B low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27116kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3552kB pagetables:2852kB bounce:0kB free_pcp:388kB local_pcp:60kB free_cma:0kB [ 411.568411][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 411.573286][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 411.585437][T10165] Node 0 DMA32: 636*4kB (ME) 445*8kB (UME) 292*16kB (UME) 177*32kB (ME) 121*64kB (UME) 46*128kB (ME) 20*256kB (UM) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39800kB [ 411.602377][T10165] Node 0 Normal: 834*4kB (ME) 256*8kB (UM) 111*16kB (UM) 39*32kB (UM) 3*64kB (M) 0*128kB 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9880kB [ 411.617947][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 411.627762][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 411.637291][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 411.647073][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 411.656532][T10165] 17621 total pagecache pages [ 411.661253][T10165] 0 pages in swap cache [ 411.665637][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 411.671749][T10165] Free swap = 0kB [ 411.675655][T10165] Total swap = 0kB [ 411.679422][T10165] 1965979 pages RAM [ 411.683421][T10165] 0 pages HighMem/MovableOnly [ 411.688143][T10165] 1433455 pages reserved [ 411.692423][T10165] 0 pages cma reserved [ 411.696713][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9800,uid=0 [ 411.711613][T10165] Out of memory: Killed process 9800 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 411.733350][ T1904] oom_reaper: reaped process 9800 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 411.950827][T10198] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 411.964303][T10198] CPU: 0 PID: 10198 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 411.973055][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 411.983176][T10198] Call Trace: [ 411.986581][T10198] dump_stack+0x21c/0x280 [ 411.991022][T10198] dump_header+0x1c5/0xcf0 [ 411.995793][T10198] oom_kill_process+0x388/0xb00 [ 412.000758][T10198] out_of_memory+0x117f/0x16a0 [ 412.005655][T10198] __alloc_pages_slowpath+0x303a/0x3d10 [ 412.011371][T10198] __alloc_pages_nodemask+0xbb1/0x1030 [ 412.016955][T10198] alloc_pages_current+0x685/0xb50 [ 412.022193][T10198] ion_page_pool_alloc+0x73d/0x8f0 [ 412.027413][T10198] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 412.033559][T10198] ? __list_add_valid+0xb8/0x420 [ 412.038620][T10198] ? kmsan_get_metadata+0x116/0x180 [ 412.043932][T10198] ion_system_heap_allocate+0x509/0x16b0 [ 412.049694][T10198] ? ion_system_contig_heap_create+0x230/0x230 [ 412.055939][T10198] ion_ioctl+0x8cd/0x2140 [ 412.060406][T10198] ? debug_shrink_set+0x240/0x240 [ 412.065513][T10198] compat_ptr_ioctl+0xe2/0x150 [ 412.070369][T10198] ? __ia32_sys_ioctl+0x70/0x70 [ 412.075308][T10198] __se_compat_sys_ioctl+0x55f/0x1100 [ 412.080792][T10198] ? kmsan_get_metadata+0x116/0x180 [ 412.086080][T10198] __ia32_compat_sys_ioctl+0x4a/0x70 [ 412.091463][T10198] __do_fast_syscall_32+0x2af/0x480 [ 412.096766][T10198] do_fast_syscall_32+0x6b/0xd0 [ 412.101718][T10198] do_SYSENTER_32+0x73/0x90 [ 412.106412][T10198] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 412.112799][T10198] RIP: 0023:0xf7f05549 [ 412.116900][T10198] Code: Bad RIP value. [ 412.121019][T10198] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 412.129509][T10198] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 412.137547][T10198] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 412.145585][T10198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 412.153625][T10198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 412.161662][T10198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 412.169999][T10198] Mem-Info: [ 412.173379][T10198] active_anon:121265 inactive_anon:4871 isolated_anon:0 [ 412.173379][T10198] active_file:2218 inactive_file:10488 isolated_file:0 [ 412.173379][T10198] unevictable:0 dirty:2 writeback:0 [ 412.173379][T10198] slab_reclaimable:6571 slab_unreclaimable:18599 [ 412.173379][T10198] mapped:38496 shmem:5055 pagetables:2863 bounce:0 [ 412.173379][T10198] free:208181 free_pcp:300 free_cma:0 [ 412.210538][T10198] Node 0 active_anon:466680kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110208kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 303104kB writeback_tmp:0kB all_unreclaimable? yes [ 412.238014][T10198] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 412.267350][T10198] lowmem_reserve[]: 0 896 1124 1124 1124 [ 412.273202][T10198] Node 0 DMA32 free:39580kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:439628kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:896kB pagetables:3704kB bounce:0kB free_pcp:744kB local_pcp:452kB free_cma:0kB [ 412.304865][T10198] lowmem_reserve[]: 0 0 228 228 228 [ 412.310179][T10198] Node 0 Normal free:9880kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27052kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3552kB pagetables:2848kB bounce:0kB free_pcp:456kB local_pcp:328kB free_cma:0kB [ 412.341958][T10198] lowmem_reserve[]: 0 0 0 0 0 [ 412.346912][T10198] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 412.359050][T10198] Node 0 DMA32: 637*4kB (UME) 445*8kB (UME) 292*16kB (UME) 178*32kB (UME) 121*64kB (UME) 46*128kB (ME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39580kB [ 412.376001][T10198] Node 0 Normal: 834*4kB (ME) 256*8kB (UM) 111*16kB (UM) 39*32kB (UM) 3*64kB (M) 0*128kB 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9880kB [ 412.391631][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 11:51:59 executing program 1: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000fc9000)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000000)=@t={0x81, 0x3, 0x4, 0x80}) ioctl$SNDCTL_MIDI_PRETIME(r0, 0xc0046d00, &(0x7f0000000040)=0x1b0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='stack\x00') exit_group(0x0) sendmsg$can_j1939(r2, &(0x7f0000000140)={&(0x7f0000000080)={0x1d, 0x0, 0x1, {0x1, 0xf0, 0x1}}, 0x18, &(0x7f0000000100)={&(0x7f00000000c0)="8ec7f0ba050b5e41bd3e46ef6dcf99c90f7ff781fc918195f198d171e942bd5389ed188ad684", 0x26}, 0x1, 0x0, 0x0, 0x4000}, 0x4004) bind$bt_hci(r1, &(0x7f0000000280), 0x6) [ 412.401440][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 412.410961][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 412.420667][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 412.430075][T10198] 17829 total pagecache pages [ 412.434871][T10198] 0 pages in swap cache [ 412.439091][T10198] Swap cache stats: add 0, delete 0, find 0/0 [ 412.445267][T10198] Free swap = 0kB [ 412.449028][T10198] Total swap = 0kB [ 412.452862][T10198] 1965979 pages RAM [ 412.456710][T10198] 0 pages HighMem/MovableOnly [ 412.461425][T10198] 1433455 pages reserved [ 412.465789][T10198] 0 pages cma reserved [ 412.469920][T10198] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9518,uid=0 [ 412.484785][T10198] Out of memory: Killed process 9518 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 412.503907][ T1904] oom_reaper: reaped process 9518 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 11:51:59 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) sendfile(r4, r2, 0x0, 0x20000002) socket$kcm(0x10, 0x2, 0x4) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r5, 0xc038943b, &(0x7f00000004c0)={0x3f, 0x38, [], 0x0, &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) 11:51:59 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:51:59 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x80) bind$bt_hci(r0, &(0x7f0000000280), 0x6) 11:52:00 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)="48000000140081fb7059ae08060c040002ff0f03900000000000000000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f", 0x48}], 0x1}, 0x0) setsockopt$sock_int(r2, 0x1, 0x12, &(0x7f0000000140)=0x7, 0x4) bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) ioctl$sock_netrom_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000002c0)={0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={'rose', 0x0}, 0x1ff, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, 0x40, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @null]}) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x5, &(0x7f0000000340)={0x0, @in={{0x2, 0x4e21, @multicast2}}}, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e22, 0x1, @mcast2}], 0x1c) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280), 0x6) 11:52:00 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) sendfile(r4, r2, 0x0, 0x20000002) socket$kcm(0x10, 0x2, 0x4) socket$inet6_udp(0xa, 0x2, 0x0) 11:52:00 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) write$UHID_INPUT2(r0, &(0x7f00000000c0)={0xc, {0x89, "476084f1dfbec67ddda20d7952d30314750059fe0b6329b38fbf57a122c33e22a937d2b55a140a2e070751cfd12aeaf049e8be28756b5a074858f7933a6d6dd74879d0644b9b24168d80587bb48d521a32ca5378aefce67658574d0f62a7cdec88b773a63bc89ce511e268bf95e53103bbbb60127538182e0047b7381ebedbe3cf0e958c68813eb064"}}, 0x8f) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58) r5 = accept4$alg(r4, 0x0, 0x0, 0x0) sendfile(r5, r3, 0x0, 0x20000002) ioctl$TIOCSWINSZ(r3, 0x5414, &(0x7f0000000000)={0x1, 0x3, 0x9, 0x40}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000002) ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e05411, &(0x7f00000022c0)=""/4096) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r3, 0xd000943e, &(0x7f00000002c0)={0x0, 0x0, "da822b5dd9a7139fde6637c2089fa122fa6261519b8e8243227c1689c77116e24e5a0803f9eca6fdabf986ba654ddfac5a4f0136da1e7eccbcd34ffc63e7e9bc5bde402e20cbe6883f111571aacfd9886a139eed8015241f436bcec6bc9368488e51cd51c6806c1007659ae44cbe4f4d3c59f142bfc8bbef0418d8311d9f8eee1518896bd5ad7b4071958b0315efa8bfe749b7a426b2c2140cef0d7bbf8e8600495bed5d868959adae75c99067531283fc5feda9c266b2eda5c287b74ec1eb59d0d8cc1fba6fed364516237bded2659ab8ea241408227b4fc24a0a617472c809162af86efc4afb18ce976bdadb4583ec74d216bf2c557600572b105545bf47a4", "86541cc3ac3cab8b35951f352f02dc3aeea0e4c99f3bc88cf85aeaa4bb5600b60ee04b12c6ce14604a0e8afdbaf5702920327d5355998bd37961962d95462c755272ac66e4a83afc3eec4cb9e9cee4323ad65e18d2406e19ddeb9254b28d351e0b8ddc763e9e9662e7ba61de15cfd8e1c02b1fed1d5d2ad4d741cb7137748b5dee5fa0e7ef8c3d5ae047828501c110c30100c6793244256f82f5a5f1faef2513e57d8b00bbe2652ae046db5c2f9d6050d83f3490da4e10073bb3a2b1034f71a15b1c8dd5d579f86dfc1f2d5614ac44a2f616e62a624a0bd997a4092eeae2ac3c187fb2627e23df5fdd1ebf7b4b9eca7f6f13e2fa624544b149ef949afd121d8dd4aa63bc73b8aa353d1dc17e639164c6468eaaea24038d1097fde3fef3e6b68773a629cea492367ebdda176e25ba1affbaae32e1a27e2bffbd3320e5450b8f430a9e425f25c5479979e5b7e60ed16ef71d7e08c912e9680819eb5050936bfa410be1e9fdf6387830227d8db44e14ee87b99a0f2098bab51f2a59d0432c6fd8dcdbacd21c9916e4e53a242178cc8676c2380ddd6da3c2db3abdc8313fe0df023ee3cde64eb84359971a51cf2e5c0d8d1394faa2ab4427b02be674af24eb816ab21659ab459740e9f453f902f0ee5c40b36123d77cdaed512a8b9bae1c6c2c35af77a492269bf7d60eee874cc916339a5062ca42c76e6d315b1f6ca4c0c4a68b2806f96c8fa9d80fd4189d0118975cffc6503b5c5161353f6283fe091a4f3b5e8481b57ce12f3a2608ee69637eb7dd0aca9095227891ee9d97f22fa2208450b388fb04aa4ab039e905da03b60d5918224e6f601543b750d69dde392d5cf8db6af54c3a42b405be749d9d39217f526fa6e8e2f0ab8838bfc5708b0d22480b4fcbfd6705acd6efad1b002eb4568a399d98f90e59ff27b624e95d46d051b7bef8fbc835e473c216ddbf19270a811a0dc4113c1541e5b88f265d3783aca582bb912b99a07171e04ada8998e64852c4f4c3622add3647c8a3c215c0361f6b39657aba2e12020bc609184732710e21afdd7df037af3d1dc56bc1675804947846b83c4780ceeecafea9d49812a1fac8d45d25f764673a8a47deb9df4a87bb4e046708fe5be2dd1131ca5aa33b81b1551dc693dd549b68e0df2b3a14bdacf7984e616319224a43f8a09c704e7bb6b2aaeebf4ecf229bddfe0d90f4ea33f46f9eb41f76a5f7f8d31c89fb618613ba9fb890ed5da2b084f62466b792ce0c9b8138146608f7198e0bbf501b6f3d824ba27b4703264e85ac9ae64f541aacd9334e999c96c8e0a39851b825edfebe6343feb75f882df019463dae86ac7ee6d805775a158607061d1efe3fdcf1085780b41061f496aa18e533af910a9bfffab4f1b68c7f33cca03ed7af52e0df87a84fe4579737c0db3cf33cf06fae89e55205fba24d018ee0bcd404968cd609c55982aad3c3d454464fdc7b70990f255aff7f86511fb355c8d70ebd13802287c8ae33438aac3c61a8bb5f7fb95aeb1f1c842fd72fcdc14afc4355f82d8f7cd702480245f8c0af82fbb47ced8d0a670ececb6de75a726f944a77d51c086da8e59fc903d0f68835111f3df63355247ebf3ac30a11c3ba07cc4ce1246600d753a0dd9abc75fe00eff271d387aeb084503fb90730b1eec3ff98b6ae498956e496883e1f87dcea5bf3b5b9164f03ad946f75c39b9d9d715aaf3bf2223c5388f2b344211c831127f6ad852cf0e90dca87789bb679e28dd6586d4462a780eae08580b7b6ff29684841c51ccbc5ae97d7d70905c8e5ef1f360e5630bca372d8b0b3858c48ff79107cbd5bc6a01cd116ea4e1cfd66fcdc2f50557f667fe0f04eed50e3eaaff2e6c7d9151377b8f3b54404dc23e49d88e452aec411b61bd7ce628a806403674ff63ef8deab3f3a34f29316f2fa3d3f5a4d97bd3f79ebca7c826ab88bb33ba6e06d68b02ed0948bafdf10a64f4b61c5e951bf1ffaef3d0f7b20d34486efd9637645bb66e1819ba9a07c8c47e0038eb49b47b40e4c61530b941ecaa65121c18d34bde25bdd824e67d94a278864758b737114f67a9e7b695bb00f22203690d1fbd6553d5601480cdea3a63377eea946132db804493b5cb67c457ff5cc1aa3e7d938c585091e5c9392e7531ad02fda9b6490337801e5d78dfc6f5d0050fcc407c42c29edd696978320d6eaaf86365f04722105f06a924363cdbd3bd055c73f2454e7b1ec9045ec297e64149fdff7ece3e563e49c535848df17f6ca6497e5bbab8dec6d3ceae685edf30f13bed1390949556c4a998bfa6d8bfb0e398920ecfbbf97c105205b9293c03ba6f7f203c7b00e3b2667be876383986c996df290c9d7140ff82ddc6b5b5c97f86ffada2e30a60c5e924d7489282b7ddeff99a91bc3b705d7b7e04075bdcf5d078881abd50d5fef8dfa1c1755cb71cdc63df55394304a145476420a7eafaf9ba751e364479ff5cb9405e719f75ece94ed0209a70acb8f87e0d0a3b605392dcd8904f42f7a1d5a5cef09eab34808b61242dc71aaff67b818bbeb6c1dd4f49b90a34c720a95c07187a261ca9a4886d189a55d2973a23a7b8021f5332ce717176f53b6cb0657cd63f69e37758845fe894ed0fe4ff52560afa3e30ecb2ddd187514a5c68da23ca0eb84907c0ba44b4016429166e7c37157c55248cf7dc756e7c00da8cd2423d73ce962bc73f05576daf813a12bf4e443e7b15f0021ed40d49adb3b8c21de72cfb4ae749df44adca07d12776fc6d1855a92330d5c54d04553356766b2d192b09c1601f660244f9e7fefa999d98af23937884806cffa62cc452660fd7ca54e9ca2e0920ffea63661056eedbf16c72528eb37785841d9c14efb79f97735698f50870e5944232884b103668c3961a8ce9a809bdee791adec4690cb571eeb8c04fa0e74f22b8acfe2e7bc505ef641b26f934125916d5ef89f209c9092af2c4c90a1624c808eaed9fa7c6744ce93b5d2ac9721fbb53c2e63bd7ea7a1921c352418202500fb14331687cd13b5a5728302c6de9f00a7afb0b969e23ae2c336187b166ef9d15c37744ec0e7599a4a8ecae49d7aeb17613e4a6e60819b62037778b5cbd4dc2fca96c3e5be41991c79f231578675578a5f3b600b3135c2266a06878285a3bf64dc897aa6ee5c3fc1c16275eb5ab29d98d698b86545aa3113b0e43fd17cf601e897832c36b9e930c9bfcc97e998df657af4a2082c82a1bd6106e62f11a154589143d7eb8e4e4a7626f7d877cf13ab133f1331fc0468fa6fd3c493c1e354a4a8e08a6be2adc4421102981d5ce1e0982a598947a2ccda61976ceb06472516b73237f026724612977f6a257fb236f39b6cf2d3615e5190ffb695115797a90226b47b57a546191606865db4d4f9a7ce1787dd18b700a0335bc1ae4649bef60d5c9e10884a117b54b2680c6c699441efb8a875527e2da77aa7ff700a9d4496ebf5484f0eff76bff6a67f25b1d475c7aaf1358cd2ada58e129b590e311eb9bff9c215420eefb76caf7c75d968fb6c6e46f7fb84b72558f76e444300ce6a309a0f32ef86fb920ba8bbbb852a26510f34b6c0deb34798a51a778d840c044bee755c679313ef92965209231ed0d975ad0097fce68c9e9f2bbbd4a17fdd8da9a9097fb0c1143574554ca3e7e9186c9e1eb41d8b2df1e75966457a0a68710015c2aa7d8379bd6888eed92ee0d0842b01cd6d4d02eeab8f32ff33940d1078e25be941867ba9c636f789e303946642ce7300664483c19363e852325fa7d1de7ca061fda1dd8b7a09a287e287f0ab20a487fc2e894e812f7ee742b09cf043fbbc98b524e25104290300582824e1ebcd04bf70f12d0cf0fd8c3d62343d9d471242e6f98de7d0f131a005c42c5b2551ff80b521809d98c2bdf1bfa9214fe95f3910807783dd40c958bc2b7319dfc8de8e8e994ecd14fa4a50c545016c2a571e89a19e07db0992efa94a0b7d635b10aafdff36a274ebb3f1f24e4f9dc787cb4988d660f832a45661c31619461a1814634140029404bc1c4997adeed99af7d4fa99fcac709aab1e73c4751390202eabd4273d98ff5a89e3fd6e5f70b4707aeb42d76a5a136fc1a69332827bc14e7e0b340751592bfced9ababdf733fbf1dd72672bd69057540aec634bfe4596177570aa69fbd8814196cc3615c1ac6f61441e5c9626ecad13e5bc857255f02d54471b5a687a6ecfa9bf4f43d88a6152e828da76fd259c697217e28848a3d256793ac4fbfce63b8ec7a56fad09e8a0a5f7881dd397493fab2edc3ba94b07023afdd3b8f6cba2a4c2663b85b51bd6e9d2edc0de39e82cd32f39c25c4958503c05f712aa7ccf5e1666b2cc3e1ec156ef9990ffb51fdc1cb8f69b3600f500e206bc4c44fda5b28443cf3e2a9fda18e86f10b55e5b1431ab709ca336aca3442ab89795567cfe21eb0ce1265b89d2bb5c1a2e07aeb3b7d9722b0d5bc21df7ec00f5c3bd9498bb1b4d175baa6ca83232d2ae3795f0fee8c1b0fa63aaadaeaff0314c7f9ed9c68bd4c9f44474e037de4ba5648a1022dde1aa7fbd83ffc410899f9db0859d4215a38798f459fb15d46715a55524c26257943cc464b0552469157acf1444557d8f1c45712502adf6d976eb30f505b5200ba2789c48392fa531e9b7ac6f832de7333e781f466d357d5e6b273249b3d7ee16b3b26458c8a5b73fafb81b2e11f6cfabac3da89cc45d46b35ad695b27042955abcbeb657a44e82bd70bfc71a1cf5b650b59f913e399334f9bee7bf8b270c36a336b532fbc6ad7ef3f896445c88ef7d3deaa3cbfa3eb09e81fc698a2b25c1ec74059fc0f2e7eab84a321cc6d97d891858b1b61014a0f90eb40f463c9ebd4b89de21927c454a0000cd6b494b19c84fa9533f29c345fe20c7f6465cde0be77673d3608880398ff09354fb535f3584b9bcf6041f427e180de3c27ee80f5121008984ec0de2ab641ba1a907ea9166a3a2cd965ee596ef619df0df260cadcb0522c8e5baf3d5c87a0d9a5a257430c70c7a26ca759d501e89d0fbdc46ab631cd1c84c43ca6564cd5953f103d0c1185f9efaf2497f2e20330288f4fb17391a6d173ad146a9d1d9110fdc40cefbfda8ec2baa079156a2fa441f49bd30c7585f6d12a4138ae8fedf3d6d15cfdd44c5eafa89fac42c6fd959f5610233330ece80174948ceb6261677fb34010de8d94da68f23376b694463b526a5b429d70c890c606a7c3f3735cd6f06b0d6f904b4f24cf9eb01492e90a5d64c8374a0dbe654b85cce27abbe85eb9a60e835cc6b3b711575a03df271f54c956160ea796610586d8d3d326c73cf774b50d9db2adaae7fded30fb598459f39253e56d0c3d4dbd998c8fc93a1b6570fe0f99a0e4ca0cf58592c6adfe953b984e71a3d5b4578a5cad9bbd82e580775f45bd41d4ee0"}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f00000012c0)={r7, 0x0, "bec86f27591976173c21005287854492d18927f10a75e74d5fc395c9ed8b1af7dcbe05b5b6b92cf2ada14cb6aa09f2ea3473c47ba6e774c8e39afad8510207444c72ea733b05770f9dd1771178ded332229a1941e2ec2afd920e19f47af3cfb23c597ab467be6fff16d2b8912728faba5a7427719997d4a4295520ccf4d7c60ca899e4d0b7ec737d740521a47fe4c3a09df9026898722ab0404b4c65956250e5d91187b7c9d5c59c3a368db2f811b53e7d4c1935ac82d632ea17558b1d2adf8cec49e88f3a21eb1e9b1f9994bad71c7e6f3e579e2f1d26f36117a6e6e0df1b54df1a620592fcae6341a3ddb349dc3abd770ad1af41cb04005d7494255d27b772", "105f6d8b357ce94398cafcae0ebed96a182f43aadcbbdfef96b16d1c33f36f7a06171722b253818b7b83e161e372ea595fda2beaf3ff28c7172b475a1174046fa0c1524b9099abe63ea3b667d49ea064ee44fd1dd7ae98c4c091a6ff0734aa8f14591b079815ccdf5f9e4ccde0c2189949b065675b2bc1da49e7ca223ed9a4325739f2f641b7ce69abb5f3b60379be69c2157dd66e076fca4e14593eb8029f2c367766f341fa881a028babd94c19da1e6f90167b55c071a2f6f65bc7dbe33175f041368f379c67568cc0eb9ae53dc243ec432c6ee4099c68c82460ae6802e4df328484d582c188c3646bcb7a7b3d15e6cd40031123047e954ea895719b1d618437c09939913d90e108f5d473084c4f0cdcbfdf4b5e45328289380322ed658e9c3ff308dc73d84e81a5eec04e16cd02bb1ad66f704f1c326bdf3407c87b21ce2fd104a504a5cc2e80cf8c20a32e2fc3e5f41ba5ad344bad89d60a0610259d0dc7bd07ba145af8aeea4b46d539d1915c9c998a4069665caa95cdebb944aa9fc7ce5003dd5715fd78778453dab557b29e1fd83eadbadadcb2a7baaebc3703766431a4c88c8c743f7f80422ce78b61531be10e22a164854f147d95f65b5e15a5948f862e001691287903c91ef11621500ba30e8716dbb88dbd344a6487f7427f2293fbd9b7aae2e92a41e7ace8014b62054c77a5af3416ce0ded58c7bcb1538cc4ccafa305a04c5a91318e605dd4eee7369630ba96cb24a8931cfe33d4615f5134de46fdaafde67ddec63c615482922cbc2dcc5c1afc3d8a7e35618509152d3030074d1684d3b1f2f9e5b4bc6ec53f86f27e719d09a5621a6053ddf74493170f30d44561a7db2a1e8f4553d3b915cefe0725f601b296cf3ae7459bb963082d400b62b3b0acf2bce8e82519ae4d9cb794f827a87bedd0573dc48fa3ccadec295b223ee12b8a3e5386c3f04a711591d5a3da5276a1e5633a0c034011e82cefbf0be2303a29293a79522f741be1c33b202e3fdd3feb955c415302c2eb934130efc58263dc007e579287f668e93d1a8b7100e8e4a878b025b151b3785640eba103eb8e3bc3dd98f12f9ee9107904a008ca2dab345dc51e5b60befc8827e92739b81f5d27d86749ce688bfe20dceacdba9e22952122726b8f0683e6a6eb9c0fbd85770befb150329dbdc64ee3a12dff85524216fe475128a8d73088488d4a2d0ae3a10a2a3e0bd69ae3f2fb6948b26a4cdf671b0c9324ac05205ca0187d56f5a67a5d9b4618ffde256f1ebb8d345c0779d62ffb26392321fc0eee53c85a2177c9be85c3ca2c4e80939c85be941bc46fdb1bed41165a86d8be89010f9afb50823a2ee36b985930b5405ce9f64f87e722fd801ba87bba7a92909623e8fc5fd4266ddbe8fc8fe01c43aa59b9cb8615c64998e28ee45ba18abb5934442eb117a6751d01d5328dad3505246531d2f6a53dcc4cf41fcc9c5d65411e41431c7e06d463b6ad5ebd31625ddbb083d9c1c6a718ff4889c4c36bafee42025b25bf498464e1103ac0b691fada1c4e7931c5cd53d39e5b1f8ac382946185486bcbb4a6aa5ede5312160ec6a14df17503696116a8eb1f1bf11a373be4d5d6fa43770ffa9c1d13ca9e1446620a3e229283ff23dd79d1d988d2378a67a332fb1bb0ee541d123e7135a90637483dbef6d3ef08d40884c8e6b64fb103356735f3e2aefdd99b8b5f5787eb4bc18677016103dc1846626db4665139360862990cc7857b442f9209eaef4f3d8c7e5b2c676d4f797e4901aaad71dd02d410a50bceed9ae71e496f53c2b273f405cdc5862cc90fdff83578232c384bc0db27a82e939940306871e3dfd22d8c58d64f06c687a0bb7070b73760ca1083e4ec3bfc1cf7ba1d03859cac5ae848ef0d0c279f6c2e46d589528ea9869eef531023a55e09aaffce9f2da91b0e3e75a146adc587602c53b4e755dc2eab4b67a981bd4b6c8cbfa8523300f28900cf24d83b4e4110a22ea33f864197ece469d8b2ed333568d475ce281669a50e7a898f5effdd263cb7d5cfb9e2fed1f64b12c3c377c0057e9a6667ce0378506253b1d3c95859db41403ed0d7d5aa66214ef6ac37ee075754ab2407825f7d31c3b9625ae1afd47c2161773137a436d163ee1063c67f38b2b87f4d637c3ecd47a32221762f62c69e3cf38b628a20a6b26433c29ecd60361b284c5fea5210ee9231c9a667662e2c7381d9e4d3f52a27b8f8cb01cfaea800520981591836de586c170b8638eb6ce17c1c195fa113d7ce0cb272a3812b7ef267c92a28877b1ab703a54ffbbcf02843b052940fcf64ff72234f59db8a69c0134a23eda24a94f803d3e3020e0215073eefadc9686f2c2bf5c799a20018ad9cfebaf1fee530fe64468b1b50c67a1272a3c43042f1c44759db37f9e218e4aee8c35fba9d3c1e3b8597a57c542a65d6da8686a6cc8bdb6a37658ff94d73ccc5e39094bf161738134fe4a4033e61c04a4b35696193cdb68b81835aaa9593ea2c18393c1f545d93e125f854e4a15f450dcdb681ef767621538512d6cb6c09d8c5e065fb0672e76e1088f9413dc48b4a891821bc932aae62c76b5651ffe530f7a19d368e0d8da16a4e3a59b9c1e2ba510d3b265c7e71efa892b5275a17c57c633abf7c8688ea07fa8931203d5f75241676314bb8eef5f3376673503027d287467dcc50ecdfe52d5000cd715602218667e240101910ab8d5dbb04b03a34ae1392e702433b0ba4848573b1c7a22182ebf026b9c49e271f45baba51f3ef11ba40198b351802cedb42c0647403f6463757b92b5bad4bbfe7f1f1069162c550c8bcd3e69425f2136574de0f6b2aef8fc8714b081425a037edb956bf55e6d0896d1714ad7e819e3ed761f6ccf52791d43424f1ea093e75f4f5241776dff7ef9ff66522bdced2341c55dd4425cbd5742a7c3fd2301ebba73b4442bf43bbef1a903371c339906f7668b73130c2449c1a0b624011a6761958f084bfd80e850cbca7d14681d046eddedbccd56be660fccb7d393bacc6015eb879134d911a2fe485712213f177ac4d73044de04647540681facd3aee75a940d2c5c3b9237a2785692104f1350fe393199b6ac3c43b1471c846bae6fffec87e5f546b46975d41be7a15c504166e18218dc84fa6c0d47254993f0d763042cee56b96deaba7c0d698534f21c2c17a3ea5d138613285ea096445c85fcbd1db2483d2bc7bd5a0090432c39190e11ee806ce169f1c1eb8bb05e002214fe729875143b2e02f9ca950a82c2074ed19d2d9ad69f8133114609d0d857344c95b3bfd44557900a731487c8a5bcfc19d4904b6c0b37bbd527d550e285ff259f2f4bb0f6ef9d10a356ebdb2459f47b09e4d6c29e0b239ac4d18a0fd07daf05d0717544f86c7dd5551ed28f0f937c7378711008c2bfc642a61825d191371214afd6c9c0a9969e09db2afa7b19da606662ac5db8bac374d60662e085ed3e1474cdc55ff70353f128a8b125679636f898dc31e21bf7b4f064a5b65cfc97d7f1def3adc7a48b9d00f83bc870d3424a27c6bc754f3fd92bac451c42eab74312c9b75d688a4028a58b67cc5bfed8a9b4498f3dbf1b2d31e608f7740004852d1a754467c8007d8aca4f636e4d7d809aef5f2bd6168725e9f53128e23f0001e549e7258cca6442e87f828e004221af1ffd2d53c009d42cf233668de758640b3a67aeb9832e95118dc61ea6977a93cabf4f9e85f7006a23a900c37a96c2b3bb2dad7737bd48f37766756a62fd0658e80f4f679e6c22ad42322bbe433329512f4c66d6144775a421f48d238a86d20c618082d0155bbc0a52d7a0fd198cfe372ec4eb8b169a73b6c51a50427d21f3f3c8e6a8f8919925d26455e141ade5ff6f9b6762fedc2c96fe4221d33c81a97ed7fffad03f040022c5326952dd55c6302ce623ba69d49a5b5c99d3d6480880be7a9d2fa9a4d9f670b978795a4f420408afb01fc638b53dadbf07b527eb4fbbed85e8a114bbc194a93ef1ff93a6d46dda5ab4a5e4734ff3492ab41440be9f039cab0d6b6a7ee941a8d2183d459308a128a0d2455449a3507d1786753f5f3e3b4168f45e6690b7b7951d257e7f30007873064418cf71a37479a8df37d43ed6745157be3defb4b6095a769e5e0606ad84330029b05683b4342fe2719789bbc8c657b129d4f962fff8d7c1003d3c4908b25c32eee78fb87f34a77cf14274b1a06078c96b88b95684fb614644c04dfb075ebc03c44685bed9030e7adac0d3c6a6ccc88e7f2ed3e6674d4c9fc101f825e2a9cf5079270cf4eedac9f36ec9075ca870c0ab36c08410dc70f804175d48bc5e7b613467cb441e629f5667ccdc7a72f7f3396035e7185f14e71fc9a6bca58c810608ea1db092f3bf6f5c4dba8f008bd29cdeadad0eddbb2fb54288f3dfb095dae1fe43fe103511dc51cbf90abdc8bd5f6490014a869ee387626baa596c7e36d34e4fc6961ec3ab088fc802a7ffcde29e5de603a12377eb47ca0b9f92d478fd110584533cf8251531807dad6f1dd09406ffa5e21026edba53be184ce4a4fe1793212a52fb8183a2e62e9de94ed64be2d0834626e23e8615af8faedb15f205ef48632423e708fff113ddfee8acba2ab0e81da7941313be242b0ba050acf68f16f9d02df7cae604f82dece17e945e3572bcc4a630e10c0722509ae52cdb0fc610e996b7ef60224baaab4027bd2e67afc5ee426f3a2b10c3d5a79871babdae2e1868f762d4d7a8e5e48babe561fb89f937360fde08d4fdffa6f3e2349eb70d5c564202b9b4d15768a2558b11ec5cda27c926896c8b7397c51f184d0b4462550d1ab15804402110cf44212511735f7147bde2b0c42867aada954fa1ceb9f23ba6924078b8aab98596b7ee80e4bfa3d3831800adb081cea7771e66da5295eab4a0e9353f9088277470810ac0d59eb224043c52e48a1eb152223b5a7b4bb367ce064c5b43898a4fa1a0399a19287e12ea30dc6399cae261d6bdb60a6e549d36a2c0d8351b1dd15479a762684afe21e826a247dd518147dcb44904e0f5adf1abd0973e3518f7851870b48666f817d66f4fc16681526013782978c0961c867c8d6c62b7149a563370a0cface8b6034c7b9164c4e53175e203bb8f4d21c84bb663e3afebd10550472fe1e2de81bde59357ce6a04d712bdf085557845234d9f29499596763497cdc446b7b637ae6ea4d820ecd7f50dfab84a37396fd43b40feb820050dd8b3eb9ae1e90a9e8a049bff893902c7792f2f1655b99740c67d2109e89f64795df9fef1bea203c9436032c36d53a362005dd530eb0ec667f7f3767b2efb205ae77a92ab203d750d2acb227de3b335a094aa31472abdb79cf7f395b8bb428be741e1e7fcf7ea96ebff36781bb3ab1746d7c7eb0d3df84223fb207087d2d6e64e4578f"}) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r6, &(0x7f0000000280), 0x6) 11:52:01 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x1000) openat$vicodec1(0xffffff9c, &(0x7f0000000000)='/dev/video37\x00', 0x2, 0x0) r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f00000000c0), &(0x7f0000000100)=0x10) bind$bt_hci(r0, &(0x7f0000000280), 0x6) 11:52:01 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) sendfile(r4, r2, 0x0, 0x20000002) socket$kcm(0x10, 0x2, 0x4) [ 414.662418][T10188] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 414.675135][T10188] CPU: 0 PID: 10188 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 414.683869][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 414.693981][T10188] Call Trace: [ 414.697368][T10188] dump_stack+0x21c/0x280 [ 414.701806][T10188] dump_header+0x1c5/0xcf0 [ 414.706334][T10188] oom_kill_process+0x388/0xb00 [ 414.711287][T10188] out_of_memory+0x117f/0x16a0 [ 414.716189][T10188] __alloc_pages_slowpath+0x303a/0x3d10 [ 414.721897][T10188] __alloc_pages_nodemask+0xbb1/0x1030 [ 414.727494][T10188] alloc_pages_current+0x685/0xb50 [ 414.732729][T10188] ion_page_pool_alloc+0x73d/0x8f0 [ 414.737940][T10188] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 414.744096][T10188] ? __list_add_valid+0xb8/0x420 [ 414.749135][T10188] ? kmsan_get_metadata+0x116/0x180 [ 414.754446][T10188] ion_system_heap_allocate+0x509/0x16b0 [ 414.760226][T10188] ? ion_system_contig_heap_create+0x230/0x230 [ 414.766474][T10188] ion_ioctl+0x8cd/0x2140 [ 414.770939][T10188] ? debug_shrink_set+0x240/0x240 [ 414.776047][T10188] compat_ptr_ioctl+0xe2/0x150 [ 414.780890][T10188] ? __ia32_sys_ioctl+0x70/0x70 [ 414.785799][T10188] __se_compat_sys_ioctl+0x55f/0x1100 [ 414.791247][T10188] ? kmsan_get_metadata+0x116/0x180 [ 414.796502][T10188] __ia32_compat_sys_ioctl+0x4a/0x70 [ 414.801852][T10188] __do_fast_syscall_32+0x2af/0x480 [ 414.807129][T10188] do_fast_syscall_32+0x6b/0xd0 [ 414.812044][T10188] do_SYSENTER_32+0x73/0x90 [ 414.816619][T10188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 414.822992][T10188] RIP: 0023:0xf7f05549 [ 414.827088][T10188] Code: Bad RIP value. [ 414.831186][T10188] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 414.839655][T10188] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 414.847667][T10188] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 414.855679][T10188] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 414.863794][T10188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 414.871805][T10188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 414.879947][T10188] Mem-Info: [ 414.883302][T10188] active_anon:121456 inactive_anon:4871 isolated_anon:0 [ 414.883302][T10188] active_file:2220 inactive_file:11034 isolated_file:0 [ 414.883302][T10188] unevictable:0 dirty:17 writeback:0 [ 414.883302][T10188] slab_reclaimable:6571 slab_unreclaimable:18615 [ 414.883302][T10188] mapped:38823 shmem:5055 pagetables:2938 bounce:0 [ 414.883302][T10188] free:207418 free_pcp:302 free_cma:0 [ 414.920472][T10188] Node 0 active_anon:466680kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110312kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 303104kB writeback_tmp:0kB all_unreclaimable? yes [ 414.947947][T10188] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 414.976982][T10188] lowmem_reserve[]: 0 896 1124 1124 1124 [ 414.982790][T10188] Node 0 DMA32 free:39616kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:439628kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:896kB pagetables:3704kB bounce:0kB free_pcp:740kB local_pcp:452kB free_cma:0kB [ 415.014335][T10188] lowmem_reserve[]: 0 0 228 228 228 [ 415.019628][T10188] Node 0 Normal free:9896kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27052kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2836kB bounce:0kB free_pcp:468kB local_pcp:328kB free_cma:0kB [ 415.051481][T10188] lowmem_reserve[]: 0 0 0 0 0 [ 415.056322][T10188] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 415.068344][T10188] Node 0 DMA32: 636*4kB (ME) 444*8kB (ME) 291*16kB (ME) 178*32kB (UME) 120*64kB (ME) 47*128kB (UME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39616kB [ 415.085065][T10188] Node 0 Normal: 834*4kB (ME) 256*8kB (UM) 112*16kB (UM) 39*32kB (UM) 3*64kB (M) 0*128kB 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9896kB [ 415.100562][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 415.110243][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 415.119659][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 415.129476][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 415.138885][T10188] 18343 total pagecache pages [ 415.143666][T10188] 0 pages in swap cache [ 415.147879][T10188] Swap cache stats: add 0, delete 0, find 0/0 [ 415.154065][T10188] Free swap = 0kB [ 415.157825][T10188] Total swap = 0kB [ 415.161604][T10188] 1965979 pages RAM [ 415.165536][T10188] 0 pages HighMem/MovableOnly [ 415.170248][T10188] 1433455 pages reserved [ 415.174589][T10188] 0 pages cma reserved [ 415.178756][T10188] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=10531,uid=0 [ 415.193716][T10188] Out of memory: Killed process 10533 (syz-executor.2) total-vm:93044kB, anon-rss:2188kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 415.214211][ T1904] oom_reaper: reaped process 10533 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 11:52:02 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:02 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$USBDEVFS_GET_CAPABILITIES(0xffffffffffffffff, 0x8004551a, &(0x7f0000000000)) bind$bt_hci(r0, &(0x7f0000000280), 0x6) 11:52:02 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:02 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$netrom_NETROM_T4(0xffffffffffffffff, 0x103, 0x6, &(0x7f0000000000)=0x8, &(0x7f0000000040)=0x4) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280), 0x6) [ 415.850445][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 415.863685][T10165] CPU: 0 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 415.872425][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 415.882536][T10165] Call Trace: [ 415.885924][T10165] dump_stack+0x21c/0x280 [ 415.890466][T10165] dump_header+0x1c5/0xcf0 [ 415.894990][T10165] oom_kill_process+0x388/0xb00 [ 415.899935][T10165] out_of_memory+0x117f/0x16a0 [ 415.904819][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 415.910533][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 415.916111][T10165] alloc_pages_current+0x685/0xb50 [ 415.921356][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 415.926557][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 415.932703][T10165] ? __list_add_valid+0xb8/0x420 [ 415.937735][T10165] ? kmsan_get_metadata+0x116/0x180 [ 415.943048][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 415.948813][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 415.955065][T10165] ion_ioctl+0x8cd/0x2140 [ 415.959535][T10165] ? debug_shrink_set+0x240/0x240 [ 415.964645][T10165] compat_ptr_ioctl+0xe2/0x150 [ 415.969497][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 415.974430][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 415.979927][T10165] ? kmsan_get_metadata+0x116/0x180 [ 415.985219][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 415.990605][T10165] __do_fast_syscall_32+0x2af/0x480 [ 415.995910][T10165] do_fast_syscall_32+0x6b/0xd0 [ 416.000859][T10165] do_SYSENTER_32+0x73/0x90 [ 416.005458][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 416.011825][T10165] RIP: 0023:0xf7f05549 [ 416.015911][T10165] Code: Bad RIP value. [ 416.020009][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 416.028473][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 416.036489][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 416.044498][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 416.052508][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 416.060517][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 416.068685][T10165] Mem-Info: [ 416.071975][T10165] active_anon:121028 inactive_anon:4871 isolated_anon:0 [ 416.071975][T10165] active_file:2238 inactive_file:11156 isolated_file:0 [ 416.071975][T10165] unevictable:0 dirty:27 writeback:0 [ 416.071975][T10165] slab_reclaimable:6573 slab_unreclaimable:18615 [ 416.071975][T10165] mapped:38814 shmem:5055 pagetables:2988 bounce:0 [ 416.071975][T10165] free:207130 free_pcp:296 free_cma:0 [ 416.109123][T10165] Node 0 active_anon:464632kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110332kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 301056kB writeback_tmp:0kB all_unreclaimable? yes [ 416.136511][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 416.165532][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 416.171393][T10165] Node 0 DMA32 free:39612kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:437580kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:896kB pagetables:3704kB bounce:0kB free_pcp:736kB local_pcp:452kB free_cma:0kB [ 416.202965][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 416.208265][T10165] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27052kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2836kB bounce:0kB free_pcp:448kB local_pcp:308kB free_cma:0kB [ 416.239806][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 416.244672][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 416.256719][T10165] Node 0 DMA32: 637*4kB (UME) 445*8kB (UME) 292*16kB (UME) 177*32kB (ME) 120*64kB (ME) 47*128kB (UME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39612kB [ 416.273534][T10165] Node 0 Normal: 835*4kB (UME) 245*8kB (M) 106*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9844kB [ 416.289340][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 416.299022][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 416.308439][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 416.318134][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 416.327530][T10165] 18485 total pagecache pages [ 416.332254][T10165] 0 pages in swap cache [ 416.336570][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 416.342764][T10165] Free swap = 0kB [ 416.346526][T10165] Total swap = 0kB [ 416.350290][T10165] 1965979 pages RAM [ 416.354234][T10165] 0 pages HighMem/MovableOnly [ 416.358949][T10165] 1433455 pages reserved [ 416.363303][T10165] 0 pages cma reserved [ 416.367441][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9382,uid=0 [ 416.382279][T10165] Out of memory: Killed process 9382 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 416.402341][ T1904] oom_reaper: reaped process 9382 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 11:52:03 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) sendfile(r4, r2, 0x0, 0x20000002) [ 416.565556][T10198] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 416.578609][T10198] CPU: 1 PID: 10198 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 416.587339][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 416.597426][T10198] Call Trace: [ 416.600786][T10198] dump_stack+0x21c/0x280 [ 416.605184][T10198] dump_header+0x1c5/0xcf0 [ 416.609683][T10198] oom_kill_process+0x388/0xb00 [ 416.614604][T10198] out_of_memory+0x117f/0x16a0 [ 416.619456][T10198] __alloc_pages_slowpath+0x303a/0x3d10 [ 416.625125][T10198] __alloc_pages_nodemask+0xbb1/0x1030 [ 416.630670][T10198] alloc_pages_current+0x685/0xb50 [ 416.635979][T10198] ion_page_pool_alloc+0x73d/0x8f0 [ 416.641153][T10198] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 416.647271][T10198] ? __list_add_valid+0xb8/0x420 [ 416.652354][T10198] ? kmsan_get_metadata+0x116/0x180 [ 416.657629][T10198] ion_system_heap_allocate+0x509/0x16b0 [ 416.663462][T10198] ? ion_system_contig_heap_create+0x230/0x230 [ 416.669708][T10198] ion_ioctl+0x8cd/0x2140 [ 416.674133][T10198] ? debug_shrink_set+0x240/0x240 [ 416.679211][T10198] compat_ptr_ioctl+0xe2/0x150 [ 416.684045][T10198] ? __ia32_sys_ioctl+0x70/0x70 [ 416.688946][T10198] __se_compat_sys_ioctl+0x55f/0x1100 [ 416.694392][T10198] ? kmsan_get_metadata+0x116/0x180 [ 416.699653][T10198] __ia32_compat_sys_ioctl+0x4a/0x70 [ 416.705006][T10198] __do_fast_syscall_32+0x2af/0x480 [ 416.710276][T10198] do_fast_syscall_32+0x6b/0xd0 [ 416.715190][T10198] do_SYSENTER_32+0x73/0x90 [ 416.719762][T10198] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 416.726126][T10198] RIP: 0023:0xf7f05549 [ 416.730218][T10198] Code: Bad RIP value. [ 416.734320][T10198] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 416.742799][T10198] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 416.750809][T10198] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 416.758829][T10198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 416.766839][T10198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 416.774849][T10198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 416.783020][T10198] Mem-Info: [ 416.786422][T10198] active_anon:120463 inactive_anon:4871 isolated_anon:0 [ 416.786422][T10198] active_file:2240 inactive_file:11220 isolated_file:0 [ 416.786422][T10198] unevictable:0 dirty:2 writeback:16 [ 416.786422][T10198] slab_reclaimable:6573 slab_unreclaimable:18613 [ 416.786422][T10198] mapped:38815 shmem:5055 pagetables:2965 bounce:0 [ 416.786422][T10198] free:207099 free_pcp:298 free_cma:0 [ 416.823852][T10198] Node 0 active_anon:462584kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110352kB dirty:0kB writeback:4kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 301056kB writeback_tmp:0kB all_unreclaimable? yes [ 416.851315][T10198] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 416.880499][T10198] lowmem_reserve[]: 0 896 1124 1124 1124 [ 416.886422][T10198] Node 0 DMA32 free:39644kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:435532kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:896kB pagetables:3704kB bounce:0kB free_pcp:744kB local_pcp:292kB free_cma:0kB [ 416.918026][T10198] lowmem_reserve[]: 0 0 228 228 228 [ 416.923457][T10198] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27052kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2836kB bounce:0kB free_pcp:448kB local_pcp:140kB free_cma:0kB [ 416.955185][T10198] lowmem_reserve[]: 0 0 0 0 0 [ 416.959974][T10198] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 416.972070][T10198] Node 0 DMA32: 637*4kB (UME) 444*8kB (ME) 291*16kB (ME) 177*32kB (ME) 121*64kB (UME) 47*128kB (UME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39652kB [ 416.988879][T10198] Node 0 Normal: 835*4kB (UME) 245*8kB (M) 106*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9844kB [ 417.004757][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 417.014508][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 417.024004][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 417.033768][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 417.043226][T10198] 18566 total pagecache pages [ 417.047947][T10198] 0 pages in swap cache [ 417.052209][T10198] Swap cache stats: add 0, delete 0, find 0/0 [ 417.058450][T10198] Free swap = 0kB [ 417.062210][T10198] Total swap = 0kB 11:52:03 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:03 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 417.066226][T10198] 1965979 pages RAM [ 417.070073][T10198] 0 pages HighMem/MovableOnly [ 417.074928][T10198] 1433455 pages reserved [ 417.079255][T10198] 0 pages cma reserved [ 417.085947][T10198] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9359,uid=0 [ 417.100876][T10198] Out of memory: Killed process 9359 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 417.423454][T10587] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 417.436185][T10587] CPU: 0 PID: 10587 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 417.444923][T10587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 417.455032][T10587] Call Trace: [ 417.458428][T10587] dump_stack+0x21c/0x280 [ 417.462861][T10587] dump_header+0x1c5/0xcf0 [ 417.467392][T10587] oom_kill_process+0x388/0xb00 11:52:04 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280), 0x6) [ 417.472347][T10587] out_of_memory+0x117f/0x16a0 [ 417.477248][T10587] __alloc_pages_slowpath+0x303a/0x3d10 [ 417.482972][T10587] __alloc_pages_nodemask+0xbb1/0x1030 [ 417.488660][T10587] alloc_pages_current+0x685/0xb50 [ 417.493896][T10587] ion_page_pool_alloc+0x73d/0x8f0 [ 417.499112][T10587] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 417.505264][T10587] ? __list_add_valid+0xb8/0x420 [ 417.510285][T10587] ? kmsan_get_metadata+0x116/0x180 [ 417.515585][T10587] ion_system_heap_allocate+0x509/0x16b0 [ 417.521498][T10587] ? ion_system_contig_heap_create+0x230/0x230 [ 417.527738][T10587] ion_ioctl+0x8cd/0x2140 [ 417.532169][T10587] ? debug_shrink_set+0x240/0x240 [ 417.537254][T10587] compat_ptr_ioctl+0xe2/0x150 [ 417.542079][T10587] ? __ia32_sys_ioctl+0x70/0x70 [ 417.546985][T10587] __se_compat_sys_ioctl+0x55f/0x1100 [ 417.552456][T10587] ? kmsan_get_metadata+0x116/0x180 [ 417.557722][T10587] __ia32_compat_sys_ioctl+0x4a/0x70 [ 417.563078][T10587] __do_fast_syscall_32+0x2af/0x480 [ 417.568362][T10587] do_fast_syscall_32+0x6b/0xd0 [ 417.573277][T10587] do_SYSENTER_32+0x73/0x90 [ 417.577854][T10587] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 417.584242][T10587] RIP: 0023:0xf7f05549 [ 417.588329][T10587] Code: Bad RIP value. [ 417.592427][T10587] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 417.600905][T10587] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 417.608920][T10587] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 417.616929][T10587] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 417.624943][T10587] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 417.632953][T10587] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 417.641745][T10587] Mem-Info: [ 417.645098][T10587] active_anon:119973 inactive_anon:4871 isolated_anon:0 [ 417.645098][T10587] active_file:2239 inactive_file:11329 isolated_file:0 [ 417.645098][T10587] unevictable:0 dirty:31 writeback:0 [ 417.645098][T10587] slab_reclaimable:6573 slab_unreclaimable:18616 [ 417.645098][T10587] mapped:38818 shmem:5055 pagetables:2957 bounce:0 [ 417.645098][T10587] free:206991 free_pcp:358 free_cma:0 [ 417.682262][T10587] Node 0 active_anon:460420kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110364kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 296960kB writeback_tmp:0kB all_unreclaimable? yes [ 417.709769][T10587] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 417.738800][T10587] lowmem_reserve[]: 0 896 1124 1124 1124 [ 417.744733][T10587] Node 0 DMA32 free:39780kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:433368kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:896kB pagetables:3600kB bounce:0kB free_pcp:984kB local_pcp:452kB free_cma:0kB [ 417.776416][T10587] lowmem_reserve[]: 0 0 228 228 228 [ 417.781720][T10587] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27052kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2836kB bounce:0kB free_pcp:448kB local_pcp:308kB free_cma:0kB [ 417.813272][T10587] lowmem_reserve[]: 0 0 0 0 0 11:52:04 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 417.818048][T10587] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 417.830110][T10587] Node 0 DMA32: 637*4kB (UME) 444*8kB (ME) 292*16kB (UME) 177*32kB (ME) 121*64kB (UME) 46*128kB (ME) 20*256kB (UM) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39796kB [ 417.846939][T10587] Node 0 Normal: 835*4kB (UME) 245*8kB (M) 106*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9844kB [ 417.862865][T10587] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 417.872506][T10587] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 417.881937][T10587] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 417.891621][T10587] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 417.901022][T10587] 18623 total pagecache pages [ 417.905811][T10587] 0 pages in swap cache [ 417.910033][T10587] Swap cache stats: add 0, delete 0, find 0/0 [ 417.916203][T10587] Free swap = 0kB [ 417.919964][T10587] Total swap = 0kB [ 417.923803][T10587] 1965979 pages RAM [ 417.927648][T10587] 0 pages HighMem/MovableOnly [ 417.932371][T10587] 1433455 pages reserved [ 417.936726][T10587] 0 pages cma reserved [ 417.940857][T10587] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9340,uid=0 [ 417.955723][T10587] Out of memory: Killed process 9340 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 417.973682][ T1904] oom_reaper: reaped process 9340 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 418.251816][T10188] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 418.264583][T10188] CPU: 0 PID: 10188 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 418.273407][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 418.283515][T10188] Call Trace: [ 418.286914][T10188] dump_stack+0x21c/0x280 [ 418.291351][T10188] dump_header+0x1c5/0xcf0 [ 418.295880][T10188] oom_kill_process+0x388/0xb00 [ 418.300851][T10188] out_of_memory+0x117f/0x16a0 [ 418.305736][T10188] __alloc_pages_slowpath+0x303a/0x3d10 [ 418.311435][T10188] __alloc_pages_nodemask+0xbb1/0x1030 [ 418.317793][T10188] alloc_pages_current+0x685/0xb50 [ 418.323031][T10188] ion_page_pool_alloc+0x73d/0x8f0 [ 418.328261][T10188] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 418.334428][T10188] ? __list_add_valid+0xb8/0x420 [ 418.339463][T10188] ? kmsan_get_metadata+0x116/0x180 [ 418.344777][T10188] ion_system_heap_allocate+0x509/0x16b0 [ 418.350637][T10188] ? ion_system_contig_heap_create+0x230/0x230 [ 418.356887][T10188] ion_ioctl+0x8cd/0x2140 [ 418.361352][T10188] ? debug_shrink_set+0x240/0x240 [ 418.366462][T10188] compat_ptr_ioctl+0xe2/0x150 [ 418.371311][T10188] ? __ia32_sys_ioctl+0x70/0x70 [ 418.376239][T10188] __se_compat_sys_ioctl+0x55f/0x1100 [ 418.381722][T10188] ? kmsan_get_metadata+0x116/0x180 [ 418.387015][T10188] __ia32_compat_sys_ioctl+0x4a/0x70 [ 418.392401][T10188] __do_fast_syscall_32+0x2af/0x480 [ 418.397709][T10188] do_fast_syscall_32+0x6b/0xd0 [ 418.402657][T10188] do_SYSENTER_32+0x73/0x90 [ 418.407261][T10188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 418.413650][T10188] RIP: 0023:0xf7f05549 [ 418.417753][T10188] Code: Bad RIP value. [ 418.421868][T10188] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 418.430360][T10188] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 418.438497][T10188] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 418.446532][T10188] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 418.454568][T10188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 418.462606][T10188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 418.471780][T10188] Mem-Info: [ 418.476111][T10188] active_anon:119441 inactive_anon:4871 isolated_anon:0 [ 418.476111][T10188] active_file:2241 inactive_file:11413 isolated_file:0 [ 418.476111][T10188] unevictable:0 dirty:7 writeback:2 [ 418.476111][T10188] slab_reclaimable:6573 slab_unreclaimable:18614 [ 418.476111][T10188] mapped:38827 shmem:5055 pagetables:2949 bounce:0 [ 418.476111][T10188] free:206853 free_pcp:419 free_cma:0 [ 418.513268][T10188] Node 0 active_anon:458248kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110400kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 294912kB writeback_tmp:0kB all_unreclaimable? yes [ 418.540779][T10188] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 418.569822][T10188] lowmem_reserve[]: 0 896 1124 1124 1124 [ 418.575631][T10188] Node 0 DMA32 free:39576kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:431196kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:880kB pagetables:3492kB bounce:0kB free_pcp:1228kB local_pcp:452kB free_cma:0kB [ 418.607306][T10188] lowmem_reserve[]: 0 0 228 228 228 [ 418.612712][T10188] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27052kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2836kB bounce:0kB free_pcp:448kB local_pcp:308kB free_cma:0kB [ 418.644389][T10188] lowmem_reserve[]: 0 0 0 0 0 [ 418.649172][T10188] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 418.661273][T10188] Node 0 DMA32: 636*4kB (ME) 445*8kB (UME) 293*16kB (UME) 178*32kB (UME) 121*64kB (UME) 46*128kB (ME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39592kB [ 418.678177][T10188] Node 0 Normal: 835*4kB (UME) 245*8kB (M) 106*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9844kB [ 418.694072][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 11:52:05 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 418.703822][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 418.713297][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 418.723029][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 418.732394][T10188] 18709 total pagecache pages [ 418.737234][T10188] 0 pages in swap cache [ 418.741461][T10188] Swap cache stats: add 0, delete 0, find 0/0 [ 418.747684][T10188] Free swap = 0kB [ 418.751447][T10188] Total swap = 0kB [ 418.755320][T10188] 1965979 pages RAM [ 418.759175][T10188] 0 pages HighMem/MovableOnly [ 418.763999][T10188] 1433455 pages reserved [ 418.768281][T10188] 0 pages cma reserved [ 418.772403][T10188] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9319,uid=0 [ 418.787340][T10188] Out of memory: Killed process 9319 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 418.805253][ T1904] oom_reaper: reaped process 9319 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 11:52:05 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) sendfile(0xffffffffffffffff, r2, 0x0, 0x20000002) 11:52:05 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x4}, 