch_stack_walk+0xf4/0x120 [ 1490.037159][ T2331] ? retint_kernel+0x1b/0x1b [ 1490.041727][ T2331] stack_trace_save_tsk+0x2e7/0x490 [ 1490.046982][ T2331] ? stack_trace_consume_entry+0x230/0x230 [ 1490.052757][ T2331] ? _raw_spin_lock+0xa1/0x170 [ 1490.057493][ T2331] ? __mutex_lock_interruptible_slowpath+0x10/0x10 [ 1490.063961][ T2331] ? __ptrace_may_access+0x2b4/0x530 [ 1490.069212][ T2331] ? kmem_cache_alloc_trace+0xc3/0x270 [ 1490.074640][ T2331] proc_pid_stack+0x12f/0x1f0 [ 1490.079296][ T2331] proc_single_show+0xd3/0x130 [ 1490.084034][ T2331] seq_read+0x4aa/0xd30 [ 1490.088164][ T2331] do_iter_read+0x43b/0x550 [ 1490.092637][ T2331] do_preadv+0x213/0x350 [ 1490.096846][ T2331] ? do_writev+0x5b0/0x5b0 [ 1490.101237][ T2331] do_syscall_64+0xcb/0x150 [ 1490.105732][ T2331] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 1490.111593][ T2331] RIP: 0033:0x45c849 [ 1490.115560][ T2331] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1490.135141][ T2331] RSP: 002b:00007f20852bfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1490.143633][ T2331] RAX: ffffffffffffffda RBX: 00007f20852c06d4 RCX: 000000000045c849 [ 1490.151575][ T2331] RDX: 000000000000037d RSI: 0000000020000500 RDI: 0000000000000005 [ 1490.159517][ T2331] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 1490.167457][ T2331] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 1490.175400][ T2331] R13: 000000000000085a R14: 00000000004cb1ac R15: 000000000076bf0c [ 1490.183349][ T2331] [ 1490.185644][ T2331] The buggy address belongs to the page: [ 1490.191247][ T2331] page:ffffea0000248f80 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 1490.200316][ T2331] flags: 0x4000000000000000() [ 1490.205071][ T2331] raw: 4000000000000000 0000000000000000 dead000000000122 0000000000000000 [ 1490.213622][ T2331] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 1490.222176][ T2331] page dumped because: kasan: bad access detected [ 1490.228552][ T2331] [ 1490.230851][ T2331] Memory state around the buggy address: [ 1490.236451][ T2331] ffff88800923e980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1490.244574][ T2331] ffff88800923ea00: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 1490.252613][ T2331] >ffff88800923ea80: 00 00 00 00 00 00 00 f3 f3 f3 f3 f3 00 00 00 00 [ 1490.260643][ T2331] ^ [ 1490.267544][ T2331] ffff88800923eb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1490.275594][ T2331] ffff88800923eb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1490.283631][ T2331] ================================================================== [ 1490.291660][ T2331] Disabling lock debugging due to kernel taint 03:10:58 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r2}], 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f0000000000)={0xffffffff, 0x8, 0x1000, 0xfffffff7, 0x5}, 0x14) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) getpeername$packet(r5, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000000140)=r6) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x68, 0x0, 0x200, 0x70bd25, 0x25dfdbff, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x200}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}]}, 0x68}}, 0x4000080) 03:10:58 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) 03:10:58 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:58 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000000)) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) 03:10:58 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:10:58 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:10:59 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)=""/185, 0xb9}, {&(0x7f0000000200)=""/175, 0xaf}, {&(0x7f0000000440)=""/193, 0xc1}], 0x3, &(0x7f0000000400)=""/41, 0x29}, 0x4}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r3}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r5, 0x0) getrusage(0x0, &(0x7f0000000600)) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, @in=@remote, 0x4e21, 0x0, 0x4e23, 0xa, 0x2, 0x20, 0x0, 0x3a}, {0x3, 0x4, 0x2dc, 0x1, 0x6, 0xffffffffffffffff, 0x1000, 0x9171}, {0x5, 0x80, 0x2, 0x100000001}, 0x0, 0x6e6bb2, 0x1, 0x1}, {{@in=@multicast1, 0x4d5, 0xf1}, 0xa, @in6=@remote, 0x3507, 0x2, 0x2, 0x8, 0xffffffff, 0x6c77b362, 0x68000000}}, 0xe8) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) open(&(0x7f0000000540)='./file0\x00', 0x50003, 0x52) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:00 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) 03:11:00 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:11:00 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:00 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}, {{&(0x7f0000000000)=@sco={0x1f, @none}, 0x80, &(0x7f0000000100)=[{&(0x7f0000000080)=""/6, 0x6}, {&(0x7f00000000c0)}, {&(0x7f0000000900)=""/4096, 0x1000}], 0x3}, 0x8}], 0x2, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) 03:11:00 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000000)) ptrace(0x10, r0) ptrace$getregset(0x4201, r0, 0x0, &(0x7f0000000080)={0x0}) ptrace$getsig(0x4202, r0, 0x1, &(0x7f0000000000)) sched_setattr(0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:11:00 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x0, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:01 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000500), 0x37d, 0x0) 03:11:01 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:11:02 executing program 3: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') pipe(&(0x7f0000000000)) preadv(r2, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x25d) 03:11:02 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$HIDIOCGRAWINFO(r0, 0x80084803, &(0x7f0000000040)=""/11) getpid() r1 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0xffffffffffffff1b, &(0x7f00000008c0), 0x3}, 0x1000000}], 0x1, 0x100, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 03:11:03 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x0, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:03 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) r0 = getpid() r1 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r3 = syz_open_procfs(r0, &(0x7f00000002c0)='stack\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 03:11:03 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:11:03 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 03:11:03 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$read(0xb, r3, &(0x7f0000000080)=""/17, 