0x6) 11:52:06 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0x2}, 0x6) 11:52:06 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) sendfile(0xffffffffffffffff, r2, 0x0, 0x20000002) 11:52:06 executing program 1: ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000000)={0x2}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x81208480, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)="48000000140081fb7059ae08060c040002ff0f03900000000000000000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f", 0x48}], 0x1}, 0x0) ioctl$BTRFS_IOC_FS_INFO(0xffffffffffffffff, 0x8400941f, &(0x7f00000002c0)) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)="48000000140081fb7059ae08060c040002ff0f03900000000000000000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f", 0x48}], 0x1}, 0x0) ioctl$F2FS_IOC_FLUSH_DEVICE(r1, 0x4008f50a, &(0x7f0000000080)={0x4, 0x8}) r2 = openat$sndtimer(0xffffff9c, &(0x7f0000000100)='/dev/snd/timer\x00', 0x8000) splice(r1, &(0x7f00000000c0)=0x3, r2, &(0x7f0000000140)=0x1, 0xffff, 0x1) exit_group(0x0) ioctl$SNDCTL_SEQ_NRSYNTHS(0xffffffffffffffff, 0x8004510a, &(0x7f0000000040)) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0x2, 0x4}, 0x6) setgid(0xee00) 11:52:06 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) sendfile(0xffffffffffffffff, r2, 0x0, 0x20000002) [ 420.297705][T10198] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 420.310437][T10198] CPU: 1 PID: 10198 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 420.324172][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 420.334284][T10198] Call Trace: [ 420.337680][T10198] dump_stack+0x21c/0x280 [ 420.342115][T10198] dump_header+0x1c5/0xcf0 [ 420.346644][T10198] oom_kill_process+0x388/0xb00 [ 420.351801][T10198] out_of_memory+0x117f/0x16a0 [ 420.356690][T10198] __alloc_pages_slowpath+0x303a/0x3d10 [ 420.362407][T10198] __alloc_pages_nodemask+0xbb1/0x1030 [ 420.367986][T10198] alloc_pages_current+0x685/0xb50 [ 420.373216][T10198] ion_page_pool_alloc+0x73d/0x8f0 [ 420.378509][T10198] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 420.384656][T10198] ? __list_add_valid+0xb8/0x420 [ 420.389676][T10198] ? kmsan_get_metadata+0x116/0x180 [ 420.394958][T10198] ion_system_heap_allocate+0x509/0x16b0 [ 420.400801][T10198] ? ion_system_contig_heap_create+0x230/0x230 [ 420.407019][T10198] ion_ioctl+0x8cd/0x2140 [ 420.411454][T10198] ? debug_shrink_set+0x240/0x240 [ 420.416539][T10198] compat_ptr_ioctl+0xe2/0x150 [ 420.421365][T10198] ? __ia32_sys_ioctl+0x70/0x70 [ 420.426278][T10198] __se_compat_sys_ioctl+0x55f/0x1100 [ 420.431734][T10198] ? kmsan_get_metadata+0x116/0x180 [ 420.436992][T10198] __ia32_compat_sys_ioctl+0x4a/0x70 [ 420.442345][T10198] __do_fast_syscall_32+0x2af/0x480 [ 420.447633][T10198] do_fast_syscall_32+0x6b/0xd0 [ 420.452549][T10198] do_SYSENTER_32+0x73/0x90 [ 420.457125][T10198] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 420.463492][T10198] RIP: 0023:0xf7f05549 [ 420.467576][T10198] Code: Bad RIP value. [ 420.471691][T10198] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 420.480156][T10198] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 420.488165][T10198] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 420.496175][T10198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 420.504214][T10198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 420.512226][T10198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 420.521740][T10198] Mem-Info: [ 420.525137][T10198] active_anon:119027 inactive_anon:4871 isolated_anon:0 [ 420.525137][T10198] active_file:2244 inactive_file:11667 isolated_file:0 [ 420.525137][T10198] unevictable:0 dirty:28 writeback:1 [ 420.525137][T10198] slab_reclaimable:6573 slab_unreclaimable:18629 [ 420.525137][T10198] mapped:38861 shmem:5055 pagetables:3037 bounce:0 [ 420.525137][T10198] free:206205 free_pcp:404 free_cma:0 [ 420.562375][T10198] Node 0 active_anon:456076kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110476kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 292864kB writeback_tmp:0kB all_unreclaimable? yes [ 420.589892][T10198] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 420.619015][T10198] lowmem_reserve[]: 0 896 1124 1124 1124 [ 420.624940][T10198] Node 0 DMA32 free:39640kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:429024kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:848kB pagetables:3380kB bounce:0kB free_pcp:1168kB local_pcp:592kB free_cma:0kB [ 420.656652][T10198] lowmem_reserve[]: 0 0 228 228 228 [ 420.661955][T10198] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27052kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2836kB bounce:0kB free_pcp:448kB local_pcp:140kB free_cma:0kB [ 420.693745][T10198] lowmem_reserve[]: 0 0 0 0 0 11:52:07 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20082004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x4d) bind$bt_hci(r0, &(0x7f0000000280), 0xffffffffffffff57) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0xfffffffffffffd69) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) sendfile(r3, r1, 0x0, 0x20000002) prctl$PR_GET_NO_NEW_PRIVS(0x27) keyctl$clear(0x7, 0xfffffffffffffffa) prctl$PR_GET_UNALIGN(0x5, &(0x7f00000000c0)) connect$can_bcm(r1, &(0x7f0000000000), 0x10) [ 420.698528][T10198] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 420.710655][T10198] Node 0 DMA32: 636*4kB (ME) 445*8kB (UME) 292*16kB (UME) 178*32kB (UME) 120*64kB (ME) 47*128kB (UME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39640kB [ 420.727679][T10198] Node 0 Normal: 835*4kB (UME) 245*8kB (M) 106*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9844kB [ 420.743576][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 420.753332][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 420.762843][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 420.772683][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 420.782013][T10198] 19042 total pagecache pages [ 420.786873][T10198] 0 pages in swap cache [ 420.791081][T10198] Swap cache stats: add 0, delete 0, find 0/0 [ 420.797306][T10198] Free swap = 0kB [ 420.801059][T10198] Total swap = 0kB [ 420.805082][T10198] 1965979 pages RAM [ 420.808939][T10198] 0 pages HighMem/MovableOnly [ 420.813790][T10198] 1433455 pages reserved [ 420.818072][T10198] 0 pages cma reserved [ 420.822192][T10198] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9311,uid=0 [ 420.837087][T10198] Out of memory: Killed process 9311 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 420.864192][ T1904] oom_reaper: reaped process 9311 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 420.978794][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 420.992405][T10165] CPU: 0 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 421.001154][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 421.011349][T10165] Call Trace: [ 421.014743][T10165] dump_stack+0x21c/0x280 [ 421.019176][T10165] dump_header+0x1c5/0xcf0 [ 421.023704][T10165] oom_kill_process+0x388/0xb00 [ 421.028661][T10165] out_of_memory+0x117f/0x16a0 [ 421.033559][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 421.039265][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 421.044930][T10165] alloc_pages_current+0x685/0xb50 [ 421.050164][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 421.055390][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 421.061626][T10165] ? __list_add_valid+0xb8/0x420 [ 421.066659][T10165] ? kmsan_get_metadata+0x116/0x180 [ 421.071975][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 421.077741][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 421.084000][T10165] ion_ioctl+0x8cd/0x2140 [ 421.088460][T10165] ? debug_shrink_set+0x240/0x240 [ 421.093566][T10165] compat_ptr_ioctl+0xe2/0x150 [ 421.098417][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 421.103376][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 421.108854][T10165] ? kmsan_get_metadata+0x116/0x180 [ 421.114139][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 421.119525][T10165] __do_fast_syscall_32+0x2af/0x480 [ 421.124830][T10165] do_fast_syscall_32+0x6b/0xd0 [ 421.129770][T10165] do_SYSENTER_32+0x73/0x90 [ 421.134376][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 421.140765][T10165] RIP: 0023:0xf7f05549 [ 421.144867][T10165] Code: Bad RIP value. [ 421.148964][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 421.157433][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 421.165449][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 421.173476][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 421.181484][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 421.189497][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 421.198048][T10165] Mem-Info: [ 421.201352][T10165] active_anon:118472 inactive_anon:4871 isolated_anon:0 [ 421.201352][T10165] active_file:2245 inactive_file:11776 isolated_file:0 [ 421.201352][T10165] unevictable:0 dirty:12 writeback:1 [ 421.201352][T10165] slab_reclaimable:6575 slab_unreclaimable:18636 [ 421.201352][T10165] mapped:38861 shmem:5055 pagetables:2990 bounce:0 [ 421.201352][T10165] free:206174 free_pcp:405 free_cma:0 [ 421.238617][T10165] Node 0 active_anon:453928kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110476kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 292864kB writeback_tmp:0kB all_unreclaimable? yes [ 421.266072][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 421.296164][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 421.301903][T10165] Node 0 DMA32 free:39704kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:426852kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:848kB pagetables:3376kB bounce:0kB free_pcp:1172kB local_pcp:452kB free_cma:0kB [ 421.333724][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 421.339020][T10165] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27052kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2836kB bounce:0kB free_pcp:448kB local_pcp:308kB free_cma:0kB [ 421.370795][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 421.375704][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 421.387805][T10165] Node 0 DMA32: 636*4kB (ME) 445*8kB (UME) 292*16kB (UME) 178*32kB (UME) 121*64kB (UME) 47*128kB (UME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39704kB [ 421.404778][T10165] Node 0 Normal: 835*4kB (UME) 245*8kB (M) 106*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9844kB [ 421.420654][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 421.430391][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 421.439944][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 421.449814][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 421.459306][T10165] 19076 total pagecache pages [ 421.464210][T10165] 0 pages in swap cache [ 421.468422][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 421.474637][T10165] Free swap = 0kB [ 421.478395][T10165] Total swap = 0kB [ 421.482158][T10165] 1965979 pages RAM [ 421.486136][T10165] 0 pages HighMem/MovableOnly [ 421.490853][T10165] 1433455 pages reserved [ 421.495304][T10165] 0 pages cma reserved [ 421.499433][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9301,uid=0 [ 421.515304][T10165] Out of memory: Killed process 9301 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 421.533514][ T1904] oom_reaper: reaped process 9301 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 11:52:08 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:08 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:08 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) setsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000180)=0x3, 0x4) r1 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x82401, 0x0) finit_module(r1, &(0x7f0000000200)='!\x00', 0x0) bind$bt_hci(r0, &(0x7f0000000280), 0x6) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/llc/socket\x00') sendmsg$NFQNL_MSG_CONFIG(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x58, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x1}}, @NFQA_CFG_CMD={0x8, 0x1, {0x4, 0x0, 0x6}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x401}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x6}, @NFQA_CFG_PARAMS={0x9, 0x2, {0xffffffff, 0x2}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0xfffffc00}, @NFQA_CFG_CMD={0x8, 0x1, {0x4, 0x0, 0x3}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x100}]}, 0x58}, 0x1, 0x0, 0x0, 0x80}, 0x0) [ 422.177076][T10188] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 422.189976][T10188] CPU: 0 PID: 10188 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 422.198764][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.208873][T10188] Call Trace: [ 422.212265][T10188] dump_stack+0x21c/0x280 [ 422.216699][T10188] dump_header+0x1c5/0xcf0 [ 422.221226][T10188] oom_kill_process+0x388/0xb00 11:52:08 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)="48000000140081fb7059ae08060c040002ff0f03900000000000000000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f", 0x48}], 0x1}, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc01cf509, &(0x7f0000000040)={r0, 0x8, 0x1, 0x9}) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280), 0x6) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000000)={0x0, 'bridge_slave_1\x00', {0x1}, 0x40}) 11:52:08 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r3 = socket$alg(0x26, 0x5, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) sendfile(r4, r2, 0x0, 0x20000002) [ 422.226187][T10188] out_of_memory+0x117f/0x16a0 [ 422.231083][T10188] __alloc_pages_slowpath+0x303a/0x3d10 [ 422.236767][T10188] __alloc_pages_nodemask+0xbb1/0x1030 [ 422.242458][T10188] alloc_pages_current+0x685/0xb50 [ 422.247697][T10188] ion_page_pool_alloc+0x73d/0x8f0 [ 422.252903][T10188] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 422.259053][T10188] ? __list_add_valid+0xb8/0x420 [ 422.264090][T10188] ? kmsan_get_metadata+0x116/0x180 [ 422.269409][T10188] ion_system_heap_allocate+0x509/0x16b0 [ 422.275174][T10188] ? ion_system_contig_heap_create+0x230/0x230 [ 422.281417][T10188] ion_ioctl+0x8cd/0x2140 [ 422.285880][T10188] ? debug_shrink_set+0x240/0x240 [ 422.291020][T10188] compat_ptr_ioctl+0xe2/0x150 [ 422.295874][T10188] ? __ia32_sys_ioctl+0x70/0x70 [ 422.300812][T10188] __se_compat_sys_ioctl+0x55f/0x1100 [ 422.306301][T10188] ? kmsan_get_metadata+0x116/0x180 [ 422.311793][T10188] __ia32_compat_sys_ioctl+0x4a/0x70 [ 422.317175][T10188] __do_fast_syscall_32+0x2af/0x480 [ 422.322486][T10188] do_fast_syscall_32+0x6b/0xd0 [ 422.327434][T10188] do_SYSENTER_32+0x73/0x90 [ 422.332041][T10188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 422.338428][T10188] RIP: 0023:0xf7f05549 [ 422.342534][T10188] Code: Bad RIP value. [ 422.346655][T10188] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 422.355150][T10188] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 422.363187][T10188] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 422.371224][T10188] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 422.379251][T10188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 422.387287][T10188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 422.395800][T10188] Mem-Info: [ 422.399146][T10188] active_anon:117998 inactive_anon:4871 isolated_anon:0 [ 422.399146][T10188] active_file:2246 inactive_file:11899 isolated_file:0 [ 422.399146][T10188] unevictable:0 dirty:19 writeback:19 [ 422.399146][T10188] slab_reclaimable:6575 slab_unreclaimable:18642 [ 422.399146][T10188] mapped:38908 shmem:5055 pagetables:3038 bounce:0 [ 422.399146][T10188] free:140661 free_pcp:476 free_cma:0 [ 422.436463][T10188] Node 0 active_anon:451732kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110540kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 290816kB writeback_tmp:0kB all_unreclaimable? yes [ 422.463922][T10188] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 422.492993][T10188] lowmem_reserve[]: 0 896 1124 1124 1124 [ 422.498912][T10188] Node 0 DMA32 free:39656kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:424692kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:832kB pagetables:3216kB bounce:0kB free_pcp:1340kB local_pcp:500kB free_cma:0kB [ 422.530694][T10188] lowmem_reserve[]: 0 0 228 228 228 [ 422.536118][T10188] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27040kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2792kB bounce:0kB free_pcp:564kB local_pcp:348kB free_cma:0kB [ 422.567712][T10188] lowmem_reserve[]: 0 0 0 0 0 [ 422.572720][T10188] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 422.584764][T10188] Node 0 DMA32: 636*4kB (ME) 445*8kB (UME) 291*16kB (ME) 177*32kB (ME) 121*64kB (UME) 47*128kB (UME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39656kB [ 422.601747][T10188] Node 0 Normal: 835*4kB (UME) 245*8kB (M) 106*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9844kB [ 422.617750][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 422.627562][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 422.636984][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 422.646770][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 422.656165][T10188] 19251 total pagecache pages [ 422.660897][T10188] 0 pages in swap cache [ 422.665170][T10188] Swap cache stats: add 0, delete 0, find 0/0 [ 422.671275][T10188] Free swap = 0kB [ 422.675108][T10188] Total swap = 0kB [ 422.678880][T10188] 1965979 pages RAM [ 422.682793][T10188] 0 pages HighMem/MovableOnly [ 422.687503][T10188] 1433455 pages reserved [ 422.691776][T10188] 0 pages cma reserved [ 422.695970][T10188] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9295,uid=0 [ 422.710795][T10188] Out of memory: Killed process 9295 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 422.728654][ T1904] oom_reaper: reaped process 9295 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 422.859452][T10647] warn_alloc: 2 callbacks suppressed [ 422.859524][T10647] syz-executor.2: page allocation failure: order:4, mode:0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0,cpuset=/,mems_allowed=0-1 [ 422.879660][T10647] CPU: 0 PID: 10647 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 422.888395][T10647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 422.898615][T10647] Call Trace: [ 422.902011][T10647] dump_stack+0x21c/0x280 [ 422.906447][T10647] warn_alloc+0x4cc/0x680 [ 422.910887][T10647] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 422.916775][T10647] __alloc_pages_slowpath+0x3cb6/0x3d10 [ 422.922409][T10647] ? kmsan_get_metadata+0x116/0x180 [ 422.927693][T10647] ? kmsan_get_metadata+0x116/0x180 [ 422.932967][T10647] __alloc_pages_nodemask+0xbb1/0x1030 [ 422.938509][T10647] alloc_pages_current+0x685/0xb50 [ 422.943712][T10647] ion_page_pool_alloc+0x73d/0x8f0 [ 422.948890][T10647] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 422.955010][T10647] ? __list_add_valid+0xb8/0x420 [ 422.960014][T10647] ? kmsan_get_metadata+0x116/0x180 [ 422.965294][T10647] ion_system_heap_allocate+0x5a2/0x16b0 [ 422.971047][T10647] ? ion_system_contig_heap_create+0x230/0x230 [ 422.977392][T10647] ion_ioctl+0x8cd/0x2140 [ 422.981820][T10647] ? debug_shrink_set+0x240/0x240 [ 422.986900][T10647] compat_ptr_ioctl+0xe2/0x150 [ 422.991721][T10647] ? __ia32_sys_ioctl+0x70/0x70 [ 422.996631][T10647] __se_compat_sys_ioctl+0x55f/0x1100 [ 423.002107][T10647] ? kmsan_get_metadata+0x116/0x180 [ 423.007361][T10647] __ia32_compat_sys_ioctl+0x4a/0x70 [ 423.012714][T10647] __do_fast_syscall_32+0x2af/0x480 [ 423.017989][T10647] do_fast_syscall_32+0x6b/0xd0 [ 423.023008][T10647] do_SYSENTER_32+0x73/0x90 [ 423.027580][T10647] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 423.033943][T10647] RIP: 0023:0xf7f05549 [ 423.038031][T10647] Code: Bad RIP value. [ 423.042131][T10647] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 423.050859][T10647] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 423.058873][T10647] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 423.066885][T10647] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 423.074896][T10647] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 423.082907][T10647] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 423.092222][T10647] Mem-Info: [ 423.095601][T10647] active_anon:117474 inactive_anon:4871 isolated_anon:0 [ 423.095601][T10647] active_file:2246 inactive_file:11962 isolated_file:0 [ 423.095601][T10647] unevictable:0 dirty:13 writeback:7 [ 423.095601][T10647] slab_reclaimable:6575 slab_unreclaimable:18647 [ 423.095601][T10647] mapped:38893 shmem:5055 pagetables:3038 bounce:0 [ 423.095601][T10647] free:205993 free_pcp:508 free_cma:0 [ 423.132745][T10647] Node 0 active_anon:449584kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110540kB dirty:0kB writeback:4kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 288768kB writeback_tmp:0kB all_unreclaimable? yes [ 423.160175][T10647] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 423.189266][T10647] lowmem_reserve[]: 0 896 1124 1124 1124 [ 423.195122][T10647] Node 0 DMA32 free:39784kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:422544kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:816kB pagetables:3236kB bounce:0kB free_pcp:1468kB local_pcp:500kB free_cma:0kB [ 423.226775][T10647] lowmem_reserve[]: 0 0 228 228 228 [ 423.232072][T10647] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27040kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2764kB bounce:0kB free_pcp:564kB local_pcp:348kB free_cma:0kB [ 423.263795][T10647] lowmem_reserve[]: 0 0 0 0 0 [ 423.268573][T10647] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 423.281580][T10647] Node 0 DMA32: 636*4kB (ME) 445*8kB (UME) 291*16kB (ME) 177*32kB (ME) 121*64kB (UME) 46*128kB (ME) 20*256kB (UM) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39784kB [ 423.298412][T10647] Node 0 Normal: 835*4kB (UME) 245*8kB (M) 106*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9844kB [ 423.314226][T10647] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 423.323994][T10647] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 423.333418][T10647] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 423.343203][T10647] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 423.352588][T10647] 19299 total pagecache pages [ 423.357311][T10647] 0 pages in swap cache 11:52:10 executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 423.361525][T10647] Swap cache stats: add 0, delete 0, find 0/0 [ 423.367697][T10647] Free swap = 0kB [ 423.371466][T10647] Total swap = 0kB [ 423.375295][T10647] 1965979 pages RAM [ 423.379142][T10647] 0 pages HighMem/MovableOnly [ 423.383920][T10647] 1433455 pages reserved [ 423.388201][T10647] 0 pages cma reserved 11:52:10 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20100400, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, &(0x7f0000000000)=0x8, 0x4) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280), 0x6) [ 423.515056][T10198] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 423.528092][T10198] CPU: 0 PID: 10198 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 423.536827][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 423.546937][T10198] Call Trace: [ 423.550327][T10198] dump_stack+0x21c/0x280 [ 423.554767][T10198] dump_header+0x1c5/0xcf0 [ 423.559293][T10198] oom_kill_process+0x388/0xb00 [ 423.564239][T10198] out_of_memory+0x117f/0x16a0 [ 423.569093][T10198] __alloc_pages_slowpath+0x303a/0x3d10 [ 423.574761][T10198] __alloc_pages_nodemask+0xbb1/0x1030 [ 423.580306][T10198] alloc_pages_current+0x685/0xb50 [ 423.585543][T10198] ion_page_pool_alloc+0x73d/0x8f0 [ 423.590723][T10198] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 423.596876][T10198] ? __list_add_valid+0xb8/0x420 [ 423.601920][T10198] ? kmsan_get_metadata+0x116/0x180 [ 423.607204][T10198] ion_system_heap_allocate+0x509/0x16b0 [ 423.612928][T10198] ? ion_system_contig_heap_create+0x230/0x230 [ 423.619230][T10198] ion_ioctl+0x8cd/0x2140 [ 423.623662][T10198] ? debug_shrink_set+0x240/0x240 [ 423.628745][T10198] compat_ptr_ioctl+0xe2/0x150 [ 423.633565][T10198] ? __ia32_sys_ioctl+0x70/0x70 [ 423.638481][T10198] __se_compat_sys_ioctl+0x55f/0x1100 [ 423.643929][T10198] ? kmsan_get_metadata+0x116/0x180 [ 423.649183][T10198] __ia32_compat_sys_ioctl+0x4a/0x70 [ 423.654535][T10198] __do_fast_syscall_32+0x2af/0x480 [ 423.659805][T10198] do_fast_syscall_32+0x6b/0xd0 [ 423.664729][T10198] do_SYSENTER_32+0x73/0x90 [ 423.669301][T10198] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 423.675667][T10198] RIP: 0023:0xf7f05549 [ 423.679757][T10198] Code: Bad RIP value. [ 423.683958][T10198] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 423.692424][T10198] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 423.700438][T10198] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 423.708452][T10198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 423.716468][T10198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 423.724477][T10198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 423.732618][T10198] Mem-Info: [ 423.735912][T10198] active_anon:117467 inactive_anon:4871 isolated_anon:0 [ 423.735912][T10198] active_file:2247 inactive_file:12027 isolated_file:0 [ 423.735912][T10198] unevictable:0 dirty:21 writeback:8 [ 423.735912][T10198] slab_reclaimable:6575 slab_unreclaimable:18643 [ 423.735912][T10198] mapped:38898 shmem:5055 pagetables:3010 bounce:0 [ 423.735912][T10198] free:205725 free_pcp:538 free_cma:0 [ 423.773070][T10198] Node 0 active_anon:449560kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110560kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 286720kB writeback_tmp:0kB all_unreclaimable? yes [ 423.800483][T10198] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 423.829522][T10198] lowmem_reserve[]: 0 896 1124 1124 1124 [ 423.835427][T10198] Node 0 DMA32 free:39784kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:422520kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:816kB pagetables:3132kB bounce:0kB free_pcp:1588kB local_pcp:616kB free_cma:0kB [ 423.867071][T10198] lowmem_reserve[]: 0 0 228 228 228 [ 423.872449][T10198] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27040kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2764kB bounce:0kB free_pcp:564kB local_pcp:348kB free_cma:0kB [ 423.903993][T10198] lowmem_reserve[]: 0 0 0 0 0 [ 423.908771][T10198] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 423.920843][T10198] Node 0 DMA32: 636*4kB (ME) 445*8kB (UME) 292*16kB (UME) 177*32kB (ME) 121*64kB (UME) 46*128kB (ME) 20*256kB (UM) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39800kB [ 423.937716][T10198] Node 0 Normal: 835*4kB (UME) 245*8kB (M) 106*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9844kB [ 423.953534][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 423.963217][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 423.972647][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 423.982342][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 423.991781][T10198] 19316 total pagecache pages [ 423.996574][T10198] 0 pages in swap cache [ 424.000789][T10198] Swap cache stats: add 0, delete 0, find 0/0 [ 424.007045][T10198] Free swap = 0kB [ 424.010810][T10198] Total swap = 0kB [ 424.014646][T10198] 1965979 pages RAM [ 424.018493][T10198] 0 pages HighMem/MovableOnly [ 424.023279][T10198] 1433455 pages reserved [ 424.027560][T10198] 0 pages cma reserved [ 424.031683][T10198] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9287,uid=0 [ 424.046543][T10198] Out of memory: Killed process 9287 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 424.074931][ T1904] oom_reaper: reaped process 9287 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 424.116453][T10188] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 424.129228][T10188] CPU: 0 PID: 10188 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 424.137960][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 424.148048][T10188] Call Trace: [ 424.151426][T10188] dump_stack+0x21c/0x280 [ 424.155846][T10188] dump_header+0x1c5/0xcf0 [ 424.160347][T10188] oom_kill_process+0x388/0xb00 [ 424.165294][T10188] out_of_memory+0x117f/0x16a0 [ 424.170147][T10188] __alloc_pages_slowpath+0x303a/0x3d10 [ 424.175811][T10188] __alloc_pages_nodemask+0xbb1/0x1030 [ 424.181363][T10188] alloc_pages_current+0x685/0xb50 [ 424.186562][T10188] ion_page_pool_alloc+0x73d/0x8f0 [ 424.191736][T10188] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 424.197856][T10188] ? __list_add_valid+0xb8/0x420 [ 424.202857][T10188] ? kmsan_get_metadata+0x116/0x180 [ 424.208140][T10188] ion_system_heap_allocate+0x509/0x16b0 [ 424.213865][T10188] ? ion_system_contig_heap_create+0x230/0x230 [ 424.220208][T10188] ion_ioctl+0x8cd/0x2140 [ 424.224633][T10188] ? debug_shrink_set+0x240/0x240 [ 424.229710][T10188] compat_ptr_ioctl+0xe2/0x150 [ 424.234535][T10188] ? __ia32_sys_ioctl+0x70/0x70 [ 424.239455][T10188] __se_compat_sys_ioctl+0x55f/0x1100 [ 424.244907][T10188] ? kmsan_get_metadata+0x116/0x180 [ 424.250160][T10188] __ia32_compat_sys_ioctl+0x4a/0x70 [ 424.255514][T10188] __do_fast_syscall_32+0x2af/0x480 [ 424.260786][T10188] do_fast_syscall_32+0x6b/0xd0 [ 424.265706][T10188] do_SYSENTER_32+0x73/0x90 [ 424.270279][T10188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 424.276644][T10188] RIP: 0023:0xf7f05549 [ 424.280731][T10188] Code: Bad RIP value. [ 424.284827][T10188] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 424.293292][T10188] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 424.301298][T10188] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 424.309310][T10188] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 424.317333][T10188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 424.325352][T10188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 424.333957][T10188] Mem-Info: [ 424.337257][T10188] active_anon:116946 inactive_anon:4871 isolated_anon:0 [ 424.337257][T10188] active_file:2247 inactive_file:12044 isolated_file:0 [ 424.337257][T10188] unevictable:0 dirty:4 writeback:8 [ 424.337257][T10188] slab_reclaimable:6575 slab_unreclaimable:18643 11:52:11 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r3 = socket$alg(0x26, 0x5, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) sendfile(r4, r2, 0x0, 0x20000002) [ 424.337257][T10188] mapped:38898 shmem:5055 pagetables:3010 bounce:0 [ 424.337257][T10188] free:205674 free_pcp:542 free_cma:0 [ 424.374769][T10188] Node 0 active_anon:447384kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110584kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 284672kB writeback_tmp:0kB all_unreclaimable? yes [ 424.402213][T10188] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 424.431287][T10188] lowmem_reserve[]: 0 896 1124 1124 1124 [ 424.437166][T10188] Node 0 DMA32 free:39580kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:420344kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:816kB pagetables:3128kB bounce:0kB free_pcp:1604kB local_pcp:500kB free_cma:0kB [ 424.468876][T10188] lowmem_reserve[]: 0 0 228 228 228 [ 424.474308][T10188] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27040kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2764kB bounce:0kB free_pcp:564kB local_pcp:348kB free_cma:0kB [ 424.505986][T10188] lowmem_reserve[]: 0 0 0 0 0 [ 424.510765][T10188] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 424.522823][T10188] Node 0 DMA32: 637*4kB (UME) 445*8kB (UME) 292*16kB (UME) 178*32kB (UME) 121*64kB (UME) 46*128kB (ME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39580kB [ 424.539836][T10188] Node 0 Normal: 835*4kB (UME) 245*8kB (M) 106*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9844kB [ 424.555666][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 424.565356][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 424.574782][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 424.584462][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 424.593849][T10188] 19364 total pagecache pages [ 424.598567][T10188] 0 pages in swap cache [ 424.602840][T10188] Swap cache stats: add 0, delete 0, find 0/0 [ 424.608948][T10188] Free swap = 0kB [ 424.612774][T10188] Total swap = 0kB [ 424.616535][T10188] 1965979 pages RAM [ 424.620377][T10188] 0 pages HighMem/MovableOnly [ 424.625163][T10188] 1433455 pages reserved [ 424.629441][T10188] 0 pages cma reserved [ 424.633635][T10188] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9279,uid=0 [ 424.648461][T10188] Out of memory: Killed process 9279 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 424.667067][ T1904] oom_reaper: reaped process 9279 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 424.796067][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 424.808941][T10165] CPU: 0 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 424.817676][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 424.827873][T10165] Call Trace: [ 424.831377][T10165] dump_stack+0x21c/0x280 [ 424.835809][T10165] dump_header+0x1c5/0xcf0 [ 424.840338][T10165] oom_kill_process+0x388/0xb00 [ 424.845300][T10165] out_of_memory+0x117f/0x16a0 [ 424.850181][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 424.855884][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 424.861462][T10165] alloc_pages_current+0x685/0xb50 [ 424.866698][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 424.871904][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 424.878058][T10165] ? __list_add_valid+0xb8/0x420 [ 424.883093][T10165] ? kmsan_get_metadata+0x116/0x180 [ 424.888406][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 424.894173][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 424.900425][T10165] ion_ioctl+0x8cd/0x2140 [ 424.904888][T10165] ? debug_shrink_set+0x240/0x240 [ 424.910002][T10165] compat_ptr_ioctl+0xe2/0x150 [ 424.914858][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 424.919794][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 424.925362][T10165] ? kmsan_get_metadata+0x116/0x180 [ 424.930652][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 424.936038][T10165] __do_fast_syscall_32+0x2af/0x480 [ 424.941347][T10165] do_fast_syscall_32+0x6b/0xd0 11:52:11 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r3 = socket$alg(0x26, 0x5, 0x0) r4 = accept4$alg(r3, 0x0, 0x0, 0x0) sendfile(r4, r2, 0x0, 0x20000002) [ 424.946298][T10165] do_SYSENTER_32+0x73/0x90 [ 424.951080][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 424.957471][T10165] RIP: 0023:0xf7f05549 [ 424.961577][T10165] Code: Bad RIP value. [ 424.965698][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 424.976004][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 424.984056][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 424.992097][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 425.000129][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 425.008163][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 425.016574][T10165] Mem-Info: [ 425.019879][T10165] active_anon:116392 inactive_anon:4871 isolated_anon:0 [ 425.019879][T10165] active_file:2248 inactive_file:12142 isolated_file:0 [ 425.019879][T10165] unevictable:0 dirty:7 writeback:0 [ 425.019879][T10165] slab_reclaimable:6575 slab_unreclaimable:18642 [ 425.019879][T10165] mapped:38889 shmem:5055 pagetables:2986 bounce:0 [ 425.019879][T10165] free:205568 free_pcp:603 free_cma:0 [ 425.056933][T10165] Node 0 active_anon:445236kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110584kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 284672kB writeback_tmp:0kB all_unreclaimable? yes [ 425.084322][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 425.113316][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 425.119048][T10165] Node 0 DMA32 free:39612kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:418196kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:800kB pagetables:3024kB bounce:0kB free_pcp:1848kB local_pcp:500kB free_cma:0kB [ 425.150682][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 425.156091][T10165] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27040kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2764kB bounce:0kB free_pcp:564kB local_pcp:348kB free_cma:0kB [ 425.187631][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 425.192468][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 425.204507][T10165] Node 0 DMA32: 637*4kB (UME) 445*8kB (UME) 293*16kB (UME) 177*32kB (ME) 120*64kB (ME) 47*128kB (UME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39628kB [ 425.221310][T10165] Node 0 Normal: 835*4kB (UME) 245*8kB (M) 106*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9844kB [ 425.237118][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 425.246794][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 425.256214][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 425.265893][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 425.275283][T10165] 19480 total pagecache pages [ 425.280000][T10165] 0 pages in swap cache [ 425.284275][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 425.290386][T10165] Free swap = 0kB [ 425.294208][T10165] Total swap = 0kB [ 425.297963][T10165] 1965979 pages RAM [ 425.301812][T10165] 0 pages HighMem/MovableOnly [ 425.306610][T10165] 1433455 pages reserved [ 425.310887][T10165] 0 pages cma reserved [ 425.315086][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9272,uid=0 [ 425.329923][T10165] Out of memory: Killed process 9272 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 425.347745][ T1904] oom_reaper: reaped process 9272 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 11:52:12 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:12 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$DRM_IOCTL_NEW_CTX(0xffffffffffffffff, 0x40086425, &(0x7f0000000080)) connect$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x18, 0xdb, 0x1f, 0x1, 0x2, @random="af32bf3aebd5"}, 0x10) clone(0x32000200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bind$bt_hci(r0, &(0x7f0000000280), 0x6) 11:52:12 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r3 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r3, r2, 0x0, 0x20000002) 11:52:12 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x7, 0x6, 0x101, 0x0, 0x0, {0x0, 0x0, 0x800}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x20008011) r2 = openat$null(0xffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x408000, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'}) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280), 0x6) [ 426.243057][T10681] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 426.255955][T10681] CPU: 0 PID: 10681 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 426.264694][T10681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 426.274798][T10681] Call Trace: [ 426.278288][T10681] dump_stack+0x21c/0x280 [ 426.282723][T10681] dump_header+0x1c5/0xcf0 [ 426.287253][T10681] oom_kill_process+0x388/0xb00 [ 426.292208][T10681] out_of_memory+0x117f/0x16a0 [ 426.297106][T10681] __alloc_pages_slowpath+0x303a/0x3d10 [ 426.302850][T10681] __alloc_pages_nodemask+0xbb1/0x1030 [ 426.308440][T10681] alloc_pages_current+0x685/0xb50 [ 426.313694][T10681] ion_page_pool_alloc+0x73d/0x8f0 [ 426.318906][T10681] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 426.325062][T10681] ? __list_add_valid+0xb8/0x420 [ 426.330093][T10681] ? kmsan_get_metadata+0x116/0x180 [ 426.335417][T10681] ion_system_heap_allocate+0x509/0x16b0 [ 426.341191][T10681] ? ion_system_contig_heap_create+0x230/0x230 [ 426.347450][T10681] ion_ioctl+0x8cd/0x2140 [ 426.351924][T10681] ? debug_shrink_set+0x240/0x240 [ 426.357037][T10681] compat_ptr_ioctl+0xe2/0x150 [ 426.361896][T10681] ? __ia32_sys_ioctl+0x70/0x70 [ 426.366846][T10681] __se_compat_sys_ioctl+0x55f/0x1100 [ 426.372339][T10681] ? kmsan_get_metadata+0x116/0x180 [ 426.377624][T10681] __ia32_compat_sys_ioctl+0x4a/0x70 [ 426.383012][T10681] __do_fast_syscall_32+0x2af/0x480 [ 426.388319][T10681] do_fast_syscall_32+0x6b/0xd0 [ 426.393275][T10681] do_SYSENTER_32+0x73/0x90 [ 426.397882][T10681] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 426.404290][T10681] RIP: 0023:0xf7f05549 [ 426.408397][T10681] Code: Bad RIP value. [ 426.412521][T10681] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 426.421015][T10681] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 426.429058][T10681] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 426.437089][T10681] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 426.445126][T10681] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 426.453160][T10681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 426.461599][T10681] Mem-Info: [ 426.464980][T10681] active_anon:115957 inactive_anon:4871 isolated_anon:0 [ 426.464980][T10681] active_file:2247 inactive_file:12306 isolated_file:0 [ 426.464980][T10681] unevictable:0 dirty:3 writeback:0 [ 426.464980][T10681] slab_reclaimable:6575 slab_unreclaimable:18642 [ 426.464980][T10681] mapped:38921 shmem:5055 pagetables:3017 bounce:0 [ 426.464980][T10681] free:140005 free_pcp:696 free_cma:0 [ 426.502401][T10681] Node 0 active_anon:443036kB inactive_anon:19452kB active_file:0kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110652kB dirty:12kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 280576kB writeback_tmp:0kB all_unreclaimable? yes [ 426.529985][T10681] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 426.559017][T10681] lowmem_reserve[]: 0 896 1124 1124 1124 [ 426.564833][T10681] Node 0 DMA32 free:39788kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:416016kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:752kB pagetables:2812kB bounce:0kB free_pcp:2200kB local_pcp:744kB free_cma:0kB [ 426.596559][T10681] lowmem_reserve[]: 0 0 228 228 228 [ 426.601865][T10681] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:27020kB inactive_anon:18580kB active_file:0kB inactive_file:12kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2764kB bounce:0kB free_pcp:584kB local_pcp:348kB free_cma:0kB [ 426.633514][T10681] lowmem_reserve[]: 0 0 0 0 0 [ 426.638291][T10681] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 426.650346][T10681] Node 0 DMA32: 637*4kB (UME) 445*8kB (UME) 295*16kB (UME) 177*32kB (ME) 120*64kB (ME) 46*128kB (ME) 20*256kB (UM) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39788kB [ 426.667170][T10681] Node 0 Normal: 835*4kB (UME) 245*8kB (M) 106*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9844kB [ 426.682997][T10681] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 426.692685][T10681] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 426.702037][T10681] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 426.711733][T10681] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 426.721129][T10681] 19661 total pagecache pages [ 426.725913][T10681] 0 pages in swap cache [ 426.730121][T10681] Swap cache stats: add 0, delete 0, find 0/0 [ 426.736295][T10681] Free swap = 0kB [ 426.740056][T10681] Total swap = 0kB [ 426.743894][T10681] 1965979 pages RAM [ 426.747740][T10681] 0 pages HighMem/MovableOnly [ 426.752521][T10681] 1433455 pages reserved [ 426.756803][T10681] 0 pages cma reserved [ 426.760929][T10681] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9264,uid=0 [ 426.775769][T10681] Out of memory: Killed process 9264 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:52:13 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 426.793761][ T1904] oom_reaper: reaped process 9264 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 11:52:13 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r3 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r3, r2, 0x0, 0x20000002) 11:52:13 executing program 0: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 427.334459][T10198] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 427.347390][T10198] CPU: 0 PID: 10198 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 427.356137][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 427.366240][T10198] Call Trace: [ 427.369631][T10198] dump_stack+0x21c/0x280 [ 427.374062][T10198] dump_header+0x1c5/0xcf0 [ 427.378588][T10198] oom_kill_process+0x388/0xb00 [ 427.383541][T10198] out_of_memory+0x117f/0x16a0 [ 427.388419][T10198] __alloc_pages_slowpath+0x303a/0x3d10 [ 427.394082][T10198] __alloc_pages_nodemask+0xbb1/0x1030 [ 427.399622][T10198] alloc_pages_current+0x685/0xb50 [ 427.404839][T10198] ion_page_pool_alloc+0x73d/0x8f0 [ 427.410011][T10198] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 427.416132][T10198] ? __list_add_valid+0xb8/0x420 [ 427.421131][T10198] ? kmsan_get_metadata+0x116/0x180 [ 427.426412][T10198] ion_system_heap_allocate+0x509/0x16b0 [ 427.432148][T10198] ? ion_system_contig_heap_create+0x230/0x230 [ 427.438373][T10198] ion_ioctl+0x8cd/0x2140 [ 427.442796][T10198] ? debug_shrink_set+0x240/0x240 [ 427.447874][T10198] compat_ptr_ioctl+0xe2/0x150 [ 427.452691][T10198] ? __ia32_sys_ioctl+0x70/0x70 [ 427.457593][T10198] __se_compat_sys_ioctl+0x55f/0x1100 [ 427.463037][T10198] ? kmsan_get_metadata+0x116/0x180 [ 427.468287][T10198] __ia32_compat_sys_ioctl+0x4a/0x70 [ 427.473633][T10198] __do_fast_syscall_32+0x2af/0x480 [ 427.478913][T10198] do_fast_syscall_32+0x6b/0xd0 [ 427.483825][T10198] do_SYSENTER_32+0x73/0x90 [ 427.488398][T10198] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 427.494774][T10198] RIP: 0023:0xf7f05549 [ 427.498856][T10198] Code: Bad RIP value. [ 427.502954][T10198] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 427.511420][T10198] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 427.519528][T10198] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 427.527551][T10198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 427.535570][T10198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 427.543583][T10198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 427.553094][T10198] Mem-Info: [ 427.556408][T10198] active_anon:115926 inactive_anon:4871 isolated_anon:0 [ 427.556408][T10198] active_file:2252 inactive_file:12455 isolated_file:0 [ 427.556408][T10198] unevictable:0 dirty:8 writeback:1 [ 427.556408][T10198] slab_reclaimable:6577 slab_unreclaimable:18647 [ 427.556408][T10198] mapped:38933 shmem:5055 pagetables:2980 bounce:0 [ 427.556408][T10198] free:204980 free_pcp:653 free_cma:0 [ 427.593473][T10198] Node 0 active_anon:442912kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110700kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 278528kB writeback_tmp:0kB all_unreclaimable? yes [ 427.620865][T10198] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 427.649888][T10198] lowmem_reserve[]: 0 896 1124 1124 1124 11:52:14 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r3 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r3, r2, 0x0, 0x20000002) [ 427.655694][T10198] Node 0 DMA32 free:39600kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:415972kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:752kB pagetables:2704kB bounce:0kB free_pcp:2004kB local_pcp:500kB free_cma:0kB [ 427.687328][T10198] lowmem_reserve[]: 0 0 228 228 228 [ 427.692695][T10198] Node 0 Normal free:9860kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26940kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2708kB bounce:0kB free_pcp:608kB local_pcp:288kB free_cma:0kB [ 427.724271][T10198] lowmem_reserve[]: 0 0 0 0 0 [ 427.729069][T10198] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 427.741119][T10198] Node 0 DMA32: 636*4kB (ME) 444*8kB (ME) 292*16kB (UME) 177*32kB (ME) 120*64kB (ME) 47*128kB (UME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39600kB [ 427.757808][T10198] Node 0 Normal: 835*4kB (ME) 247*8kB (M) 106*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9860kB [ 427.773524][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 427.783206][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 427.792628][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 427.802317][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 427.811639][T10198] 19762 total pagecache pages [ 427.816433][T10198] 0 pages in swap cache [ 427.820654][T10198] Swap cache stats: add 0, delete 0, find 0/0 [ 427.826823][T10198] Free swap = 0kB [ 427.830581][T10198] Total swap = 0kB [ 427.834420][T10198] 1965979 pages RAM [ 427.838264][T10198] 0 pages HighMem/MovableOnly [ 427.843065][T10198] 1433455 pages reserved [ 427.847350][T10198] 0 pages cma reserved [ 427.851484][T10198] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9259,uid=0 [ 427.866295][T10198] Out of memory: Killed process 9259 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 427.886504][ T1904] oom_reaper: reaped process 9259 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 11:52:14 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 428.465052][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 428.478210][T10165] CPU: 1 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 428.486943][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 428.497052][T10165] Call Trace: [ 428.500447][T10165] dump_stack+0x21c/0x280 [ 428.504911][T10165] dump_header+0x1c5/0xcf0 [ 428.509434][T10165] oom_kill_process+0x388/0xb00 [ 428.514384][T10165] out_of_memory+0x117f/0x16a0 [ 428.519277][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 428.524989][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 428.530569][T10165] alloc_pages_current+0x685/0xb50 [ 428.535799][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 428.541014][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 428.547166][T10165] ? __list_add_valid+0xb8/0x420 [ 428.552196][T10165] ? kmsan_get_metadata+0x116/0x180 [ 428.557596][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 428.563657][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 428.569907][T10165] ion_ioctl+0x8cd/0x2140 [ 428.574369][T10165] ? debug_shrink_set+0x240/0x240 [ 428.579477][T10165] compat_ptr_ioctl+0xe2/0x150 [ 428.584334][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 428.589266][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 428.594765][T10165] ? kmsan_get_metadata+0x116/0x180 [ 428.600078][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 428.605467][T10165] __do_fast_syscall_32+0x2af/0x480 [ 428.610773][T10165] do_fast_syscall_32+0x6b/0xd0 [ 428.615729][T10165] do_SYSENTER_32+0x73/0x90 [ 428.620335][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 428.626722][T10165] RIP: 0023:0xf7f05549 [ 428.630828][T10165] Code: Bad RIP value. [ 428.634951][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 428.643448][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 428.651489][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 428.659525][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 428.667585][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 428.675626][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 428.683872][T10165] Mem-Info: [ 428.687166][T10165] active_anon:114859 inactive_anon:4871 isolated_anon:0 [ 428.687166][T10165] active_file:2254 inactive_file:12662 isolated_file:0 [ 428.687166][T10165] unevictable:0 dirty:18 writeback:17 [ 428.687166][T10165] slab_reclaimable:6577 slab_unreclaimable:18660 [ 428.687166][T10165] mapped:38925 shmem:5055 pagetables:2981 bounce:0 [ 428.687166][T10165] free:204760 free_pcp:578 free_cma:0 [ 428.724477][T10165] Node 0 active_anon:438692kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110728kB dirty:4kB writeback:4kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 276480kB writeback_tmp:0kB all_unreclaimable? yes [ 428.751902][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 428.781002][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 428.786819][T10165] Node 0 DMA32 free:39712kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:411816kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:752kB pagetables:2640kB bounce:0kB free_pcp:1776kB local_pcp:1276kB free_cma:0kB [ 428.818565][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 428.823960][T10165] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26876kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:536kB local_pcp:248kB free_cma:0kB [ 428.855540][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 428.860322][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 428.872419][T10165] Node 0 DMA32: 642*4kB (UME) 441*8kB (UME) 295*16kB (ME) 177*32kB (UME) 119*64kB (ME) 48*128kB (UME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39712kB [ 428.889264][T10165] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 428.905196][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 428.914908][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 428.924359][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 428.934076][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 428.943502][T10165] 20005 total pagecache pages [ 428.948219][T10165] 0 pages in swap cache [ 428.952522][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 428.958627][T10165] Free swap = 0kB [ 428.962471][T10165] Total swap = 0kB [ 428.966236][T10165] 1965979 pages RAM [ 428.970082][T10165] 0 pages HighMem/MovableOnly [ 428.974889][T10165] 1433455 pages reserved [ 428.979166][T10165] 0 pages cma reserved [ 428.983400][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9252,uid=0 [ 428.998260][T10165] Out of memory: Killed process 9252 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:52:15 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x20000002) [ 429.027842][ T1904] oom_reaper: reaped process 9252 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 429.117832][T10188] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 429.130527][T10188] CPU: 0 PID: 10188 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 429.139259][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 429.149364][T10188] Call Trace: [ 429.152756][T10188] dump_stack+0x21c/0x280 [ 429.157193][T10188] dump_header+0x1c5/0xcf0 [ 429.161711][T10188] oom_kill_process+0x388/0xb00 [ 429.166666][T10188] out_of_memory+0x117f/0x16a0 [ 429.171538][T10188] __alloc_pages_slowpath+0x303a/0x3d10 [ 429.177243][T10188] __alloc_pages_nodemask+0xbb1/0x1030 [ 429.182818][T10188] alloc_pages_current+0x685/0xb50 [ 429.188138][T10188] ion_page_pool_alloc+0x73d/0x8f0 [ 429.193347][T10188] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 429.199502][T10188] ? __list_add_valid+0xb8/0x420 [ 429.204528][T10188] ? kmsan_get_metadata+0x116/0x180 [ 429.209846][T10188] ion_system_heap_allocate+0x509/0x16b0 [ 429.215720][T10188] ? ion_system_contig_heap_create+0x230/0x230 [ 429.221966][T10188] ion_ioctl+0x8cd/0x2140 [ 429.226436][T10188] ? debug_shrink_set+0x240/0x240 [ 429.231542][T10188] compat_ptr_ioctl+0xe2/0x150 [ 429.236393][T10188] ? __ia32_sys_ioctl+0x70/0x70 [ 429.241328][T10188] __se_compat_sys_ioctl+0x55f/0x1100 [ 429.246819][T10188] ? kmsan_get_metadata+0x116/0x180 [ 429.252108][T10188] __ia32_compat_sys_ioctl+0x4a/0x70 [ 429.257490][T10188] __do_fast_syscall_32+0x2af/0x480 [ 429.262801][T10188] do_fast_syscall_32+0x6b/0xd0 [ 429.267739][T10188] do_SYSENTER_32+0x73/0x90 [ 429.272345][T10188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 429.278737][T10188] RIP: 0023:0xf7f05549 [ 429.282849][T10188] Code: Bad RIP value. [ 429.286968][T10188] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 429.295464][T10188] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 429.303506][T10188] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 429.311552][T10188] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 429.319588][T10188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 429.327624][T10188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 429.337933][T10188] Mem-Info: [ 429.341236][T10188] active_anon:114357 inactive_anon:4871 isolated_anon:0 [ 429.341236][T10188] active_file:2254 inactive_file:12700 isolated_file:0 [ 429.341236][T10188] unevictable:0 dirty:0 writeback:0 [ 429.341236][T10188] slab_reclaimable:6577 slab_unreclaimable:18660 [ 429.341236][T10188] mapped:38942 shmem:5055 pagetables:2982 bounce:0 [ 429.341236][T10188] free:204649 free_pcp:610 free_cma:0 [ 429.378356][T10188] Node 0 active_anon:436520kB inactive_anon:19452kB active_file:0kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110736kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 274432kB writeback_tmp:0kB all_unreclaimable? yes [ 429.405800][T10188] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 429.434864][T10188] lowmem_reserve[]: 0 896 1124 1124 1124 [ 429.440643][T10188] Node 0 DMA32 free:39600kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:409644kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:752kB pagetables:2636kB bounce:0kB free_pcp:1904kB local_pcp:500kB free_cma:0kB [ 429.472324][T10188] lowmem_reserve[]: 0 0 228 228 228 [ 429.477619][T10188] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26876kB inactive_anon:18580kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:536kB local_pcp:288kB free_cma:0kB [ 429.509241][T10188] lowmem_reserve[]: 0 0 0 0 0 [ 429.514191][T10188] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 429.526301][T10188] Node 0 DMA32: 642*4kB (UME) 441*8kB (UME) 296*16kB (UME) 177*32kB (UME) 119*64kB (ME) 47*128kB (ME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39600kB [ 429.543190][T10188] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 429.559151][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 429.568896][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 429.578366][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 429.588186][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 429.597625][T10188] 20009 total pagecache pages [ 429.602471][T10188] 0 pages in swap cache [ 429.606687][T10188] Swap cache stats: add 0, delete 0, find 0/0 [ 429.612950][T10188] Free swap = 0kB [ 429.616705][T10188] Total swap = 0kB [ 429.620475][T10188] 1965979 pages RAM [ 429.624438][T10188] 0 pages HighMem/MovableOnly [ 429.629155][T10188] 1433455 pages reserved [ 429.633542][T10188] 0 pages cma reserved [ 429.637670][T10188] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9244,uid=0 [ 429.652551][T10188] Out of memory: Killed process 9244 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 429.670871][ T1904] oom_reaper: reaped process 9244 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 429.770032][T10198] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 429.783217][T10198] CPU: 1 PID: 10198 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 429.791956][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 429.802063][T10198] Call Trace: [ 429.805454][T10198] dump_stack+0x21c/0x280 [ 429.809884][T10198] dump_header+0x1c5/0xcf0 [ 429.814403][T10198] oom_kill_process+0x388/0xb00 [ 429.819359][T10198] out_of_memory+0x117f/0x16a0 [ 429.824225][T10198] __alloc_pages_slowpath+0x303a/0x3d10 [ 429.829889][T10198] __alloc_pages_nodemask+0xbb1/0x1030 [ 429.835432][T10198] alloc_pages_current+0x685/0xb50 [ 429.840625][T10198] ion_page_pool_alloc+0x73d/0x8f0 [ 429.845796][T10198] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 429.851914][T10198] ? __list_add_valid+0xb8/0x420 [ 429.856911][T10198] ? kmsan_get_metadata+0x116/0x180 [ 429.862184][T10198] ion_system_heap_allocate+0x509/0x16b0 [ 429.867906][T10198] ? ion_system_contig_heap_create+0x230/0x230 [ 429.874120][T10198] ion_ioctl+0x8cd/0x2140 [ 429.878556][T10198] ? debug_shrink_set+0x240/0x240 [ 429.883632][T10198] compat_ptr_ioctl+0xe2/0x150 [ 429.888451][T10198] ? __ia32_sys_ioctl+0x70/0x70 [ 429.893352][T10198] __se_compat_sys_ioctl+0x55f/0x1100 [ 429.898795][T10198] ? kmsan_get_metadata+0x116/0x180 [ 429.904049][T10198] __ia32_compat_sys_ioctl+0x4a/0x70 [ 429.909405][T10198] __do_fast_syscall_32+0x2af/0x480 [ 429.914679][T10198] do_fast_syscall_32+0x6b/0xd0 [ 429.919618][T10198] do_SYSENTER_32+0x73/0x90 [ 429.924185][T10198] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 429.930548][T10198] RIP: 0023:0xf7f05549 [ 429.934630][T10198] Code: Bad RIP value. [ 429.938730][T10198] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 429.947210][T10198] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 429.955221][T10198] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 429.963235][T10198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 429.971250][T10198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 429.979274][T10198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 429.987786][T10198] Mem-Info: [ 429.991079][T10198] active_anon:113807 inactive_anon:4871 isolated_anon:0 [ 429.991079][T10198] active_file:2255 inactive_file:12728 isolated_file:0 [ 429.991079][T10198] unevictable:0 dirty:0 writeback:0 [ 429.991079][T10198] slab_reclaimable:6577 slab_unreclaimable:18660 [ 429.991079][T10198] mapped:38944 shmem:5055 pagetables:2931 bounce:0 [ 429.991079][T10198] free:204661 free_pcp:560 free_cma:0 [ 430.028231][T10198] Node 0 active_anon:434372kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110744kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 274432kB writeback_tmp:0kB all_unreclaimable? yes [ 430.055794][T10198] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 430.085224][T10198] lowmem_reserve[]: 0 896 1124 1124 1124 [ 430.090968][T10198] Node 0 DMA32 free:39648kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:407512kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:752kB pagetables:2436kB bounce:0kB free_pcp:1696kB local_pcp:1092kB free_cma:0kB [ 430.122878][T10198] lowmem_reserve[]: 0 0 228 228 228 [ 430.128175][T10198] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26876kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:560kB local_pcp:264kB free_cma:0kB [ 430.160113][T10198] lowmem_reserve[]: 0 0 0 0 0 [ 430.165010][T10198] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 430.177123][T10198] Node 0 DMA32: 628*4kB (ME) 430*8kB (UME) 307*16kB (UME) 180*32kB (ME) 120*64kB (UME) 50*128kB (UME) 19*256kB (M) 8*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 39664kB [ 430.194038][T10198] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 430.209966][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 430.219689][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 430.229153][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 430.238989][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 430.248459][T10198] 20055 total pagecache pages [ 430.253334][T10198] 0 pages in swap cache [ 430.257545][T10198] Swap cache stats: add 0, delete 0, find 0/0 [ 430.263791][T10198] Free swap = 0kB [ 430.267546][T10198] Total swap = 0kB 11:52:16 executing program 0: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 430.271307][T10198] 1965979 pages RAM [ 430.275329][T10198] 0 pages HighMem/MovableOnly [ 430.280051][T10198] 1433455 pages reserved [ 430.284464][T10198] 0 pages cma reserved [ 430.288584][T10198] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9237,uid=0 [ 430.303708][T10198] Out of memory: Killed process 9237 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:52:17 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:17 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:17 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 430.841161][T10717] syz-executor.0 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 430.853864][T10717] CPU: 0 PID: 10717 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 430.862586][T10717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 430.872668][T10717] Call Trace: [ 430.876039][T10717] dump_stack+0x21c/0x280 [ 430.880442][T10717] dump_header+0x1c5/0xcf0 [ 430.884933][T10717] oom_kill_process+0x388/0xb00 [ 430.889852][T10717] out_of_memory+0x117f/0x16a0 [ 430.894702][T10717] __alloc_pages_slowpath+0x303a/0x3d10 [ 430.900365][T10717] __alloc_pages_nodemask+0xbb1/0x1030 [ 430.905915][T10717] alloc_pages_current+0x685/0xb50 [ 430.911110][T10717] ion_page_pool_alloc+0x73d/0x8f0 [ 430.916283][T10717] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 430.922400][T10717] ? __list_add_valid+0xb8/0x420 [ 430.927396][T10717] ? kmsan_get_metadata+0x116/0x180 [ 430.932669][T10717] ion_system_heap_allocate+0x509/0x16b0 [ 430.938393][T10717] ? ion_system_contig_heap_create+0x230/0x230 [ 430.944606][T10717] ion_ioctl+0x8cd/0x2140 [ 430.949027][T10717] ? debug_shrink_set+0x240/0x240 [ 430.954096][T10717] compat_ptr_ioctl+0xe2/0x150 [ 430.958909][T10717] ? __ia32_sys_ioctl+0x70/0x70 [ 430.963833][T10717] __se_compat_sys_ioctl+0x55f/0x1100 [ 430.969277][T10717] ? kmsan_get_metadata+0x116/0x180 [ 430.974533][T10717] __ia32_compat_sys_ioctl+0x4a/0x70 [ 430.979904][T10717] __do_fast_syscall_32+0x2af/0x480 [ 430.985181][T10717] do_fast_syscall_32+0x6b/0xd0 [ 430.990090][T10717] do_SYSENTER_32+0x73/0x90 [ 430.994662][T10717] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 431.001030][T10717] RIP: 0023:0xf7f62549 [ 431.005115][T10717] Code: Bad RIP value. [ 431.009212][T10717] RSP: 002b:00000000f555c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 431.017675][T10717] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 431.025701][T10717] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 431.033723][T10717] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 431.041748][T10717] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 431.049751][T10717] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 431.059190][T10717] Mem-Info: [ 431.062552][T10717] active_anon:113736 inactive_anon:4871 isolated_anon:0 [ 431.062552][T10717] active_file:2256 inactive_file:13011 isolated_file:0 [ 431.062552][T10717] unevictable:0 dirty:13 writeback:0 [ 431.062552][T10717] slab_reclaimable:6577 slab_unreclaimable:18660 [ 431.062552][T10717] mapped:41070 shmem:5055 pagetables:2853 bounce:0 [ 431.062552][T10717] free:202892 free_pcp:827 free_cma:0 [ 431.099793][T10717] Node 0 active_anon:434224kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110748kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 270336kB writeback_tmp:0kB all_unreclaimable? yes [ 431.127223][T10717] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 431.156283][T10717] lowmem_reserve[]: 0 896 1124 1124 1124 [ 431.162135][T10717] Node 0 DMA32 free:41408kB min:40940kB low:50660kB high:60380kB reserved_highatomic:0KB active_anon:407364kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:736kB pagetables:2324kB bounce:0kB free_pcp:2744kB local_pcp:1408kB free_cma:0kB [ 431.193887][T10717] lowmem_reserve[]: 0 0 228 228 228 [ 431.199184][T10717] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26860kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:564kB local_pcp:300kB free_cma:0kB [ 431.230787][T10717] lowmem_reserve[]: 0 0 0 0 0 [ 431.235699][T10717] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 431.247799][T10717] Node 0 DMA32: 665*4kB (UME) 446*8kB (UME) 316*16kB (UME) 182*32kB (UME) 122*64kB (UME) 53*128kB (UME) 20*256kB (UM) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 41428kB [ 431.264921][T10717] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 431.280867][T10717] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 431.290607][T10717] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 431.300087][T10717] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 431.309806][T10717] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 431.319245][T10717] 20378 total pagecache pages [ 431.324093][T10717] 0 pages in swap cache [ 431.328307][T10717] Swap cache stats: add 0, delete 0, find 0/0 [ 431.334523][T10717] Free swap = 0kB [ 431.338282][T10717] Total swap = 0kB [ 431.342159][T10717] 1965979 pages RAM [ 431.346014][T10717] 0 pages HighMem/MovableOnly [ 431.350735][T10717] 1433455 pages reserved [ 431.355126][T10717] 0 pages cma reserved [ 431.359252][T10717] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=9230,uid=0 [ 431.374117][T10717] Out of memory: Killed process 9230 (syz-executor.1) total-vm:93176kB, anon-rss:2196kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:52:18 executing program 0: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 431.392327][ T1904] oom_reaper: reaped process 9230 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 431.500861][T10719] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 431.513955][T10719] CPU: 1 PID: 10719 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 431.522800][T10719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 431.532909][T10719] Call Trace: [ 431.536310][T10719] dump_stack+0x21c/0x280 [ 431.540745][T10719] dump_header+0x1c5/0xcf0 [ 431.545289][T10719] oom_kill_process+0x388/0xb00 [ 431.550248][T10719] out_of_memory+0x117f/0x16a0 [ 431.555140][T10719] __alloc_pages_slowpath+0x303a/0x3d10 [ 431.560876][T10719] __alloc_pages_nodemask+0xbb1/0x1030 [ 431.566459][T10719] alloc_pages_current+0x685/0xb50 [ 431.571698][T10719] ion_page_pool_alloc+0x73d/0x8f0 [ 431.576902][T10719] ? __msan_poison_alloca+0xf0/0x120 [ 431.582281][T10719] ? kmsan_get_metadata+0x116/0x180 [ 431.587601][T10719] ion_system_heap_allocate+0x509/0x16b0 [ 431.593377][T10719] ? ion_system_contig_heap_create+0x230/0x230 [ 431.599626][T10719] ion_ioctl+0x8cd/0x2140 [ 431.604094][T10719] ? debug_shrink_set+0x240/0x240 [ 431.609200][T10719] compat_ptr_ioctl+0xe2/0x150 [ 431.614063][T10719] ? __ia32_sys_ioctl+0x70/0x70 [ 431.618996][T10719] __se_compat_sys_ioctl+0x55f/0x1100 [ 431.624510][T10719] ? kmsan_get_metadata+0x116/0x180 [ 431.629794][T10719] __ia32_compat_sys_ioctl+0x4a/0x70 [ 431.635182][T10719] __do_fast_syscall_32+0x2af/0x480 [ 431.640488][T10719] do_fast_syscall_32+0x6b/0xd0 [ 431.645452][T10719] do_SYSENTER_32+0x73/0x90 [ 431.650069][T10719] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 431.656458][T10719] RIP: 0023:0xf7f05549 [ 431.660562][T10719] Code: Bad RIP value. [ 431.664680][T10719] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 431.673179][T10719] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 431.681213][T10719] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 431.689338][T10719] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 431.697372][T10719] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 431.705412][T10719] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 431.713607][T10719] Mem-Info: [ 431.716899][T10719] active_anon:113222 inactive_anon:4871 isolated_anon:0 [ 431.716899][T10719] active_file:2258 inactive_file:13073 isolated_file:0 [ 431.716899][T10719] unevictable:0 dirty:14 writeback:0 [ 431.716899][T10719] slab_reclaimable:6577 slab_unreclaimable:18665 [ 431.716899][T10719] mapped:41085 shmem:5055 pagetables:2858 bounce:0 [ 431.716899][T10719] free:202952 free_pcp:794 free_cma:0 [ 431.754116][T10719] Node 0 active_anon:432072kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110784kB dirty:8kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 272384kB writeback_tmp:0kB all_unreclaimable? yes [ 431.781652][T10719] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 431.810765][T10719] lowmem_reserve[]: 0 896 1124 1124 1124 [ 431.816648][T10719] Node 0 DMA32 free:41916kB min:40940kB low:50660kB high:60380kB reserved_highatomic:0KB active_anon:405212kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:704kB pagetables:2216kB bounce:0kB free_pcp:2612kB local_pcp:1340kB free_cma:0kB [ 431.848439][T10719] lowmem_reserve[]: 0 0 228 228 228 [ 431.853877][T10719] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26860kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:564kB local_pcp:264kB free_cma:0kB [ 431.885511][T10719] lowmem_reserve[]: 0 0 0 0 0 [ 431.890300][T10719] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 431.902515][T10719] Node 0 DMA32: 618*4kB (UME) 429*8kB (ME) 303*16kB (ME) 178*32kB (UME) 117*64kB (UME) 49*128kB (ME) 19*256kB (M) 9*512kB (UM) 0*1024kB 1*2048kB (M) 0*4096kB = 41728kB [ 431.919801][T10719] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 431.935744][T10719] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 431.945503][T10719] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 431.955017][T10719] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 431.964776][T10719] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 431.974246][T10719] 20421 total pagecache pages [ 431.978962][T10719] 0 pages in swap cache [ 431.983306][T10719] Swap cache stats: add 0, delete 0, find 0/0 [ 431.989412][T10719] Free swap = 0kB [ 431.993338][T10719] Total swap = 0kB [ 431.997144][T10719] 1965979 pages RAM [ 432.001000][T10719] 0 pages HighMem/MovableOnly [ 432.005842][T10719] 1433455 pages reserved [ 432.010120][T10719] 0 pages cma reserved [ 432.014381][T10719] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=10717,uid=0 [ 432.029359][T10719] Out of memory: Killed process 10717 (syz-executor.0) total-vm:93044kB, anon-rss:2204kB, file-rss:35740kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 432.098467][ T1904] oom_reaper: reaped process 10717 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 432.366105][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 432.378898][T10165] CPU: 0 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 432.387631][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 432.397736][T10165] Call Trace: [ 432.401145][T10165] dump_stack+0x21c/0x280 [ 432.405577][T10165] dump_header+0x1c5/0xcf0 [ 432.410097][T10165] oom_kill_process+0x388/0xb00 11:52:19 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x20000002) [ 432.415045][T10165] out_of_memory+0x117f/0x16a0 [ 432.419924][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 432.425645][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 432.431230][T10165] alloc_pages_current+0x685/0xb50 [ 432.436462][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 432.441666][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 432.447811][T10165] ? __list_add_valid+0xb8/0x420 [ 432.452841][T10165] ? kmsan_get_metadata+0x116/0x180 [ 432.458159][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 432.463942][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 432.470192][T10165] ion_ioctl+0x8cd/0x2140 [ 432.474661][T10165] ? debug_shrink_set+0x240/0x240 [ 432.479777][T10165] compat_ptr_ioctl+0xe2/0x150 [ 432.484627][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 432.489555][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 432.495039][T10165] ? kmsan_get_metadata+0x116/0x180 [ 432.500317][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 432.505679][T10165] __do_fast_syscall_32+0x2af/0x480 [ 432.510949][T10165] do_fast_syscall_32+0x6b/0xd0 [ 432.515865][T10165] do_SYSENTER_32+0x73/0x90 [ 432.520448][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 432.526819][T10165] RIP: 0023:0xf7f05549 [ 432.530918][T10165] Code: Bad RIP value. [ 432.535018][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 432.543486][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 432.551845][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 432.559878][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 432.567900][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 432.575920][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 432.585009][T10165] Mem-Info: [ 432.588318][T10165] active_anon:112711 inactive_anon:4871 isolated_anon:0 [ 432.588318][T10165] active_file:2260 inactive_file:13142 isolated_file:0 [ 432.588318][T10165] unevictable:0 dirty:18 writeback:0 [ 432.588318][T10165] slab_reclaimable:6576 slab_unreclaimable:18670 [ 432.588318][T10165] mapped:41096 shmem:5055 pagetables:2907 bounce:0 [ 432.588318][T10165] free:202210 free_pcp:542 free_cma:0 [ 432.625483][T10165] Node 0 active_anon:429988kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110828kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 268288kB writeback_tmp:0kB all_unreclaimable? yes [ 432.652869][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 432.681918][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 432.687653][T10165] Node 0 DMA32 free:39492kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:403140kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:688kB pagetables:2208kB bounce:0kB free_pcp:1592kB local_pcp:252kB free_cma:0kB [ 432.719314][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 432.724708][T10165] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26848kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:576kB local_pcp:300kB free_cma:0kB [ 432.756266][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 432.761051][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 432.773104][T10165] Node 0 DMA32: 617*4kB (ME) 430*8kB (UME) 303*16kB (ME) 178*32kB (UME) 116*64kB (ME) 50*128kB (UME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39492kB [ 432.789932][T10165] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 432.805846][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 432.815539][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 432.824967][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 432.834670][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 432.844055][T10165] 20457 total pagecache pages [ 432.848779][T10165] 0 pages in swap cache [ 432.853055][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 432.859158][T10165] Free swap = 0kB [ 432.862978][T10165] Total swap = 0kB [ 432.866744][T10165] 1965979 pages RAM [ 432.870592][T10165] 0 pages HighMem/MovableOnly [ 432.875369][T10165] 1433455 pages reserved [ 432.879677][T10165] 0 pages cma reserved [ 432.883865][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=9185,uid=0 [ 432.898696][T10165] Out of memory: Killed process 9185 (syz-executor.0) total-vm:93176kB, anon-rss:2192kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 432.917997][ T1904] oom_reaper: reaped process 9185 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 432.986212][T10730] syz-executor.1 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 432.999050][T10730] CPU: 1 PID: 10730 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 433.007788][T10730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 433.017896][T10730] Call Trace: [ 433.021292][T10730] dump_stack+0x21c/0x280 [ 433.025727][T10730] dump_header+0x1c5/0xcf0 [ 433.030260][T10730] oom_kill_process+0x388/0xb00 [ 433.035228][T10730] out_of_memory+0x117f/0x16a0 [ 433.040131][T10730] __alloc_pages_slowpath+0x303a/0x3d10 [ 433.045850][T10730] __alloc_pages_nodemask+0xbb1/0x1030 [ 433.051438][T10730] alloc_pages_current+0x685/0xb50 [ 433.056674][T10730] ion_page_pool_alloc+0x73d/0x8f0 [ 433.061883][T10730] ? __msan_poison_alloca+0xf0/0x120 [ 433.067277][T10730] ? kmsan_get_metadata+0x116/0x180 [ 433.072600][T10730] ion_system_heap_allocate+0x509/0x16b0 [ 433.078377][T10730] ? ion_system_contig_heap_create+0x230/0x230 [ 433.084623][T10730] ion_ioctl+0x8cd/0x2140 [ 433.089086][T10730] ? debug_shrink_set+0x240/0x240 [ 433.094196][T10730] compat_ptr_ioctl+0xe2/0x150 [ 433.099040][T10730] ? __ia32_sys_ioctl+0x70/0x70 [ 433.103977][T10730] __se_compat_sys_ioctl+0x55f/0x1100 [ 433.109473][T10730] ? kmsan_get_metadata+0x116/0x180 [ 433.114754][T10730] __ia32_compat_sys_ioctl+0x4a/0x70 [ 433.120111][T10730] __do_fast_syscall_32+0x2af/0x480 [ 433.125395][T10730] do_fast_syscall_32+0x6b/0xd0 [ 433.130336][T10730] do_SYSENTER_32+0x73/0x90 [ 433.134908][T10730] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 433.141277][T10730] RIP: 0023:0xf7f85549 [ 433.145363][T10730] Code: Bad RIP value. [ 433.149467][T10730] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 433.157935][T10730] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 433.165955][T10730] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 433.173984][T10730] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 433.181994][T10730] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 433.190003][T10730] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 433.199855][T10730] Mem-Info: [ 433.203297][T10730] active_anon:112191 inactive_anon:4871 isolated_anon:0 [ 433.203297][T10730] active_file:2260 inactive_file:13176 isolated_file:0 [ 433.203297][T10730] unevictable:0 dirty:1 writeback:0 [ 433.203297][T10730] slab_reclaimable:6576 slab_unreclaimable:18670 [ 433.203297][T10730] mapped:42116 shmem:5055 pagetables:2882 bounce:0 [ 433.203297][T10730] free:201080 free_pcp:602 free_cma:0 [ 433.240515][T10730] Node 0 active_anon:427840kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110828kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 268288kB writeback_tmp:0kB all_unreclaimable? yes [ 433.268144][T10730] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 433.297342][T10730] lowmem_reserve[]: 0 896 1124 1124 1124 [ 433.303217][T10730] Node 0 DMA32 free:39776kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:400992kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:688kB pagetables:2108kB bounce:0kB free_pcp:1832kB local_pcp:1464kB free_cma:0kB [ 433.335031][T10730] lowmem_reserve[]: 0 0 228 228 228 [ 433.340329][T10730] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26848kB inactive_anon:18580kB active_file:12kB inactive_file:0kB unevictable:0kB writepending:12kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:576kB local_pcp:276kB free_cma:0kB [ 433.372149][T10730] lowmem_reserve[]: 0 0 0 0 0 [ 433.376938][T10730] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 433.389071][T10730] Node 0 DMA32: 618*4kB (UME) 429*8kB (ME) 303*16kB (ME) 177*32kB (ME) 117*64kB (UME) 50*128kB (UME) 19*256kB (M) 7*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 39776kB [ 433.406175][T10730] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 433.422173][T10730] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 433.431788][T10730] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 433.441296][T10730] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 433.451040][T10730] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 433.460495][T10730] 20532 total pagecache pages [ 433.465362][T10730] 0 pages in swap cache [ 433.469585][T10730] Swap cache stats: add 0, delete 0, find 0/0 [ 433.475851][T10730] Free swap = 0kB [ 433.479625][T10730] Total swap = 0kB [ 433.483525][T10730] 1965979 pages RAM 11:52:19 executing program 0: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 433.487378][T10730] 0 pages HighMem/MovableOnly [ 433.492207][T10730] 1433455 pages reserved [ 433.496492][T10730] 0 pages cma reserved [ 433.500626][T10730] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=9148,uid=0 [ 433.515527][T10730] Out of memory: Killed process 9148 (syz-executor.0) total-vm:93176kB, anon-rss:2192kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 433.596171][T10198] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 433.608895][T10198] CPU: 0 PID: 10198 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 433.617624][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 433.627711][T10198] Call Trace: [ 433.631081][T10198] dump_stack+0x21c/0x280 [ 433.635485][T10198] dump_header+0x1c5/0xcf0 [ 433.639975][T10198] oom_kill_process+0x388/0xb00 [ 433.644895][T10198] out_of_memory+0x117f/0x16a0 [ 433.649754][T10198] __alloc_pages_slowpath+0x303a/0x3d10 [ 433.655421][T10198] __alloc_pages_nodemask+0xbb1/0x1030 [ 433.660959][T10198] alloc_pages_current+0x685/0xb50 [ 433.666160][T10198] ion_page_pool_alloc+0x73d/0x8f0 [ 433.671335][T10198] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 433.677455][T10198] ? __list_add_valid+0xb8/0x420 [ 433.682453][T10198] ? kmsan_get_metadata+0x116/0x180 [ 433.687725][T10198] ion_system_heap_allocate+0x509/0x16b0 [ 433.693448][T10198] ? ion_system_contig_heap_create+0x230/0x230 [ 433.699670][T10198] ion_ioctl+0x8cd/0x2140 [ 433.704097][T10198] ? debug_shrink_set+0x240/0x240 [ 433.709183][T10198] compat_ptr_ioctl+0xe2/0x150 [ 433.714182][T10198] ? __ia32_sys_ioctl+0x70/0x70 [ 433.719089][T10198] __se_compat_sys_ioctl+0x55f/0x1100 [ 433.724535][T10198] ? kmsan_get_metadata+0x116/0x180 [ 433.729789][T10198] __ia32_compat_sys_ioctl+0x4a/0x70 [ 433.735137][T10198] __do_fast_syscall_32+0x2af/0x480 [ 433.740406][T10198] do_fast_syscall_32+0x6b/0xd0 [ 433.745324][T10198] do_SYSENTER_32+0x73/0x90 [ 433.749893][T10198] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 433.756252][T10198] RIP: 0023:0xf7f05549 [ 433.760334][T10198] Code: Bad RIP value. [ 433.764435][T10198] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 433.772899][T10198] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 433.780912][T10198] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 433.788918][T10198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 433.796926][T10198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 433.804955][T10198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 433.814122][T10198] Mem-Info: [ 433.817418][T10198] active_anon:111669 inactive_anon:4870 isolated_anon:0 [ 433.817418][T10198] active_file:2262 inactive_file:13216 isolated_file:0 [ 433.817418][T10198] unevictable:0 dirty:9 writeback:4 [ 433.817418][T10198] slab_reclaimable:6576 slab_unreclaimable:18654 [ 433.817418][T10198] mapped:42631 shmem:5055 pagetables:2887 bounce:0 [ 433.817418][T10198] free:200557 free_pcp:603 free_cma:0 [ 433.854468][T10198] Node 0 active_anon:425672kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110832kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 266240kB writeback_tmp:0kB all_unreclaimable? yes [ 433.881897][T10198] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 433.910920][T10198] lowmem_reserve[]: 0 896 1124 1124 1124 [ 433.916765][T10198] Node 0 DMA32 free:39572kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:398824kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:688kB pagetables:2100kB bounce:0kB free_pcp:1836kB local_pcp:372kB free_cma:0kB [ 433.948436][T10198] lowmem_reserve[]: 0 0 228 228 228 [ 433.953835][T10198] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26848kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:576kB local_pcp:300kB free_cma:0kB [ 433.985474][T10198] lowmem_reserve[]: 0 0 0 0 0 [ 433.990240][T10198] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 434.002314][T10198] Node 0 DMA32: 617*4kB (ME) 430*8kB (UME) 304*16kB (UME) 178*32kB (UME) 117*64kB (UME) 50*128kB (UME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39572kB [ 434.019375][T10198] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 434.035376][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 434.045114][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 434.054664][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 434.064374][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 434.073807][T10198] 20533 total pagecache pages [ 434.078529][T10198] 0 pages in swap cache [ 434.082849][T10198] Swap cache stats: add 0, delete 0, find 0/0 [ 434.088956][T10198] Free swap = 0kB [ 434.092822][T10198] Total swap = 0kB [ 434.096616][T10198] 1965979 pages RAM [ 434.100460][T10198] 0 pages HighMem/MovableOnly [ 434.105275][T10198] 1433455 pages reserved [ 434.109588][T10198] 0 pages cma reserved [ 434.113843][T10198] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=8761,uid=0 [ 434.128709][T10198] Out of memory: Killed process 8761 (syz-executor.0) total-vm:93044kB, anon-rss:2188kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 434.146790][ T1904] oom_reaper: reaped process 8761 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 434.174764][ T8718] tipc: TX() has been purged, node left! [ 434.189994][T10188] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 434.202745][T10188] CPU: 1 PID: 10188 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 434.211476][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 434.221584][T10188] Call Trace: [ 434.224970][T10188] dump_stack+0x21c/0x280 [ 434.229387][T10188] dump_header+0x1c5/0xcf0 [ 434.233878][T10188] oom_kill_process+0x388/0xb00 [ 434.238801][T10188] out_of_memory+0x117f/0x16a0 [ 434.243667][T10188] __alloc_pages_slowpath+0x303a/0x3d10 [ 434.249323][T10188] __alloc_pages_nodemask+0xbb1/0x1030 [ 434.254859][T10188] alloc_pages_current+0x685/0xb50 [ 434.260050][T10188] ion_page_pool_alloc+0x73d/0x8f0 [ 434.265227][T10188] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 434.271345][T10188] ? __list_add_valid+0xb8/0x420 [ 434.276343][T10188] ? kmsan_get_metadata+0x116/0x180 [ 434.281635][T10188] ion_system_heap_allocate+0x509/0x16b0 [ 434.287373][T10188] ? ion_system_contig_heap_create+0x230/0x230 [ 434.293589][T10188] ion_ioctl+0x8cd/0x2140 [ 434.298019][T10188] ? debug_shrink_set+0x240/0x240 [ 434.303106][T10188] compat_ptr_ioctl+0xe2/0x150 [ 434.307930][T10188] ? __ia32_sys_ioctl+0x70/0x70 [ 434.312841][T10188] __se_compat_sys_ioctl+0x55f/0x1100 [ 434.318295][T10188] ? kmsan_get_metadata+0x116/0x180 [ 434.323557][T10188] __ia32_compat_sys_ioctl+0x4a/0x70 [ 434.328926][T10188] __do_fast_syscall_32+0x2af/0x480 [ 434.334202][T10188] do_fast_syscall_32+0x6b/0xd0 [ 434.339121][T10188] do_SYSENTER_32+0x73/0x90 [ 434.343694][T10188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 434.350057][T10188] RIP: 0023:0xf7f05549 [ 434.354152][T10188] Code: Bad RIP value. [ 434.358259][T10188] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 434.366730][T10188] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 434.374744][T10188] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 434.382768][T10188] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 434.390783][T10188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 434.398793][T10188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 434.408153][T10188] Mem-Info: [ 434.411464][T10188] active_anon:111132 inactive_anon:4870 isolated_anon:0 [ 434.411464][T10188] active_file:2262 inactive_file:13250 isolated_file:0 [ 434.411464][T10188] unevictable:0 dirty:9 writeback:4 [ 434.411464][T10188] slab_reclaimable:6576 slab_unreclaimable:18654 [ 434.411464][T10188] mapped:42631 shmem:5055 pagetables:2862 bounce:0 [ 434.411464][T10188] free:200569 free_pcp:602 free_cma:0 [ 434.448559][T10188] Node 0 active_anon:423504kB inactive_anon:19452kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110832kB dirty:8kB writeback:4kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 264192kB writeback_tmp:0kB all_unreclaimable? yes [ 434.475976][T10188] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 434.505015][T10188] lowmem_reserve[]: 0 896 1124 1124 1124 [ 434.510749][T10188] Node 0 DMA32 free:42564kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:396656kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:656kB pagetables:1892kB bounce:0kB free_pcp:1668kB local_pcp:1332kB free_cma:0kB [ 434.542499][T10188] lowmem_reserve[]: 0 0 228 228 228 [ 434.547792][T10188] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26848kB inactive_anon:18580kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:12kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:548kB local_pcp:276kB free_cma:0kB [ 434.579675][T10188] lowmem_reserve[]: 0 0 0 0 0 [ 434.584563][T10188] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 434.596635][T10188] Node 0 DMA32: 622*4kB (ME) 429*8kB (ME) 308*16kB (UME) 177*32kB (ME) 116*64kB (ME) 50*128kB (UME) 19*256kB (M) 7*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 39808kB [ 434.613559][T10188] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 434.629502][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 434.639201][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 434.648643][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 434.658332][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 434.667743][T10188] 20569 total pagecache pages [ 434.672550][T10188] 0 pages in swap cache [ 434.676758][T10188] Swap cache stats: add 0, delete 0, find 0/0 [ 434.682948][T10188] Free swap = 0kB [ 434.686701][T10188] Total swap = 0kB [ 434.691759][T10188] 1965979 pages RAM [ 434.695699][T10188] 0 pages HighMem/MovableOnly [ 434.700420][T10188] 1433455 pages reserved [ 434.704794][T10188] 0 pages cma reserved [ 434.708924][T10188] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=8756,uid=0 [ 434.723753][T10188] Out of memory: Killed process 8756 (syz-executor.0) total-vm:93044kB, anon-rss:2188kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 434.803569][T10728] syz-executor.0 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 434.816332][T10728] CPU: 1 PID: 10728 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 434.825135][T10728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 434.835213][T10728] Call Trace: [ 434.838571][T10728] dump_stack+0x21c/0x280 [ 434.842969][T10728] dump_header+0x1c5/0xcf0 [ 434.847462][T10728] oom_kill_process+0x388/0xb00 [ 434.852394][T10728] out_of_memory+0x117f/0x16a0 [ 434.857242][T10728] __alloc_pages_slowpath+0x303a/0x3d10 [ 434.862900][T10728] __alloc_pages_nodemask+0xbb1/0x1030 [ 434.868451][T10728] alloc_pages_current+0x685/0xb50 [ 434.873642][T10728] ion_page_pool_alloc+0x73d/0x8f0 [ 434.878811][T10728] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 434.884929][T10728] ? __list_add_valid+0xb8/0x420 [ 434.889958][T10728] ? kmsan_get_metadata+0x116/0x180 [ 434.895230][T10728] ion_system_heap_allocate+0x509/0x16b0 [ 434.900952][T10728] ? ion_system_contig_heap_create+0x230/0x230 [ 434.907165][T10728] ion_ioctl+0x8cd/0x2140 [ 434.911589][T10728] ? debug_shrink_set+0x240/0x240 [ 434.916663][T10728] compat_ptr_ioctl+0xe2/0x150 [ 434.921487][T10728] ? __ia32_sys_ioctl+0x70/0x70 [ 434.926390][T10728] __se_compat_sys_ioctl+0x55f/0x1100 [ 434.931844][T10728] ? kmsan_get_metadata+0x116/0x180 [ 434.937098][T10728] __ia32_compat_sys_ioctl+0x4a/0x70 [ 434.942452][T10728] __do_fast_syscall_32+0x2af/0x480 [ 434.947719][T10728] do_fast_syscall_32+0x6b/0xd0 [ 434.952643][T10728] do_SYSENTER_32+0x73/0x90 [ 434.957214][T10728] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 434.963579][T10728] RIP: 0023:0xf7f62549 [ 434.967692][T10728] Code: Bad RIP value. [ 434.971806][T10728] RSP: 002b:00000000f555c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 434.980271][T10728] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 434.988282][T10728] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 434.996291][T10728] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 435.004299][T10728] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 435.012317][T10728] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 435.020952][T10728] Mem-Info: [ 435.024351][T10728] active_anon:110569 inactive_anon:4871 isolated_anon:0 [ 435.024351][T10728] active_file:2263 inactive_file:13251 isolated_file:0 [ 435.024351][T10728] unevictable:0 dirty:0 writeback:3 [ 435.024351][T10728] slab_reclaimable:6576 slab_unreclaimable:18650 [ 435.024351][T10728] mapped:42631 shmem:5055 pagetables:2810 bounce:0 [ 435.024351][T10728] free:200565 free_pcp:601 free_cma:0 [ 435.061710][T10728] Node 0 active_anon:421340kB inactive_anon:19452kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110832kB dirty:8kB writeback:4kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 264192kB writeback_tmp:0kB all_unreclaimable? yes [ 435.089185][T10728] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 435.118669][T10728] lowmem_reserve[]: 0 896 1124 1124 1124 [ 435.124571][T10728] Node 0 DMA32 free:39604kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:394492kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:656kB pagetables:1892kB bounce:0kB free_pcp:1840kB local_pcp:1456kB free_cma:0kB [ 435.156414][T10728] lowmem_reserve[]: 0 0 228 228 228 [ 435.161731][T10728] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26848kB inactive_anon:18580kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:12kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:576kB local_pcp:276kB free_cma:0kB [ 435.193810][T10728] lowmem_reserve[]: 0 0 0 0 0 [ 435.198570][T10728] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 435.210708][T10728] Node 0 DMA32: 623*4kB (UME) 429*8kB (ME) 307*16kB (ME) 177*32kB (ME) 117*64kB (UME) 50*128kB (UME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39604kB [ 435.227638][T10728] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 435.243668][T10728] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 435.253425][T10728] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 435.262951][T10728] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 435.273761][T10728] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 435.283216][T10728] 20569 total pagecache pages [ 435.287942][T10728] 0 pages in swap cache [ 435.292284][T10728] Swap cache stats: add 0, delete 0, find 0/0 [ 435.298425][T10728] Free swap = 0kB 11:52:21 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 435.302308][T10728] Total swap = 0kB [ 435.306077][T10728] 1965979 pages RAM [ 435.310008][T10728] 0 pages HighMem/MovableOnly [ 435.314871][T10728] 1433455 pages reserved [ 435.319151][T10728] 0 pages cma reserved [ 435.323423][T10728] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=8753,uid=0 [ 435.338632][T10728] Out of memory: Killed process 8753 (syz-executor.0) total-vm:93044kB, anon-rss:2188kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 435.357058][ T1904] oom_reaper: reaped process 8753 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 435.579713][T10198] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 435.592583][T10198] CPU: 0 PID: 10198 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 435.601301][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 435.611384][T10198] Call Trace: [ 435.614747][T10198] dump_stack+0x21c/0x280 [ 435.619145][T10198] dump_header+0x1c5/0xcf0 [ 435.623628][T10198] oom_kill_process+0x388/0xb00 [ 435.628541][T10198] out_of_memory+0x117f/0x16a0 [ 435.633382][T10198] __alloc_pages_slowpath+0x303a/0x3d10 [ 435.639036][T10198] __alloc_pages_nodemask+0xbb1/0x1030 [ 435.644578][T10198] alloc_pages_current+0x685/0xb50 [ 435.649770][T10198] ion_page_pool_alloc+0x73d/0x8f0 [ 435.654940][T10198] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 435.661053][T10198] ? __list_add_valid+0xb8/0x420 [ 435.666049][T10198] ? kmsan_get_metadata+0x116/0x180 [ 435.671322][T10198] ion_system_heap_allocate+0x509/0x16b0 [ 435.677042][T10198] ? ion_system_contig_heap_create+0x230/0x230 [ 435.683261][T10198] ion_ioctl+0x8cd/0x2140 [ 435.687685][T10198] ? debug_shrink_set+0x240/0x240 [ 435.692761][T10198] compat_ptr_ioctl+0xe2/0x150 [ 435.697581][T10198] ? __ia32_sys_ioctl+0x70/0x70 [ 435.702484][T10198] __se_compat_sys_ioctl+0x55f/0x1100 [ 435.707931][T10198] ? kmsan_get_metadata+0x116/0x180 [ 435.713185][T10198] __ia32_compat_sys_ioctl+0x4a/0x70 [ 435.718540][T10198] __do_fast_syscall_32+0x2af/0x480 [ 435.723808][T10198] do_fast_syscall_32+0x6b/0xd0 [ 435.728715][T10198] do_SYSENTER_32+0x73/0x90 [ 435.733293][T10198] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 435.739651][T10198] RIP: 0023:0xf7f05549 [ 435.743735][T10198] Code: Bad RIP value. [ 435.747831][T10198] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 435.756296][T10198] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 435.764305][T10198] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 435.772313][T10198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 435.780321][T10198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 435.788329][T10198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 435.796618][T10198] Mem-Info: [ 435.799914][T10198] active_anon:110022 inactive_anon:4869 isolated_anon:0 [ 435.799914][T10198] active_file:2263 inactive_file:13284 isolated_file:0 [ 435.799914][T10198] unevictable:0 dirty:7 writeback:3 [ 435.799914][T10198] slab_reclaimable:6576 slab_unreclaimable:18645 [ 435.799914][T10198] mapped:46207 shmem:5055 pagetables:2730 bounce:0 [ 435.799914][T10198] free:196982 free_pcp:597 free_cma:0 [ 435.837958][T10198] Node 0 active_anon:419172kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110848kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 260096kB writeback_tmp:0kB all_unreclaimable? yes [ 435.865353][T10198] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 435.894371][T10198] lowmem_reserve[]: 0 896 1124 1124 1124 [ 435.900098][T10198] Node 0 DMA32 free:39604kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:392324kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:624kB pagetables:1680kB bounce:0kB free_pcp:1812kB local_pcp:492kB free_cma:0kB [ 435.931779][T10198] lowmem_reserve[]: 0 0 228 228 228 [ 435.937069][T10198] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26848kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:576kB local_pcp:300kB free_cma:0kB [ 435.968617][T10198] lowmem_reserve[]: 0 0 0 0 0 [ 435.973455][T10198] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 435.985587][T10198] Node 0 DMA32: 619*4kB (ME) 419*8kB (ME) 311*16kB (ME) 178*32kB (UME) 118*64kB (ME) 50*128kB (UME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39668kB [ 436.002310][T10198] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 436.018192][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 436.027880][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 436.037301][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 436.046976][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 436.056435][T10198] 20619 total pagecache pages [ 436.061161][T10198] 0 pages in swap cache [ 436.065474][T10198] Swap cache stats: add 0, delete 0, find 0/0 [ 436.071575][T10198] Free swap = 0kB [ 436.075407][T10198] Total swap = 0kB [ 436.079198][T10198] 1965979 pages RAM [ 436.083105][T10198] 0 pages HighMem/MovableOnly [ 436.087817][T10198] 1433455 pages reserved [ 436.092157][T10198] 0 pages cma reserved [ 436.096295][T10198] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=8924,uid=0 [ 436.111117][T10198] Out of memory: Killed process 8924 (syz-executor.0) total-vm:93044kB, anon-rss:2188kB, file-rss:34592kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 436.135772][ T1904] oom_reaper: reaped process 8924 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 436.280578][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 436.293695][T10165] CPU: 1 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 436.302432][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 436.312536][T10165] Call Trace: [ 436.315920][T10165] dump_stack+0x21c/0x280 [ 436.320338][T10165] dump_header+0x1c5/0xcf0 [ 436.324863][T10165] oom_kill_process+0x388/0xb00 [ 436.329818][T10165] out_of_memory+0x117f/0x16a0 [ 436.334735][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 436.340431][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 436.346131][T10165] alloc_pages_current+0x685/0xb50 [ 436.351384][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 436.356590][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 436.362739][T10165] ? __list_add_valid+0xb8/0x420 [ 436.367801][T10165] ? kmsan_get_metadata+0x116/0x180 [ 