0x11) keyctl$describe(0x6, r3, &(0x7f0000000100)=""/214, 0xd6) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r5, &(0x7f00000000c0), 0x0, 0x1) close(r5) splice(r4, 0x0, r5, 0x0, 0x0, 0x0) ioctl$RTC_ALM_READ(r4, 0x80247008, &(0x7f0000000000)) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000200), 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:03 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x0, 0x7, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:04 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x0, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:04 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x0, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:04 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x0, 0x7, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:04 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 03:11:04 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:11:04 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x1}, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0), 0x0, 0x1) close(r1) splice(r0, 0x0, r1, 0x0, 0x0, 0x0) write$9p(r0, &(0x7f0000000040)="889d406eeb98974525345eee9b", 0xd) getpid() r2 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r2, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1ad641, 0x1f0) write(r3, &(0x7f0000000340), 0x0) keyctl$revoke(0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:11:05 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x0, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:05 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000340), &(0x7f0000000380)=0x8) getegid() r3 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$read(0xb, r3, &(0x7f0000000080)=""/17, 0x11) r4 = add_key(&(0x7f0000000180)='user\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000200)="d733d0d267e40f4de00719858abe4024e671a405d2d0139574292fc596d4105ff595f45120ab8a4c51702943e30cab8316e4486a2bcb7bd10ccac416ed3a17da939cc0fca9acd290ae577a61fcab335ca60019c6f28c3ad5e35ebb559d6a10b0415d0c1fdead366f8b3a76e4b95cb8b7663bbd831da5f980381d304dd93df4d7013cf4ea2fc212e9b1c870543129d308b00c83e8c07352836f5b8e8d9f6152", 0x9f, r3) request_key(&(0x7f0000000000)='trusted\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000140)='})\\@<&\x00', r4) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r5}], 0x1, 0x0) preadv(r5, &(0x7f0000000500), 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:05 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)=""/51, 0x33}], 0x4}}], 0x1, 0x80000000, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) 03:11:05 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x0, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:05 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x0, 0x7, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:05 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:11:05 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 03:11:05 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x0, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:06 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4008550d, &(0x7f0000000040)) write(r1, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000000), 0x4) preadv(r2, &(0x7f0000000500), 0x37d, 0x0) 03:11:06 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x0, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:06 executing program 5: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x807) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(0xffffffffffffffff) getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) ioctl$TUNSETIFINDEX(0xffffffffffffffff, 0x400454da, &(0x7f0000000140)=r4) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000140)={@rand_addr="fcae899e1506bf46be870946f75f528f", 0x5b, r4}) getegid() write(r2, &(0x7f0000000340), 0x41395527) pipe(&(0x7f0000000000)) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x5, 0x3, 0x81, 0x4}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x19, &(0x7f0000000100)=0xbf, 0x4) poll(&(0x7f0000000080)=[{r5}], 0x1, 0x0) lseek(r5, 0x70, 0x3) r6 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r6, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x4) 03:11:06 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x0, 0x4, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:07 executing program 1: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r4, &(0x7f0000000500), 0x37d, 0x0) 03:11:07 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) r3 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) 03:11:07 executing program 4: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) getegid() write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000), 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) keyctl$revoke(0x3, 0x0) socket$key(0xf, 0x3, 0x2) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp6\x00') splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000100)={0x4, 0x7, 0x7, 0x7, 0x0, "1a1ef450fba5568687f09f8a0e229e32a7a2c9"}) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 03:11:07 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0), 0x0) mlock(&(0x7f0000003000/0x3000)=nil, 0x3000) getpid() r0 = socket$inet6(0xa, 0x0, 0x7) recvmmsg(r0, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) keyctl$revoke(0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') preadv(r2, &(0x7f0000000500), 0x37d, 0x0) 03:11:08 executing program 5: r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000000)=0x3e) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getegid() write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000002c0)='stack\x00') sendto(r1, &(0x7f0000000100)="2f9345b8490d9b01e1c19d7fecfda14302b721f8acd6ed9c7137990bc6a24148bd99ab15f392a7bc283e420e8803f0b4fde7d59a811c38689eba8abb3c8c4bdb34d43fa117db2e4caf98eea7f797e91657f13f2b9079246a0cfc5fb063b3e52730811878477647ce511eafaa53950fdafcc5b89a4738f38b9db2e159044d8c3c2771261fbb5990a36cd40e3f1f4aa8732681611cc41f90f459fba507f448103916dc4ac7656f3102ca3be54109e52a37ab2136fa39321d62d93320d28997a8802485228cea84a5fec2b1ea9a36812cc9627327221421cb5d50e854165ec586ca849eca28178cbdc9e0bfcb83beb8b4fa56130b2a3f29e1aaf0beb8ae", 0xfc, 0x404c004, &(0x7f0000000200)=@alg={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l\x00'}, 0x80) preadv(r3, &(0x7f0000000500), 0x37d, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0)=0x2000000000000074, 0x25d)