436.373106][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 436.378866][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 436.385107][T10165] ion_ioctl+0x8cd/0x2140 [ 436.389566][T10165] ? debug_shrink_set+0x240/0x240 [ 436.394679][T10165] compat_ptr_ioctl+0xe2/0x150 [ 436.399531][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 436.404511][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 436.409987][T10165] ? kmsan_get_metadata+0x116/0x180 [ 436.415273][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 436.420656][T10165] __do_fast_syscall_32+0x2af/0x480 [ 436.425962][T10165] do_fast_syscall_32+0x6b/0xd0 [ 436.430905][T10165] do_SYSENTER_32+0x73/0x90 [ 436.435520][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 436.441906][T10165] RIP: 0023:0xf7f05549 [ 436.446013][T10165] Code: Bad RIP value. [ 436.450128][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 436.458621][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 436.466656][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 436.477791][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 436.485798][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 436.493809][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 436.502010][T10165] Mem-Info: [ 436.505300][T10165] active_anon:109460 inactive_anon:4870 isolated_anon:0 [ 436.505300][T10165] active_file:2264 inactive_file:13351 isolated_file:0 [ 436.505300][T10165] unevictable:0 dirty:7 writeback:0 [ 436.505300][T10165] slab_reclaimable:6576 slab_unreclaimable:18646 [ 436.505300][T10165] mapped:46221 shmem:5055 pagetables:2771 bounce:0 [ 436.505300][T10165] free:196472 free_pcp:674 free_cma:0 [ 436.542395][T10165] Node 0 active_anon:416992kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110872kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 256000kB writeback_tmp:0kB all_unreclaimable? yes [ 436.569862][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 436.599014][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 436.604899][T10165] Node 0 DMA32 free:39732kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:390144kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:592kB pagetables:1664kB bounce:0kB free_pcp:2120kB local_pcp:1508kB free_cma:0kB [ 436.636698][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 436.642126][T10165] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26848kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:576kB local_pcp:276kB free_cma:0kB [ 436.673857][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 436.678634][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 436.690792][T10165] Node 0 DMA32: 619*4kB (ME) 419*8kB (ME) 311*16kB (ME) 178*32kB (UME) 119*64kB (UME) 50*128kB (UME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39732kB [ 436.707710][T10165] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 436.723695][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 436.733446][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 436.743025][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 436.752722][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 436.762169][T10165] 20724 total pagecache pages [ 436.766890][T10165] 0 pages in swap cache [ 436.771101][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 436.777341][T10165] Free swap = 0kB [ 436.781099][T10165] Total swap = 0kB [ 436.785025][T10165] 1965979 pages RAM [ 436.788903][T10165] 0 pages HighMem/MovableOnly [ 436.793741][T10165] 1433455 pages reserved [ 436.798012][T10165] 0 pages cma reserved [ 436.802264][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=8874,uid=0 [ 436.817157][T10165] Out of memory: Killed process 8874 (syz-executor.0) total-vm:93044kB, anon-rss:2188kB, file-rss:34592kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 436.835262][ T1904] oom_reaper: reaped process 8874 (syz-executor.0), now anon-rss:0kB, file-rss:34588kB, shmem-rss:0kB 11:52:23 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 437.090222][T10740] warn_alloc: 8 callbacks suppressed [ 437.090288][T10740] syz-executor.0: page allocation failure: order:4, mode:0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0,cpuset=/,mems_allowed=0-1 [ 437.110508][T10740] CPU: 1 PID: 10740 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 437.119243][T10740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 437.129362][T10740] Call Trace: [ 437.132746][T10740] dump_stack+0x21c/0x280 [ 437.137189][T10740] warn_alloc+0x4cc/0x680 [ 437.141653][T10740] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 437.147615][T10740] __alloc_pages_slowpath+0x3cb6/0x3d10 [ 437.153273][T10740] ? kmsan_get_metadata+0x116/0x180 [ 437.158602][T10740] ? kmsan_get_metadata+0x116/0x180 [ 437.163914][T10740] __alloc_pages_nodemask+0xbb1/0x1030 [ 437.169486][T10740] alloc_pages_current+0x685/0xb50 [ 437.174721][T10740] ion_page_pool_alloc+0x73d/0x8f0 [ 437.179921][T10740] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 437.186064][T10740] ? __list_add_valid+0xb8/0x420 [ 437.191089][T10740] ? kmsan_get_metadata+0x116/0x180 [ 437.196391][T10740] ion_system_heap_allocate+0x5a2/0x16b0 [ 437.202725][T10740] ? ion_system_contig_heap_create+0x230/0x230 [ 437.208967][T10740] ion_ioctl+0x8cd/0x2140 [ 437.213425][T10740] ? debug_shrink_set+0x240/0x240 [ 437.218532][T10740] compat_ptr_ioctl+0xe2/0x150 [ 437.223387][T10740] ? __ia32_sys_ioctl+0x70/0x70 [ 437.228312][T10740] __se_compat_sys_ioctl+0x55f/0x1100 [ 437.233832][T10740] ? kmsan_get_metadata+0x116/0x180 [ 437.239117][T10740] __ia32_compat_sys_ioctl+0x4a/0x70 [ 437.244495][T10740] __do_fast_syscall_32+0x2af/0x480 [ 437.249803][T10740] do_fast_syscall_32+0x6b/0xd0 [ 437.254763][T10740] do_SYSENTER_32+0x73/0x90 [ 437.259379][T10740] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 437.265761][T10740] RIP: 0023:0xf7f62549 [ 437.269844][T10740] Code: Bad RIP value. [ 437.274015][T10740] RSP: 002b:00000000f555c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 437.282483][T10740] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 437.290502][T10740] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 437.298515][T10740] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 437.306626][T10740] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 437.314633][T10740] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 437.323189][T10740] Mem-Info: [ 437.326515][T10740] active_anon:109272 inactive_anon:4871 isolated_anon:0 [ 437.326515][T10740] active_file:2264 inactive_file:13462 isolated_file:0 [ 437.326515][T10740] unevictable:0 dirty:11 writeback:0 [ 437.326515][T10740] slab_reclaimable:6578 slab_unreclaimable:18646 [ 437.326515][T10740] mapped:47504 shmem:5055 pagetables:2694 bounce:0 [ 437.326515][T10740] free:195364 free_pcp:663 free_cma:0 [ 437.364806][T10740] Node 0 active_anon:416872kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110872kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 256000kB writeback_tmp:0kB all_unreclaimable? yes [ 437.392369][T10740] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 437.421469][T10740] lowmem_reserve[]: 0 896 1124 1124 1124 [ 437.427331][T10740] Node 0 DMA32 free:39852kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:390024kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:592kB pagetables:1464kB bounce:0kB free_pcp:2076kB local_pcp:1288kB free_cma:0kB [ 437.459118][T10740] lowmem_reserve[]: 0 0 228 228 228 [ 437.464571][T10740] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26848kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:576kB local_pcp:276kB free_cma:0kB [ 437.496202][T10740] lowmem_reserve[]: 0 0 0 0 0 [ 437.500980][T10740] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 437.513103][T10740] Node 0 DMA32: 627*4kB (UME) 420*8kB (UME) 317*16kB (UME) 183*32kB (UME) 117*64kB (ME) 48*128kB (ME) 21*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39900kB [ 437.530105][T10740] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 437.546061][T10740] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 437.555811][T10740] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 437.565311][T10740] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 437.575072][T10740] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 437.584535][T10740] 20826 total pagecache pages 11:52:23 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000500)="48000000140081fb7059ae08060c040002ff0f03900000000000008000006fabca3b4e7d06a6bd7c00000000030000068a562ad6e74703c48f93bc2a02000000461eb886a5e54f8f1f502de91d6b9146e97de1e0d064d0bdbec08318664ad9c759ca203b", 0x64}], 0x1}, 0x20008001) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0x20000002) [ 437.589254][T10740] 0 pages in swap cache [ 437.593618][T10740] Swap cache stats: add 0, delete 0, find 0/0 [ 437.599729][T10740] Free swap = 0kB [ 437.603644][T10740] Total swap = 0kB [ 437.607411][T10740] 1965979 pages RAM [ 437.611258][T10740] 0 pages HighMem/MovableOnly [ 437.616122][T10740] 1433455 pages reserved [ 437.620407][T10740] 0 pages cma reserved 11:52:24 executing program 0: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 437.982172][T10188] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 437.995029][T10188] CPU: 1 PID: 10188 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 438.003757][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 438.013861][T10188] Call Trace: [ 438.017248][T10188] dump_stack+0x21c/0x280 [ 438.021679][T10188] dump_header+0x1c5/0xcf0 [ 438.026204][T10188] oom_kill_process+0x388/0xb00 [ 438.031154][T10188] out_of_memory+0x117f/0x16a0 [ 438.036047][T10188] __alloc_pages_slowpath+0x303a/0x3d10 [ 438.041741][T10188] __alloc_pages_nodemask+0xbb1/0x1030 [ 438.047319][T10188] alloc_pages_current+0x685/0xb50 [ 438.052551][T10188] ion_page_pool_alloc+0x73d/0x8f0 [ 438.057756][T10188] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 438.063906][T10188] ? __list_add_valid+0xb8/0x420 [ 438.068933][T10188] ? kmsan_get_metadata+0x116/0x180 [ 438.074246][T10188] ion_system_heap_allocate+0x509/0x16b0 [ 438.080023][T10188] ? ion_system_contig_heap_create+0x230/0x230 [ 438.086267][T10188] ion_ioctl+0x8cd/0x2140 [ 438.090732][T10188] ? debug_shrink_set+0x240/0x240 [ 438.095836][T10188] compat_ptr_ioctl+0xe2/0x150 [ 438.100684][T10188] ? __ia32_sys_ioctl+0x70/0x70 [ 438.105614][T10188] __se_compat_sys_ioctl+0x55f/0x1100 [ 438.111099][T10188] ? kmsan_get_metadata+0x116/0x180 [ 438.116380][T10188] __ia32_compat_sys_ioctl+0x4a/0x70 [ 438.121761][T10188] __do_fast_syscall_32+0x2af/0x480 [ 438.127072][T10188] do_fast_syscall_32+0x6b/0xd0 [ 438.132012][T10188] do_SYSENTER_32+0x73/0x90 [ 438.136610][T10188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 438.143001][T10188] RIP: 0023:0xf7f05549 [ 438.147104][T10188] Code: Bad RIP value. [ 438.151222][T10188] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 438.159719][T10188] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 438.167752][T10188] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 438.175785][T10188] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 438.183817][T10188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 438.191853][T10188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 438.200389][T10188] Mem-Info: [ 438.203805][T10188] active_anon:109319 inactive_anon:4871 isolated_anon:0 [ 438.203805][T10188] active_file:2264 inactive_file:13564 isolated_file:0 [ 438.203805][T10188] unevictable:0 dirty:41 writeback:1 [ 438.203805][T10188] slab_reclaimable:6578 slab_unreclaimable:18630 [ 438.203805][T10188] mapped:47511 shmem:5055 pagetables:2753 bounce:0 [ 438.203805][T10188] free:195128 free_pcp:677 free_cma:0 [ 438.241091][T10188] Node 0 active_anon:416872kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110872kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 258048kB writeback_tmp:0kB all_unreclaimable? yes [ 438.268532][T10188] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 438.297660][T10188] lowmem_reserve[]: 0 896 1124 1124 1124 [ 438.303488][T10188] Node 0 DMA32 free:39648kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:390024kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:576kB pagetables:1464kB bounce:0kB free_pcp:2132kB local_pcp:1344kB free_cma:0kB [ 438.335293][T10188] lowmem_reserve[]: 0 0 228 228 228 [ 438.340597][T10188] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26848kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:576kB local_pcp:276kB free_cma:0kB [ 438.372227][T10188] lowmem_reserve[]: 0 0 0 0 0 [ 438.377006][T10188] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 438.389115][T10188] Node 0 DMA32: 614*4kB (UME) 413*8kB (ME) 315*16kB (UME) 182*32kB (UME) 118*64kB (UME) 49*128kB (UME) 20*256kB (M) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39664kB [ 438.406378][T10188] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 438.422330][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 438.432054][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 438.441411][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 438.451142][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 438.460662][T10188] 20927 total pagecache pages [ 438.465517][T10188] 0 pages in swap cache [ 438.469732][T10188] Swap cache stats: add 0, delete 0, find 0/0 [ 438.475973][T10188] Free swap = 0kB [ 438.479771][T10188] Total swap = 0kB [ 438.483632][T10188] 1965979 pages RAM [ 438.487479][T10188] 0 pages HighMem/MovableOnly [ 438.492291][T10188] 1433455 pages reserved [ 438.496584][T10188] 0 pages cma reserved [ 438.500704][T10188] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=10740,uid=0 [ 438.515772][T10188] Out of memory: Killed process 10740 (syz-executor.0) total-vm:93044kB, anon-rss:2204kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:52:25 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) socket$kcm(0x10, 0x2, 0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) sendfile(r3, r1, 0x0, 0x20000002) [ 438.534799][ T1904] oom_reaper: reaped process 10740 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 438.635876][T10747] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 438.648762][T10747] CPU: 1 PID: 10747 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 438.657489][T10747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 438.667573][T10747] Call Trace: [ 438.670937][T10747] dump_stack+0x21c/0x280 [ 438.675339][T10747] dump_header+0x1c5/0xcf0 [ 438.679829][T10747] oom_kill_process+0x388/0xb00 [ 438.684751][T10747] out_of_memory+0x117f/0x16a0 [ 438.689601][T10747] __alloc_pages_slowpath+0x303a/0x3d10 [ 438.695260][T10747] __alloc_pages_nodemask+0xbb1/0x1030 [ 438.700804][T10747] alloc_pages_current+0x685/0xb50 [ 438.706009][T10747] ion_page_pool_alloc+0x73d/0x8f0 [ 438.711181][T10747] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 438.717300][T10747] ? __list_add_valid+0xb8/0x420 [ 438.722298][T10747] ? kmsan_get_metadata+0x116/0x180 [ 438.727575][T10747] ion_system_heap_allocate+0x509/0x16b0 [ 438.733301][T10747] ? ion_system_contig_heap_create+0x230/0x230 [ 438.739516][T10747] ion_ioctl+0x8cd/0x2140 [ 438.743943][T10747] ? debug_shrink_set+0x240/0x240 [ 438.749018][T10747] compat_ptr_ioctl+0xe2/0x150 [ 438.753853][T10747] ? __ia32_sys_ioctl+0x70/0x70 [ 438.758755][T10747] __se_compat_sys_ioctl+0x55f/0x1100 [ 438.764198][T10747] ? kmsan_get_metadata+0x116/0x180 [ 438.769537][T10747] __ia32_compat_sys_ioctl+0x4a/0x70 [ 438.774887][T10747] __do_fast_syscall_32+0x2af/0x480 [ 438.780162][T10747] do_fast_syscall_32+0x6b/0xd0 [ 438.785075][T10747] do_SYSENTER_32+0x73/0x90 [ 438.789647][T10747] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 438.796009][T10747] RIP: 0023:0xf7f05549 [ 438.800092][T10747] Code: Bad RIP value. [ 438.804191][T10747] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 438.812659][T10747] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 438.820668][T10747] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 438.828682][T10747] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 438.836691][T10747] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 438.844703][T10747] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 438.853587][T10747] Mem-Info: [ 438.857325][T10747] active_anon:108822 inactive_anon:4870 isolated_anon:0 [ 438.857325][T10747] active_file:2265 inactive_file:13603 isolated_file:0 [ 438.857325][T10747] unevictable:0 dirty:11 writeback:18 [ 438.857325][T10747] slab_reclaimable:6580 slab_unreclaimable:18617 [ 438.857325][T10747] mapped:47780 shmem:5055 pagetables:2763 bounce:0 [ 438.857325][T10747] free:195067 free_pcp:677 free_cma:0 [ 438.895735][T10747] Node 0 active_anon:414824kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110940kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 256000kB writeback_tmp:0kB all_unreclaimable? yes [ 438.923150][T10747] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 438.952182][T10747] lowmem_reserve[]: 0 896 1124 1124 1124 [ 438.957914][T10747] Node 0 DMA32 free:39792kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387976kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:2132kB local_pcp:1344kB free_cma:0kB [ 438.989664][T10747] lowmem_reserve[]: 0 0 228 228 228 [ 438.995319][T10747] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26848kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:576kB local_pcp:276kB free_cma:0kB [ 439.027071][T10747] lowmem_reserve[]: 0 0 0 0 0 [ 439.031941][T10747] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 439.044016][T10747] Node 0 DMA32: 614*4kB (UME) 413*8kB (ME) 315*16kB (UME) 182*32kB (UME) 118*64kB (UME) 48*128kB (ME) 21*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39792kB [ 439.060989][T10747] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 439.077024][T10747] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 439.086735][T10747] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 439.096194][T10747] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 439.105897][T10747] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 439.115340][T10747] 20961 total pagecache pages [ 439.120062][T10747] 0 pages in swap cache [ 439.124357][T10747] Swap cache stats: add 0, delete 0, find 0/0 [ 439.130460][T10747] Free swap = 0kB [ 439.134299][T10747] Total swap = 0kB [ 439.138061][T10747] 1965979 pages RAM [ 439.142003][T10747] 0 pages HighMem/MovableOnly [ 439.146726][T10747] 1433455 pages reserved [ 439.151013][T10747] 0 pages cma reserved [ 439.155233][T10747] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10555,uid=0 [ 439.170174][T10747] Out of memory: Killed process 10555 (syz-executor.1) total-vm:93308kB, anon-rss:176kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:52:25 executing program 0: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 439.190421][ T1904] oom_reaper: reaped process 10555 (syz-executor.1), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 439.272750][T10742] IPVS: ftp: loaded support on port[0] = 21 [ 439.338871][T10728] syz-executor.0 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 439.351718][T10728] CPU: 1 PID: 10728 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 439.360458][T10728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 439.370571][T10728] Call Trace: [ 439.373963][T10728] dump_stack+0x21c/0x280 [ 439.378395][T10728] dump_header+0x1c5/0xcf0 [ 439.382921][T10728] oom_kill_process+0x388/0xb00 [ 439.387870][T10728] out_of_memory+0x117f/0x16a0 [ 439.392752][T10728] __alloc_pages_slowpath+0x303a/0x3d10 [ 439.398453][T10728] __alloc_pages_nodemask+0xbb1/0x1030 [ 439.404027][T10728] alloc_pages_current+0x685/0xb50 [ 439.409262][T10728] ion_page_pool_alloc+0x73d/0x8f0 [ 439.414466][T10728] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 439.420615][T10728] ? __list_add_valid+0xb8/0x420 [ 439.425650][T10728] ? kmsan_get_metadata+0x116/0x180 [ 439.430953][T10728] ion_system_heap_allocate+0x509/0x16b0 [ 439.436714][T10728] ? ion_system_contig_heap_create+0x230/0x230 [ 439.442959][T10728] ion_ioctl+0x8cd/0x2140 [ 439.447386][T10728] ? debug_shrink_set+0x240/0x240 [ 439.452462][T10728] compat_ptr_ioctl+0xe2/0x150 [ 439.457302][T10728] ? __ia32_sys_ioctl+0x70/0x70 [ 439.462220][T10728] __se_compat_sys_ioctl+0x55f/0x1100 [ 439.467673][T10728] ? kmsan_get_metadata+0x116/0x180 [ 439.472933][T10728] __ia32_compat_sys_ioctl+0x4a/0x70 [ 439.478295][T10728] __do_fast_syscall_32+0x2af/0x480 [ 439.483566][T10728] do_fast_syscall_32+0x6b/0xd0 [ 439.488586][T10728] do_SYSENTER_32+0x73/0x90 [ 439.493203][T10728] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 439.499571][T10728] RIP: 0023:0xf7f62549 [ 439.503660][T10728] Code: Bad RIP value. [ 439.507757][T10728] RSP: 002b:00000000f555c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 439.516235][T10728] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 439.524251][T10728] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 439.532258][T10728] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 439.540267][T10728] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 439.548291][T10728] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 439.558078][T10728] Mem-Info: [ 439.561391][T10728] active_anon:108863 inactive_anon:4871 isolated_anon:0 [ 439.561391][T10728] active_file:2266 inactive_file:13680 isolated_file:0 [ 439.561391][T10728] unevictable:0 dirty:28 writeback:7 [ 439.561391][T10728] slab_reclaimable:6584 slab_unreclaimable:18656 [ 439.561391][T10728] mapped:47784 shmem:5055 pagetables:2723 bounce:0 [ 439.561391][T10728] free:194996 free_pcp:677 free_cma:0 [ 439.598664][T10728] Node 0 active_anon:414824kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110956kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 439.626083][T10728] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 439.655121][T10728] lowmem_reserve[]: 0 896 1124 1124 1124 [ 439.660854][T10728] Node 0 DMA32 free:39792kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387976kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:2132kB local_pcp:1344kB free_cma:0kB [ 439.692656][T10728] lowmem_reserve[]: 0 0 228 228 228 [ 439.697955][T10728] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26848kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:576kB local_pcp:276kB free_cma:0kB [ 439.729530][T10728] lowmem_reserve[]: 0 0 0 0 0 [ 439.734478][T10728] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 439.746547][T10728] Node 0 DMA32: 614*4kB (UME) 413*8kB (ME) 315*16kB (UME) 183*32kB (UME) 118*64kB (UME) 48*128kB (ME) 21*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39824kB [ 439.763470][T10728] Node 0 Normal: 837*4kB (UME) 250*8kB (UM) 105*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9876kB [ 439.779392][T10728] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 439.789110][T10728] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 439.798567][T10728] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 439.808279][T10728] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 439.817693][T10728] 21007 total pagecache pages [ 439.822502][T10728] 0 pages in swap cache [ 439.826707][T10728] Swap cache stats: add 0, delete 0, find 0/0 [ 439.833006][T10728] Free swap = 0kB [ 439.836770][T10728] Total swap = 0kB [ 439.840548][T10728] 1965979 pages RAM [ 439.844482][T10728] 0 pages HighMem/MovableOnly [ 439.849195][T10728] 1433455 pages reserved [ 439.853569][T10728] 0 pages cma reserved [ 439.857687][T10728] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=10728,uid=0 [ 439.872593][T10728] Out of memory: Killed process 10728 (syz-executor.0) total-vm:93044kB, anon-rss:160kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 439.891578][ T1904] oom_reaper: reaped process 10728 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 439.988635][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 440.001860][T10165] CPU: 1 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 440.010595][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 440.020680][T10165] Call Trace: [ 440.024041][T10165] dump_stack+0x21c/0x280 [ 440.028448][T10165] dump_header+0x1c5/0xcf0 [ 440.032965][T10165] oom_kill_process+0x388/0xb00 [ 440.037987][T10165] out_of_memory+0x117f/0x16a0 [ 440.042842][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 440.048511][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 440.054060][T10165] alloc_pages_current+0x685/0xb50 [ 440.059275][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 440.064452][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 440.070582][T10165] ? __list_add_valid+0xb8/0x420 [ 440.075583][T10165] ? kmsan_get_metadata+0x116/0x180 [ 440.080858][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 440.086579][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 440.092791][T10165] ion_ioctl+0x8cd/0x2140 [ 440.097214][T10165] ? debug_shrink_set+0x240/0x240 [ 440.102290][T10165] compat_ptr_ioctl+0xe2/0x150 [ 440.107108][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 440.112010][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 440.117457][T10165] ? kmsan_get_metadata+0x116/0x180 [ 440.122714][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 440.128067][T10165] __do_fast_syscall_32+0x2af/0x480 [ 440.133337][T10165] do_fast_syscall_32+0x6b/0xd0 [ 440.138248][T10165] do_SYSENTER_32+0x73/0x90 [ 440.142817][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 440.149178][T10165] RIP: 0023:0xf7f05549 [ 440.153262][T10165] Code: Bad RIP value. [ 440.157373][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 440.165840][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 440.173846][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 440.181852][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 440.189864][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 440.197869][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 440.206104][T10165] Mem-Info: [ 440.209382][T10165] active_anon:108914 inactive_anon:4871 isolated_anon:0 [ 440.209382][T10165] active_file:2266 inactive_file:13714 isolated_file:0 [ 440.209382][T10165] unevictable:0 dirty:0 writeback:7 [ 440.209382][T10165] slab_reclaimable:6544 slab_unreclaimable:18711 [ 440.209382][T10165] mapped:47784 shmem:5055 pagetables:2748 bounce:0 [ 440.209382][T10165] free:194773 free_pcp:661 free_cma:0 [ 440.246471][T10165] Node 0 active_anon:414824kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110956kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 440.273889][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 440.302945][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 440.308670][T10165] Node 0 DMA32 free:39652kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387976kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:2068kB local_pcp:1256kB free_cma:0kB [ 440.340438][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 440.345839][T10165] Node 0 Normal free:9836kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:12kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:580kB local_pcp:268kB free_cma:0kB [ 440.377497][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 440.382364][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 440.394480][T10165] Node 0 DMA32: 613*4kB (UME) 410*8kB (ME) 320*16kB (ME) 185*32kB (ME) 118*64kB (UME) 48*128kB (ME) 20*256kB (M) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39684kB [ 440.411203][T10165] Node 0 Normal: 837*4kB (UME) 249*8kB (M) 103*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9836kB [ 440.427097][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 440.436841][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 440.446430][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 440.456181][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 440.465674][T10165] 21044 total pagecache pages [ 440.470406][T10165] 0 pages in swap cache [ 440.474740][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 440.480861][T10165] Free swap = 0kB [ 440.484768][T10165] Total swap = 0kB [ 440.488529][T10165] 1965979 pages RAM [ 440.492504][T10165] 0 pages HighMem/MovableOnly [ 440.497221][T10165] 1433455 pages reserved [ 440.501500][T10165] 0 pages cma reserved [ 440.505773][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10690,uid=0 [ 440.520884][T10165] Out of memory: Killed process 10690 (syz-executor.1) total-vm:93308kB, anon-rss:160kB, file-rss:35740kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 440.541282][ T1904] oom_reaper: reaped process 10690 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 440.578555][T10198] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 440.592293][T10198] CPU: 1 PID: 10198 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 440.601151][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 440.611292][T10198] Call Trace: [ 440.614669][T10198] dump_stack+0x21c/0x280 [ 440.619081][T10198] dump_header+0x1c5/0xcf0 [ 440.623580][T10198] oom_kill_process+0x388/0xb00 [ 440.628504][T10198] out_of_memory+0x117f/0x16a0 [ 440.633355][T10198] __alloc_pages_slowpath+0x303a/0x3d10 [ 440.639015][T10198] __alloc_pages_nodemask+0xbb1/0x1030 [ 440.644574][T10198] alloc_pages_current+0x685/0xb50 [ 440.649767][T10198] ion_page_pool_alloc+0x73d/0x8f0 [ 440.654941][T10198] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 440.661057][T10198] ? __list_add_valid+0xb8/0x420 [ 440.666056][T10198] ? kmsan_get_metadata+0x116/0x180 [ 440.671329][T10198] ion_system_heap_allocate+0x509/0x16b0 [ 440.677052][T10198] ? ion_system_contig_heap_create+0x230/0x230 [ 440.683263][T10198] ion_ioctl+0x8cd/0x2140 [ 440.687688][T10198] ? debug_shrink_set+0x240/0x240 [ 440.692764][T10198] compat_ptr_ioctl+0xe2/0x150 [ 440.697582][T10198] ? __ia32_sys_ioctl+0x70/0x70 [ 440.702486][T10198] __se_compat_sys_ioctl+0x55f/0x1100 [ 440.707929][T10198] ? kmsan_get_metadata+0x116/0x180 [ 440.713186][T10198] __ia32_compat_sys_ioctl+0x4a/0x70 [ 440.718534][T10198] __do_fast_syscall_32+0x2af/0x480 [ 440.723802][T10198] do_fast_syscall_32+0x6b/0xd0 [ 440.728715][T10198] do_SYSENTER_32+0x73/0x90 [ 440.733282][T10198] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 440.739646][T10198] RIP: 0023:0xf7f05549 [ 440.743737][T10198] Code: Bad RIP value. [ 440.747849][T10198] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 440.756314][T10198] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 440.764322][T10198] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 440.772332][T10198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 440.780341][T10198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 440.788361][T10198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 440.796538][T10198] Mem-Info: [ 440.799817][T10198] active_anon:108832 inactive_anon:4872 isolated_anon:0 [ 440.799817][T10198] active_file:2373 inactive_file:13644 isolated_file:0 [ 440.799817][T10198] unevictable:0 dirty:16 writeback:2 [ 440.799817][T10198] slab_reclaimable:6536 slab_unreclaimable:18707 [ 440.799817][T10198] mapped:47875 shmem:5056 pagetables:2711 bounce:0 [ 440.799817][T10198] free:194793 free_pcp:665 free_cma:0 [ 440.805514][ T5] Bluetooth: hci4: command 0x0409 tx timeout [ 440.836993][T10198] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110972kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 440.837094][T10198] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 440.899373][T10198] lowmem_reserve[]: 0 896 1124 1124 1124 [ 440.905260][T10198] Node 0 DMA32 free:39684kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:2080kB local_pcp:1256kB free_cma:0kB [ 440.937125][T10198] lowmem_reserve[]: 0 0 228 228 228 [ 440.942567][T10198] Node 0 Normal free:9836kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:580kB local_pcp:268kB free_cma:0kB [ 440.974190][T10198] lowmem_reserve[]: 0 0 0 0 0 [ 440.978963][T10198] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 440.991099][T10198] Node 0 DMA32: 613*4kB (UME) 410*8kB (ME) 320*16kB (ME) 185*32kB (ME) 118*64kB (UME) 48*128kB (ME) 20*256kB (M) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39684kB [ 441.007915][T10198] Node 0 Normal: 837*4kB (UME) 249*8kB (M) 103*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9836kB [ 441.023793][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 441.033533][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 441.043075][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 441.052822][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 441.062273][T10198] 21090 total pagecache pages [ 441.066992][T10198] 0 pages in swap cache [ 441.071199][T10198] Swap cache stats: add 0, delete 0, find 0/0 [ 441.077440][T10198] Free swap = 0kB [ 441.081200][T10198] Total swap = 0kB [ 441.085098][T10198] 1965979 pages RAM [ 441.088940][T10198] 0 pages HighMem/MovableOnly [ 441.093790][T10198] 1433455 pages reserved [ 441.098069][T10198] 0 pages cma reserved [ 441.102353][T10198] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10646,uid=0 [ 441.117325][T10198] Out of memory: Killed process 10646 (syz-executor.1) total-vm:93176kB, anon-rss:160kB, file-rss:35740kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 441.136007][ T1904] oom_reaper: reaped process 10646 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 441.158563][T10740] syz-executor.0 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 441.172275][T10740] CPU: 1 PID: 10740 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 441.180999][T10740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 441.191082][T10740] Call Trace: [ 441.194444][T10740] dump_stack+0x21c/0x280 [ 441.198841][T10740] dump_header+0x1c5/0xcf0 [ 441.203328][T10740] oom_kill_process+0x388/0xb00 [ 441.208248][T10740] out_of_memory+0x117f/0x16a0 [ 441.213096][T10740] __alloc_pages_slowpath+0x303a/0x3d10 [ 441.218765][T10740] __alloc_pages_nodemask+0xbb1/0x1030 [ 441.224304][T10740] alloc_pages_current+0x685/0xb50 [ 441.229500][T10740] ion_page_pool_alloc+0x73d/0x8f0 [ 441.234689][T10740] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 441.240809][T10740] ? __list_add_valid+0xb8/0x420 [ 441.245801][T10740] ? kmsan_get_metadata+0x116/0x180 [ 441.251074][T10740] ion_system_heap_allocate+0x509/0x16b0 [ 441.256806][T10740] ? ion_system_contig_heap_create+0x230/0x230 [ 441.263017][T10740] ion_ioctl+0x8cd/0x2140 [ 441.267442][T10740] ? debug_shrink_set+0x240/0x240 [ 441.272515][T10740] compat_ptr_ioctl+0xe2/0x150 [ 441.277332][T10740] ? __ia32_sys_ioctl+0x70/0x70 [ 441.282245][T10740] __se_compat_sys_ioctl+0x55f/0x1100 [ 441.287689][T10740] ? kmsan_get_metadata+0x116/0x180 [ 441.292944][T10740] __ia32_compat_sys_ioctl+0x4a/0x70 [ 441.298293][T10740] __do_fast_syscall_32+0x2af/0x480 [ 441.303575][T10740] do_fast_syscall_32+0x6b/0xd0 [ 441.308506][T10740] do_SYSENTER_32+0x73/0x90 [ 441.313083][T10740] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 441.319448][T10740] RIP: 0023:0xf7f62549 [ 441.323532][T10740] Code: Bad RIP value. [ 441.327630][T10740] RSP: 002b:00000000f555c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 441.336094][T10740] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 441.344114][T10740] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 441.352124][T10740] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 441.360144][T10740] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 441.368158][T10740] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 441.376340][T10740] Mem-Info: [ 441.379622][T10740] active_anon:108883 inactive_anon:4872 isolated_anon:0 [ 441.379622][T10740] active_file:2373 inactive_file:13661 isolated_file:0 [ 441.379622][T10740] unevictable:0 dirty:0 writeback:2 [ 441.379622][T10740] slab_reclaimable:6536 slab_unreclaimable:18707 [ 441.379622][T10740] mapped:47960 shmem:5056 pagetables:2711 bounce:0 [ 441.379622][T10740] free:194793 free_pcp:665 free_cma:0 [ 441.416897][T10740] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:110984kB dirty:4kB writeback:4kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 441.444413][T10740] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 441.473487][T10740] lowmem_reserve[]: 0 896 1124 1124 1124 [ 441.479244][T10740] Node 0 DMA32 free:39684kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:2080kB local_pcp:1256kB free_cma:0kB [ 441.511069][T10740] lowmem_reserve[]: 0 0 228 228 228 [ 441.516519][T10740] Node 0 Normal free:9836kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:580kB local_pcp:268kB free_cma:0kB [ 441.548160][T10740] lowmem_reserve[]: 0 0 0 0 0 [ 441.553079][T10740] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 441.566077][T10740] Node 0 DMA32: 613*4kB (UME) 410*8kB (ME) 320*16kB (ME) 185*32kB (ME) 118*64kB (UME) 48*128kB (ME) 20*256kB (M) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39684kB [ 441.582807][T10740] Node 0 Normal: 837*4kB (UME) 249*8kB (M) 103*16kB (UM) 39*32kB (UM) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9836kB [ 441.598699][T10740] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 441.608465][T10740] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 441.617968][T10740] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 441.627726][T10740] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 441.637196][T10740] 21132 total pagecache pages [ 441.642043][T10740] 0 pages in swap cache [ 441.646259][T10740] Swap cache stats: add 0, delete 0, find 0/0 [ 441.652495][T10740] Free swap = 0kB [ 441.656250][T10740] Total swap = 0kB [ 441.660011][T10740] 1965979 pages RAM [ 441.663999][T10740] 0 pages HighMem/MovableOnly [ 441.668709][T10740] 1433455 pages reserved [ 441.673166][T10740] 0 pages cma reserved [ 441.677306][T10740] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10635,uid=0 [ 441.692281][T10740] Out of memory: Killed process 10635 (syz-executor.1) total-vm:93176kB, anon-rss:160kB, file-rss:35740kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 441.711009][ T1904] oom_reaper: reaped process 10635 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 442.212140][T10742] chnl_net:caif_netlink_parms(): no params data found [ 442.324439][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 442.337374][T10165] CPU: 1 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 442.346107][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 442.356217][T10165] Call Trace: [ 442.359603][T10165] dump_stack+0x21c/0x280 [ 442.364032][T10165] dump_header+0x1c5/0xcf0 [ 442.368566][T10165] oom_kill_process+0x388/0xb00 [ 442.373506][T10165] out_of_memory+0x117f/0x16a0 [ 442.378381][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 442.384079][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 442.389653][T10165] alloc_pages_current+0x685/0xb50 [ 442.394884][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 442.400082][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 442.406233][T10165] ? __list_add_valid+0xb8/0x420 [ 442.411254][T10165] ? kmsan_get_metadata+0x116/0x180 [ 442.416565][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 442.422338][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 442.428593][T10165] ion_ioctl+0x8cd/0x2140 [ 442.433044][T10165] ? debug_shrink_set+0x240/0x240 [ 442.438144][T10165] compat_ptr_ioctl+0xe2/0x150 [ 442.442997][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 442.447923][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 442.453424][T10165] ? kmsan_get_metadata+0x116/0x180 [ 442.458709][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 442.464077][T10165] __do_fast_syscall_32+0x2af/0x480 [ 442.469346][T10165] do_fast_syscall_32+0x6b/0xd0 [ 442.474257][T10165] do_SYSENTER_32+0x73/0x90 [ 442.478931][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 442.485294][T10165] RIP: 0023:0xf7f05549 [ 442.489378][T10165] Code: Bad RIP value. [ 442.493474][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 442.501943][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 442.509950][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 442.517956][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 442.525974][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 442.533985][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 442.542873][T10165] Mem-Info: [ 442.546174][T10165] active_anon:108823 inactive_anon:4872 isolated_anon:0 [ 442.546174][T10165] active_file:2372 inactive_file:13766 isolated_file:0 [ 442.546174][T10165] unevictable:0 dirty:9 writeback:0 [ 442.546174][T10165] slab_reclaimable:6540 slab_unreclaimable:19004 [ 442.546174][T10165] mapped:47968 shmem:5056 pagetables:2598 bounce:0 [ 442.546174][T10165] free:194437 free_pcp:691 free_cma:0 [ 442.583332][T10165] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111012kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 442.610773][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 442.639996][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 442.645823][T10165] Node 0 DMA32 free:39556kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:2108kB local_pcp:1256kB free_cma:0kB [ 442.677584][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 442.682988][T10165] Node 0 Normal free:9776kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:656kB local_pcp:328kB free_cma:0kB [ 442.714705][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 442.719482][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 442.731576][T10165] Node 0 DMA32: 613*4kB (UME) 411*8kB (UME) 320*16kB (ME) 185*32kB (ME) 118*64kB (UME) 49*128kB (UME) 21*256kB (UM) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 39564kB [ 442.748461][T10165] Node 0 Normal: 836*4kB (ME) 250*8kB (UM) 103*16kB (UM) 37*32kB (M) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9776kB [ 442.764266][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 442.774036][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 442.783552][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 442.793852][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 442.803329][T10165] 21315 total pagecache pages [ 442.808053][T10165] 0 pages in swap cache [ 442.812439][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 442.818578][T10165] Free swap = 0kB [ 442.822496][T10165] Total swap = 0kB [ 442.826256][T10165] 1965979 pages RAM [ 442.830102][T10165] 0 pages HighMem/MovableOnly [ 442.834987][T10165] 1433455 pages reserved [ 442.839266][T10165] 0 pages cma reserved [ 442.843571][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10572,uid=0 [ 442.858585][T10165] Out of memory: Killed process 10572 (syz-executor.1) total-vm:93176kB, anon-rss:156kB, file-rss:35740kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 442.877359][ T1904] oom_reaper: reaped process 10572 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 442.889601][ T8719] Bluetooth: hci4: command 0x041b tx timeout [ 442.937961][ T8718] tipc: TX() has been purged, node left! [ 442.965472][T10742] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.973021][T10742] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.982694][T10742] device bridge_slave_0 entered promiscuous mode [ 442.997687][ T8718] tipc: TX() has been purged, node left! [ 443.002677][T10742] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.010571][T10742] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.020549][T10742] device bridge_slave_1 entered promiscuous mode [ 443.072958][T10742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 443.091404][T10742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 443.148536][T10188] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 443.162033][T10188] CPU: 1 PID: 10188 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 443.170770][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 443.180874][T10188] Call Trace: [ 443.184275][T10188] dump_stack+0x21c/0x280 [ 443.188698][T10188] dump_header+0x1c5/0xcf0 [ 443.193225][T10188] oom_kill_process+0x388/0xb00 [ 443.198173][T10188] out_of_memory+0x117f/0x16a0 [ 443.203059][T10188] __alloc_pages_slowpath+0x303a/0x3d10 [ 443.208773][T10188] __alloc_pages_nodemask+0xbb1/0x1030 [ 443.214348][T10188] alloc_pages_current+0x685/0xb50 [ 443.219592][T10188] ion_page_pool_alloc+0x73d/0x8f0 [ 443.224795][T10188] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 443.230983][T10188] ? __list_add_valid+0xb8/0x420 [ 443.236010][T10188] ? kmsan_get_metadata+0x116/0x180 [ 443.241315][T10188] ion_system_heap_allocate+0x509/0x16b0 [ 443.247083][T10188] ? ion_system_contig_heap_create+0x230/0x230 [ 443.253320][T10188] ion_ioctl+0x8cd/0x2140 [ 443.257776][T10188] ? debug_shrink_set+0x240/0x240 [ 443.262878][T10188] compat_ptr_ioctl+0xe2/0x150 [ 443.267721][T10188] ? __ia32_sys_ioctl+0x70/0x70 [ 443.272653][T10188] __se_compat_sys_ioctl+0x55f/0x1100 [ 443.278129][T10188] ? kmsan_get_metadata+0x116/0x180 [ 443.283414][T10188] __ia32_compat_sys_ioctl+0x4a/0x70 [ 443.288793][T10188] __do_fast_syscall_32+0x2af/0x480 [ 443.294092][T10188] do_fast_syscall_32+0x6b/0xd0 [ 443.299030][T10188] do_SYSENTER_32+0x73/0x90 [ 443.303629][T10188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 443.310009][T10188] RIP: 0023:0xf7f05549 [ 443.314107][T10188] Code: Bad RIP value. [ 443.318217][T10188] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 443.326704][T10188] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 443.334755][T10188] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 443.342807][T10188] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 443.350837][T10188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 443.358905][T10188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 443.367122][T10188] Mem-Info: [ 443.370414][T10188] active_anon:108806 inactive_anon:4872 isolated_anon:0 [ 443.370414][T10188] active_file:2372 inactive_file:13936 isolated_file:0 [ 443.370414][T10188] unevictable:0 dirty:9 writeback:0 [ 443.370414][T10188] slab_reclaimable:6540 slab_unreclaimable:19113 [ 443.370414][T10188] mapped:47968 shmem:5056 pagetables:2548 bounce:0 [ 443.370414][T10188] free:194235 free_pcp:691 free_cma:0 [ 443.407562][T10188] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111032kB dirty:8kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 443.434978][T10188] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 443.450167][T10742] team0: Port device team_slave_0 added [ 443.464035][T10188] lowmem_reserve[]: 0 896 1124 1124 1124 [ 443.475373][T10188] Node 0 DMA32 free:39596kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:2108kB local_pcp:1256kB free_cma:0kB [ 443.507235][T10188] lowmem_reserve[]: 0 0 228 228 228 [ 443.512629][T10188] Node 0 Normal free:9776kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:656kB local_pcp:328kB free_cma:0kB [ 443.544206][T10188] lowmem_reserve[]: 0 0 0 0 0 [ 443.548977][T10188] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 443.561107][T10188] Node 0 DMA32: 613*4kB (UME) 411*8kB (UME) 322*16kB (UME) 185*32kB (ME) 118*64kB (UME) 49*128kB (UME) 21*256kB (UM) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 39596kB [ 443.564252][T10742] team0: Port device team_slave_1 added [ 443.578048][T10188] Node 0 Normal: 836*4kB (ME) 250*8kB (UM) 103*16kB (UM) 37*32kB (M) 3*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9776kB [ 443.599163][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 443.608887][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 443.618334][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 443.628027][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 443.637443][T10188] 21422 total pagecache pages [ 443.642244][T10188] 0 pages in swap cache [ 443.646485][T10188] Swap cache stats: add 0, delete 0, find 0/0 [ 443.652682][T10188] Free swap = 0kB [ 443.656438][T10188] Total swap = 0kB [ 443.660194][T10188] 1965979 pages RAM [ 443.664138][T10188] 0 pages HighMem/MovableOnly [ 443.668855][T10188] 1433455 pages reserved [ 443.673208][T10188] 0 pages cma reserved [ 443.677327][T10188] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10561,uid=0 [ 443.692269][T10188] Out of memory: Killed process 10561 (syz-executor.1) total-vm:93176kB, anon-rss:156kB, file-rss:35740kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 443.710993][ T1904] oom_reaper: reaped process 10561 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 443.946423][T10742] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 443.953656][T10742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 443.979766][T10742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 444.103944][T10198] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 444.117082][T10198] CPU: 1 PID: 10198 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 444.125817][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 444.135918][T10198] Call Trace: [ 444.139303][T10198] dump_stack+0x21c/0x280 [ 444.143733][T10198] dump_header+0x1c5/0xcf0 [ 444.148249][T10198] oom_kill_process+0x388/0xb00 [ 444.153287][T10198] out_of_memory+0x117f/0x16a0 [ 444.158174][T10198] __alloc_pages_slowpath+0x303a/0x3d10 [ 444.163881][T10198] __alloc_pages_nodemask+0xbb1/0x1030 [ 444.169453][T10198] alloc_pages_current+0x685/0xb50 [ 444.174683][T10198] ion_page_pool_alloc+0x73d/0x8f0 [ 444.179887][T10198] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 444.186043][T10198] ? __list_add_valid+0xb8/0x420 [ 444.191070][T10198] ? kmsan_get_metadata+0x116/0x180 [ 444.196378][T10198] ion_system_heap_allocate+0x509/0x16b0 [ 444.196829][T10742] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 444.202124][T10198] ? ion_system_contig_heap_create+0x230/0x230 [ 444.202215][T10198] ion_ioctl+0x8cd/0x2140 [ 444.209172][T10742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 444.215326][T10198] ? debug_shrink_set+0x240/0x240 [ 444.215381][T10198] compat_ptr_ioctl+0xe2/0x150 [ 444.215495][T10198] ? __ia32_sys_ioctl+0x70/0x70 [ 444.219824][T10742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 444.245681][T10198] __se_compat_sys_ioctl+0x55f/0x1100 [ 444.245782][T10198] ? kmsan_get_metadata+0x116/0x180 [ 444.281529][T10198] __ia32_compat_sys_ioctl+0x4a/0x70 [ 444.286920][T10198] __do_fast_syscall_32+0x2af/0x480 [ 444.292261][T10198] do_fast_syscall_32+0x6b/0xd0 [ 444.297202][T10198] do_SYSENTER_32+0x73/0x90 [ 444.301798][T10198] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 444.308200][T10198] RIP: 0023:0xf7f05549 [ 444.312310][T10198] Code: Bad RIP value. [ 444.316423][T10198] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 444.324915][T10198] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 444.332950][T10198] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 444.340989][T10198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 444.349123][T10198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 444.357320][T10198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 444.365535][T10198] Mem-Info: [ 444.368816][T10198] active_anon:108897 inactive_anon:4872 isolated_anon:0 [ 444.368816][T10198] active_file:2372 inactive_file:14093 isolated_file:0 [ 444.368816][T10198] unevictable:0 dirty:3 writeback:17 [ 444.368816][T10198] slab_reclaimable:6544 slab_unreclaimable:19149 [ 444.368816][T10198] mapped:47975 shmem:5056 pagetables:2595 bounce:0 [ 444.368816][T10198] free:193913 free_pcp:76 free_cma:0 [ 444.406062][T10198] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111076kB dirty:0kB writeback:8kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? no [ 444.433392][T10198] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 444.462455][T10198] lowmem_reserve[]: 0 896 1124 1124 1124 [ 444.468198][T10198] Node 0 DMA32 free:39500kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 444.499774][T10198] lowmem_reserve[]: 0 0 228 228 228 [ 444.505168][T10198] Node 0 Normal free:9892kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:56kB local_pcp:56kB free_cma:0kB [ 444.536698][T10198] lowmem_reserve[]: 0 0 0 0 0 [ 444.541563][T10198] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 444.553630][T10198] Node 0 DMA32: 629*4kB (ME) 399*8kB (UME) 316*16kB (ME) 188*32kB (UME) 113*64kB (ME) 49*128kB (ME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39500kB [ 444.570398][T10198] Node 0 Normal: 853*4kB (ME) 270*8kB (UM) 112*16kB (M) 39*32kB (M) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9892kB [ 444.585463][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 444.595166][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 444.604615][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 444.614307][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 444.623776][T10198] 21535 total pagecache pages [ 444.628490][T10198] 0 pages in swap cache [ 444.632804][T10198] Swap cache stats: add 0, delete 0, find 0/0 [ 444.638907][T10198] Free swap = 0kB [ 444.642764][T10198] Total swap = 0kB [ 444.646528][T10198] 1965979 pages RAM [ 444.650376][T10198] 0 pages HighMem/MovableOnly [ 444.655186][T10198] 1433455 pages reserved [ 444.659463][T10198] 0 pages cma reserved [ 444.663683][T10198] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10508,uid=0 [ 444.678634][T10198] Out of memory: Killed process 10508 (syz-executor.1) total-vm:93308kB, anon-rss:164kB, file-rss:35732kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 444.697658][ T1904] oom_reaper: reaped process 10508 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 444.718778][T10742] device hsr_slave_0 entered promiscuous mode [ 444.748234][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 444.761004][T10165] CPU: 0 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 444.769742][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 444.779852][T10165] Call Trace: [ 444.783244][T10165] dump_stack+0x21c/0x280 [ 444.787680][T10165] dump_header+0x1c5/0xcf0 [ 444.792208][T10165] oom_kill_process+0x388/0xb00 [ 444.797157][T10165] out_of_memory+0x117f/0x16a0 [ 444.802035][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 444.807744][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 444.813364][T10165] alloc_pages_current+0x685/0xb50 [ 444.818590][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 444.823792][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 444.829941][T10165] ? __list_add_valid+0xb8/0x420 [ 444.834968][T10165] ? kmsan_get_metadata+0x116/0x180 [ 444.840286][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 444.846040][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 444.852283][T10165] ion_ioctl+0x8cd/0x2140 [ 444.856741][T10165] ? debug_shrink_set+0x240/0x240 [ 444.861845][T10165] compat_ptr_ioctl+0xe2/0x150 [ 444.866697][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 444.871627][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 444.873200][T10742] device hsr_slave_1 entered promiscuous mode [ 444.877103][T10165] ? kmsan_get_metadata+0x116/0x180 [ 444.888374][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 444.893747][T10165] __do_fast_syscall_32+0x2af/0x480 [ 444.899050][T10165] do_fast_syscall_32+0x6b/0xd0 [ 444.904026][T10165] do_SYSENTER_32+0x73/0x90 [ 444.908622][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 444.915005][T10165] RIP: 0023:0xf7f05549 [ 444.919104][T10165] Code: Bad RIP value. [ 444.923226][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 444.931715][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 444.939748][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 444.947793][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 444.955822][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 444.963867][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 444.972036][T10165] Mem-Info: [ 444.975329][T10165] active_anon:108632 inactive_anon:4871 isolated_anon:0 [ 444.975329][T10165] active_file:2372 inactive_file:14150 isolated_file:0 [ 444.975329][T10165] unevictable:0 dirty:6 writeback:16 [ 444.975329][T10165] slab_reclaimable:6548 slab_unreclaimable:19163 [ 444.975329][T10165] mapped:47797 shmem:5056 pagetables:2437 bounce:0 [ 444.975329][T10165] free:194061 free_pcp:80 free_cma:0 [ 445.012383][T10165] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111076kB dirty:0kB writeback:8kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 445.039769][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 445.068927][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 445.074737][T10165] Node 0 DMA32 free:39500kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:252kB local_pcp:0kB free_cma:0kB [ 445.106111][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 445.111464][T10165] Node 0 Normal free:9892kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:68kB local_pcp:0kB free_cma:0kB [ 445.142836][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 445.147612][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 445.159658][T10165] Node 0 DMA32: 629*4kB (ME) 399*8kB (UME) 316*16kB (ME) 188*32kB (UME) 113*64kB (ME) 49*128kB (ME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39500kB [ 445.176397][T10165] Node 0 Normal: 853*4kB (ME) 270*8kB (UM) 112*16kB (M) 39*32kB (M) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9892kB [ 445.191452][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 445.201065][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 445.210561][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 445.220335][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 445.229784][T10165] 21637 total pagecache pages [ 445.234626][T10165] 0 pages in swap cache [ 445.238843][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 445.245063][T10165] Free swap = 0kB [ 445.248822][T10165] Total swap = 0kB [ 445.252692][T10165] 1965979 pages RAM [ 445.256541][T10165] 0 pages HighMem/MovableOnly [ 445.261252][T10165] 1433455 pages reserved [ 445.265647][T10165] 0 pages cma reserved [ 445.269802][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10485,uid=0 [ 445.288154][T10165] Out of memory: Killed process 10485 (syz-executor.1) total-vm:93176kB, anon-rss:160kB, file-rss:35736kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 445.306397][T10742] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 445.314225][T10742] Cannot create hsr debugfs directory [ 445.324418][ T8719] Bluetooth: hci4: command 0x040f tx timeout [ 445.361786][T10188] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 445.374564][T10188] CPU: 1 PID: 10188 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 445.383331][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 445.393423][T10188] Call Trace: [ 445.396901][T10188] dump_stack+0x21c/0x280 [ 445.401330][T10188] dump_header+0x1c5/0xcf0 [ 445.405849][T10188] oom_kill_process+0x388/0xb00 [ 445.410804][T10188] out_of_memory+0x117f/0x16a0 [ 445.415706][T10188] __alloc_pages_slowpath+0x303a/0x3d10 [ 445.421417][T10188] __alloc_pages_nodemask+0xbb1/0x1030 [ 445.426990][T10188] alloc_pages_current+0x685/0xb50 [ 445.432214][T10188] ion_page_pool_alloc+0x73d/0x8f0 [ 445.437412][T10188] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 445.443556][T10188] ? __list_add_valid+0xb8/0x420 [ 445.448593][T10188] ? kmsan_get_metadata+0x116/0x180 [ 445.453901][T10188] ion_system_heap_allocate+0x509/0x16b0 [ 445.459662][T10188] ? ion_system_contig_heap_create+0x230/0x230 [ 445.465902][T10188] ion_ioctl+0x8cd/0x2140 [ 445.470383][T10188] ? debug_shrink_set+0x240/0x240 [ 445.475515][T10188] compat_ptr_ioctl+0xe2/0x150 [ 445.480379][T10188] ? __ia32_sys_ioctl+0x70/0x70 [ 445.485314][T10188] __se_compat_sys_ioctl+0x55f/0x1100 [ 445.490801][T10188] ? kmsan_get_metadata+0x116/0x180 [ 445.496371][T10188] __ia32_compat_sys_ioctl+0x4a/0x70 [ 445.501756][T10188] __do_fast_syscall_32+0x2af/0x480 [ 445.507061][T10188] do_fast_syscall_32+0x6b/0xd0 [ 445.512010][T10188] do_SYSENTER_32+0x73/0x90 [ 445.516612][T10188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 445.523002][T10188] RIP: 0023:0xf7f05549 [ 445.527109][T10188] Code: Bad RIP value. [ 445.531227][T10188] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 445.539760][T10188] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 445.547795][T10188] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 445.555826][T10188] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 445.563973][T10188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 445.572001][T10188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 445.580503][T10188] Mem-Info: [ 445.583919][T10188] active_anon:108592 inactive_anon:4874 isolated_anon:0 [ 445.583919][T10188] active_file:2372 inactive_file:14243 isolated_file:0 [ 445.583919][T10188] unevictable:0 dirty:7 writeback:0 [ 445.583919][T10188] slab_reclaimable:6550 slab_unreclaimable:19180 [ 445.583919][T10188] mapped:47802 shmem:5059 pagetables:2420 bounce:0 [ 445.583919][T10188] free:194039 free_pcp:80 free_cma:0 [ 445.621093][T10188] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111124kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 445.648527][T10188] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 445.677692][T10188] lowmem_reserve[]: 0 896 1124 1124 1124 [ 445.683532][T10188] Node 0 DMA32 free:39500kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:252kB local_pcp:252kB free_cma:0kB [ 445.715153][T10188] lowmem_reserve[]: 0 0 228 228 228 [ 445.720451][T10188] Node 0 Normal free:9892kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:68kB local_pcp:68kB free_cma:0kB [ 445.751879][T10188] lowmem_reserve[]: 0 0 0 0 0 [ 445.756664][T10188] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 445.768742][T10188] Node 0 DMA32: 629*4kB (ME) 399*8kB (UME) 316*16kB (ME) 188*32kB (UME) 113*64kB (ME) 49*128kB (ME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39500kB [ 445.785602][T10188] Node 0 Normal: 853*4kB (ME) 270*8kB (UM) 112*16kB (M) 39*32kB (M) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9892kB [ 445.800726][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 445.810490][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 445.819996][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 445.829763][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 445.839220][T10188] 21742 total pagecache pages [ 445.844030][T10188] 0 pages in swap cache [ 445.848239][T10188] Swap cache stats: add 0, delete 0, find 0/0 [ 445.854428][T10188] Free swap = 0kB [ 445.858184][T10188] Total swap = 0kB [ 445.862041][T10188] 1965979 pages RAM [ 445.865881][T10188] 0 pages HighMem/MovableOnly [ 445.870597][T10188] 1433455 pages reserved [ 445.874966][T10188] 0 pages cma reserved [ 445.879084][T10188] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10455,uid=0 [ 445.894011][T10188] Out of memory: Killed process 10455 (syz-executor.1) total-vm:93176kB, anon-rss:156kB, file-rss:35732kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 445.912825][ T1904] oom_reaper: reaped process 10455 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 445.929540][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 445.942214][T10165] CPU: 1 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 445.950940][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 445.961039][T10165] Call Trace: [ 445.964428][T10165] dump_stack+0x21c/0x280 [ 445.968855][T10165] dump_header+0x1c5/0xcf0 [ 445.973381][T10165] oom_kill_process+0x388/0xb00 [ 445.978333][T10165] out_of_memory+0x117f/0x16a0 [ 445.983218][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 445.988920][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 445.994494][T10165] alloc_pages_current+0x685/0xb50 [ 445.999722][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 446.004937][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 446.011084][T10165] ? __list_add_valid+0xb8/0x420 [ 446.016105][T10165] ? kmsan_get_metadata+0x116/0x180 [ 446.021410][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 446.027178][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 446.033416][T10165] ion_ioctl+0x8cd/0x2140 [ 446.037880][T10165] ? debug_shrink_set+0x240/0x240 [ 446.042995][T10165] compat_ptr_ioctl+0xe2/0x150 [ 446.047853][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 446.052782][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 446.058252][T10165] ? kmsan_get_metadata+0x116/0x180 [ 446.063580][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 446.068954][T10165] __do_fast_syscall_32+0x2af/0x480 [ 446.074247][T10165] do_fast_syscall_32+0x6b/0xd0 [ 446.079180][T10165] do_SYSENTER_32+0x73/0x90 [ 446.083792][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 446.090169][T10165] RIP: 0023:0xf7f05549 [ 446.094261][T10165] Code: Bad RIP value. [ 446.098372][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 446.106858][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 446.114898][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 446.122926][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 446.130953][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 446.138980][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 446.147230][T10165] Mem-Info: [ 446.150534][T10165] active_anon:108575 inactive_anon:4874 isolated_anon:0 [ 446.150534][T10165] active_file:2372 inactive_file:14362 isolated_file:0 [ 446.150534][T10165] unevictable:0 dirty:7 writeback:0 [ 446.150534][T10165] slab_reclaimable:6550 slab_unreclaimable:19197 [ 446.150534][T10165] mapped:47819 shmem:5059 pagetables:2420 bounce:0 [ 446.150534][T10165] free:194039 free_pcp:80 free_cma:0 [ 446.187539][T10165] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111192kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 446.214965][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 446.244028][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 446.249754][T10165] Node 0 DMA32 free:39500kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:252kB local_pcp:252kB free_cma:0kB [ 446.281362][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 446.286650][T10165] Node 0 Normal free:9892kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:68kB local_pcp:68kB free_cma:0kB [ 446.318060][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 446.322928][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 446.335003][T10165] Node 0 DMA32: 629*4kB (ME) 399*8kB (UME) 316*16kB (ME) 188*32kB (UME) 113*64kB (ME) 49*128kB (ME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39500kB [ 446.351782][T10165] Node 0 Normal: 853*4kB (ME) 270*8kB (UM) 112*16kB (M) 39*32kB (M) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9892kB [ 446.366842][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 446.376554][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 446.386024][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 446.395734][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 446.405170][T10165] 21857 total pagecache pages [ 446.409892][T10165] 0 pages in swap cache [ 446.414186][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 446.420286][T10165] Free swap = 0kB [ 446.424129][T10165] Total swap = 0kB [ 446.427891][T10165] 1965979 pages RAM [ 446.431812][T10165] 0 pages HighMem/MovableOnly [ 446.436528][T10165] 1433455 pages reserved [ 446.440805][T10165] 0 pages cma reserved [ 446.445021][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=10579,uid=0 [ 446.459969][T10165] Out of memory: Killed process 10579 (syz-executor.2) total-vm:93176kB, anon-rss:148kB, file-rss:35740kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 446.478759][ T1904] oom_reaper: reaped process 10579 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 446.547687][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 446.560447][T10165] CPU: 1 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 446.569181][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 446.579289][T10165] Call Trace: [ 446.582651][T10165] dump_stack+0x21c/0x280 [ 446.587046][T10165] dump_header+0x1c5/0xcf0 [ 446.591537][T10165] oom_kill_process+0x388/0xb00 [ 446.596542][T10165] out_of_memory+0x117f/0x16a0 [ 446.601399][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 446.607157][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 446.612727][T10165] alloc_pages_current+0x685/0xb50 [ 446.617927][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 446.623121][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 446.629251][T10165] ? __list_add_valid+0xb8/0x420 [ 446.634258][T10165] ? kmsan_get_metadata+0x116/0x180 [ 446.639530][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 446.645246][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 446.651461][T10165] ion_ioctl+0x8cd/0x2140 [ 446.655884][T10165] ? debug_shrink_set+0x240/0x240 [ 446.660973][T10165] compat_ptr_ioctl+0xe2/0x150 [ 446.665792][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 446.670695][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 446.676140][T10165] ? kmsan_get_metadata+0x116/0x180 [ 446.681393][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 446.686744][T10165] __do_fast_syscall_32+0x2af/0x480 [ 446.692012][T10165] do_fast_syscall_32+0x6b/0xd0 [ 446.696923][T10165] do_SYSENTER_32+0x73/0x90 [ 446.701494][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 446.707861][T10165] RIP: 0023:0xf7f05549 [ 446.711963][T10165] Code: Bad RIP value. [ 446.716057][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 446.724523][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 446.732533][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 446.740547][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 446.748553][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 446.756559][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 446.765014][T10165] Mem-Info: [ 446.768308][T10165] active_anon:108542 inactive_anon:4874 isolated_anon:0 [ 446.768308][T10165] active_file:2373 inactive_file:14459 isolated_file:0 [ 446.768308][T10165] unevictable:0 dirty:6 writeback:6 [ 446.768308][T10165] slab_reclaimable:6550 slab_unreclaimable:19202 [ 446.768308][T10165] mapped:47830 shmem:5059 pagetables:2366 bounce:0 [ 446.768308][T10165] free:193984 free_pcp:80 free_cma:0 [ 446.780454][ T9756] Bluetooth: hci0: command 0x0406 tx timeout [ 446.805410][T10165] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111236kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 446.805458][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 446.867990][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 446.873839][T10165] Node 0 DMA32 free:39500kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:252kB local_pcp:252kB free_cma:0kB [ 446.905519][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 446.910817][T10165] Node 0 Normal free:9892kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:68kB local_pcp:68kB free_cma:0kB [ 446.942571][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 446.947348][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 446.959495][T10165] Node 0 DMA32: 629*4kB (ME) 399*8kB (UME) 316*16kB (ME) 188*32kB (UME) 113*64kB (ME) 49*128kB (ME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39500kB [ 446.976299][T10165] Node 0 Normal: 853*4kB (ME) 270*8kB (UM) 112*16kB (M) 39*32kB (M) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9892kB [ 446.991421][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 447.001049][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 447.010522][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 447.020242][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 447.029664][T10165] 21942 total pagecache pages [ 447.034451][T10165] 0 pages in swap cache [ 447.038663][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 447.044917][T10165] Free swap = 0kB [ 447.048674][T10165] Total swap = 0kB [ 447.052577][T10165] 1965979 pages RAM [ 447.056425][T10165] 0 pages HighMem/MovableOnly [ 447.061135][T10165] 1433455 pages reserved [ 447.065563][T10165] 0 pages cma reserved [ 447.069684][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10620,uid=0 [ 447.084691][T10165] Out of memory: Killed process 10620 (syz-executor.1) total-vm:93176kB, anon-rss:156kB, file-rss:35676kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 447.105964][ T1904] oom_reaper: reaped process 10620 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 447.117123][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 447.117184][T10165] CPU: 1 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 447.117217][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 447.117238][T10165] Call Trace: [ 447.117316][T10165] dump_stack+0x21c/0x280 [ 447.117428][T10165] dump_header+0x1c5/0xcf0 [ 447.160878][T10165] oom_kill_process+0x388/0xb00 [ 447.165949][T10165] out_of_memory+0x117f/0x16a0 [ 447.170834][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 447.176545][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 447.182117][T10165] alloc_pages_current+0x685/0xb50 [ 447.187351][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 447.192558][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 447.198705][T10165] ? __list_add_valid+0xb8/0x420 [ 447.203745][T10165] ? kmsan_get_metadata+0x116/0x180 [ 447.209071][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 447.214830][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 447.221071][T10165] ion_ioctl+0x8cd/0x2140 [ 447.225556][T10165] ? debug_shrink_set+0x240/0x240 [ 447.230668][T10165] compat_ptr_ioctl+0xe2/0x150 [ 447.235531][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 447.240471][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 447.245954][T10165] ? kmsan_get_metadata+0x116/0x180 [ 447.251346][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 447.256738][T10165] __do_fast_syscall_32+0x2af/0x480 [ 447.262036][T10165] do_fast_syscall_32+0x6b/0xd0 [ 447.267089][T10165] do_SYSENTER_32+0x73/0x90 [ 447.271719][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 447.278107][T10165] RIP: 0023:0xf7f05549 [ 447.282212][T10165] Code: Bad RIP value. [ 447.286333][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 447.294829][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 447.302870][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 447.310904][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 447.318942][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 447.326987][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 447.335586][T10165] Mem-Info: [ 447.338863][T10165] active_anon:108508 inactive_anon:4874 isolated_anon:0 [ 447.338863][T10165] active_file:2373 inactive_file:14544 isolated_file:0 [ 447.338863][T10165] unevictable:0 dirty:6 writeback:23 [ 447.338863][T10165] slab_reclaimable:6550 slab_unreclaimable:19413 [ 447.338863][T10165] mapped:47830 shmem:5059 pagetables:2366 bounce:0 [ 447.338863][T10165] free:193778 free_pcp:80 free_cma:0 [ 447.376067][T10165] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111276kB dirty:4kB writeback:4kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 447.385684][ T9756] Bluetooth: hci4: command 0x0419 tx timeout [ 447.403488][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 447.403702][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 447.444285][T10165] Node 0 DMA32 free:39500kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:252kB local_pcp:252kB free_cma:0kB [ 447.475859][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 447.481157][T10165] Node 0 Normal free:9892kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:68kB local_pcp:68kB free_cma:0kB [ 447.512714][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 447.517493][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 447.529568][T10165] Node 0 DMA32: 629*4kB (ME) 399*8kB (UME) 316*16kB (ME) 188*32kB (UME) 113*64kB (ME) 49*128kB (ME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39500kB [ 447.546357][T10165] Node 0 Normal: 853*4kB (ME) 270*8kB (UM) 112*16kB (M) 39*32kB (M) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9892kB [ 447.561411][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 447.571025][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 447.580483][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 447.590194][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 447.599601][T10165] 22014 total pagecache pages [ 447.599675][T10742] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 447.604387][T10165] 0 pages in swap cache [ 447.604424][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 447.604442][T10165] Free swap = 0kB [ 447.604460][T10165] Total swap = 0kB [ 447.604481][T10165] 1965979 pages RAM [ 447.604530][T10165] 0 pages HighMem/MovableOnly [ 447.637684][T10165] 1433455 pages reserved [ 447.642039][T10165] 0 pages cma reserved [ 447.646157][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10614,uid=0 [ 447.661091][T10165] Out of memory: Killed process 10614 (syz-executor.1) total-vm:93176kB, anon-rss:156kB, file-rss:35676kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 447.680586][ T1904] oom_reaper: reaped process 10614 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 447.706651][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 447.719378][T10165] CPU: 1 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 447.728106][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 447.738210][T10165] Call Trace: [ 447.741596][T10165] dump_stack+0x21c/0x280 [ 447.746024][T10165] dump_header+0x1c5/0xcf0 [ 447.750537][T10165] oom_kill_process+0x388/0xb00 [ 447.750610][T10742] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 447.755566][T10165] out_of_memory+0x117f/0x16a0 [ 447.755675][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 447.772808][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 447.778381][T10165] alloc_pages_current+0x685/0xb50 [ 447.783616][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 447.788827][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 447.794969][T10165] ? __list_add_valid+0xb8/0x420 [ 447.799992][T10165] ? kmsan_get_metadata+0x116/0x180 [ 447.805299][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 447.811054][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 447.817313][T10165] ion_ioctl+0x8cd/0x2140 [ 447.821773][T10165] ? debug_shrink_set+0x240/0x240 [ 447.826879][T10165] compat_ptr_ioctl+0xe2/0x150 [ 447.831748][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 447.837114][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 447.842593][T10165] ? kmsan_get_metadata+0x116/0x180 [ 447.847875][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 447.853252][T10165] __do_fast_syscall_32+0x2af/0x480 [ 447.858562][T10165] do_fast_syscall_32+0x6b/0xd0 [ 447.863517][T10165] do_SYSENTER_32+0x73/0x90 [ 447.868128][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 447.874512][T10165] RIP: 0023:0xf7f05549 [ 447.878616][T10165] Code: Bad RIP value. [ 447.882736][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 447.891229][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 447.899260][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 447.907290][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 447.917052][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 447.925081][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 447.934105][T10165] Mem-Info: [ 447.937398][T10165] active_anon:108481 inactive_anon:4874 isolated_anon:0 [ 447.937398][T10165] active_file:2373 inactive_file:14616 isolated_file:0 [ 447.937398][T10165] unevictable:0 dirty:0 writeback:25 [ 447.937398][T10165] slab_reclaimable:6554 slab_unreclaimable:19429 [ 447.937398][T10165] mapped:47825 shmem:5059 pagetables:2316 bounce:0 [ 447.937398][T10165] free:193735 free_pcp:80 free_cma:0 [ 447.974563][T10165] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111276kB dirty:4kB writeback:4kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 448.001997][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 448.031090][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 448.036908][T10165] Node 0 DMA32 free:39500kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:252kB local_pcp:252kB free_cma:0kB [ 448.068483][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 448.073888][T10165] Node 0 Normal free:9892kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:68kB local_pcp:68kB free_cma:0kB [ 448.105337][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 448.110129][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 448.122190][T10165] Node 0 DMA32: 629*4kB (ME) 399*8kB (UME) 316*16kB (ME) 188*32kB (UME) 113*64kB (ME) 49*128kB (ME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39500kB [ 448.138924][T10165] Node 0 Normal: 853*4kB (ME) 270*8kB (UM) 112*16kB (M) 39*32kB (M) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9892kB [ 448.153955][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 448.163797][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 448.173238][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 448.182942][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 448.192350][T10165] 22116 total pagecache pages [ 448.197070][T10165] 0 pages in swap cache [ 448.201363][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 448.207464][T10165] Free swap = 0kB [ 448.211220][T10165] Total swap = 0kB [ 448.215057][T10165] 1965979 pages RAM [ 448.218891][T10165] 0 pages HighMem/MovableOnly [ 448.223714][T10165] 1433455 pages reserved [ 448.227995][T10165] 0 pages cma reserved [ 448.232204][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10540,uid=0 [ 448.247140][T10165] Out of memory: Killed process 10540 (syz-executor.1) total-vm:93176kB, anon-rss:156kB, file-rss:35672kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 448.265813][ T1904] oom_reaper: reaped process 10540 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 448.304950][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 448.318461][T10165] CPU: 1 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 448.327232][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 448.337333][T10165] Call Trace: [ 448.340717][T10165] dump_stack+0x21c/0x280 [ 448.345153][T10165] dump_header+0x1c5/0xcf0 [ 448.349670][T10165] oom_kill_process+0x388/0xb00 [ 448.354633][T10165] out_of_memory+0x117f/0x16a0 [ 448.359518][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 448.365222][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 448.370794][T10165] alloc_pages_current+0x685/0xb50 [ 448.376023][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 448.381220][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 448.387364][T10165] ? __list_add_valid+0xb8/0x420 [ 448.392389][T10165] ? kmsan_get_metadata+0x116/0x180 [ 448.397692][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 448.403452][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 448.409694][T10165] ion_ioctl+0x8cd/0x2140 [ 448.414151][T10165] ? debug_shrink_set+0x240/0x240 [ 448.419254][T10165] compat_ptr_ioctl+0xe2/0x150 [ 448.424107][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 448.429032][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 448.434519][T10165] ? kmsan_get_metadata+0x116/0x180 [ 448.439825][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 448.445201][T10165] __do_fast_syscall_32+0x2af/0x480 [ 448.450527][T10165] do_fast_syscall_32+0x6b/0xd0 [ 448.455484][T10165] do_SYSENTER_32+0x73/0x90 [ 448.460078][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 448.466462][T10165] RIP: 0023:0xf7f05549 [ 448.470562][T10165] Code: Bad RIP value. [ 448.474679][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 448.483179][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 448.491210][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 448.499244][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 448.507277][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 448.515317][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 448.523514][T10165] Mem-Info: [ 448.526813][T10165] active_anon:108438 inactive_anon:4875 isolated_anon:0 [ 448.526813][T10165] active_file:2374 inactive_file:14738 isolated_file:0 [ 448.526813][T10165] unevictable:0 dirty:2 writeback:16 [ 448.526813][T10165] slab_reclaimable:6554 slab_unreclaimable:19406 [ 448.526813][T10165] mapped:47839 shmem:5060 pagetables:2311 bounce:0 [ 448.526813][T10165] free:193629 free_pcp:104 free_cma:0 [ 448.564054][T10165] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111332kB dirty:4kB writeback:4kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 448.592171][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 448.592909][T10742] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 448.621186][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 448.621324][T10165] Node 0 DMA32 free:39500kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:348kB local_pcp:348kB free_cma:0kB [ 448.621518][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 448.670547][T10165] Node 0 Normal free:9892kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:68kB local_pcp:68kB free_cma:0kB [ 448.701952][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 448.706738][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 448.718824][T10165] Node 0 DMA32: 629*4kB (ME) 399*8kB (UME) 316*16kB (ME) 188*32kB (UME) 113*64kB (ME) 49*128kB (ME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39500kB [ 448.735623][T10165] Node 0 Normal: 853*4kB (ME) 270*8kB (UM) 112*16kB (M) 39*32kB (M) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9892kB [ 448.750668][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 448.760435][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 448.769912][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 448.779612][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 448.789030][T10165] 22208 total pagecache pages [ 448.793833][T10165] 0 pages in swap cache [ 448.798041][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 448.804237][T10165] Free swap = 0kB [ 448.807998][T10165] Total swap = 0kB [ 448.811839][T10165] 1965979 pages RAM [ 448.815686][T10165] 0 pages HighMem/MovableOnly [ 448.820398][T10165] 1433455 pages reserved [ 448.824778][T10165] 0 pages cma reserved [ 448.828897][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10521,uid=0 [ 448.843894][T10165] Out of memory: Killed process 10521 (syz-executor.1) total-vm:93176kB, anon-rss:156kB, file-rss:35672kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 448.863004][ T1904] oom_reaper: reaped process 10521 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 448.901074][T10188] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 448.914461][T10188] CPU: 0 PID: 10188 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 448.923204][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 448.933309][T10188] Call Trace: [ 448.936696][T10188] dump_stack+0x21c/0x280 [ 448.941120][T10188] dump_header+0x1c5/0xcf0 [ 448.945647][T10188] oom_kill_process+0x388/0xb00 [ 448.950601][T10188] out_of_memory+0x117f/0x16a0 [ 448.955492][T10188] __alloc_pages_slowpath+0x303a/0x3d10 [ 448.961197][T10188] __alloc_pages_nodemask+0xbb1/0x1030 [ 448.966775][T10188] alloc_pages_current+0x685/0xb50 [ 448.972007][T10188] ion_page_pool_alloc+0x73d/0x8f0 [ 448.977220][T10188] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 448.983365][T10188] ? __list_add_valid+0xb8/0x420 [ 448.988384][T10188] ? kmsan_get_metadata+0x116/0x180 [ 448.993697][T10188] ion_system_heap_allocate+0x509/0x16b0 [ 448.999478][T10188] ? ion_system_contig_heap_create+0x230/0x230 [ 449.005727][T10188] ion_ioctl+0x8cd/0x2140 [ 449.010210][T10188] ? debug_shrink_set+0x240/0x240 [ 449.015321][T10188] compat_ptr_ioctl+0xe2/0x150 [ 449.020183][T10188] ? __ia32_sys_ioctl+0x70/0x70 [ 449.025116][T10188] __se_compat_sys_ioctl+0x55f/0x1100 [ 449.030599][T10188] ? kmsan_get_metadata+0x116/0x180 [ 449.035884][T10188] __ia32_compat_sys_ioctl+0x4a/0x70 [ 449.041262][T10188] __do_fast_syscall_32+0x2af/0x480 [ 449.046553][T10188] do_fast_syscall_32+0x6b/0xd0 [ 449.051491][T10188] do_SYSENTER_32+0x73/0x90 [ 449.056098][T10188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 449.062495][T10188] RIP: 0023:0xf7f05549 [ 449.066598][T10188] Code: Bad RIP value. [ 449.070719][T10188] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 449.079217][T10188] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 449.087251][T10188] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 449.095278][T10188] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 449.103308][T10188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 449.111337][T10188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 449.119621][T10188] Mem-Info: [ 449.123021][T10188] active_anon:108370 inactive_anon:4875 isolated_anon:0 [ 449.123021][T10188] active_file:2442 inactive_file:14738 isolated_file:0 [ 449.123021][T10188] unevictable:0 dirty:2 writeback:16 [ 449.123021][T10188] slab_reclaimable:6554 slab_unreclaimable:19406 [ 449.123021][T10188] mapped:47839 shmem:5060 pagetables:2261 bounce:0 [ 449.123021][T10188] free:193901 free_pcp:0 free_cma:0 [ 449.160062][T10188] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111332kB dirty:4kB writeback:4kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? no [ 449.187476][T10188] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 449.216544][T10188] lowmem_reserve[]: 0 896 1124 1124 1124 [ 449.222392][T10188] Node 0 DMA32 free:39840kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 449.253636][T10188] lowmem_reserve[]: 0 0 228 228 228 [ 449.259023][T10188] Node 0 Normal free:9840kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:56kB local_pcp:0kB free_cma:0kB [ 449.290383][T10188] lowmem_reserve[]: 0 0 0 0 0 [ 449.295296][T10188] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 449.307399][T10188] Node 0 DMA32: 629*4kB (ME) 399*8kB (UME) 316*16kB (ME) 187*32kB (ME) 113*64kB (ME) 50*128kB (UME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39596kB [ 449.324155][T10188] Node 0 Normal: 854*4kB (UME) 269*8kB (M) 113*16kB (UM) 39*32kB (M) 3*64kB (M) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9840kB [ 449.339231][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 449.348972][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 449.358473][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 449.368217][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 449.377670][T10188] 22290 total pagecache pages [ 449.382507][T10188] 0 pages in swap cache [ 449.386723][T10188] Swap cache stats: add 0, delete 0, find 0/0 [ 449.392943][T10188] Free swap = 0kB [ 449.396708][T10188] Total swap = 0kB [ 449.400469][T10188] 1965979 pages RAM [ 449.404438][T10188] 0 pages HighMem/MovableOnly [ 449.409152][T10188] 1433455 pages reserved [ 449.413549][T10188] 0 pages cma reserved [ 449.417674][T10188] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10475,uid=0 [ 449.432639][T10188] Out of memory: Killed process 10475 (syz-executor.1) total-vm:93176kB, anon-rss:156kB, file-rss:35668kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 449.488065][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 449.500852][T10165] CPU: 1 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 449.509583][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 449.519690][T10165] Call Trace: [ 449.523098][T10165] dump_stack+0x21c/0x280 [ 449.527527][T10165] dump_header+0x1c5/0xcf0 [ 449.532049][T10165] oom_kill_process+0x388/0xb00 [ 449.537017][T10165] out_of_memory+0x117f/0x16a0 [ 449.541903][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 449.547615][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 449.553200][T10165] alloc_pages_current+0x685/0xb50 [ 449.558426][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 449.563606][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 449.569720][T10165] ? __list_add_valid+0xb8/0x420 [ 449.574716][T10165] ? kmsan_get_metadata+0x116/0x180 [ 449.579995][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 449.585719][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 449.591940][T10165] ion_ioctl+0x8cd/0x2140 [ 449.596366][T10165] ? debug_shrink_set+0x240/0x240 [ 449.601449][T10165] compat_ptr_ioctl+0xe2/0x150 [ 449.606268][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 449.611171][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 449.616633][T10165] ? kmsan_get_metadata+0x116/0x180 [ 449.621888][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 449.627239][T10165] __do_fast_syscall_32+0x2af/0x480 [ 449.632508][T10165] do_fast_syscall_32+0x6b/0xd0 [ 449.637447][T10165] do_SYSENTER_32+0x73/0x90 [ 449.642030][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 449.648400][T10165] RIP: 0023:0xf7f05549 [ 449.652489][T10165] Code: Bad RIP value. [ 449.656606][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 449.665079][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 449.673093][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 449.681101][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 449.689110][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 449.697116][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 449.711107][T10165] Mem-Info: [ 449.714589][T10165] active_anon:108265 inactive_anon:4875 isolated_anon:0 [ 449.714589][T10165] active_file:2449 inactive_file:14812 isolated_file:0 [ 449.714589][T10165] unevictable:0 dirty:6 writeback:0 [ 449.714589][T10165] slab_reclaimable:6554 slab_unreclaimable:19399 [ 449.714589][T10165] mapped:47584 shmem:5060 pagetables:2210 bounce:0 [ 449.714589][T10165] free:193938 free_pcp:77 free_cma:0 [ 449.751688][T10165] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111388kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 449.779162][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 449.787061][T10742] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 449.808260][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 449.820652][T10165] Node 0 DMA32 free:39596kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:252kB local_pcp:252kB free_cma:0kB [ 449.852229][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 449.857518][T10165] Node 0 Normal free:9840kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:56kB local_pcp:56kB free_cma:0kB [ 449.888939][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 449.893824][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 449.905895][T10165] Node 0 DMA32: 629*4kB (ME) 399*8kB (UME) 316*16kB (ME) 187*32kB (ME) 113*64kB (ME) 50*128kB (UME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39596kB [ 449.922665][T10165] Node 0 Normal: 854*4kB (UME) 269*8kB (M) 113*16kB (UM) 39*32kB (M) 3*64kB (M) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9840kB [ 449.937694][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 449.947399][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 449.956867][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 449.966583][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 449.975990][T10165] 22356 total pagecache pages [ 449.980709][T10165] 0 pages in swap cache [ 449.985009][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 449.991108][T10165] Free swap = 0kB [ 449.994965][T10165] Total swap = 0kB [ 449.998723][T10165] 1965979 pages RAM [ 450.002669][T10165] 0 pages HighMem/MovableOnly [ 450.007380][T10165] 1433455 pages reserved [ 450.011743][T10165] 0 pages cma reserved [ 450.015866][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=10664,uid=0 [ 450.030817][T10165] Out of memory: Killed process 10664 (syz-executor.3) total-vm:93176kB, anon-rss:148kB, file-rss:35676kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 450.049453][ T1904] oom_reaper: reaped process 10664 (syz-executor.3), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 450.089189][T10198] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 450.102011][T10198] CPU: 0 PID: 10198 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 450.110745][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 450.120850][T10198] Call Trace: [ 450.124244][T10198] dump_stack+0x21c/0x280 [ 450.128669][T10198] dump_header+0x1c5/0xcf0 [ 450.133202][T10198] oom_kill_process+0x388/0xb00 [ 450.138160][T10198] out_of_memory+0x117f/0x16a0 [ 450.143049][T10198] __alloc_pages_slowpath+0x303a/0x3d10 [ 450.148752][T10198] __alloc_pages_nodemask+0xbb1/0x1030 [ 450.154325][T10198] alloc_pages_current+0x685/0xb50 [ 450.159550][T10198] ion_page_pool_alloc+0x73d/0x8f0 [ 450.164856][T10198] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 450.170999][T10198] ? __list_add_valid+0xb8/0x420 [ 450.176013][T10198] ? kmsan_get_metadata+0x116/0x180 [ 450.181328][T10198] ion_system_heap_allocate+0x509/0x16b0 [ 450.187085][T10198] ? ion_system_contig_heap_create+0x230/0x230 [ 450.193327][T10198] ion_ioctl+0x8cd/0x2140 [ 450.197787][T10198] ? debug_shrink_set+0x240/0x240 [ 450.202896][T10198] compat_ptr_ioctl+0xe2/0x150 [ 450.207753][T10198] ? __ia32_sys_ioctl+0x70/0x70 [ 450.212693][T10198] __se_compat_sys_ioctl+0x55f/0x1100 [ 450.218171][T10198] ? kmsan_get_metadata+0x116/0x180 [ 450.223449][T10198] __ia32_compat_sys_ioctl+0x4a/0x70 [ 450.228821][T10198] __do_fast_syscall_32+0x2af/0x480 [ 450.234116][T10198] do_fast_syscall_32+0x6b/0xd0 [ 450.239052][T10198] do_SYSENTER_32+0x73/0x90 [ 450.243655][T10198] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 450.250041][T10198] RIP: 0023:0xf7f05549 [ 450.254140][T10198] Code: Bad RIP value. [ 450.258249][T10198] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 450.266745][T10198] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 450.274774][T10198] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 450.282807][T10198] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 450.290835][T10198] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 450.298867][T10198] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 450.307822][T10198] Mem-Info: [ 450.311260][T10198] active_anon:108248 inactive_anon:4875 isolated_anon:0 [ 450.311260][T10198] active_file:2449 inactive_file:14879 isolated_file:0 [ 450.311260][T10198] unevictable:0 dirty:9 writeback:0 [ 450.311260][T10198] slab_reclaimable:6554 slab_unreclaimable:19403 [ 450.311260][T10198] mapped:47586 shmem:5060 pagetables:2184 bounce:0 [ 450.311260][T10198] free:193875 free_pcp:77 free_cma:0 [ 450.348353][T10198] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111396kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 450.375819][T10198] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 450.404935][T10198] lowmem_reserve[]: 0 896 1124 1124 1124 [ 450.410671][T10198] Node 0 DMA32 free:39596kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:252kB local_pcp:0kB free_cma:0kB [ 450.442084][T10198] lowmem_reserve[]: 0 0 228 228 228 [ 450.447386][T10198] Node 0 Normal free:9840kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:56kB local_pcp:0kB free_cma:0kB [ 450.478728][T10198] lowmem_reserve[]: 0 0 0 0 0 [ 450.483576][T10198] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 450.495615][T10198] Node 0 DMA32: 629*4kB (ME) 399*8kB (UME) 316*16kB (ME) 187*32kB (ME) 113*64kB (ME) 50*128kB (UME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39596kB [ 450.512342][T10198] Node 0 Normal: 854*4kB (UME) 269*8kB (M) 113*16kB (UM) 39*32kB (M) 3*64kB (M) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9840kB [ 450.527366][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 450.537058][T10198] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 450.546480][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 450.556168][T10198] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 450.565570][T10198] 22456 total pagecache pages [ 450.570309][T10198] 0 pages in swap cache [ 450.574588][T10198] Swap cache stats: add 0, delete 0, find 0/0 [ 450.580691][T10198] Free swap = 0kB [ 450.584522][T10198] Total swap = 0kB [ 450.588300][T10198] 1965979 pages RAM [ 450.592211][T10198] 0 pages HighMem/MovableOnly [ 450.596922][T10198] 1433455 pages reserved [ 450.601255][T10198] 0 pages cma reserved [ 450.605373][T10198] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=10649,uid=0 [ 450.620314][T10198] Out of memory: Killed process 10649 (syz-executor.3) total-vm:93176kB, anon-rss:148kB, file-rss:35676kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 450.662279][ T1904] oom_reaper: reaped process 10649 (syz-executor.3), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 450.675077][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 450.688153][T10165] CPU: 1 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 450.696886][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 450.706990][T10165] Call Trace: [ 450.710382][T10165] dump_stack+0x21c/0x280 [ 450.714818][T10165] dump_header+0x1c5/0xcf0 [ 450.719345][T10165] oom_kill_process+0x388/0xb00 [ 450.724301][T10165] out_of_memory+0x117f/0x16a0 [ 450.729184][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 450.734885][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 450.740505][T10165] alloc_pages_current+0x685/0xb50 [ 450.745732][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 450.750936][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 450.757084][T10165] ? __list_add_valid+0xb8/0x420 [ 450.762154][T10165] ? kmsan_get_metadata+0x116/0x180 [ 450.767460][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 450.773219][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 450.779462][T10165] ion_ioctl+0x8cd/0x2140 [ 450.783918][T10165] ? debug_shrink_set+0x240/0x240 [ 450.789023][T10165] compat_ptr_ioctl+0xe2/0x150 [ 450.793870][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 450.798793][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 450.804268][T10165] ? kmsan_get_metadata+0x116/0x180 [ 450.809570][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 450.814947][T10165] __do_fast_syscall_32+0x2af/0x480 [ 450.820245][T10165] do_fast_syscall_32+0x6b/0xd0 [ 450.825188][T10165] do_SYSENTER_32+0x73/0x90 [ 450.829805][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 450.836200][T10165] RIP: 0023:0xf7f05549 [ 450.840299][T10165] Code: Bad RIP value. [ 450.844417][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 450.852908][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 450.860940][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 450.868975][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 450.877012][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 450.885058][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 450.893386][T10165] Mem-Info: [ 450.896679][T10165] active_anon:108218 inactive_anon:4875 isolated_anon:0 [ 450.896679][T10165] active_file:2449 inactive_file:14951 isolated_file:0 [ 450.896679][T10165] unevictable:0 dirty:16 writeback:0 [ 450.896679][T10165] slab_reclaimable:6556 slab_unreclaimable:19397 [ 450.896679][T10165] mapped:47588 shmem:5060 pagetables:2157 bounce:0 [ 450.896679][T10165] free:193865 free_pcp:85 free_cma:0 [ 450.933807][T10165] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111404kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 450.961322][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 450.990418][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 450.996303][T10165] Node 0 DMA32 free:39596kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:264kB local_pcp:252kB free_cma:0kB [ 451.027943][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 451.033393][T10165] Node 0 Normal free:9840kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:76kB local_pcp:56kB free_cma:0kB [ 451.064950][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 451.069729][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 451.081845][T10165] Node 0 DMA32: 629*4kB (ME) 399*8kB (UME) 316*16kB (ME) 187*32kB (ME) 113*64kB (ME) 50*128kB (UME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39596kB [ 451.098677][T10165] Node 0 Normal: 854*4kB (UME) 269*8kB (M) 113*16kB (UM) 39*32kB (M) 3*64kB (M) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9840kB [ 451.113790][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 451.123566][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 451.133067][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 451.142821][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 451.152280][T10165] 22496 total pagecache pages [ 451.157004][T10165] 0 pages in swap cache [ 451.161293][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 451.167394][T10165] Free swap = 0kB [ 451.171232][T10165] Total swap = 0kB [ 451.175005][T10165] 1965979 pages RAM [ 451.178868][T10165] 0 pages HighMem/MovableOnly [ 451.183717][T10165] 1433455 pages reserved [ 451.188017][T10165] 0 pages cma reserved [ 451.192282][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=10766,uid=0 [ 451.207277][T10165] Out of memory: Killed process 10766 (syz-executor.3) total-vm:93308kB, anon-rss:120kB, file-rss:35676kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 451.228442][ T1904] oom_reaper: reaped process 10766 (syz-executor.3), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 451.244174][T10188] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 451.257395][T10188] CPU: 1 PID: 10188 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 451.266129][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 451.276233][T10188] Call Trace: [ 451.279624][T10188] dump_stack+0x21c/0x280 [ 451.284056][T10188] dump_header+0x1c5/0xcf0 [ 451.288568][T10188] oom_kill_process+0x388/0xb00 [ 451.293517][T10188] out_of_memory+0x117f/0x16a0 [ 451.298398][T10188] __alloc_pages_slowpath+0x303a/0x3d10 [ 451.304102][T10188] __alloc_pages_nodemask+0xbb1/0x1030 [ 451.309668][T10188] alloc_pages_current+0x685/0xb50 [ 451.314889][T10188] ion_page_pool_alloc+0x73d/0x8f0 [ 451.320090][T10188] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 451.326238][T10188] ? __list_add_valid+0xb8/0x420 [ 451.331265][T10188] ? kmsan_get_metadata+0x116/0x180 [ 451.336574][T10188] ion_system_heap_allocate+0x509/0x16b0 [ 451.342345][T10188] ? ion_system_contig_heap_create+0x230/0x230 [ 451.348592][T10188] ion_ioctl+0x8cd/0x2140 [ 451.353067][T10188] ? debug_shrink_set+0x240/0x240 [ 451.358300][T10188] compat_ptr_ioctl+0xe2/0x150 [ 451.363156][T10188] ? __ia32_sys_ioctl+0x70/0x70 [ 451.368086][T10188] __se_compat_sys_ioctl+0x55f/0x1100 [ 451.373569][T10188] ? kmsan_get_metadata+0x116/0x180 [ 451.378848][T10188] __ia32_compat_sys_ioctl+0x4a/0x70 [ 451.384222][T10188] __do_fast_syscall_32+0x2af/0x480 [ 451.389526][T10188] do_fast_syscall_32+0x6b/0xd0 [ 451.394473][T10188] do_SYSENTER_32+0x73/0x90 [ 451.399075][T10188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 451.405479][T10188] RIP: 0023:0xf7f05549 [ 451.409584][T10188] Code: Bad RIP value. [ 451.413719][T10188] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 451.422216][T10188] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 451.430257][T10188] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 451.438290][T10188] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 451.446324][T10188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 451.454356][T10188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 451.462575][T10188] Mem-Info: [ 451.465856][T10188] active_anon:108201 inactive_anon:4875 isolated_anon:0 [ 451.465856][T10188] active_file:2449 inactive_file:15053 isolated_file:0 [ 451.465856][T10188] unevictable:0 dirty:16 writeback:17 [ 451.465856][T10188] slab_reclaimable:6556 slab_unreclaimable:19419 [ 451.465856][T10188] mapped:47571 shmem:5060 pagetables:2132 bounce:0 [ 451.465856][T10188] free:193792 free_pcp:85 free_cma:0 [ 451.503058][T10188] Node 0 active_anon:414804kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111404kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 451.530644][T10188] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 451.559748][T10188] lowmem_reserve[]: 0 896 1124 1124 1124 [ 451.565626][T10188] Node 0 DMA32 free:39596kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387968kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:264kB local_pcp:252kB free_cma:0kB [ 451.597260][T10188] lowmem_reserve[]: 0 0 228 228 228 [ 451.602706][T10188] Node 0 Normal free:9840kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26836kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:76kB local_pcp:56kB free_cma:0kB [ 451.634209][T10188] lowmem_reserve[]: 0 0 0 0 0 [ 451.638991][T10188] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 451.651171][T10188] Node 0 DMA32: 629*4kB (ME) 399*8kB (UME) 316*16kB (ME) 187*32kB (ME) 113*64kB (ME) 50*128kB (UME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39596kB [ 451.667979][T10188] Node 0 Normal: 854*4kB (UME) 269*8kB (M) 113*16kB (UM) 39*32kB (M) 3*64kB (M) 0*128kB 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 9840kB [ 451.683067][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 451.692820][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 451.702316][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 451.712077][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 451.721524][T10188] 22598 total pagecache pages [ 451.726234][T10188] 0 pages in swap cache [ 451.730444][T10188] Swap cache stats: add 0, delete 0, find 0/0 [ 451.736793][T10188] Free swap = 0kB [ 451.740553][T10188] Total swap = 0kB [ 451.744458][T10188] 1965979 pages RAM [ 451.748311][T10188] 0 pages HighMem/MovableOnly [ 451.753142][T10188] 1433455 pages reserved [ 451.757414][T10188] 0 pages cma reserved [ 451.761663][T10188] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=10198,uid=0 [ 451.776600][T10188] Out of memory: Killed process 10198 (syz-executor.2) total-vm:93044kB, anon-rss:144kB, file-rss:34972kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 451.812354][ T1904] oom_reaper: reaped process 10198 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 452.027903][T10742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 452.163898][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 452.172877][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 452.243612][T10742] 8021q: adding VLAN 0 to HW filter on device team0 [ 452.314069][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 452.323948][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 452.333351][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 452.340660][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 452.472116][ T8719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 452.481661][ T8719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 452.491375][ T8719] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 452.500595][ T8719] bridge0: port 2(bridge_slave_1) entered blocking state [ 452.507878][ T8719] bridge0: port 2(bridge_slave_1) entered forwarding state [ 452.516930][ T8719] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 452.527788][ T8719] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 452.678419][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 452.688833][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 452.699318][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 452.710136][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 452.720462][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 452.730107][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 452.739596][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 452.749181][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 452.767761][ T8719] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 452.967725][T10742] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 453.156822][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 453.165078][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 453.235813][T10742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 454.117614][T10165] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 454.130749][T10165] CPU: 0 PID: 10165 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 454.139485][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 454.149592][T10165] Call Trace: [ 454.152990][T10165] dump_stack+0x21c/0x280 [ 454.157417][T10165] dump_header+0x1c5/0xcf0 [ 454.161938][T10165] oom_kill_process+0x388/0xb00 [ 454.166891][T10165] out_of_memory+0x117f/0x16a0 [ 454.171775][T10165] __alloc_pages_slowpath+0x303a/0x3d10 [ 454.177477][T10165] __alloc_pages_nodemask+0xbb1/0x1030 [ 454.183059][T10165] alloc_pages_current+0x685/0xb50 [ 454.188385][T10165] ion_page_pool_alloc+0x73d/0x8f0 [ 454.193589][T10165] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 454.199736][T10165] ? __list_add_valid+0xb8/0x420 [ 454.204766][T10165] ? kmsan_get_metadata+0x116/0x180 [ 454.210072][T10165] ion_system_heap_allocate+0x509/0x16b0 [ 454.215831][T10165] ? ion_system_contig_heap_create+0x230/0x230 [ 454.222071][T10165] ion_ioctl+0x8cd/0x2140 [ 454.226529][T10165] ? debug_shrink_set+0x240/0x240 [ 454.231635][T10165] compat_ptr_ioctl+0xe2/0x150 [ 454.236485][T10165] ? __ia32_sys_ioctl+0x70/0x70 [ 454.241417][T10165] __se_compat_sys_ioctl+0x55f/0x1100 [ 454.246896][T10165] ? kmsan_get_metadata+0x116/0x180 [ 454.252174][T10165] __ia32_compat_sys_ioctl+0x4a/0x70 [ 454.257554][T10165] __do_fast_syscall_32+0x2af/0x480 [ 454.262862][T10165] do_fast_syscall_32+0x6b/0xd0 [ 454.267807][T10165] do_SYSENTER_32+0x73/0x90 [ 454.272410][T10165] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 454.278793][T10165] RIP: 0023:0xf7f05549 [ 454.282898][T10165] Code: Bad RIP value. [ 454.287123][T10165] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 454.295616][T10165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 454.303644][T10165] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 454.311682][T10165] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 454.319727][T10165] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 454.327766][T10165] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 454.337707][T10165] Mem-Info: [ 454.341019][T10165] active_anon:108153 inactive_anon:4874 isolated_anon:0 [ 454.341019][T10165] active_file:2493 inactive_file:15318 isolated_file:0 [ 454.341019][T10165] unevictable:0 dirty:18 writeback:0 [ 454.341019][T10165] slab_reclaimable:6558 slab_unreclaimable:19436 [ 454.341019][T10165] mapped:47649 shmem:5060 pagetables:2105 bounce:0 [ 454.341019][T10165] free:193761 free_pcp:0 free_cma:0 [ 454.378084][T10165] Node 0 active_anon:414768kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111564kB dirty:16kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? no [ 454.405482][T10165] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 454.434580][T10165] lowmem_reserve[]: 0 896 1124 1124 1124 [ 454.440307][T10165] Node 0 DMA32 free:39732kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387960kB inactive_anon:872kB active_file:0kB inactive_file:344kB unevictable:0kB writepending:4kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:544kB pagetables:1460kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 454.471677][T10165] lowmem_reserve[]: 0 0 228 228 228 [ 454.476971][T10165] Node 0 Normal free:9692kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26808kB inactive_anon:18580kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 454.508165][T10165] lowmem_reserve[]: 0 0 0 0 0 [ 454.513011][T10165] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 454.525172][T10165] Node 0 DMA32: 632*4kB (UME) 398*8kB (ME) 319*16kB (UME) 189*32kB (UME) 115*64kB (UME) 50*128kB (UME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39840kB [ 454.542182][T10165] Node 0 Normal: 856*4kB (ME) 267*8kB (M) 114*16kB (M) 42*32kB (UM) 6*64kB (UM) 0*128kB 2*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 10136kB [ 454.557641][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 454.567319][T10165] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 454.576740][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 454.586424][T10165] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 454.595839][T10165] 22873 total pagecache pages [ 454.600556][T10165] 0 pages in swap cache [ 454.604824][T10165] Swap cache stats: add 0, delete 0, find 0/0 [ 454.610921][T10165] Free swap = 0kB [ 454.614750][T10165] Total swap = 0kB [ 454.618511][T10165] 1965979 pages RAM [ 454.622430][T10165] 0 pages HighMem/MovableOnly [ 454.627143][T10165] 1433455 pages reserved [ 454.631490][T10165] 0 pages cma reserved [ 454.635612][T10165] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=10079,uid=0 [ 454.650549][T10165] Out of memory: Killed process 10079 (syz-executor.1) total-vm:93176kB, anon-rss:164kB, file-rss:34948kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 454.676842][ T1904] oom_reaper: reaped process 10079 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 455.237435][T10188] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 455.250289][T10188] CPU: 1 PID: 10188 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 455.259020][T10188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 455.269127][T10188] Call Trace: [ 455.272516][T10188] dump_stack+0x21c/0x280 [ 455.276940][T10188] dump_header+0x1c5/0xcf0 [ 455.281458][T10188] oom_kill_process+0x388/0xb00 [ 455.286406][T10188] out_of_memory+0x117f/0x16a0 [ 455.291277][T10188] __alloc_pages_slowpath+0x303a/0x3d10 [ 455.296976][T10188] __alloc_pages_nodemask+0xbb1/0x1030 [ 455.302547][T10188] alloc_pages_current+0x685/0xb50 [ 455.307767][T10188] ion_page_pool_alloc+0x73d/0x8f0 [ 455.312972][T10188] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 455.319108][T10188] ? __list_add_valid+0xb8/0x420 [ 455.324128][T10188] ? kmsan_get_metadata+0x116/0x180 [ 455.329431][T10188] ion_system_heap_allocate+0x509/0x16b0 [ 455.335187][T10188] ? ion_system_contig_heap_create+0x230/0x230 [ 455.341431][T10188] ion_ioctl+0x8cd/0x2140 [ 455.345889][T10188] ? debug_shrink_set+0x240/0x240 [ 455.350990][T10188] compat_ptr_ioctl+0xe2/0x150 [ 455.355836][T10188] ? __ia32_sys_ioctl+0x70/0x70 [ 455.360761][T10188] __se_compat_sys_ioctl+0x55f/0x1100 [ 455.366236][T10188] ? kmsan_get_metadata+0x116/0x180 [ 455.371520][T10188] __ia32_compat_sys_ioctl+0x4a/0x70 [ 455.376895][T10188] __do_fast_syscall_32+0x2af/0x480 [ 455.382199][T10188] do_fast_syscall_32+0x6b/0xd0 [ 455.387144][T10188] do_SYSENTER_32+0x73/0x90 [ 455.391744][T10188] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 455.398131][T10188] RIP: 0023:0xf7f05549 [ 455.402232][T10188] Code: Bad RIP value. [ 455.406350][T10188] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 455.414840][T10188] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 455.422869][T10188] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 455.430899][T10188] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 455.438930][T10188] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 455.446957][T10188] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 455.455537][T10188] Mem-Info: [ 455.458841][T10188] active_anon:108118 inactive_anon:4874 isolated_anon:0 [ 455.458841][T10188] active_file:2490 inactive_file:15481 isolated_file:0 [ 455.458841][T10188] unevictable:0 dirty:0 writeback:0 [ 455.458841][T10188] slab_reclaimable:6558 slab_unreclaimable:19424 [ 455.458841][T10188] mapped:47666 shmem:5060 pagetables:2080 bounce:0 [ 455.458841][T10188] free:193533 free_pcp:76 free_cma:0 [ 455.495847][T10188] Node 0 active_anon:414756kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111636kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 455.523283][T10188] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 455.552372][T10188] lowmem_reserve[]: 0 896 1124 1124 1124 [ 455.558103][T10188] Node 0 DMA32 free:39628kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387960kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1460kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 455.589699][T10188] lowmem_reserve[]: 0 0 228 228 228 [ 455.595153][T10188] Node 0 Normal free:9896kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26796kB inactive_anon:18580kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:56kB local_pcp:56kB free_cma:0kB [ 455.626641][T10188] lowmem_reserve[]: 0 0 0 0 0 [ 455.631607][T10188] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 455.643787][T10188] Node 0 DMA32: 631*4kB (ME) 398*8kB (ME) 318*16kB (UME) 187*32kB (ME) 113*64kB (ME) 50*128kB (UME) 20*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39628kB [ 455.660634][T10188] Node 0 Normal: 855*4kB (ME) 269*8kB (M) 115*16kB (UM) 40*32kB (M) 5*64kB (M) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9908kB [ 455.676378][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 455.686194][T10188] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 455.695643][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 455.705350][T10188] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 455.714766][T10188] 23058 total pagecache pages [ 455.719480][T10188] 0 pages in swap cache [ 455.723777][T10188] Swap cache stats: add 0, delete 0, find 0/0 [ 455.729876][T10188] Free swap = 0kB [ 455.733719][T10188] Total swap = 0kB [ 455.737481][T10188] 1965979 pages RAM [ 455.741405][T10188] 0 pages HighMem/MovableOnly [ 455.746124][T10188] 1433455 pages reserved [ 455.750428][T10188] 0 pages cma reserved [ 455.754706][T10188] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=10188,uid=0 [ 455.769685][T10188] Out of memory: Killed process 10188 (syz-executor.2) total-vm:93044kB, anon-rss:144kB, file-rss:34960kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 455.787817][ T1904] oom_reaper: reaped process 10188 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 455.919160][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 455.929545][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 456.052296][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 456.062257][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 456.114816][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 456.124579][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 456.142921][T10742] device veth0_vlan entered promiscuous mode [ 456.196646][T10742] device veth1_vlan entered promiscuous mode [ 456.362438][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 456.372128][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 456.381662][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 456.391643][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 456.456434][T10742] device veth0_macvtap entered promiscuous mode [ 456.496981][T10742] device veth1_macvtap entered promiscuous mode [ 456.598791][T10742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 456.609462][T10742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.619903][T10742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 456.630545][T10742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.640599][T10742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 456.651169][T10742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.661143][T10742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 456.671705][T10742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.685945][T10742] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 456.714342][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 456.724153][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 456.733764][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 456.743806][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 456.877580][T10742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 456.888151][T10742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.898206][T10742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 456.908810][T10742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.918845][T10742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 456.929436][T10742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.939494][T10742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 456.950101][T10742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 456.964525][T10742] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 456.973249][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 456.983539][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 458.387970][T10991] warn_alloc: 1 callbacks suppressed [ 458.388045][T10991] syz-executor.4: page allocation failure: order:4, mode:0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0,cpuset=/,mems_allowed=0-1 [ 458.408307][T10991] CPU: 1 PID: 10991 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 458.417033][T10991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 458.427233][T10991] Call Trace: [ 458.430598][T10991] dump_stack+0x21c/0x280 [ 458.435043][T10991] warn_alloc+0x4cc/0x680 [ 458.439514][T10991] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 458.445441][T10991] __alloc_pages_slowpath+0x3cb6/0x3d10 [ 458.451100][T10991] ? kmsan_get_metadata+0x116/0x180 [ 458.456407][T10991] ? kmsan_get_metadata+0x116/0x180 [ 458.461669][T10991] __alloc_pages_nodemask+0xbb1/0x1030 [ 458.467222][T10991] alloc_pages_current+0x685/0xb50 [ 458.472461][T10991] ion_page_pool_alloc+0x73d/0x8f0 [ 458.477674][T10991] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 458.483792][T10991] ? __list_add_valid+0xb8/0x420 [ 458.488786][T10991] ? kmsan_get_metadata+0x116/0x180 [ 458.494098][T10991] ion_system_heap_allocate+0x5a2/0x16b0 [ 458.499858][T10991] ? ion_system_contig_heap_create+0x230/0x230 [ 458.506104][T10991] ion_ioctl+0x8cd/0x2140 [ 458.510593][T10991] ? debug_shrink_set+0x240/0x240 [ 458.515709][T10991] compat_ptr_ioctl+0xe2/0x150 [ 458.520602][T10991] ? __ia32_sys_ioctl+0x70/0x70 [ 458.525562][T10991] __se_compat_sys_ioctl+0x55f/0x1100 [ 458.531037][T10991] ? kmsan_get_metadata+0x116/0x180 [ 458.536316][T10991] __ia32_compat_sys_ioctl+0x4a/0x70 [ 458.541694][T10991] __do_fast_syscall_32+0x2af/0x480 [ 458.547005][T10991] do_fast_syscall_32+0x6b/0xd0 [ 458.551944][T10991] do_SYSENTER_32+0x73/0x90 [ 458.556570][T10991] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 458.562962][T10991] RIP: 0023:0xf7f4a549 [ 458.567065][T10991] Code: Bad RIP value. [ 458.571205][T10991] RSP: 002b:00000000f55440cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 458.579701][T10991] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 458.587755][T10991] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 458.595788][T10991] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 458.603821][T10991] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 458.611852][T10991] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 458.620381][T10991] Mem-Info: [ 458.623789][T10991] active_anon:108632 inactive_anon:4873 isolated_anon:0 [ 458.623789][T10991] active_file:2492 inactive_file:15663 isolated_file:0 [ 458.623789][T10991] unevictable:0 dirty:19 writeback:0 [ 458.623789][T10991] slab_reclaimable:6554 slab_unreclaimable:19444 [ 458.623789][T10991] mapped:47719 shmem:5059 pagetables:2101 bounce:0 [ 458.623789][T10991] free:193405 free_pcp:39 free_cma:0 [ 458.660884][T10991] Node 0 active_anon:417000kB inactive_anon:19452kB active_file:4kB inactive_file:16kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111712kB dirty:16kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 458.688538][T10991] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 458.717766][T10991] lowmem_reserve[]: 0 896 1124 1124 1124 [ 458.723603][T10991] Node 0 DMA32 free:39836kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:390204kB inactive_anon:872kB active_file:0kB inactive_file:284kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:592kB pagetables:1660kB bounce:0kB free_pcp:156kB local_pcp:0kB free_cma:0kB [ 458.758129][T10991] lowmem_reserve[]: 0 0 228 228 228 [ 458.763522][T10991] Node 0 Normal free:9492kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26796kB inactive_anon:18580kB active_file:4kB inactive_file:444kB unevictable:0kB writepending:16kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 458.795007][T10991] lowmem_reserve[]: 0 0 0 0 0 [ 458.799802][T10991] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 458.811870][T10991] Node 0 DMA32: 570*4kB (UME) 400*8kB (UME) 321*16kB (UME) 191*32kB (UME) 114*64kB (UME) 49*128kB (ME) 19*256kB (M) 8*512kB (UM) 1*1024kB (U) 0*2048kB 0*4096kB = 40280kB [ 458.829225][T10991] Node 0 Normal: 857*4kB (UME) 271*8kB (UM) 117*16kB (UM) 57*32kB (UM) 5*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9996kB [ 458.844810][T10991] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 458.854527][T10991] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 458.863963][T10991] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 458.873674][T10991] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 458.883086][T10991] 23250 total pagecache pages [ 458.887807][T10991] 0 pages in swap cache [ 458.892105][T10991] Swap cache stats: add 0, delete 0, find 0/0 [ 458.898209][T10991] Free swap = 0kB [ 458.902055][T10991] Total swap = 0kB [ 458.905818][T10991] 1965979 pages RAM [ 458.909677][T10991] 0 pages HighMem/MovableOnly [ 458.914577][T10991] 1433455 pages reserved [ 458.918893][T10991] 0 pages cma reserved 11:52:45 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:45 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:45 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) socket$kcm(0x10, 0x2, 0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) sendfile(r3, r1, 0x0, 0x20000002) 11:52:45 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:45 executing program 0: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 459.360809][T11003] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 459.373894][T11003] CPU: 0 PID: 11003 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 459.382624][T11003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 459.392902][T11003] Call Trace: [ 459.396296][T11003] dump_stack+0x21c/0x280 [ 459.400718][T11003] dump_header+0x1c5/0xcf0 [ 459.405211][T11003] oom_kill_process+0x388/0xb00 [ 459.410129][T11003] out_of_memory+0x117f/0x16a0 [ 459.414984][T11003] __alloc_pages_slowpath+0x303a/0x3d10 [ 459.420664][T11003] __alloc_pages_nodemask+0xbb1/0x1030 [ 459.426208][T11003] alloc_pages_current+0x685/0xb50 [ 459.431424][T11003] ion_page_pool_alloc+0x73d/0x8f0 [ 459.436600][T11003] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 459.442810][T11003] ? __list_add_valid+0xb8/0x420 [ 459.447811][T11003] ? kmsan_get_metadata+0x116/0x180 [ 459.453088][T11003] ion_system_heap_allocate+0x509/0x16b0 [ 459.458811][T11003] ? ion_system_contig_heap_create+0x230/0x230 [ 459.465027][T11003] ion_ioctl+0x8cd/0x2140 [ 459.469475][T11003] ? debug_shrink_set+0x240/0x240 [ 459.474567][T11003] compat_ptr_ioctl+0xe2/0x150 [ 459.479393][T11003] ? __ia32_sys_ioctl+0x70/0x70 [ 459.484293][T11003] __se_compat_sys_ioctl+0x55f/0x1100 [ 459.489738][T11003] ? kmsan_get_metadata+0x116/0x180 [ 459.495015][T11003] __ia32_compat_sys_ioctl+0x4a/0x70 [ 459.500389][T11003] __do_fast_syscall_32+0x2af/0x480 [ 459.505691][T11003] do_fast_syscall_32+0x6b/0xd0 [ 459.510607][T11003] do_SYSENTER_32+0x73/0x90 [ 459.515181][T11003] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 459.521558][T11003] RIP: 0023:0xf7f05549 [ 459.525647][T11003] Code: Bad RIP value. [ 459.529743][T11003] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 459.538209][T11003] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 459.546222][T11003] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 459.554233][T11003] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 459.562244][T11003] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 459.570252][T11003] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 459.579186][T11003] Mem-Info: [ 459.582562][T11003] active_anon:108657 inactive_anon:4873 isolated_anon:0 [ 459.582562][T11003] active_file:2496 inactive_file:15812 isolated_file:0 [ 459.582562][T11003] unevictable:0 dirty:16 writeback:0 [ 459.582562][T11003] slab_reclaimable:6554 slab_unreclaimable:19417 [ 459.582562][T11003] mapped:47700 shmem:5059 pagetables:2165 bounce:0 [ 459.582562][T11003] free:193235 free_pcp:97 free_cma:0 [ 459.619617][T11003] Node 0 active_anon:416944kB inactive_anon:19448kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111736kB dirty:4kB writeback:0kB shmem:20156kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 256000kB writeback_tmp:0kB all_unreclaimable? yes [ 459.647023][T11003] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 459.676154][T11003] lowmem_reserve[]: 0 896 1124 1124 1124 [ 459.681970][T11003] Node 0 DMA32 free:39800kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:390148kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1464kB bounce:0kB free_pcp:332kB local_pcp:332kB free_cma:0kB [ 459.713605][T11003] lowmem_reserve[]: 0 0 228 228 228 [ 459.718910][T11003] Node 0 Normal free:9872kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26796kB inactive_anon:18576kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:56kB local_pcp:56kB free_cma:0kB [ 459.750278][T11003] lowmem_reserve[]: 0 0 0 0 0 11:52:46 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 459.755212][T11003] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 459.767265][T11003] Node 0 DMA32: 570*4kB (UME) 400*8kB (UME) 321*16kB (UME) 192*32kB (UME) 114*64kB (UME) 49*128kB (ME) 19*256kB (M) 7*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 39800kB [ 459.784451][T11003] Node 0 Normal: 856*4kB (ME) 270*8kB (UM) 114*16kB (M) 57*32kB (UM) 6*64kB (UM) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9872kB [ 459.799649][T11003] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 459.809337][T11003] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 459.818773][T11003] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 459.828533][T11003] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 459.837927][T11003] 23384 total pagecache pages [ 459.842716][T11003] 0 pages in swap cache [ 459.846930][T11003] Swap cache stats: add 0, delete 0, find 0/0 [ 459.853095][T11003] Free swap = 0kB [ 459.856853][T11003] Total swap = 0kB [ 459.860616][T11003] 1965979 pages RAM [ 459.864525][T11003] 0 pages HighMem/MovableOnly [ 459.869235][T11003] 1433455 pages reserved [ 459.873862][T11003] 0 pages cma reserved [ 459.877989][T11003] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=10997,uid=0 [ 459.892874][T11003] Out of memory: Killed process 10997 (syz-executor.2) total-vm:93044kB, anon-rss:2148kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 459.923044][ T1904] oom_reaper: reaped process 10997 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 11:52:46 executing program 0: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:46 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) socket$kcm(0x10, 0x2, 0x4) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) sendfile(r3, r1, 0x0, 0x20000002) [ 460.258282][T11007] syz-executor.4 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 460.271318][T11007] CPU: 1 PID: 11007 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 460.280052][T11007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 460.290153][T11007] Call Trace: [ 460.293543][T11007] dump_stack+0x21c/0x280 [ 460.297981][T11007] dump_header+0x1c5/0xcf0 [ 460.303466][T11007] oom_kill_process+0x388/0xb00 [ 460.308419][T11007] out_of_memory+0x117f/0x16a0 [ 460.313309][T11007] __alloc_pages_slowpath+0x303a/0x3d10 [ 460.319044][T11007] __alloc_pages_nodemask+0xbb1/0x1030 [ 460.324621][T11007] alloc_pages_current+0x685/0xb50 [ 460.329941][T11007] ion_page_pool_alloc+0x73d/0x8f0 [ 460.335149][T11007] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 460.341295][T11007] ? __list_add_valid+0xb8/0x420 [ 460.346337][T11007] ? kmsan_get_metadata+0x116/0x180 [ 460.351662][T11007] ion_system_heap_allocate+0x509/0x16b0 [ 460.357428][T11007] ? ion_system_contig_heap_create+0x230/0x230 [ 460.363694][T11007] ion_ioctl+0x8cd/0x2140 [ 460.368158][T11007] ? debug_shrink_set+0x240/0x240 [ 460.373267][T11007] compat_ptr_ioctl+0xe2/0x150 [ 460.378117][T11007] ? __ia32_sys_ioctl+0x70/0x70 [ 460.383047][T11007] __se_compat_sys_ioctl+0x55f/0x1100 [ 460.388527][T11007] ? kmsan_get_metadata+0x116/0x180 [ 460.393828][T11007] __ia32_compat_sys_ioctl+0x4a/0x70 [ 460.399208][T11007] __do_fast_syscall_32+0x2af/0x480 [ 460.404512][T11007] do_fast_syscall_32+0x6b/0xd0 [ 460.409456][T11007] do_SYSENTER_32+0x73/0x90 [ 460.414061][T11007] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 460.420448][T11007] RIP: 0023:0xf7f4a549 [ 460.424553][T11007] Code: Bad RIP value. [ 460.428668][T11007] RSP: 002b:00000000f55440cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 460.437164][T11007] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 460.445209][T11007] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 460.453242][T11007] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 460.461272][T11007] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 460.469303][T11007] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 460.477919][T11007] Mem-Info: [ 460.481300][T11007] active_anon:108668 inactive_anon:4873 isolated_anon:0 [ 460.481300][T11007] active_file:2495 inactive_file:15996 isolated_file:0 [ 460.481300][T11007] unevictable:0 dirty:40 writeback:0 [ 460.481300][T11007] slab_reclaimable:6554 slab_unreclaimable:19407 [ 460.481300][T11007] mapped:47717 shmem:5059 pagetables:2123 bounce:0 [ 460.481300][T11007] free:193022 free_pcp:118 free_cma:0 [ 460.518525][T11007] Node 0 active_anon:417036kB inactive_anon:19448kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111744kB dirty:4kB writeback:0kB shmem:20156kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 256000kB writeback_tmp:0kB all_unreclaimable? yes [ 460.545988][T11007] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 460.575085][T11007] lowmem_reserve[]: 0 896 1124 1124 1124 [ 460.580954][T11007] Node 0 DMA32 free:39612kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:390240kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:592kB pagetables:1572kB bounce:0kB free_pcp:364kB local_pcp:248kB free_cma:0kB [ 460.612525][T11007] lowmem_reserve[]: 0 0 228 228 228 [ 460.617822][T11007] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26796kB inactive_anon:18576kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:108kB local_pcp:56kB free_cma:0kB [ 460.649349][T11007] lowmem_reserve[]: 0 0 0 0 0 [ 460.654257][T11007] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 460.666368][T11007] Node 0 DMA32: 569*4kB (UME) 399*8kB (UME) 318*16kB (UME) 188*32kB (UME) 114*64kB (UME) 49*128kB (ME) 19*256kB (M) 9*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39612kB [ 460.683332][T11007] Node 0 Normal: 857*4kB (UME) 270*8kB (UM) 114*16kB (M) 55*32kB (UM) 5*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9876kB [ 460.698942][T11007] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 460.708700][T11007] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 460.718195][T11007] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 460.727942][T11007] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 460.737401][T11007] 23602 total pagecache pages [ 460.742267][T11007] 0 pages in swap cache [ 460.746474][T11007] Swap cache stats: add 0, delete 0, find 0/0 [ 460.752712][T11007] Free swap = 0kB [ 460.756480][T11007] Total swap = 0kB [ 460.760240][T11007] 1965979 pages RAM [ 460.764217][T11007] 0 pages HighMem/MovableOnly [ 460.768928][T11007] 1433455 pages reserved [ 460.773354][T11007] 0 pages cma reserved [ 460.777488][T11007] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=11009,uid=0 [ 460.792424][T11007] Out of memory: Killed process 11009 (syz-executor.0) total-vm:93044kB, anon-rss:2164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 460.811791][ T1904] oom_reaper: reaped process 11009 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 11:52:47 executing program 0: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:47 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 461.485611][T11021] syz-executor.0 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 461.498489][T11021] CPU: 1 PID: 11021 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 461.507340][T11021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 461.517451][T11021] Call Trace: [ 461.520845][T11021] dump_stack+0x21c/0x280 [ 461.525279][T11021] dump_header+0x1c5/0xcf0 [ 461.529791][T11021] oom_kill_process+0x388/0xb00 [ 461.534756][T11021] out_of_memory+0x117f/0x16a0 [ 461.539655][T11021] __alloc_pages_slowpath+0x303a/0x3d10 [ 461.545342][T11021] __alloc_pages_nodemask+0xbb1/0x1030 [ 461.550912][T11021] alloc_pages_current+0x685/0xb50 [ 461.556137][T11021] ion_page_pool_alloc+0x73d/0x8f0 [ 461.561361][T11021] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 461.567503][T11021] ? __list_add_valid+0xb8/0x420 [ 461.572530][T11021] ? kmsan_get_metadata+0x116/0x180 [ 461.577854][T11021] ion_system_heap_allocate+0x509/0x16b0 [ 461.583636][T11021] ? ion_system_contig_heap_create+0x230/0x230 [ 461.589889][T11021] ion_ioctl+0x8cd/0x2140 [ 461.594347][T11021] ? debug_shrink_set+0x240/0x240 [ 461.599453][T11021] compat_ptr_ioctl+0xe2/0x150 [ 461.604310][T11021] ? __ia32_sys_ioctl+0x70/0x70 [ 461.609243][T11021] __se_compat_sys_ioctl+0x55f/0x1100 [ 461.614721][T11021] ? kmsan_get_metadata+0x116/0x180 [ 461.620152][T11021] __ia32_compat_sys_ioctl+0x4a/0x70 [ 461.625541][T11021] __do_fast_syscall_32+0x2af/0x480 [ 461.630844][T11021] do_fast_syscall_32+0x6b/0xd0 [ 461.635782][T11021] do_SYSENTER_32+0x73/0x90 [ 461.640380][T11021] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 461.646776][T11021] RIP: 0023:0xf7f62549 [ 461.650888][T11021] Code: Bad RIP value. [ 461.655129][T11021] RSP: 002b:00000000f555c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 461.663633][T11021] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 461.671750][T11021] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 461.679792][T11021] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 461.687831][T11021] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 461.695859][T11021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 461.704495][T11021] Mem-Info: [ 461.707785][T11021] active_anon:108221 inactive_anon:4873 isolated_anon:0 [ 461.707785][T11021] active_file:2497 inactive_file:16131 isolated_file:0 [ 461.707785][T11021] unevictable:0 dirty:14 writeback:0 [ 461.707785][T11021] slab_reclaimable:6554 slab_unreclaimable:19401 [ 461.707785][T11021] mapped:48001 shmem:5059 pagetables:2212 bounce:0 [ 461.707785][T11021] free:132622 free_pcp:167 free_cma:0 [ 461.745168][T11021] Node 0 active_anon:414924kB inactive_anon:19448kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111744kB dirty:4kB writeback:0kB shmem:20156kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 256000kB writeback_tmp:0kB all_unreclaimable? yes [ 461.772700][T11021] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 461.801823][T11021] lowmem_reserve[]: 0 896 1124 1124 1124 [ 461.807559][T11021] Node 0 DMA32 free:39756kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:388128kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1472kB bounce:0kB free_pcp:560kB local_pcp:248kB free_cma:0kB [ 461.839645][T11021] lowmem_reserve[]: 0 0 228 228 228 [ 461.845045][T11021] Node 0 Normal free:9876kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26796kB inactive_anon:18576kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:108kB local_pcp:60kB free_cma:0kB [ 461.876586][T11021] lowmem_reserve[]: 0 0 0 0 0 [ 461.881498][T11021] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 461.893617][T11021] Node 0 DMA32: 569*4kB (UME) 399*8kB (UME) 320*16kB (UME) 188*32kB (UME) 114*64kB (UME) 50*128kB (UME) 19*256kB (M) 7*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 39772kB [ 461.910939][T11021] Node 0 Normal: 857*4kB (UME) 270*8kB (UM) 114*16kB (M) 55*32kB (UM) 5*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9876kB [ 461.926468][T11021] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 461.936227][T11021] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 461.945710][T11021] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 461.955484][T11021] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 461.964958][T11021] 23721 total pagecache pages [ 461.969682][T11021] 0 pages in swap cache [ 461.974050][T11021] Swap cache stats: add 0, delete 0, find 0/0 [ 461.980160][T11021] Free swap = 0kB [ 461.984079][T11021] Total swap = 0kB [ 461.987851][T11021] 1965979 pages RAM [ 461.991826][T11021] 0 pages HighMem/MovableOnly [ 461.996539][T11021] 1433455 pages reserved [ 462.000963][T11021] 0 pages cma reserved [ 462.002144][ T9756] Bluetooth: hci1: command 0x0406 tx timeout [ 462.005081][T11021] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=11006,uid=0 [ 462.005289][T11021] Out of memory: Killed process 11007 (syz-executor.4) total-vm:93044kB, anon-rss:144kB, file-rss:35760kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 462.045067][ T1904] oom_reaper: reaped process 11007 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 11:52:49 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000480), 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r3 = accept4$alg(r2, 0x0, 0x0, 0x0) sendfile(r3, r1, 0x0, 0x20000002) 11:52:49 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 462.789402][T11030] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 462.803097][T11030] CPU: 1 PID: 11030 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 462.811873][T11030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 462.821977][T11030] Call Trace: [ 462.825364][T11030] dump_stack+0x21c/0x280 [ 462.829853][T11030] dump_header+0x1c5/0xcf0 [ 462.834384][T11030] oom_kill_process+0x388/0xb00 [ 462.839344][T11030] out_of_memory+0x117f/0x16a0 [ 462.844249][T11030] __alloc_pages_slowpath+0x303a/0x3d10 [ 462.849954][T11030] __alloc_pages_nodemask+0xbb1/0x1030 [ 462.855577][T11030] alloc_pages_current+0x685/0xb50 [ 462.860814][T11030] ion_page_pool_alloc+0x73d/0x8f0 [ 462.866021][T11030] ? __msan_poison_alloca+0xf0/0x120 [ 462.871429][T11030] ? kmsan_get_metadata+0x116/0x180 [ 462.876744][T11030] ion_system_heap_allocate+0x509/0x16b0 [ 462.882506][T11030] ? ion_system_contig_heap_create+0x230/0x230 [ 462.888751][T11030] ion_ioctl+0x8cd/0x2140 [ 462.893237][T11030] ? debug_shrink_set+0x240/0x240 [ 462.898351][T11030] compat_ptr_ioctl+0xe2/0x150 [ 462.903209][T11030] ? __ia32_sys_ioctl+0x70/0x70 [ 462.908165][T11030] __se_compat_sys_ioctl+0x55f/0x1100 [ 462.913670][T11030] ? kmsan_get_metadata+0x116/0x180 [ 462.918967][T11030] __ia32_compat_sys_ioctl+0x4a/0x70 [ 462.924366][T11030] __do_fast_syscall_32+0x2af/0x480 [ 462.929680][T11030] do_fast_syscall_32+0x6b/0xd0 [ 462.934635][T11030] do_SYSENTER_32+0x73/0x90 [ 462.939242][T11030] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 462.945636][T11030] RIP: 0023:0xf7f05549 [ 462.949744][T11030] Code: Bad RIP value. [ 462.953887][T11030] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 462.962475][T11030] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000c0184900 [ 462.970555][T11030] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 462.978592][T11030] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 462.986634][T11030] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 462.994670][T11030] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 463.002921][T11030] Mem-Info: [ 463.006224][T11030] active_anon:108264 inactive_anon:4873 isolated_anon:0 [ 463.006224][T11030] active_file:2512 inactive_file:16318 isolated_file:0 [ 463.006224][T11030] unevictable:0 dirty:21 writeback:17 [ 463.006224][T11030] slab_reclaimable:6554 slab_unreclaimable:19393 [ 463.006224][T11030] mapped:47979 shmem:5059 pagetables:2206 bounce:0 [ 463.006224][T11030] free:126845 free_pcp:188 free_cma:0 [ 463.043529][T11030] Node 0 active_anon:414896kB inactive_anon:19448kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111788kB dirty:0kB writeback:0kB shmem:20156kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 463.071142][T11030] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 463.100349][T11030] lowmem_reserve[]: 0 896 1124 1124 1124 [ 463.106290][T11030] Node 0 DMA32 free:39772kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:388100kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1464kB bounce:0kB free_pcp:584kB local_pcp:252kB free_cma:0kB [ 463.137918][T11030] lowmem_reserve[]: 0 0 228 228 228 [ 463.143370][T11030] Node 0 Normal free:9816kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26796kB inactive_anon:18576kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:120kB local_pcp:120kB free_cma:0kB [ 463.174995][T11030] lowmem_reserve[]: 0 0 0 0 0 [ 463.179784][T11030] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 463.191928][T11030] Node 0 DMA32: 569*4kB (UME) 399*8kB (UME) 320*16kB (UME) 188*32kB (UME) 114*64kB (UME) 50*128kB (UME) 19*256kB (M) 7*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 39772kB [ 463.209294][T11030] Node 0 Normal: 857*4kB (UME) 269*8kB (M) 115*16kB (UM) 51*32kB (UM) 5*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9756kB [ 463.224854][T11030] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 463.234610][T11030] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 463.244111][T11030] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 463.253850][T11030] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 463.263318][T11030] 23889 total pagecache pages [ 463.268035][T11030] 0 pages in swap cache [ 463.272391][T11030] Swap cache stats: add 0, delete 0, find 0/0 [ 463.278497][T11030] Free swap = 0kB [ 463.282349][T11030] Total swap = 0kB [ 463.286117][T11030] 1965979 pages RAM 11:52:49 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:49 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:49 executing program 3: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) [ 463.289970][T11030] 0 pages HighMem/MovableOnly [ 463.294784][T11030] 1433455 pages reserved [ 463.299109][T11030] 0 pages cma reserved [ 463.303362][T11030] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=11020,uid=0 [ 463.318346][T11030] Out of memory: Killed process 11021 (syz-executor.0) total-vm:93044kB, anon-rss:160kB, file-rss:35748kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 463.337979][ T1904] oom_reaper: reaped process 11021 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 464.121292][T11044] syz-executor.4 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 464.134035][T11044] CPU: 1 PID: 11044 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 464.142787][T11044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 464.152978][T11044] Call Trace: [ 464.156363][T11044] dump_stack+0x21c/0x280 [ 464.160795][T11044] dump_header+0x1c5/0xcf0 [ 464.165326][T11044] oom_kill_process+0x388/0xb00 [ 464.170281][T11044] out_of_memory+0x117f/0x16a0 [ 464.175192][T11044] __alloc_pages_slowpath+0x303a/0x3d10 [ 464.180902][T11044] __alloc_pages_nodemask+0xbb1/0x1030 [ 464.186468][T11044] alloc_pages_current+0x685/0xb50 [ 464.191668][T11044] ion_page_pool_alloc+0x73d/0x8f0 [ 464.196840][T11044] ? __msan_poison_alloca+0xf0/0x120 [ 464.202190][T11044] ? kmsan_get_metadata+0x116/0x180 [ 464.207463][T11044] ion_system_heap_allocate+0x509/0x16b0 [ 464.213192][T11044] ? ion_system_contig_heap_create+0x230/0x230 [ 464.219410][T11044] ion_ioctl+0x8cd/0x2140 [ 464.223840][T11044] ? debug_shrink_set+0x240/0x240 [ 464.228913][T11044] compat_ptr_ioctl+0xe2/0x150 [ 464.233726][T11044] ? __ia32_sys_ioctl+0x70/0x70 [ 464.238662][T11044] __se_compat_sys_ioctl+0x55f/0x1100 [ 464.244109][T11044] ? kmsan_get_metadata+0x116/0x180 [ 464.249368][T11044] __ia32_compat_sys_ioctl+0x4a/0x70 [ 464.254747][T11044] __do_fast_syscall_32+0x2af/0x480 [ 464.260013][T11044] do_fast_syscall_32+0x6b/0xd0 [ 464.264924][T11044] do_SYSENTER_32+0x73/0x90 [ 464.269507][T11044] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 464.275879][T11044] RIP: 0023:0xf7f4a549 [ 464.279968][T11044] Code: Bad RIP value. [ 464.284069][T11044] RSP: 002b:00000000f55440cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 464.292536][T11044] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 464.300554][T11044] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 464.308571][T11044] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 464.316581][T11044] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 464.324589][T11044] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 464.333787][T11044] Mem-Info: [ 464.337115][T11044] active_anon:108364 inactive_anon:4872 isolated_anon:0 [ 464.337115][T11044] active_file:2513 inactive_file:16467 isolated_file:0 [ 464.337115][T11044] unevictable:0 dirty:18 writeback:34 [ 464.337115][T11044] slab_reclaimable:6553 slab_unreclaimable:19394 [ 464.337115][T11044] mapped:48013 shmem:5059 pagetables:2247 bounce:0 [ 464.337115][T11044] free:61087 free_pcp:216 free_cma:0 [ 464.374382][T11044] Node 0 active_anon:414876kB inactive_anon:19448kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111840kB dirty:0kB writeback:4kB shmem:20156kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 464.402564][T11044] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 464.431661][T11044] lowmem_reserve[]: 0 896 1124 1124 1124 [ 464.437394][T11044] Node 0 DMA32 free:39772kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:388080kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1464kB bounce:0kB free_pcp:628kB local_pcp:276kB free_cma:0kB [ 464.469107][T11044] lowmem_reserve[]: 0 0 228 228 228 [ 464.474541][T11044] Node 0 Normal free:9756kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26796kB inactive_anon:18576kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:236kB local_pcp:132kB free_cma:0kB [ 464.506193][T11044] lowmem_reserve[]: 0 0 0 0 0 [ 464.511108][T11044] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 464.523246][T11044] Node 0 DMA32: 569*4kB (UME) 399*8kB (UME) 320*16kB (UME) 188*32kB (UME) 114*64kB (UME) 50*128kB (UME) 19*256kB (M) 7*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 39772kB [ 464.540635][T11044] Node 0 Normal: 857*4kB (UME) 269*8kB (M) 115*16kB (UM) 51*32kB (UM) 5*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9756kB [ 464.556173][T11044] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 464.565931][T11044] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 464.575433][T11044] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 464.585223][T11044] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 464.594685][T11044] 24078 total pagecache pages [ 464.599408][T11044] 0 pages in swap cache [ 464.603754][T11044] Swap cache stats: add 0, delete 0, find 0/0 [ 464.609864][T11044] Free swap = 0kB [ 464.613760][T11044] Total swap = 0kB [ 464.617528][T11044] 1965979 pages RAM [ 464.621503][T11044] 0 pages HighMem/MovableOnly [ 464.626225][T11044] 1433455 pages reserved [ 464.630515][T11044] 0 pages cma reserved [ 464.634823][T11044] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=11028,uid=0 [ 464.649820][T11044] Out of memory: Killed process 11030 (syz-executor.2) total-vm:93044kB, anon-rss:144kB, file-rss:35748kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 464.669399][ T1904] oom_reaper: reaped process 11030 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 464.721518][T11021] syz-executor.0 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 464.734216][T11021] CPU: 1 PID: 11021 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 464.742958][T11021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 464.753065][T11021] Call Trace: [ 464.756455][T11021] dump_stack+0x21c/0x280 [ 464.760890][T11021] dump_header+0x1c5/0xcf0 [ 464.765429][T11021] oom_kill_process+0x388/0xb00 [ 464.770389][T11021] out_of_memory+0x117f/0x16a0 [ 464.775283][T11021] __alloc_pages_slowpath+0x303a/0x3d10 [ 464.780992][T11021] __alloc_pages_nodemask+0xbb1/0x1030 [ 464.786566][T11021] alloc_pages_current+0x685/0xb50 [ 464.791797][T11021] ion_page_pool_alloc+0x73d/0x8f0 [ 464.797014][T11021] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 464.803162][T11021] ? __list_add_valid+0xb8/0x420 [ 464.808202][T11021] ? kmsan_get_metadata+0x116/0x180 [ 464.813517][T11021] ion_system_heap_allocate+0x509/0x16b0 [ 464.819285][T11021] ? ion_system_contig_heap_create+0x230/0x230 [ 464.825530][T11021] ion_ioctl+0x8cd/0x2140 [ 464.830001][T11021] ? debug_shrink_set+0x240/0x240 [ 464.835109][T11021] compat_ptr_ioctl+0xe2/0x150 [ 464.839963][T11021] ? __ia32_sys_ioctl+0x70/0x70 [ 464.844906][T11021] __se_compat_sys_ioctl+0x55f/0x1100 [ 464.850405][T11021] ? kmsan_get_metadata+0x116/0x180 [ 464.855695][T11021] __ia32_compat_sys_ioctl+0x4a/0x70 [ 464.861083][T11021] __do_fast_syscall_32+0x2af/0x480 [ 464.866393][T11021] do_fast_syscall_32+0x6b/0xd0 [ 464.871339][T11021] do_SYSENTER_32+0x73/0x90 [ 464.875947][T11021] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 464.882342][T11021] RIP: 0023:0xf7f62549 [ 464.886448][T11021] Code: Bad RIP value. [ 464.890566][T11021] RSP: 002b:00000000f555c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 464.899060][T11021] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 464.907091][T11021] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 464.915126][T11021] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 464.923165][T11021] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 464.931196][T11021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 464.939742][T11021] Mem-Info: [ 464.943155][T11021] active_anon:108330 inactive_anon:4873 isolated_anon:0 [ 464.943155][T11021] active_file:2513 inactive_file:16554 isolated_file:0 [ 464.943155][T11021] unevictable:0 dirty:16 writeback:38 [ 464.943155][T11021] slab_reclaimable:6557 slab_unreclaimable:19395 [ 464.943155][T11021] mapped:48028 shmem:5059 pagetables:2230 bounce:0 [ 464.943155][T11021] free:126550 free_pcp:217 free_cma:0 [ 464.980495][T11021] Node 0 active_anon:414876kB inactive_anon:19448kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111840kB dirty:0kB writeback:4kB shmem:20156kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 253952kB writeback_tmp:0kB all_unreclaimable? yes [ 465.008009][T11021] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 465.038466][T11021] lowmem_reserve[]: 0 896 1124 1124 1124 [ 465.044353][T11021] Node 0 DMA32 free:39772kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:388080kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:560kB pagetables:1464kB bounce:0kB free_pcp:628kB local_pcp:276kB free_cma:0kB [ 465.076019][T11021] lowmem_reserve[]: 0 0 228 228 228 [ 465.081450][T11021] Node 0 Normal free:9756kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26796kB inactive_anon:18576kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2712kB bounce:0kB free_pcp:240kB local_pcp:136kB free_cma:0kB [ 465.113152][T11021] lowmem_reserve[]: 0 0 0 0 0 [ 465.117931][T11021] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 465.130066][T11021] Node 0 DMA32: 569*4kB (UME) 399*8kB (UME) 320*16kB (UME) 188*32kB (UME) 114*64kB (UME) 50*128kB (UME) 19*256kB (M) 7*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 39772kB [ 465.147458][T11021] Node 0 Normal: 857*4kB (UME) 269*8kB (M) 115*16kB (UM) 51*32kB (UM) 5*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9756kB [ 465.163009][T11021] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 465.172802][T11021] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 465.182295][T11021] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 465.192020][T11021] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 465.201491][T11021] 24180 total pagecache pages [ 465.206210][T11021] 0 pages in swap cache [ 465.210424][T11021] Swap cache stats: add 0, delete 0, find 0/0 [ 465.216668][T11021] Free swap = 0kB [ 465.220437][T11021] Total swap = 0kB [ 465.224342][T11021] 1965979 pages RAM [ 465.228189][T11021] 0 pages HighMem/MovableOnly [ 465.233052][T11021] 1433455 pages reserved [ 465.237331][T11021] 0 pages cma reserved [ 465.241591][T11021] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=11036,uid=0 [ 465.256537][T11021] Out of memory: Killed process 11037 (syz-executor.1) total-vm:93044kB, anon-rss:152kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:52:51 executing program 3: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) [ 465.275323][ T1904] oom_reaper: reaped process 11037 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 11:52:52 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:52 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:52 executing program 3: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) 11:52:52 executing program 3: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) 11:52:53 executing program 0: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:53 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:53 executing program 3: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) 11:52:53 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:54 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:54 executing program 3: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) 11:52:54 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:54 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:54 executing program 3: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) [ 468.403713][T11088] warn_alloc: 9 callbacks suppressed [ 468.403787][T11088] syz-executor.2: page allocation failure: order:4, mode:0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0,cpuset=/,mems_allowed=0-1 [ 468.424110][T11088] CPU: 0 PID: 11088 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 468.432848][T11088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 468.442958][T11088] Call Trace: [ 468.446353][T11088] dump_stack+0x21c/0x280 [ 468.450797][T11088] warn_alloc+0x4cc/0x680 [ 468.455272][T11088] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 468.461202][T11088] __alloc_pages_slowpath+0x3cb6/0x3d10 [ 468.466857][T11088] ? kmsan_get_metadata+0x116/0x180 [ 468.472174][T11088] ? kmsan_get_metadata+0x116/0x180 [ 468.477487][T11088] __alloc_pages_nodemask+0xbb1/0x1030 [ 468.483071][T11088] alloc_pages_current+0x685/0xb50 [ 468.488422][T11088] ion_page_pool_alloc+0x73d/0x8f0 [ 468.493777][T11088] ? __msan_poison_alloca+0xf0/0x120 [ 468.499168][T11088] ? kmsan_get_metadata+0x116/0x180 [ 468.504460][T11088] ion_system_heap_allocate+0x5a2/0x16b0 [ 468.510187][T11088] ? ion_system_contig_heap_create+0x230/0x230 [ 468.516408][T11088] ion_ioctl+0x8cd/0x2140 [ 468.520962][T11088] ? debug_shrink_set+0x240/0x240 [ 468.526051][T11088] compat_ptr_ioctl+0xe2/0x150 [ 468.530889][T11088] ? __ia32_sys_ioctl+0x70/0x70 [ 468.535807][T11088] __se_compat_sys_ioctl+0x55f/0x1100 [ 468.541264][T11088] ? kmsan_get_metadata+0x116/0x180 [ 468.546617][T11088] __ia32_compat_sys_ioctl+0x4a/0x70 [ 468.551974][T11088] __do_fast_syscall_32+0x2af/0x480 [ 468.557245][T11088] do_fast_syscall_32+0x6b/0xd0 [ 468.562167][T11088] do_SYSENTER_32+0x73/0x90 [ 468.566755][T11088] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 468.573123][T11088] RIP: 0023:0xf7f05549 [ 468.577210][T11088] Code: Bad RIP value. [ 468.581310][T11088] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 468.589779][T11088] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 468.597791][T11088] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 468.605800][T11088] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 468.613809][T11088] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 468.621818][T11088] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 468.630749][T11088] Mem-Info: [ 468.634054][T11088] active_anon:109543 inactive_anon:4873 isolated_anon:0 [ 468.634054][T11088] active_file:2561 inactive_file:16907 isolated_file:0 [ 468.634054][T11088] unevictable:0 dirty:11 writeback:0 [ 468.634054][T11088] slab_reclaimable:6559 slab_unreclaimable:19380 [ 468.634054][T11088] mapped:48039 shmem:5059 pagetables:2362 bounce:0 [ 468.634054][T11088] free:125914 free_pcp:265 free_cma:0 [ 468.671338][T11088] Node 0 active_anon:419236kB inactive_anon:19456kB active_file:0kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111884kB dirty:4kB writeback:0kB shmem:20164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 260096kB writeback_tmp:0kB all_unreclaimable? yes [ 468.699005][T11088] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 468.728071][T11088] lowmem_reserve[]: 0 896 1124 1124 1124 [ 468.733957][T11088] Node 0 DMA32 free:39672kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:392732kB inactive_anon:880kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:608kB pagetables:1488kB bounce:0kB free_pcp:944kB local_pcp:612kB free_cma:0kB [ 468.765572][T11088] lowmem_reserve[]: 0 0 228 228 228 [ 468.771034][T11088] Node 0 Normal free:9896kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26504kB inactive_anon:18576kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2804kB bounce:0kB free_pcp:116kB local_pcp:116kB free_cma:0kB [ 468.802630][T11088] lowmem_reserve[]: 0 0 0 0 0 [ 468.807410][T11088] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 468.819505][T11088] Node 0 DMA32: 492*4kB (UME) 403*8kB (UME) 327*16kB (UME) 196*32kB (UME) 123*64kB (UME) 52*128kB (UME) 19*256kB (UM) 7*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39672kB [ 468.836666][T11088] Node 0 Normal: 864*4kB (UME) 287*8kB (M) 117*16kB (M) 41*32kB (UM) 7*64kB (UM) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9896kB 11:52:55 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 468.851877][T11088] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 468.861603][T11088] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 468.871057][T11088] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 468.880805][T11088] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 468.890134][T11088] 24531 total pagecache pages [ 468.894978][T11088] 0 pages in swap cache [ 468.899197][T11088] Swap cache stats: add 0, delete 0, find 0/0 [ 468.905425][T11088] Free swap = 0kB [ 468.909187][T11088] Total swap = 0kB [ 468.913060][T11088] 1965979 pages RAM [ 468.916945][T11088] 0 pages HighMem/MovableOnly [ 468.921780][T11088] 1433455 pages reserved [ 468.926061][T11088] 0 pages cma reserved 11:52:55 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) [ 469.227503][ T1904] oom_reaper: reaped process 11065 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 11:52:56 executing program 0: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:56 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:56 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:56 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:56 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) [ 470.331781][T11103] syz-executor.0 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 470.344493][T11103] CPU: 0 PID: 11103 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 470.353243][T11103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 470.363362][T11103] Call Trace: [ 470.366766][T11103] dump_stack+0x21c/0x280 [ 470.371202][T11103] dump_header+0x1c5/0xcf0 [ 470.375735][T11103] oom_kill_process+0x388/0xb00 [ 470.380696][T11103] out_of_memory+0x117f/0x16a0 [ 470.385681][T11103] __alloc_pages_slowpath+0x303a/0x3d10 [ 470.391391][T11103] __alloc_pages_nodemask+0xbb1/0x1030 [ 470.396973][T11103] alloc_pages_current+0x685/0xb50 [ 470.402214][T11103] ion_page_pool_alloc+0x73d/0x8f0 [ 470.407435][T11103] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 470.413598][T11103] ? __list_add_valid+0xb8/0x420 [ 470.418633][T11103] ? kmsan_get_metadata+0x116/0x180 [ 470.423962][T11103] ion_system_heap_allocate+0x509/0x16b0 [ 470.429736][T11103] ? ion_system_contig_heap_create+0x230/0x230 [ 470.436002][T11103] ion_ioctl+0x8cd/0x2140 [ 470.440471][T11103] ? debug_shrink_set+0x240/0x240 [ 470.445586][T11103] compat_ptr_ioctl+0xe2/0x150 [ 470.450450][T11103] ? __ia32_sys_ioctl+0x70/0x70 [ 470.455393][T11103] __se_compat_sys_ioctl+0x55f/0x1100 [ 470.460914][T11103] ? kmsan_get_metadata+0x116/0x180 [ 470.466215][T11103] __ia32_compat_sys_ioctl+0x4a/0x70 [ 470.471619][T11103] __do_fast_syscall_32+0x2af/0x480 [ 470.476941][T11103] do_fast_syscall_32+0x6b/0xd0 [ 470.481897][T11103] do_SYSENTER_32+0x73/0x90 [ 470.486515][T11103] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 470.492909][T11103] RIP: 0023:0xf7f62549 [ 470.497028][T11103] Code: Bad RIP value. [ 470.501546][T11103] RSP: 002b:00000000f555c0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 470.510053][T11103] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 470.518101][T11103] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 470.526147][T11103] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 470.534195][T11103] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 470.542234][T11103] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 470.550492][T11103] Mem-Info: [ 470.553785][T11103] active_anon:109599 inactive_anon:4873 isolated_anon:0 [ 470.553785][T11103] active_file:2588 inactive_file:17040 isolated_file:0 [ 470.553785][T11103] unevictable:0 dirty:0 writeback:15 [ 470.553785][T11103] slab_reclaimable:6559 slab_unreclaimable:19363 [ 470.553785][T11103] mapped:48063 shmem:5059 pagetables:2407 bounce:0 [ 470.553785][T11103] free:60048 free_pcp:0 free_cma:0 [ 470.590740][T11103] Node 0 active_anon:419304kB inactive_anon:19452kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111920kB dirty:0kB writeback:8kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 260096kB writeback_tmp:0kB all_unreclaimable? no [ 470.618254][T11103] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 470.647833][T11103] lowmem_reserve[]: 0 896 1124 1124 1124 [ 470.653689][T11103] Node 0 DMA32 free:39412kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:392800kB inactive_anon:876kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:672kB pagetables:1684kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 470.684949][T11103] lowmem_reserve[]: 0 0 228 228 228 [ 470.690487][T11103] Node 0 Normal free:9652kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26504kB inactive_anon:18576kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2804kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 470.721918][T11103] lowmem_reserve[]: 0 0 0 0 0 [ 470.726711][T11103] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 470.738828][T11103] Node 0 DMA32: 565*4kB (UME) 420*8kB (UME) 337*16kB (UME) 202*32kB (UME) 119*64kB (UME) 50*128kB (UME) 19*256kB (UM) 6*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 39428kB [ 470.755919][T11103] Node 0 Normal: 869*4kB (UME) 290*8kB (UM) 121*16kB (UM) 52*32kB (UM) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9652kB [ 470.770901][T11103] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 470.780648][T11103] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 470.790016][T11103] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 470.799828][T11103] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 470.809318][T11103] 24721 total pagecache pages [ 470.814170][T11103] 0 pages in swap cache [ 470.818384][T11103] Swap cache stats: add 0, delete 0, find 0/0 [ 470.824611][T11103] Free swap = 0kB [ 470.828382][T11103] Total swap = 0kB [ 470.832285][T11103] 1965979 pages RAM [ 470.836140][T11103] 0 pages HighMem/MovableOnly [ 470.841004][T11103] 1433455 pages reserved [ 470.845295][T11103] 0 pages cma reserved [ 470.849427][T11103] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=11049,uid=0 [ 470.864418][T11103] Out of memory: Killed process 11049 (syz-executor.3) total-vm:93044kB, anon-rss:2192kB, file-rss:35680kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:52:57 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) [ 470.884616][ T1904] oom_reaper: reaped process 11049 (syz-executor.3), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 11:52:57 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:57 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:58 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:58 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:52:58 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) [ 472.331945][T11127] syz-executor.1 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 472.344762][T11127] CPU: 1 PID: 11127 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 472.353505][T11127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 472.363618][T11127] Call Trace: [ 472.367020][T11127] dump_stack+0x21c/0x280 [ 472.371454][T11127] dump_header+0x1c5/0xcf0 [ 472.375984][T11127] oom_kill_process+0x388/0xb00 [ 472.380945][T11127] out_of_memory+0x117f/0x16a0 [ 472.385838][T11127] __alloc_pages_slowpath+0x303a/0x3d10 [ 472.391529][T11127] __alloc_pages_nodemask+0xbb1/0x1030 [ 472.397077][T11127] alloc_pages_current+0x685/0xb50 [ 472.402279][T11127] ion_page_pool_alloc+0x73d/0x8f0 [ 472.407453][T11127] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 472.413574][T11127] ? __list_add_valid+0xb8/0x420 [ 472.418569][T11127] ? kmsan_get_metadata+0x116/0x180 [ 472.423857][T11127] ion_system_heap_allocate+0x509/0x16b0 [ 472.430278][T11127] ? ion_system_contig_heap_create+0x230/0x230 [ 472.436498][T11127] ion_ioctl+0x8cd/0x2140 [ 472.440945][T11127] ? debug_shrink_set+0x240/0x240 [ 472.446107][T11127] compat_ptr_ioctl+0xe2/0x150 [ 472.450931][T11127] ? __ia32_sys_ioctl+0x70/0x70 [ 472.455838][T11127] __se_compat_sys_ioctl+0x55f/0x1100 [ 472.461283][T11127] ? kmsan_get_metadata+0x116/0x180 [ 472.466536][T11127] __ia32_compat_sys_ioctl+0x4a/0x70 [ 472.471930][T11127] __do_fast_syscall_32+0x2af/0x480 [ 472.477665][T11127] do_fast_syscall_32+0x6b/0xd0 [ 472.482594][T11127] do_SYSENTER_32+0x73/0x90 [ 472.487262][T11127] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 472.493632][T11127] RIP: 0023:0xf7f85549 [ 472.497733][T11127] Code: Bad RIP value. [ 472.502225][T11127] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 472.510693][T11127] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 472.518704][T11127] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 472.526888][T11127] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 472.534902][T11127] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 472.542913][T11127] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 472.551568][T11127] Mem-Info: [ 472.554878][T11127] active_anon:109089 inactive_anon:4873 isolated_anon:0 [ 472.554878][T11127] active_file:2594 inactive_file:17212 isolated_file:0 [ 472.554878][T11127] unevictable:0 dirty:7 writeback:0 [ 472.554878][T11127] slab_reclaimable:6559 slab_unreclaimable:19367 [ 472.554878][T11127] mapped:48210 shmem:5059 pagetables:2390 bounce:0 [ 472.554878][T11127] free:125706 free_pcp:76 free_cma:0 [ 472.591959][T11127] Node 0 active_anon:417452kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111944kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 260096kB writeback_tmp:0kB all_unreclaimable? no [ 472.619265][T11127] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 472.648376][T11127] lowmem_reserve[]: 0 896 1124 1124 1124 [ 472.654267][T11127] Node 0 DMA32 free:41632kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:391444kB inactive_anon:876kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:688kB pagetables:1852kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 472.685708][T11127] lowmem_reserve[]: 0 0 228 228 228 [ 472.691237][T11127] Node 0 Normal free:9672kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26008kB inactive_anon:18576kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2804kB bounce:0kB free_pcp:56kB local_pcp:0kB free_cma:0kB [ 472.722719][T11127] lowmem_reserve[]: 0 0 0 0 0 [ 472.727506][T11127] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 472.739627][T11127] Node 0 DMA32: 568*4kB (UME) 430*8kB (UME) 338*16kB (UME) 202*32kB (UME) 122*64kB (UME) 51*128kB (ME) 18*256kB (M) 6*512kB (M) 2*1024kB (U) 0*2048kB 0*4096kB = 41648kB [ 472.756983][T11127] Node 0 Normal: 894*4kB (UME) 302*8kB (UM) 111*16kB (UM) 53*32kB (UM) 7*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9912kB [ 472.771850][T11127] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 472.781595][T11127] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 472.791069][T11127] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 472.800797][T11127] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 472.810121][T11127] 24865 total pagecache pages [ 472.814988][T11127] 0 pages in swap cache [ 472.819199][T11127] Swap cache stats: add 0, delete 0, find 0/0 [ 472.825439][T11127] Free swap = 0kB [ 472.829230][T11127] Total swap = 0kB [ 472.833140][T11127] 1965979 pages RAM [ 472.837018][T11127] 0 pages HighMem/MovableOnly [ 472.841871][T11127] 1433455 pages reserved [ 472.846152][T11127] 0 pages cma reserved [ 472.850277][T11127] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=11102,uid=0 [ 472.865270][T11127] Out of memory: Killed process 11103 (syz-executor.0) total-vm:93044kB, anon-rss:2204kB, file-rss:35748kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:52:59 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 472.884226][ T1904] oom_reaper: reaped process 11103 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 473.299515][T11135] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 473.312673][T11135] CPU: 1 PID: 11135 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 473.321409][T11135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.331500][T11135] Call Trace: [ 473.334862][T11135] dump_stack+0x21c/0x280 [ 473.339280][T11135] dump_header+0x1c5/0xcf0 [ 473.343788][T11135] oom_kill_process+0x388/0xb00 [ 473.348718][T11135] out_of_memory+0x117f/0x16a0 [ 473.353597][T11135] __alloc_pages_slowpath+0x303a/0x3d10 [ 473.359274][T11135] __alloc_pages_nodemask+0xbb1/0x1030 [ 473.364825][T11135] alloc_pages_current+0x685/0xb50 [ 473.370035][T11135] ion_page_pool_alloc+0x73d/0x8f0 [ 473.375214][T11135] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 473.381342][T11135] ? __list_add_valid+0xb8/0x420 [ 473.386344][T11135] ? kmsan_get_metadata+0x116/0x180 [ 473.391622][T11135] ion_system_heap_allocate+0x509/0x16b0 [ 473.397346][T11135] ? ion_system_contig_heap_create+0x230/0x230 [ 473.403562][T11135] ion_ioctl+0x8cd/0x2140 [ 473.407988][T11135] ? debug_shrink_set+0x240/0x240 [ 473.413065][T11135] compat_ptr_ioctl+0xe2/0x150 [ 473.417887][T11135] ? __ia32_sys_ioctl+0x70/0x70 [ 473.422789][T11135] __se_compat_sys_ioctl+0x55f/0x1100 [ 473.428240][T11135] ? kmsan_get_metadata+0x116/0x180 [ 473.433506][T11135] __ia32_compat_sys_ioctl+0x4a/0x70 [ 473.438855][T11135] __do_fast_syscall_32+0x2af/0x480 [ 473.444136][T11135] do_fast_syscall_32+0x6b/0xd0 [ 473.449047][T11135] do_SYSENTER_32+0x73/0x90 [ 473.453618][T11135] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 473.459980][T11135] RIP: 0023:0xf7f05549 [ 473.464062][T11135] Code: Bad RIP value. [ 473.468155][T11135] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 473.476628][T11135] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 473.484639][T11135] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 473.492648][T11135] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 473.500654][T11135] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 473.508673][T11135] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 473.516901][T11135] Mem-Info: [ 473.520207][T11135] active_anon:108539 inactive_anon:4873 isolated_anon:0 [ 473.520207][T11135] active_file:2595 inactive_file:17413 isolated_file:0 [ 473.520207][T11135] unevictable:0 dirty:0 writeback:0 [ 473.520207][T11135] slab_reclaimable:6561 slab_unreclaimable:19368 [ 473.520207][T11135] mapped:51406 shmem:5059 pagetables:2395 bounce:0 [ 473.520207][T11135] free:121997 free_pcp:334 free_cma:0 [ 473.557356][T11135] Node 0 active_anon:415244kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111972kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 258048kB writeback_tmp:0kB all_unreclaimable? yes [ 473.584815][T11135] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 473.613912][T11135] lowmem_reserve[]: 0 896 1124 1124 1124 [ 473.619734][T11135] Node 0 DMA32 free:39712kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:389236kB inactive_anon:876kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:640kB pagetables:1808kB bounce:0kB free_pcp:980kB local_pcp:324kB free_cma:0kB [ 473.651362][T11135] lowmem_reserve[]: 0 0 228 228 228 [ 473.656660][T11135] Node 0 Normal free:9852kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26008kB inactive_anon:18576kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2804kB bounce:0kB free_pcp:356kB local_pcp:56kB free_cma:0kB [ 473.688186][T11135] lowmem_reserve[]: 0 0 0 0 0 [ 473.693100][T11135] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 473.705224][T11135] Node 0 DMA32: 568*4kB (UME) 430*8kB (UME) 338*16kB (UME) 202*32kB (UME) 122*64kB (UME) 52*128kB (UME) 18*256kB (M) 6*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 39728kB [ 473.722297][T11135] Node 0 Normal: 889*4kB (UME) 299*8kB (UM) 110*16kB (UM) 53*32kB (UM) 7*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9852kB [ 473.737212][T11135] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 473.746966][T11135] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 473.756470][T11135] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 473.766217][T11135] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 473.775678][T11135] 25067 total pagecache pages [ 473.780520][T11135] 0 pages in swap cache [ 473.784743][T11135] Swap cache stats: add 0, delete 0, find 0/0 [ 473.790970][T11135] Free swap = 0kB [ 473.794727][T11135] Total swap = 0kB [ 473.798491][T11135] 1965979 pages RAM [ 473.802466][T11135] 0 pages HighMem/MovableOnly [ 473.807185][T11135] 1433455 pages reserved [ 473.811596][T11135] 0 pages cma reserved [ 473.815719][T11135] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=11125,uid=0 [ 473.830651][T11135] Out of memory: Killed process 11127 (syz-executor.1) total-vm:93044kB, anon-rss:152kB, file-rss:35748kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 473.849349][ T1904] oom_reaper: reaped process 11127 (syz-executor.1), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 473.896601][T11127] syz-executor.1 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 473.909463][T11127] CPU: 1 PID: 11127 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 473.918195][T11127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 473.928279][T11127] Call Trace: [ 473.931639][T11127] dump_stack+0x21c/0x280 [ 473.936036][T11127] dump_header+0x1c5/0xcf0 [ 473.940526][T11127] oom_kill_process+0x388/0xb00 [ 473.945464][T11127] out_of_memory+0x117f/0x16a0 [ 473.950324][T11127] __alloc_pages_slowpath+0x303a/0x3d10 [ 473.955983][T11127] __alloc_pages_nodemask+0xbb1/0x1030 [ 473.961524][T11127] alloc_pages_current+0x685/0xb50 [ 473.966719][T11127] ion_page_pool_alloc+0x73d/0x8f0 [ 473.971894][T11127] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 473.978012][T11127] ? __list_add_valid+0xb8/0x420 [ 473.983006][T11127] ? kmsan_get_metadata+0x116/0x180 [ 473.988281][T11127] ion_system_heap_allocate+0x509/0x16b0 [ 473.993999][T11127] ? ion_system_contig_heap_create+0x230/0x230 [ 474.000214][T11127] ion_ioctl+0x8cd/0x2140 [ 474.004641][T11127] ? debug_shrink_set+0x240/0x240 [ 474.009714][T11127] compat_ptr_ioctl+0xe2/0x150 [ 474.014532][T11127] ? __ia32_sys_ioctl+0x70/0x70 [ 474.019429][T11127] __se_compat_sys_ioctl+0x55f/0x1100 [ 474.024875][T11127] ? kmsan_get_metadata+0x116/0x180 [ 474.030127][T11127] __ia32_compat_sys_ioctl+0x4a/0x70 [ 474.035481][T11127] __do_fast_syscall_32+0x2af/0x480 [ 474.040752][T11127] do_fast_syscall_32+0x6b/0xd0 [ 474.045663][T11127] do_SYSENTER_32+0x73/0x90 [ 474.050242][T11127] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 474.056611][T11127] RIP: 0023:0xf7f85549 [ 474.060695][T11127] Code: Bad RIP value. [ 474.064798][T11127] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 474.073276][T11127] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 474.081293][T11127] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 474.089299][T11127] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 474.097307][T11127] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 474.105315][T11127] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 474.114520][T11127] Mem-Info: [ 474.117822][T11127] active_anon:108522 inactive_anon:4873 isolated_anon:0 [ 474.117822][T11127] active_file:2595 inactive_file:17413 isolated_file:0 [ 474.117822][T11127] unevictable:0 dirty:0 writeback:0 [ 474.117822][T11127] slab_reclaimable:6561 slab_unreclaimable:19368 [ 474.117822][T11127] mapped:51916 shmem:5059 pagetables:2370 bounce:0 [ 474.117822][T11127] free:121930 free_pcp:385 free_cma:0 [ 474.155011][T11127] Node 0 active_anon:415176kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:111972kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 258048kB writeback_tmp:0kB all_unreclaimable? yes [ 474.182438][T11127] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 474.211529][T11127] lowmem_reserve[]: 0 896 1124 1124 1124 [ 474.217264][T11127] Node 0 DMA32 free:39712kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:389168kB inactive_anon:876kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:640kB pagetables:1708kB bounce:0kB free_pcp:1184kB local_pcp:324kB free_cma:0kB [ 474.248988][T11127] lowmem_reserve[]: 0 0 228 228 228 [ 474.254442][T11127] Node 0 Normal free:9852kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26008kB inactive_anon:18576kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3504kB pagetables:2804kB bounce:0kB free_pcp:356kB local_pcp:56kB free_cma:0kB [ 474.285984][T11127] lowmem_reserve[]: 0 0 0 0 0 [ 474.290913][T11127] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 474.303059][T11127] Node 0 DMA32: 568*4kB (UME) 430*8kB (UME) 338*16kB (UME) 203*32kB (UME) 122*64kB (UME) 52*128kB (UME) 18*256kB (M) 6*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 39760kB [ 474.320085][T11127] Node 0 Normal: 889*4kB (UME) 299*8kB (UM) 110*16kB (UM) 53*32kB (UM) 7*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9852kB [ 474.334997][T11127] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 474.344772][T11127] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 474.354279][T11127] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 474.364037][T11127] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 474.373494][T11127] 25078 total pagecache pages [ 474.378217][T11127] 0 pages in swap cache [ 474.382560][T11127] Swap cache stats: add 0, delete 0, find 0/0 [ 474.388684][T11127] Free swap = 0kB [ 474.392565][T11127] Total swap = 0kB [ 474.396323][T11127] 1965979 pages RAM [ 474.400177][T11127] 0 pages HighMem/MovableOnly [ 474.405021][T11127] 1433455 pages reserved [ 474.409298][T11127] 0 pages cma reserved [ 474.413572][T11127] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=11080,uid=0 [ 474.428585][T11127] Out of memory: Killed process 11080 (syz-executor.2) total-vm:93176kB, anon-rss:148kB, file-rss:35740kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 474.447525][ T1904] oom_reaper: reaped process 11080 (syz-executor.2), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 11:53:01 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:01 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:01 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:01 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) [ 475.476005][T11149] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 475.488829][T11149] CPU: 0 PID: 11149 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 475.497568][T11149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 475.507680][T11149] Call Trace: [ 475.511149][T11149] dump_stack+0x21c/0x280 [ 475.515613][T11149] dump_header+0x1c5/0xcf0 [ 475.520248][T11149] oom_kill_process+0x388/0xb00 [ 475.525214][T11149] out_of_memory+0x117f/0x16a0 [ 475.530105][T11149] __alloc_pages_slowpath+0x303a/0x3d10 [ 475.535816][T11149] __alloc_pages_nodemask+0xbb1/0x1030 [ 475.541403][T11149] alloc_pages_current+0x685/0xb50 [ 475.546642][T11149] ion_page_pool_alloc+0x73d/0x8f0 [ 475.551849][T11149] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 475.558017][T11149] ? __list_add_valid+0xb8/0x420 [ 475.563047][T11149] ? kmsan_get_metadata+0x116/0x180 [ 475.568369][T11149] ion_system_heap_allocate+0x509/0x16b0 [ 475.574224][T11149] ? ion_system_contig_heap_create+0x230/0x230 [ 475.580483][T11149] ion_ioctl+0x8cd/0x2140 [ 475.584953][T11149] ? debug_shrink_set+0x240/0x240 [ 475.590060][T11149] compat_ptr_ioctl+0xe2/0x150 [ 475.594911][T11149] ? __ia32_sys_ioctl+0x70/0x70 [ 475.599844][T11149] __se_compat_sys_ioctl+0x55f/0x1100 [ 475.605326][T11149] ? kmsan_get_metadata+0x116/0x180 [ 475.610617][T11149] __ia32_compat_sys_ioctl+0x4a/0x70 [ 475.616003][T11149] __do_fast_syscall_32+0x2af/0x480 [ 475.621311][T11149] do_fast_syscall_32+0x6b/0xd0 [ 475.626263][T11149] do_SYSENTER_32+0x73/0x90 [ 475.630870][T11149] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 475.637266][T11149] RIP: 0023:0xf7f05549 [ 475.641372][T11149] Code: Bad RIP value. [ 475.645491][T11149] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 475.653993][T11149] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 475.662034][T11149] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 475.670069][T11149] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 475.678103][T11149] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 475.686162][T11149] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 475.695330][T11149] Mem-Info: [ 475.698640][T11149] active_anon:109579 inactive_anon:4873 isolated_anon:0 [ 475.698640][T11149] active_file:2595 inactive_file:17424 isolated_file:0 [ 475.698640][T11149] unevictable:0 dirty:0 writeback:5 [ 475.698640][T11149] slab_reclaimable:6563 slab_unreclaimable:19367 [ 475.698640][T11149] mapped:57089 shmem:5059 pagetables:2483 bounce:0 [ 475.698640][T11149] free:75665 free_pcp:76 free_cma:0 [ 475.735672][T11149] Node 0 active_anon:419456kB inactive_anon:19452kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:117868kB dirty:0kB writeback:4kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 260096kB writeback_tmp:0kB all_unreclaimable? no [ 475.762974][T11149] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 475.792026][T11149] lowmem_reserve[]: 0 896 1124 1124 1124 [ 475.797742][T11149] Node 0 DMA32 free:39744kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:393368kB inactive_anon:876kB active_file:0kB inactive_file:80kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:640kB pagetables:1796kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 475.829449][T11149] lowmem_reserve[]: 0 0 228 228 228 [ 475.834865][T11149] Node 0 Normal free:9400kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26092kB inactive_anon:18576kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:3060kB bounce:0kB free_pcp:60kB local_pcp:56kB free_cma:0kB [ 475.866303][T11149] lowmem_reserve[]: 0 0 0 0 0 11:53:02 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) [ 475.871247][T11149] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 475.883352][T11149] Node 0 DMA32: 547*4kB (UME) 408*8kB (UME) 326*16kB (ME) 203*32kB (UME) 120*64kB (UME) 52*128kB (UME) 19*256kB (UM) 6*512kB (UM) 18*1024kB (U) 22*2048kB (U) 7*4096kB (U) = 131596kB [ 475.901716][T11149] Node 0 Normal: 875*4kB (ME) 304*8kB (M) 121*16kB (UM) 37*32kB (UM) 9*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9628kB [ 475.916517][T11149] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 475.926248][T11149] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 475.935707][T11149] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 475.945428][T11149] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 475.954887][T11149] 25083 total pagecache pages [ 475.959606][T11149] 0 pages in swap cache [ 475.963925][T11149] Swap cache stats: add 0, delete 0, find 0/0 [ 475.970343][T11149] Free swap = 0kB [ 475.974113][T11149] Total swap = 0kB [ 475.977877][T11149] 1965979 pages RAM [ 475.981829][T11149] 0 pages HighMem/MovableOnly [ 475.986537][T11149] 1433455 pages reserved [ 475.990914][T11149] 0 pages cma reserved [ 475.995039][T11149] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=11143,uid=0 [ 476.009967][T11149] Out of memory: Killed process 11144 (syz-executor.4) total-vm:93044kB, anon-rss:2188kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 476.053050][ T1904] oom_reaper: reaped process 11144 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 11:53:03 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:03 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:03 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 476.644050][T11139] IPVS: ftp: loaded support on port[0] = 21 11:53:03 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) [ 477.229604][T11195] syz-executor.4 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 477.242524][T11195] CPU: 1 PID: 11195 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 477.251259][T11195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 477.261363][T11195] Call Trace: [ 477.264835][T11195] dump_stack+0x21c/0x280 [ 477.269258][T11195] dump_header+0x1c5/0xcf0 [ 477.273795][T11195] oom_kill_process+0x388/0xb00 [ 477.278747][T11195] out_of_memory+0x117f/0x16a0 [ 477.283629][T11195] __alloc_pages_slowpath+0x303a/0x3d10 [ 477.289334][T11195] __alloc_pages_nodemask+0xbb1/0x1030 [ 477.294891][T11195] alloc_pages_current+0x685/0xb50 [ 477.300097][T11195] ion_page_pool_alloc+0x73d/0x8f0 [ 477.305290][T11195] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 477.311404][T11195] ? __list_add_valid+0xb8/0x420 [ 477.316402][T11195] ? kmsan_get_metadata+0x116/0x180 [ 477.321686][T11195] ion_system_heap_allocate+0x509/0x16b0 [ 477.327401][T11195] ? ion_system_contig_heap_create+0x230/0x230 [ 477.333613][T11195] ion_ioctl+0x8cd/0x2140 [ 477.338155][T11195] ? debug_shrink_set+0x240/0x240 [ 477.343237][T11195] compat_ptr_ioctl+0xe2/0x150 [ 477.348083][T11195] ? __ia32_sys_ioctl+0x70/0x70 [ 477.353004][T11195] __se_compat_sys_ioctl+0x55f/0x1100 [ 477.358454][T11195] ? kmsan_get_metadata+0x116/0x180 [ 477.363706][T11195] __ia32_compat_sys_ioctl+0x4a/0x70 [ 477.369062][T11195] __do_fast_syscall_32+0x2af/0x480 [ 477.374327][T11195] do_fast_syscall_32+0x6b/0xd0 [ 477.379242][T11195] do_SYSENTER_32+0x73/0x90 [ 477.383820][T11195] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 477.390180][T11195] RIP: 0023:0xf7f4a549 [ 477.394263][T11195] Code: Bad RIP value. [ 477.398363][T11195] RSP: 002b:00000000f55440cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 477.406832][T11195] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 477.414845][T11195] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 477.422867][T11195] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 477.430874][T11195] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 477.438890][T11195] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 477.447778][T11195] Mem-Info: [ 477.451205][T11195] active_anon:109122 inactive_anon:4873 isolated_anon:0 [ 477.451205][T11195] active_file:2613 inactive_file:17413 isolated_file:0 [ 477.451205][T11195] unevictable:0 dirty:17 writeback:0 [ 477.451205][T11195] slab_reclaimable:6563 slab_unreclaimable:19490 [ 477.451205][T11195] mapped:57130 shmem:5059 pagetables:2527 bounce:0 [ 477.451205][T11195] free:117734 free_pcp:304 free_cma:0 [ 477.488684][T11195] Node 0 active_anon:417360kB inactive_anon:19460kB active_file:4kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:117876kB dirty:12kB writeback:0kB shmem:20168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 260096kB writeback_tmp:0kB all_unreclaimable? yes [ 477.516615][T11195] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 477.545845][T11195] lowmem_reserve[]: 0 896 1124 1124 1124 [ 477.551722][T11195] Node 0 DMA32 free:39780kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:391280kB inactive_anon:884kB active_file:0kB inactive_file:24kB unevictable:0kB writepending:8kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:608kB pagetables:1648kB bounce:0kB free_pcp:1016kB local_pcp:500kB free_cma:0kB [ 477.583604][T11195] lowmem_reserve[]: 0 0 228 228 228 [ 477.588910][T11195] Node 0 Normal free:9772kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26080kB inactive_anon:18576kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2928kB bounce:0kB free_pcp:32kB local_pcp:32kB free_cma:0kB [ 477.620453][T11195] lowmem_reserve[]: 0 0 0 0 0 [ 477.625237][T11195] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 477.637349][T11195] Node 0 DMA32: 505*4kB (UME) 419*8kB (UME) 335*16kB (UME) 196*32kB (UME) 120*64kB (UME) 50*128kB (UME) 18*256kB (UM) 5*512kB (M) 0*1024kB 1*2048kB (M) 0*4096kB = 40300kB [ 477.654784][T11195] Node 0 Normal: 879*4kB (UME) 307*8kB (UM) 121*16kB (UM) 39*32kB (UM) 8*64kB (M) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9796kB [ 477.670035][T11195] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 477.680090][T11195] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 477.689517][T11195] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 477.699248][T11195] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 477.708709][T11195] 25093 total pagecache pages [ 477.713564][T11195] 0 pages in swap cache [ 477.717772][T11195] Swap cache stats: add 0, delete 0, find 0/0 [ 477.724352][T11195] Free swap = 0kB [ 477.728122][T11195] Total swap = 0kB [ 477.732000][T11195] 1965979 pages RAM [ 477.735848][T11195] 0 pages HighMem/MovableOnly [ 477.740649][T11195] 1433455 pages reserved [ 477.744926][T11195] 0 pages cma reserved [ 477.749046][T11195] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=11148,uid=0 [ 477.763972][T11195] Out of memory: Killed process 11149 (syz-executor.2) total-vm:93044kB, anon-rss:2188kB, file-rss:35752kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 477.803531][ T1904] oom_reaper: reaped process 11149 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 478.031374][T11139] chnl_net:caif_netlink_parms(): no params data found [ 478.233506][ T8717] Bluetooth: hci5: command 0x0409 tx timeout [ 478.434878][T11139] bridge0: port 1(bridge_slave_0) entered blocking state [ 478.442550][T11139] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.452454][T11139] device bridge_slave_0 entered promiscuous mode [ 478.487748][T11139] bridge0: port 2(bridge_slave_1) entered blocking state [ 478.495252][T11139] bridge0: port 2(bridge_slave_1) entered disabled state [ 478.505594][T11139] device bridge_slave_1 entered promiscuous mode [ 478.555893][T11139] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 478.573683][T11139] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 478.632566][T11139] team0: Port device team_slave_0 added [ 478.651708][T11139] team0: Port device team_slave_1 added [ 478.748816][T11139] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 478.756745][T11139] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 478.783103][T11139] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 478.866818][T11139] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 478.873995][T11139] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 478.900144][T11139] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 479.007924][T11139] device hsr_slave_0 entered promiscuous mode [ 479.052859][T11139] device hsr_slave_1 entered promiscuous mode [ 479.081455][T11139] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 479.089069][T11139] Cannot create hsr debugfs directory [ 479.106853][T11195] syz-executor.4 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 479.120575][T11195] CPU: 0 PID: 11195 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 479.129306][T11195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 479.139415][T11195] Call Trace: [ 479.142812][T11195] dump_stack+0x21c/0x280 [ 479.147246][T11195] dump_header+0x1c5/0xcf0 [ 479.151769][T11195] oom_kill_process+0x388/0xb00 [ 479.156720][T11195] out_of_memory+0x117f/0x16a0 [ 479.161607][T11195] __alloc_pages_slowpath+0x303a/0x3d10 [ 479.167313][T11195] __alloc_pages_nodemask+0xbb1/0x1030 [ 479.172890][T11195] alloc_pages_current+0x685/0xb50 [ 479.178121][T11195] ion_page_pool_alloc+0x73d/0x8f0 [ 479.183327][T11195] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 479.189479][T11195] ? __list_add_valid+0xb8/0x420 [ 479.194506][T11195] ? kmsan_get_metadata+0x116/0x180 [ 479.199820][T11195] ion_system_heap_allocate+0x509/0x16b0 [ 479.205610][T11195] ? ion_system_contig_heap_create+0x230/0x230 [ 479.211846][T11195] ion_ioctl+0x8cd/0x2140 [ 479.216312][T11195] ? debug_shrink_set+0x240/0x240 [ 479.221425][T11195] compat_ptr_ioctl+0xe2/0x150 [ 479.226276][T11195] ? __ia32_sys_ioctl+0x70/0x70 [ 479.231207][T11195] __se_compat_sys_ioctl+0x55f/0x1100 [ 479.236685][T11195] ? kmsan_get_metadata+0x116/0x180 [ 479.241967][T11195] __ia32_compat_sys_ioctl+0x4a/0x70 [ 479.247346][T11195] __do_fast_syscall_32+0x2af/0x480 [ 479.252657][T11195] do_fast_syscall_32+0x6b/0xd0 [ 479.257607][T11195] do_SYSENTER_32+0x73/0x90 [ 479.262209][T11195] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 479.268590][T11195] RIP: 0023:0xf7f4a549 [ 479.272706][T11195] Code: Bad RIP value. [ 479.276823][T11195] RSP: 002b:00000000f55440cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 479.285318][T11195] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 479.293371][T11195] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 479.301434][T11195] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 479.309469][T11195] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 479.317504][T11195] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 479.325723][T11195] Mem-Info: [ 479.329026][T11195] active_anon:108721 inactive_anon:4876 isolated_anon:0 [ 479.329026][T11195] active_file:2625 inactive_file:17413 isolated_file:0 [ 479.329026][T11195] unevictable:0 dirty:3 writeback:3 [ 479.329026][T11195] slab_reclaimable:6573 slab_unreclaimable:20171 [ 479.329026][T11195] mapped:57276 shmem:5064 pagetables:2494 bounce:0 [ 479.329026][T11195] free:116946 free_pcp:131 free_cma:0 [ 479.366097][T11195] Node 0 active_anon:415224kB inactive_anon:19456kB active_file:0kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:117916kB dirty:4kB writeback:0kB shmem:20164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 258048kB writeback_tmp:0kB all_unreclaimable? yes [ 479.393498][T11195] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 479.422520][T11195] lowmem_reserve[]: 0 896 1124 1124 1124 [ 479.428247][T11195] Node 0 DMA32 free:39740kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:389144kB inactive_anon:880kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:608kB pagetables:1648kB bounce:0kB free_pcp:524kB local_pcp:248kB free_cma:0kB [ 479.459798][T11195] lowmem_reserve[]: 0 0 228 228 228 [ 479.465155][T11195] Node 0 Normal free:9828kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26080kB inactive_anon:18576kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2928kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 479.496353][T11195] lowmem_reserve[]: 0 0 0 0 0 [ 479.501201][T11195] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 479.513286][T11195] Node 0 DMA32: 569*4kB (ME) 405*8kB (UME) 323*16kB (ME) 192*32kB (ME) 118*64kB (ME) 50*128kB (ME) 17*256kB (M) 5*512kB (M) 0*1024kB 1*2048kB (U) 0*4096kB = 39740kB [ 479.530604][T11195] Node 0 Normal: 881*4kB (UME) 306*8kB (UM) 123*16kB (UM) 39*32kB (UM) 8*64kB (M) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9828kB [ 479.545828][T11195] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 479.555581][T11195] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 479.565035][T11195] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 479.574767][T11195] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 479.584206][T11195] 25103 total pagecache pages [ 479.588923][T11195] 0 pages in swap cache [ 479.593242][T11195] Swap cache stats: add 0, delete 0, find 0/0 [ 479.599349][T11195] Free swap = 0kB [ 479.603227][T11195] Total swap = 0kB [ 479.606987][T11195] 1965979 pages RAM [ 479.610941][T11195] 0 pages HighMem/MovableOnly [ 479.615655][T11195] 1433455 pages reserved [ 479.619923][T11195] 0 pages cma reserved [ 479.624155][T11195] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=11195,uid=0 [ 479.639071][T11195] Out of memory: Killed process 11195 (syz-executor.4) total-vm:93044kB, anon-rss:144kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 479.846277][T11139] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 479.900715][T11139] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 479.975727][T11139] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 480.028256][T11139] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 480.310287][ T9757] Bluetooth: hci5: command 0x041b tx timeout [ 480.458931][T11139] 8021q: adding VLAN 0 to HW filter on device bond0 [ 480.515876][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 480.524967][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 480.579814][T11139] 8021q: adding VLAN 0 to HW filter on device team0 [ 480.719597][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 480.729590][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 480.739293][ T8717] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.746629][ T8717] bridge0: port 1(bridge_slave_0) entered forwarding state [ 480.845183][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 480.854547][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 480.864955][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 480.874393][ T8717] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.881704][ T8717] bridge0: port 2(bridge_slave_1) entered forwarding state [ 480.891020][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 480.902037][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 480.912960][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 480.923311][ T8717] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 481.072561][ T9757] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 481.082404][ T9757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 481.092759][ T9757] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 481.103716][ T9757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 481.113296][ T9757] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 481.122592][ T9757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 481.132123][ T9757] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 481.154282][T11139] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 481.315920][ T8723] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 481.323853][ T8723] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 481.361896][T11139] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 481.815320][ T9756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 481.825983][ T9756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 481.871174][ T8723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 481.880242][ T8723] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 481.892549][ T8723] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 481.902326][ T8723] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 481.923510][T11139] device veth0_vlan entered promiscuous mode [ 481.947560][T11139] device veth1_vlan entered promiscuous mode [ 481.999607][ T9756] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 482.008488][ T9756] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 482.018073][ T9756] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 482.028165][ T9756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 482.045026][T11139] device veth0_macvtap entered promiscuous mode [ 482.061792][T11139] device veth1_macvtap entered promiscuous mode [ 482.082148][ T9756] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 482.091896][ T9756] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 482.126565][T11139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 482.137256][T11139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.147655][T11139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 482.160836][T11139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.170887][T11139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 482.181456][T11139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.191524][T11139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 482.202101][T11139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.212137][T11139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 482.222706][T11139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.237096][T11139] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 482.245897][ T9756] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 482.256094][ T9756] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 482.292324][T11139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 482.303463][T11139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.313719][T11139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 482.324419][T11139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.334731][T11139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 482.345385][T11139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.355377][T11139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 482.366023][T11139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.376190][T11139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 482.386767][T11139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 482.399348][T11139] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 482.408771][ T8723] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 482.418470][ T8723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 482.442185][ T8723] Bluetooth: hci5: command 0x040f tx timeout [ 482.474666][ T8717] Bluetooth: hci2: command 0x0406 tx timeout 11:53:09 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, 0x0, 0x0) 11:53:09 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:09 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:09 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:09 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:09 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) 11:53:10 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) 11:53:10 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:10 executing program 5: unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x8031, 0xffffffffffffffff, 0x0) ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, 0x0) perf_event_open(&(0x7f00000001c0)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000100)={'raw\x00', 0x0, [], [0x3f000000]}, &(0x7f0000000040)=0x54) 11:53:10 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:10 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) 11:53:10 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 484.365894][T11443] IPVS: ftp: loaded support on port[0] = 21 [ 484.470541][ T8723] Bluetooth: hci5: command 0x0419 tx timeout 11:53:11 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:11 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, 0x0, &(0x7f0000000100)) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:11 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 485.003293][T11446] warn_alloc: 10 callbacks suppressed [ 485.003364][T11446] syz-executor.4: page allocation failure: order:4, mode:0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0,cpuset=/,mems_allowed=0-1 [ 485.023590][T11446] CPU: 0 PID: 11446 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 485.032324][T11446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 485.042428][T11446] Call Trace: [ 485.045814][T11446] dump_stack+0x21c/0x280 [ 485.050241][T11446] warn_alloc+0x4cc/0x680 [ 485.054696][T11446] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 485.060620][T11446] __alloc_pages_slowpath+0x3cb6/0x3d10 [ 485.066256][T11446] ? kmsan_get_metadata+0x116/0x180 [ 485.071535][T11446] ? kmsan_get_metadata+0x116/0x180 [ 485.076811][T11446] __alloc_pages_nodemask+0xbb1/0x1030 [ 485.082350][T11446] alloc_pages_current+0x685/0xb50 [ 485.087543][T11446] ion_page_pool_alloc+0x73d/0x8f0 [ 485.092716][T11446] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 485.098834][T11446] ? __list_add_valid+0xb8/0x420 [ 485.103830][T11446] ? kmsan_get_metadata+0x116/0x180 [ 485.109095][T11446] ion_system_heap_allocate+0x5a2/0x16b0 [ 485.114815][T11446] ? ion_system_contig_heap_create+0x230/0x230 [ 485.121030][T11446] ion_ioctl+0x8cd/0x2140 [ 485.125458][T11446] ? debug_shrink_set+0x240/0x240 [ 485.130558][T11446] compat_ptr_ioctl+0xe2/0x150 [ 485.135376][T11446] ? __ia32_sys_ioctl+0x70/0x70 [ 485.140283][T11446] __se_compat_sys_ioctl+0x55f/0x1100 [ 485.145728][T11446] ? kmsan_get_metadata+0x116/0x180 [ 485.150994][T11446] __ia32_compat_sys_ioctl+0x4a/0x70 [ 485.156346][T11446] __do_fast_syscall_32+0x2af/0x480 [ 485.161624][T11446] do_fast_syscall_32+0x6b/0xd0 [ 485.166534][T11446] do_SYSENTER_32+0x73/0x90 [ 485.171103][T11446] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 485.177466][T11446] RIP: 0023:0xf7f4a549 [ 485.181554][T11446] Code: Bad RIP value. [ 485.185651][T11446] RSP: 002b:00000000f55440cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 485.194116][T11446] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 485.202125][T11446] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 485.210134][T11446] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 485.218140][T11446] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 485.226151][T11446] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 485.235864][T11446] Mem-Info: [ 485.239160][T11446] active_anon:109166 inactive_anon:5421 isolated_anon:0 [ 485.239160][T11446] active_file:2663 inactive_file:17975 isolated_file:0 [ 485.239160][T11446] unevictable:0 dirty:70 writeback:0 [ 485.239160][T11446] slab_reclaimable:6601 slab_unreclaimable:20735 [ 485.239160][T11446] mapped:58198 shmem:5609 pagetables:2566 bounce:0 [ 485.239160][T11446] free:180537 free_pcp:794 free_cma:0 [ 485.276305][T11446] Node 0 active_anon:417124kB inactive_anon:19444kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:117988kB dirty:4kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 260096kB writeback_tmp:0kB all_unreclaimable? no [ 485.303614][T11446] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 485.332644][T11446] lowmem_reserve[]: 0 896 1124 1124 1124 11:53:12 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 485.338369][T11446] Node 0 DMA32 free:39832kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:391100kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:608kB pagetables:1620kB bounce:0kB free_pcp:2684kB local_pcp:1268kB free_cma:0kB [ 485.370132][T11446] lowmem_reserve[]: 0 0 228 228 228 [ 485.375443][T11446] Node 0 Normal free:9968kB min:11944kB low:14416kB high:16888kB reserved_highatomic:0KB active_anon:26024kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2928kB bounce:0kB free_pcp:492kB local_pcp:168kB free_cma:0kB [ 485.407290][T11446] lowmem_reserve[]: 0 0 0 0 0 [ 485.412139][T11446] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 485.424172][T11446] Node 0 DMA32: 654*4kB (UME) 436*8kB (UME) 350*16kB (UME) 209*32kB (UME) 121*64kB (UME) 51*128kB (UME) 18*256kB (UM) 5*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 39832kB [ 485.441160][T11446] Node 0 Normal: 888*4kB (UME) 312*8kB (UM) 123*16kB (UM) 47*32kB (UM) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9776kB [ 485.456065][T11446] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 485.465760][T11446] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 485.475299][T11446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 485.485075][T11446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 485.494468][T11446] 26509 total pagecache pages [ 485.499190][T11446] 0 pages in swap cache 11:53:12 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) [ 485.503471][T11446] Swap cache stats: add 0, delete 0, find 0/0 [ 485.509585][T11446] Free swap = 0kB [ 485.513414][T11446] Total swap = 0kB [ 485.517176][T11446] 1965979 pages RAM [ 485.521088][T11446] 0 pages HighMem/MovableOnly [ 485.525801][T11446] 1433455 pages reserved [ 485.530143][T11446] 0 pages cma reserved [ 485.654223][T11426] syz-executor.4 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 485.666899][T11426] CPU: 0 PID: 11426 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 485.675633][T11426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 485.685740][T11426] Call Trace: [ 485.689130][T11426] dump_stack+0x21c/0x280 [ 485.693569][T11426] dump_header+0x1c5/0xcf0 [ 485.698103][T11426] oom_kill_process+0x388/0xb00 [ 485.703062][T11426] out_of_memory+0x117f/0x16a0 [ 485.707952][T11426] __alloc_pages_slowpath+0x303a/0x3d10 [ 485.713649][T11426] __alloc_pages_nodemask+0xbb1/0x1030 [ 485.719226][T11426] alloc_pages_current+0x685/0xb50 [ 485.724464][T11426] ion_page_pool_alloc+0x73d/0x8f0 [ 485.729672][T11426] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 485.735912][T11426] ? __list_add_valid+0xb8/0x420 [ 485.740911][T11426] ? kmsan_get_metadata+0x116/0x180 [ 485.746185][T11426] ion_system_heap_allocate+0x509/0x16b0 [ 485.751908][T11426] ? ion_system_contig_heap_create+0x230/0x230 [ 485.758122][T11426] ion_ioctl+0x8cd/0x2140 [ 485.762553][T11426] ? debug_shrink_set+0x240/0x240 [ 485.767629][T11426] compat_ptr_ioctl+0xe2/0x150 [ 485.772449][T11426] ? __ia32_sys_ioctl+0x70/0x70 [ 485.777355][T11426] __se_compat_sys_ioctl+0x55f/0x1100 [ 485.782806][T11426] ? kmsan_get_metadata+0x116/0x180 [ 485.788060][T11426] __ia32_compat_sys_ioctl+0x4a/0x70 [ 485.793410][T11426] __do_fast_syscall_32+0x2af/0x480 [ 485.798684][T11426] do_fast_syscall_32+0x6b/0xd0 [ 485.803596][T11426] do_SYSENTER_32+0x73/0x90 [ 485.808166][T11426] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 485.814527][T11426] RIP: 0023:0xf7f4a549 [ 485.818608][T11426] Code: Bad RIP value. [ 485.822706][T11426] RSP: 002b:00000000f55440cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 485.831171][T11426] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 485.839179][T11426] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 485.847276][T11426] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 485.855287][T11426] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 485.863296][T11426] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 485.871472][T11426] Mem-Info: [ 485.874753][T11426] active_anon:109111 inactive_anon:5455 isolated_anon:0 [ 485.874753][T11426] active_file:2676 inactive_file:18533 isolated_file:0 [ 485.874753][T11426] unevictable:0 dirty:23 writeback:0 [ 485.874753][T11426] slab_reclaimable:6603 slab_unreclaimable:20746 [ 485.874753][T11426] mapped:58343 shmem:5643 pagetables:2534 bounce:0 [ 485.874753][T11426] free:179798 free_pcp:539 free_cma:0 [ 485.911904][T11426] Node 0 active_anon:417104kB inactive_anon:19444kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:117992kB dirty:4kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 260096kB writeback_tmp:0kB all_unreclaimable? no [ 485.939221][T11426] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 485.968262][T11426] lowmem_reserve[]: 0 896 1124 1124 1124 [ 485.974152][T11426] Node 0 DMA32 free:39328kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:391080kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:608kB pagetables:1620kB bounce:0kB free_pcp:1664kB local_pcp:248kB free_cma:0kB [ 486.005799][T11426] lowmem_reserve[]: 0 0 228 228 228 [ 486.011170][T11426] Node 0 Normal free:9776kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26024kB inactive_anon:18572kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2928kB bounce:0kB free_pcp:492kB local_pcp:168kB free_cma:0kB [ 486.042739][T11426] lowmem_reserve[]: 0 0 0 0 0 [ 486.047523][T11426] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 486.059644][T11426] Node 0 DMA32: 600*4kB (ME) 404*8kB (UME) 348*16kB (UME) 209*32kB (UME) 121*64kB (UME) 51*128kB (UME) 18*256kB (UM) 5*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 39328kB [ 486.076620][T11426] Node 0 Normal: 888*4kB (UME) 312*8kB (UM) 123*16kB (UM) 47*32kB (UM) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9776kB [ 486.091611][T11426] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 486.101358][T11426] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 486.110837][T11426] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 486.120591][T11426] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 486.130033][T11426] 27243 total pagecache pages [ 486.134757][T11426] 0 pages in swap cache [ 486.138966][T11426] Swap cache stats: add 0, delete 0, find 0/0 [ 486.145243][T11426] Free swap = 0kB [ 486.149017][T11426] Total swap = 0kB [ 486.152898][T11426] 1965979 pages RAM [ 486.156742][T11426] 0 pages HighMem/MovableOnly [ 486.161608][T11426] 1433455 pages reserved [ 486.165886][T11426] 0 pages cma reserved [ 486.170198][T11426] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=11426,uid=0 [ 486.185176][T11426] Out of memory: Killed process 11426 (syz-executor.4) total-vm:93176kB, anon-rss:2192kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 486.210140][ T1904] oom_reaper: reaped process 11426 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 487.312541][ T737] tipc: TX() has been purged, node left! 11:53:14 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) 11:53:14 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 487.811455][T11492] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 487.824541][T11492] CPU: 0 PID: 11492 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 487.833268][T11492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 487.843383][T11492] Call Trace: [ 487.846761][T11492] dump_stack+0x21c/0x280 [ 487.851179][T11492] dump_header+0x1c5/0xcf0 [ 487.855673][T11492] oom_kill_process+0x388/0xb00 [ 487.860597][T11492] out_of_memory+0x117f/0x16a0 [ 487.865463][T11492] __alloc_pages_slowpath+0x303a/0x3d10 [ 487.871126][T11492] __alloc_pages_nodemask+0xbb1/0x1030 [ 487.876681][T11492] alloc_pages_current+0x685/0xb50 [ 487.881882][T11492] ion_page_pool_alloc+0x73d/0x8f0 [ 487.887056][T11492] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 487.893176][T11492] ? __list_add_valid+0xb8/0x420 [ 487.898174][T11492] ? kmsan_get_metadata+0x116/0x180 [ 487.903457][T11492] ion_system_heap_allocate+0x509/0x16b0 [ 487.909179][T11492] ? ion_system_contig_heap_create+0x230/0x230 [ 487.915394][T11492] ion_ioctl+0x8cd/0x2140 [ 487.919831][T11492] ? debug_shrink_set+0x240/0x240 [ 487.924913][T11492] compat_ptr_ioctl+0xe2/0x150 [ 487.929750][T11492] ? __ia32_sys_ioctl+0x70/0x70 [ 487.934657][T11492] __se_compat_sys_ioctl+0x55f/0x1100 [ 487.940104][T11492] ? kmsan_get_metadata+0x116/0x180 [ 487.945354][T11492] __ia32_compat_sys_ioctl+0x4a/0x70 [ 487.950729][T11492] __do_fast_syscall_32+0x2af/0x480 [ 487.955999][T11492] do_fast_syscall_32+0x6b/0xd0 [ 487.960913][T11492] do_SYSENTER_32+0x73/0x90 [ 487.965483][T11492] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 487.971849][T11492] RIP: 0023:0xf7f05549 [ 487.975935][T11492] Code: Bad RIP value. [ 487.980030][T11492] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 487.988494][T11492] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 487.996514][T11492] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 488.004522][T11492] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 488.012546][T11492] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 488.020572][T11492] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 488.028748][T11492] Mem-Info: [ 488.032122][T11492] active_anon:111220 inactive_anon:4895 isolated_anon:0 [ 488.032122][T11492] active_file:2697 inactive_file:19047 isolated_file:0 [ 488.032122][T11492] unevictable:0 dirty:28 writeback:17 [ 488.032122][T11492] slab_reclaimable:6607 slab_unreclaimable:20711 [ 488.032122][T11492] mapped:58178 shmem:6545 pagetables:2666 bounce:0 [ 488.032122][T11492] free:179291 free_pcp:731 free_cma:0 [ 488.069581][T11492] Node 0 active_anon:423068kB inactive_anon:19480kB active_file:8kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118072kB dirty:8kB writeback:0kB shmem:23384kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 264192kB writeback_tmp:0kB all_unreclaimable? no [ 488.097024][T11492] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 488.126067][T11492] lowmem_reserve[]: 0 896 1124 1124 1124 [ 488.131878][T11492] Node 0 DMA32 free:39580kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:396248kB inactive_anon:1152kB active_file:4kB inactive_file:444kB unevictable:0kB writepending:4kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:704kB pagetables:2020kB bounce:0kB free_pcp:2280kB local_pcp:1228kB free_cma:0kB [ 488.163919][T11492] lowmem_reserve[]: 0 0 228 228 228 [ 488.169215][T11492] Node 0 Normal free:9524kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:26144kB inactive_anon:19004kB active_file:4kB inactive_file:280kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3536kB pagetables:2944kB bounce:0kB free_pcp:644kB local_pcp:340kB free_cma:0kB [ 488.201004][T11492] lowmem_reserve[]: 0 0 0 0 0 [ 488.205792][T11492] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 488.217903][T11492] Node 0 DMA32: 21*4kB (UE) 147*8kB (UME) 329*16kB (UME) 208*32kB (UME) 119*64kB (UME) 51*128kB (UME) 18*256kB (UM) 5*512kB (M) 1*1024kB (U) 0*2048kB 1*4096kB (M) = 39612kB [ 488.235532][T11492] Node 0 Normal: 678*4kB (UME) 313*8kB (UM) 121*16kB (UM) 48*32kB (UM) 8*64kB (UM) 3*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9584kB [ 488.250867][T11492] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 488.260599][T11492] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 488.270085][T11492] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 488.279857][T11492] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 488.289180][T11492] 27544 total pagecache pages [ 488.294014][T11492] 0 pages in swap cache [ 488.298227][T11492] Swap cache stats: add 0, delete 0, find 0/0 [ 488.304448][T11492] Free swap = 0kB [ 488.308211][T11492] Total swap = 0kB [ 488.312194][T11492] 1965979 pages RAM [ 488.316076][T11492] 0 pages HighMem/MovableOnly [ 488.320899][T11492] 1433455 pages reserved [ 488.325180][T11492] 0 pages cma reserved [ 488.329306][T11492] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=11476,uid=0 11:53:15 executing program 5: r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000001180)={&(0x7f0000001140)={0x18, 0x1405, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x3}]}, 0x18}}, 0x0) 11:53:15 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) 11:53:15 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:15 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 488.888715][T11500] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'. 11:53:15 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) 11:53:15 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) [ 490.327979][T11446] syz-executor.4 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 490.341051][T11446] CPU: 1 PID: 11446 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 490.349796][T11446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 490.359915][T11446] Call Trace: [ 490.363313][T11446] dump_stack+0x21c/0x280 [ 490.367745][T11446] dump_header+0x1c5/0xcf0 [ 490.372273][T11446] oom_kill_process+0x388/0xb00 [ 490.377213][T11446] out_of_memory+0x117f/0x16a0 [ 490.382064][T11446] __alloc_pages_slowpath+0x303a/0x3d10 [ 490.387725][T11446] __alloc_pages_nodemask+0xbb1/0x1030 [ 490.393263][T11446] alloc_pages_current+0x685/0xb50 [ 490.398548][T11446] ion_page_pool_alloc+0x73d/0x8f0 [ 490.403724][T11446] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 490.409863][T11446] ? __list_add_valid+0xb8/0x420 [ 490.414861][T11446] ? kmsan_get_metadata+0x116/0x180 [ 490.420136][T11446] ion_system_heap_allocate+0x509/0x16b0 [ 490.425857][T11446] ? ion_system_contig_heap_create+0x230/0x230 [ 490.432072][T11446] ion_ioctl+0x8cd/0x2140 [ 490.436493][T11446] ? debug_shrink_set+0x240/0x240 [ 490.441568][T11446] compat_ptr_ioctl+0xe2/0x150 [ 490.446390][T11446] ? __ia32_sys_ioctl+0x70/0x70 [ 490.451291][T11446] __se_compat_sys_ioctl+0x55f/0x1100 [ 490.456734][T11446] ? kmsan_get_metadata+0x116/0x180 [ 490.461988][T11446] __ia32_compat_sys_ioctl+0x4a/0x70 [ 490.467339][T11446] __do_fast_syscall_32+0x2af/0x480 [ 490.472607][T11446] do_fast_syscall_32+0x6b/0xd0 [ 490.477520][T11446] do_SYSENTER_32+0x73/0x90 [ 490.482093][T11446] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 490.488453][T11446] RIP: 0023:0xf7f4a549 [ 490.492537][T11446] Code: Bad RIP value. [ 490.496633][T11446] RSP: 002b:00000000f55440cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 490.505097][T11446] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 490.513115][T11446] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 490.521129][T11446] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 490.529142][T11446] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 490.537169][T11446] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 490.547226][T11446] Mem-Info: [ 490.550601][T11446] active_anon:108741 inactive_anon:4877 isolated_anon:0 [ 490.550601][T11446] active_file:2691 inactive_file:19058 isolated_file:0 [ 490.550601][T11446] unevictable:0 dirty:5 writeback:11 [ 490.550601][T11446] slab_reclaimable:6607 slab_unreclaimable:20714 [ 490.550601][T11446] mapped:58168 shmem:5065 pagetables:2621 bounce:0 [ 490.550601][T11446] free:180194 free_pcp:188 free_cma:0 [ 490.587790][T11446] Node 0 active_anon:415748kB inactive_anon:19456kB active_file:4kB inactive_file:28kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118056kB dirty:16kB writeback:0kB shmem:20164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 258048kB writeback_tmp:0kB all_unreclaimable? no [ 490.615303][T11446] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 490.644358][T11446] lowmem_reserve[]: 0 896 1124 1124 1124 [ 490.650260][T11446] Node 0 DMA32 free:39356kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:392076kB inactive_anon:884kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:720kB pagetables:2104kB bounce:0kB free_pcp:632kB local_pcp:248kB free_cma:0kB [ 490.681838][T11446] lowmem_reserve[]: 0 0 228 228 228 [ 490.687136][T11446] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:23800kB inactive_anon:18572kB active_file:4kB inactive_file:212kB unevictable:0kB writepending:16kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2928kB bounce:0kB free_pcp:120kB local_pcp:96kB free_cma:0kB [ 490.718889][T11446] lowmem_reserve[]: 0 0 0 0 0 [ 490.723767][T11446] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 490.735841][T11446] Node 0 DMA32: 379*4kB (ME) 360*8kB (UME) 326*16kB (UME) 192*32kB (ME) 119*64kB (UME) 51*128kB (UME) 17*256kB (M) 6*512kB (UM) 0*1024kB 1*2048kB (U) 0*4096kB = 39372kB [ 490.753055][T11446] Node 0 Normal: 857*4kB (ME) 326*8kB (M) 118*16kB (UM) 44*32kB (UM) 8*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9844kB [ 490.767738][T11446] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 490.777441][T11446] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 490.786887][T11446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 490.796581][T11446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 490.805996][T11446] 26804 total pagecache pages [ 490.810795][T11446] 0 pages in swap cache [ 490.815016][T11446] Swap cache stats: add 0, delete 0, find 0/0 [ 490.821221][T11446] Free swap = 0kB [ 490.824976][T11446] Total swap = 0kB [ 490.828801][T11446] 1965979 pages RAM [ 490.832742][T11446] 0 pages HighMem/MovableOnly [ 490.837460][T11446] 1433455 pages reserved [ 490.841827][T11446] 0 pages cma reserved [ 490.845948][T11446] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=11504,uid=0 [ 490.860847][T11446] Out of memory: Killed process 11505 (syz-executor.0) total-vm:93044kB, anon-rss:2204kB, file-rss:35740kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 490.893331][ T1904] oom_reaper: reaped process 11505 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB [ 491.152220][T11517] syz-executor.1 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 491.165413][T11517] CPU: 1 PID: 11517 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 491.174241][T11517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 491.184339][T11517] Call Trace: [ 491.187700][T11517] dump_stack+0x21c/0x280 [ 491.192098][T11517] dump_header+0x1c5/0xcf0 [ 491.196584][T11517] oom_kill_process+0x388/0xb00 [ 491.201504][T11517] out_of_memory+0x117f/0x16a0 [ 491.206352][T11517] __alloc_pages_slowpath+0x303a/0x3d10 [ 491.212017][T11517] __alloc_pages_nodemask+0xbb1/0x1030 [ 491.217557][T11517] alloc_pages_current+0x685/0xb50 [ 491.222779][T11517] ion_page_pool_alloc+0x73d/0x8f0 [ 491.227954][T11517] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 491.234074][T11517] ? __list_add_valid+0xb8/0x420 [ 491.239067][T11517] ? kmsan_get_metadata+0x116/0x180 [ 491.244339][T11517] ion_system_heap_allocate+0x509/0x16b0 [ 491.250146][T11517] ? ion_system_contig_heap_create+0x230/0x230 [ 491.256362][T11517] ion_ioctl+0x8cd/0x2140 [ 491.260783][T11517] ? debug_shrink_set+0x240/0x240 [ 491.265858][T11517] compat_ptr_ioctl+0xe2/0x150 [ 491.270689][T11517] ? __ia32_sys_ioctl+0x70/0x70 [ 491.275592][T11517] __se_compat_sys_ioctl+0x55f/0x1100 [ 491.281039][T11517] ? kmsan_get_metadata+0x116/0x180 [ 491.286295][T11517] __ia32_compat_sys_ioctl+0x4a/0x70 [ 491.291664][T11517] __do_fast_syscall_32+0x2af/0x480 [ 491.296948][T11517] do_fast_syscall_32+0x6b/0xd0 [ 491.301888][T11517] do_SYSENTER_32+0x73/0x90 [ 491.306468][T11517] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 491.312866][T11517] RIP: 0023:0xf7f85549 [ 491.316954][T11517] Code: Bad RIP value. [ 491.321050][T11517] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 491.329518][T11517] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 491.337533][T11517] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 491.345569][T11517] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 491.353589][T11517] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 491.361604][T11517] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 491.369783][T11517] Mem-Info: [ 491.373094][T11517] active_anon:108193 inactive_anon:4876 isolated_anon:0 [ 491.373094][T11517] active_file:2691 inactive_file:19063 isolated_file:0 [ 491.373094][T11517] unevictable:0 dirty:17 writeback:17 [ 491.373094][T11517] slab_reclaimable:6607 slab_unreclaimable:20714 [ 491.373094][T11517] mapped:58185 shmem:5064 pagetables:2611 bounce:0 [ 491.373094][T11517] free:180214 free_pcp:236 free_cma:0 [ 491.410367][T11517] Node 0 active_anon:413596kB inactive_anon:19456kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118072kB dirty:4kB writeback:4kB shmem:20164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 258048kB writeback_tmp:0kB all_unreclaimable? no [ 491.437728][T11517] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 491.466772][T11517] lowmem_reserve[]: 0 896 1124 1124 1124 [ 491.472609][T11517] Node 0 DMA32 free:39688kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:389936kB inactive_anon:884kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:688kB pagetables:2000kB bounce:0kB free_pcp:824kB local_pcp:260kB free_cma:0kB [ 491.504400][T11517] lowmem_reserve[]: 0 0 228 228 228 [ 491.509776][T11517] Node 0 Normal free:9844kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:23660kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2944kB bounce:0kB free_pcp:120kB local_pcp:96kB free_cma:0kB [ 491.541276][T11517] lowmem_reserve[]: 0 0 0 0 0 [ 491.546066][T11517] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 491.558164][T11517] Node 0 DMA32: 380*4kB (UME) 359*8kB (ME) 324*16kB (ME) 193*32kB (UME) 118*64kB (ME) 50*128kB (ME) 17*256kB (M) 5*512kB (M) 1*1024kB (U) 1*2048kB (M) 0*4096kB = 39688kB [ 491.575585][T11517] Node 0 Normal: 857*4kB (ME) 326*8kB (M) 118*16kB (UM) 44*32kB (UM) 8*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9844kB [ 491.590263][T11517] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 491.599985][T11517] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 491.609347][T11517] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 491.619067][T11517] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 491.628535][T11517] 26802 total pagecache pages [ 491.633412][T11517] 0 pages in swap cache [ 491.637627][T11517] Swap cache stats: add 0, delete 0, find 0/0 [ 491.643873][T11517] Free swap = 0kB [ 491.647635][T11517] Total swap = 0kB [ 491.651537][T11517] 1965979 pages RAM [ 491.655377][T11517] 0 pages HighMem/MovableOnly [ 491.660202][T11517] 1433455 pages reserved [ 491.664484][T11517] 0 pages cma reserved [ 491.668630][T11517] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=11517,uid=0 [ 491.683606][T11517] Out of memory: Killed process 11517 (syz-executor.1) total-vm:93044kB, anon-rss:152kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 491.703272][ T1904] oom_reaper: reaped process 11517 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 11:53:18 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, 0x0, &(0x7f0000000100)) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:18 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) 11:53:18 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:18 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:18 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) 11:53:18 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, 0x0, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:19 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) 11:53:19 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:19 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) 11:53:19 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) 11:53:19 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:20 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) [ 494.337426][T11446] syz-executor.4 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 494.350282][T11446] CPU: 0 PID: 11446 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 494.359018][T11446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 494.369124][T11446] Call Trace: [ 494.372512][T11446] dump_stack+0x21c/0x280 [ 494.376940][T11446] dump_header+0x1c5/0xcf0 [ 494.381462][T11446] oom_kill_process+0x388/0xb00 [ 494.386511][T11446] out_of_memory+0x117f/0x16a0 [ 494.391399][T11446] __alloc_pages_slowpath+0x303a/0x3d10 [ 494.397104][T11446] __alloc_pages_nodemask+0xbb1/0x1030 [ 494.402681][T11446] alloc_pages_current+0x685/0xb50 [ 494.407915][T11446] ion_page_pool_alloc+0x73d/0x8f0 [ 494.413134][T11446] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 494.419284][T11446] ? __list_add_valid+0xb8/0x420 [ 494.424310][T11446] ? kmsan_get_metadata+0x116/0x180 [ 494.429621][T11446] ion_system_heap_allocate+0x509/0x16b0 [ 494.435381][T11446] ? ion_system_contig_heap_create+0x230/0x230 [ 494.441635][T11446] ion_ioctl+0x8cd/0x2140 [ 494.446094][T11446] ? debug_shrink_set+0x240/0x240 [ 494.451199][T11446] compat_ptr_ioctl+0xe2/0x150 [ 494.456056][T11446] ? __ia32_sys_ioctl+0x70/0x70 [ 494.460986][T11446] __se_compat_sys_ioctl+0x55f/0x1100 [ 494.466468][T11446] ? kmsan_get_metadata+0x116/0x180 [ 494.471752][T11446] __ia32_compat_sys_ioctl+0x4a/0x70 [ 494.477136][T11446] __do_fast_syscall_32+0x2af/0x480 [ 494.482448][T11446] do_fast_syscall_32+0x6b/0xd0 [ 494.487394][T11446] do_SYSENTER_32+0x73/0x90 [ 494.491999][T11446] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 494.498388][T11446] RIP: 0023:0xf7f4a549 [ 494.502495][T11446] Code: Bad RIP value. [ 494.506614][T11446] RSP: 002b:00000000f55440cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 494.515111][T11446] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 494.523145][T11446] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 494.531183][T11446] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 494.539231][T11446] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 494.547263][T11446] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 494.557446][T11446] Mem-Info: [ 494.560811][T11446] active_anon:107563 inactive_anon:4876 isolated_anon:0 [ 494.560811][T11446] active_file:2691 inactive_file:19295 isolated_file:0 [ 494.560811][T11446] unevictable:0 dirty:4 writeback:0 [ 494.560811][T11446] slab_reclaimable:6607 slab_unreclaimable:20647 [ 494.560811][T11446] mapped:58196 shmem:5064 pagetables:2795 bounce:0 [ 494.560811][T11446] free:179615 free_pcp:215 free_cma:0 [ 494.597989][T11446] Node 0 active_anon:411444kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118116kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 256000kB writeback_tmp:0kB all_unreclaimable? no [ 494.625293][T11446] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 494.654359][T11446] lowmem_reserve[]: 0 896 1124 1124 1124 [ 494.660205][T11446] Node 0 DMA32 free:39240kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387796kB inactive_anon:880kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:672kB pagetables:1996kB bounce:0kB free_pcp:756kB local_pcp:556kB free_cma:0kB [ 494.691795][T11446] lowmem_reserve[]: 0 0 228 228 228 [ 494.697095][T11446] Node 0 Normal free:9596kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:23648kB inactive_anon:18572kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2944kB bounce:0kB free_pcp:104kB local_pcp:56kB free_cma:0kB [ 494.728653][T11446] lowmem_reserve[]: 0 0 0 0 0 11:53:21 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, 0x0, &(0x7f0000000100)) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:21 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x20000002) 11:53:21 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 494.733536][T11446] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 494.745623][T11446] Node 0 DMA32: 466*4kB (UME) 380*8kB (UME) 328*16kB (ME) 195*32kB (ME) 119*64kB (UME) 53*128kB (UME) 19*256kB (M) 7*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 39240kB [ 494.762478][T11446] Node 0 Normal: 854*4kB (ME) 333*8kB (M) 118*16kB (UM) 45*32kB (UM) 2*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9536kB [ 494.777184][T11446] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 494.786963][T11446] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 494.796422][T11446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 494.806135][T11446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 494.815574][T11446] 26816 total pagecache pages [ 494.820517][T11446] 0 pages in swap cache [ 494.824724][T11446] Swap cache stats: add 0, delete 0, find 0/0 [ 494.830939][T11446] Free swap = 0kB [ 494.834695][T11446] Total swap = 0kB [ 494.838459][T11446] 1965979 pages RAM [ 494.842494][T11446] 0 pages HighMem/MovableOnly [ 494.847206][T11446] 1433455 pages reserved [ 494.851591][T11446] 0 pages cma reserved [ 494.855706][T11446] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=11535,uid=0 [ 494.870638][T11446] Out of memory: Killed process 11535 (syz-executor.1) total-vm:93044kB, anon-rss:152kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:53:21 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 494.902088][ T1904] oom_reaper: reaped process 11535 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 11:53:21 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, 0x0, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:21 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) [ 495.155903][T11560] syz-executor.1 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 495.169055][T11560] CPU: 0 PID: 11560 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 495.177775][T11560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 495.187856][T11560] Call Trace: [ 495.191223][T11560] dump_stack+0x21c/0x280 [ 495.195622][T11560] dump_header+0x1c5/0xcf0 [ 495.200121][T11560] oom_kill_process+0x388/0xb00 [ 495.205038][T11560] out_of_memory+0x117f/0x16a0 [ 495.209885][T11560] __alloc_pages_slowpath+0x303a/0x3d10 [ 495.215544][T11560] __alloc_pages_nodemask+0xbb1/0x1030 [ 495.221211][T11560] alloc_pages_current+0x685/0xb50 [ 495.226404][T11560] ion_page_pool_alloc+0x73d/0x8f0 [ 495.231576][T11560] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 495.237695][T11560] ? __list_add_valid+0xb8/0x420 [ 495.242692][T11560] ? kmsan_get_metadata+0x116/0x180 [ 495.247967][T11560] ion_system_heap_allocate+0x509/0x16b0 [ 495.253696][T11560] ? ion_system_contig_heap_create+0x230/0x230 [ 495.259911][T11560] ion_ioctl+0x8cd/0x2140 [ 495.264331][T11560] ? debug_shrink_set+0x240/0x240 [ 495.269400][T11560] compat_ptr_ioctl+0xe2/0x150 [ 495.274225][T11560] ? __ia32_sys_ioctl+0x70/0x70 [ 495.279119][T11560] __se_compat_sys_ioctl+0x55f/0x1100 [ 495.284560][T11560] ? kmsan_get_metadata+0x116/0x180 [ 495.289810][T11560] __ia32_compat_sys_ioctl+0x4a/0x70 [ 495.295158][T11560] __do_fast_syscall_32+0x2af/0x480 [ 495.300433][T11560] do_fast_syscall_32+0x6b/0xd0 [ 495.305363][T11560] do_SYSENTER_32+0x73/0x90 [ 495.309936][T11560] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 495.316297][T11560] RIP: 0023:0xf7f85549 [ 495.320381][T11560] Code: Bad RIP value. [ 495.324490][T11560] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 495.332955][T11560] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 495.340964][T11560] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 495.348970][T11560] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 495.356978][T11560] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 495.365004][T11560] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 495.373184][T11560] Mem-Info: [ 495.376573][T11560] active_anon:107359 inactive_anon:4876 isolated_anon:0 [ 495.376573][T11560] active_file:2691 inactive_file:19465 isolated_file:0 [ 495.376573][T11560] unevictable:0 dirty:21 writeback:0 [ 495.376573][T11560] slab_reclaimable:6607 slab_unreclaimable:20647 [ 495.376573][T11560] mapped:58196 shmem:5064 pagetables:2720 bounce:0 [ 495.376573][T11560] free:179798 free_pcp:158 free_cma:0 [ 495.413748][T11560] Node 0 active_anon:411444kB inactive_anon:19452kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118116kB dirty:0kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 256000kB writeback_tmp:0kB all_unreclaimable? no [ 495.441134][T11560] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 495.470185][T11560] lowmem_reserve[]: 0 896 1124 1124 1124 [ 495.475916][T11560] Node 0 DMA32 free:39708kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:387796kB inactive_anon:880kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:672kB pagetables:1996kB bounce:0kB free_pcp:452kB local_pcp:252kB free_cma:0kB [ 495.507512][T11560] lowmem_reserve[]: 0 0 228 228 228 [ 495.512943][T11560] Node 0 Normal free:9800kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:23644kB inactive_anon:18572kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2944kB bounce:0kB free_pcp:180kB local_pcp:124kB free_cma:0kB [ 495.544535][T11560] lowmem_reserve[]: 0 0 0 0 0 [ 495.549305][T11560] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 495.561456][T11560] Node 0 DMA32: 471*4kB (UME) 380*8kB (UME) 328*16kB (ME) 195*32kB (ME) 118*64kB (ME) 53*128kB (UME) 19*256kB (M) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39708kB [ 495.578244][T11560] Node 0 Normal: 876*4kB (UME) 341*8kB (UM) 113*16kB (M) 39*32kB (UM) 8*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9800kB [ 495.593194][T11560] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 495.602918][T11560] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 495.612375][T11560] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 495.622111][T11560] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 495.631547][T11560] 26827 total pagecache pages [ 495.636266][T11560] 0 pages in swap cache [ 495.640614][T11560] Swap cache stats: add 0, delete 0, find 0/0 [ 495.646719][T11560] Free swap = 0kB [ 495.650584][T11560] Total swap = 0kB [ 495.654357][T11560] 1965979 pages RAM [ 495.658206][T11560] 0 pages HighMem/MovableOnly [ 495.663023][T11560] 1433455 pages reserved [ 495.667302][T11560] 0 pages cma reserved [ 495.671529][T11560] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=11560,uid=0 [ 495.686433][T11560] Out of memory: Killed process 11560 (syz-executor.1) total-vm:93044kB, anon-rss:152kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:53:22 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x20000002) [ 495.712797][ T1904] oom_reaper: reaped process 11560 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 496.095336][T11570] warn_alloc: 7 callbacks suppressed [ 496.095418][T11570] syz-executor.4: page allocation failure: order:4, mode:0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0,cpuset=/,mems_allowed=0-1 [ 496.115494][T11570] CPU: 0 PID: 11570 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 496.124225][T11570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 496.134331][T11570] Call Trace: [ 496.137721][T11570] dump_stack+0x21c/0x280 [ 496.142171][T11570] warn_alloc+0x4cc/0x680 [ 496.146636][T11570] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 496.152560][T11570] __alloc_pages_slowpath+0x3cb6/0x3d10 [ 496.158228][T11570] ? kmsan_get_metadata+0x116/0x180 [ 496.163542][T11570] ? kmsan_get_metadata+0x116/0x180 [ 496.165827][T11573] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 496.168869][T11570] __alloc_pages_nodemask+0xbb1/0x1030 [ 496.186824][T11570] alloc_pages_current+0x685/0xb50 [ 496.192032][T11570] ion_page_pool_alloc+0x73d/0x8f0 [ 496.197210][T11570] ? kmsan_get_metadata+0x116/0x180 [ 496.202493][T11570] ion_system_heap_allocate+0x5a2/0x16b0 [ 496.208219][T11570] ? ion_system_contig_heap_create+0x230/0x230 [ 496.214438][T11570] ion_ioctl+0x8cd/0x2140 [ 496.218870][T11570] ? debug_shrink_set+0x240/0x240 [ 496.223942][T11570] compat_ptr_ioctl+0xe2/0x150 [ 496.228764][T11570] ? __ia32_sys_ioctl+0x70/0x70 [ 496.233662][T11570] __se_compat_sys_ioctl+0x55f/0x1100 [ 496.239104][T11570] ? kmsan_get_metadata+0x116/0x180 [ 496.244378][T11570] __ia32_compat_sys_ioctl+0x4a/0x70 [ 496.249757][T11570] __do_fast_syscall_32+0x2af/0x480 [ 496.255030][T11570] do_fast_syscall_32+0x6b/0xd0 [ 496.259943][T11570] do_SYSENTER_32+0x73/0x90 [ 496.264518][T11570] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 496.270882][T11570] RIP: 0023:0xf7f4a549 [ 496.274973][T11570] Code: Bad RIP value. [ 496.279069][T11570] RSP: 002b:00000000f55440cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 496.287533][T11570] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 496.295546][T11570] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 496.303554][T11570] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 496.311564][T11570] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 496.319577][T11570] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 496.327713][T11573] CPU: 1 PID: 11573 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 496.328201][T11570] Mem-Info: [ 496.336436][T11573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 496.336461][T11573] Call Trace: [ 496.336553][T11573] dump_stack+0x21c/0x280 [ 496.339798][T11570] active_anon:107776 inactive_anon:4876 isolated_anon:0 [ 496.339798][T11570] active_file:2692 inactive_file:19569 isolated_file:0 [ 496.339798][T11570] unevictable:0 dirty:0 writeback:0 [ 496.339798][T11570] slab_reclaimable:6607 slab_unreclaimable:20649 [ 496.339798][T11570] mapped:58186 shmem:5064 pagetables:2771 bounce:0 [ 496.339798][T11570] free:180336 free_pcp:495 free_cma:0 [ 496.349744][T11573] dump_header+0x1c5/0xcf0 [ 496.349833][T11573] oom_kill_process+0x388/0xb00 [ 496.353214][T11570] Node 0 active_anon:413552kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118128kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 256000kB writeback_tmp:0kB all_unreclaimable? yes [ 496.357516][T11573] out_of_memory+0x117f/0x16a0 [ 496.394313][T11570] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 496.398751][T11573] __alloc_pages_slowpath+0x303a/0x3d10 [ 496.403572][T11570] lowmem_reserve[]: 0 896 1124 1124 1124 [ 496.430910][T11573] __alloc_pages_nodemask+0xbb1/0x1030 [ 496.431010][T11573] alloc_pages_current+0x685/0xb50 [ 496.435758][T11570] Node 0 DMA32 free:39776kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:389908kB inactive_anon:880kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:704kB pagetables:2220kB bounce:0kB free_pcp:1604kB local_pcp:1392kB free_cma:0kB [ 496.464535][T11573] ion_page_pool_alloc+0x73d/0x8f0 [ 496.464637][T11573] ? __msan_poison_alloca+0xf0/0x120 [ 496.470163][T11570] lowmem_reserve[]: 0 0 228 228 228 [ 496.475836][T11573] ? kmsan_get_metadata+0x116/0x180 [ 496.481278][T11570] Node 0 Normal free:11944kB min:11944kB low:14416kB high:16888kB reserved_highatomic:0KB active_anon:23644kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2944kB bounce:0kB free_pcp:376kB local_pcp:304kB free_cma:0kB [ 496.486454][T11573] ion_system_heap_allocate+0x509/0x16b0 [ 496.517859][T11570] lowmem_reserve[]: 0 0 0 0 0 [ 496.523006][T11573] ? ion_system_contig_heap_create+0x230/0x230 [ 496.523100][T11573] ion_ioctl+0x8cd/0x2140 [ 496.528340][T11570] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 496.533600][T11573] ? debug_shrink_set+0x240/0x240 [ 496.533683][T11573] compat_ptr_ioctl+0xe2/0x150 [ 496.538867][T11570] Node 0 DMA32: 452*4kB (UME) 384*8kB (UME) 331*16kB (UME) 199*32kB (UME) 119*64kB (UME) 52*128kB (ME) 19*256kB (M) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39776kB [ 496.570299][T11573] ? __ia32_sys_ioctl+0x70/0x70 [ 496.570380][T11573] __se_compat_sys_ioctl+0x55f/0x1100 [ 496.575979][T11570] Node 0 Normal: 963*4kB (UME) 404*8kB (UM) 153*16kB (UM) 58*32kB (UM) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11644kB [ 496.580697][T11573] ? kmsan_get_metadata+0x116/0x180 [ 496.580782][T11573] __ia32_compat_sys_ioctl+0x4a/0x70 [ 496.586932][T11570] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 496.591259][T11573] __do_fast_syscall_32+0x2af/0x480 [ 496.591366][T11573] do_fast_syscall_32+0x6b/0xd0 [ 496.603082][T11570] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 496.608112][T11573] do_SYSENTER_32+0x73/0x90 [ 496.612888][T11570] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 496.629361][T11573] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 496.629433][T11573] RIP: 0023:0xf7f05549 [ 496.634304][T11570] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 496.639696][T11573] Code: Bad RIP value. [ 496.639730][T11573] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 496.639824][T11573] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 496.654401][T11570] 26827 total pagecache pages [ 496.659592][T11573] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 496.659626][T11573] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 496.659689][T11573] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 496.664965][T11570] 0 pages in swap cache [ 496.674504][T11573] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 496.676929][T11573] Mem-Info: [ 496.680872][T11570] Swap cache stats: add 0, delete 0, find 0/0 [ 496.684816][T11573] active_anon:107776 inactive_anon:4876 isolated_anon:0 [ 496.684816][T11573] active_file:2692 inactive_file:19569 isolated_file:0 [ 496.684816][T11573] unevictable:0 dirty:0 writeback:0 [ 496.684816][T11573] slab_reclaimable:6607 slab_unreclaimable:20649 [ 496.684816][T11573] mapped:58186 shmem:5064 pagetables:2771 bounce:0 [ 496.684816][T11573] free:180336 free_pcp:495 free_cma:0 [ 496.694019][T11570] Free swap = 0kB [ 496.694070][T11570] Total swap = 0kB [ 496.698685][T11573] Node 0 active_anon:413552kB inactive_anon:19452kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118128kB dirty:4kB writeback:0kB shmem:20160kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 256000kB writeback_tmp:0kB all_unreclaimable? yes [ 496.708153][T11570] 1965979 pages RAM [ 496.708202][T11570] 0 pages HighMem/MovableOnly [ 496.714584][T11573] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 496.718675][T11570] 1433455 pages reserved [ 496.728011][T11573] lowmem_reserve[]: 0 896 1124 1124 1124 [ 496.732110][T11570] 0 pages cma reserved [ 496.922705][T11573] Node 0 DMA32 free:39776kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:383768kB inactive_anon:880kB active_file:0kB inactive_file:6144kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:704kB pagetables:2220kB bounce:0kB free_pcp:1604kB local_pcp:212kB free_cma:0kB [ 496.958502][T11573] lowmem_reserve[]: 0 0 228 228 228 [ 496.963915][T11573] Node 0 Normal free:11944kB min:11944kB low:14416kB high:16888kB reserved_highatomic:0KB active_anon:23644kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2944kB bounce:0kB free_pcp:376kB local_pcp:72kB free_cma:0kB [ 496.995560][T11573] lowmem_reserve[]: 0 0 0 0 0 [ 497.000429][T11573] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 497.012563][T11573] Node 0 DMA32: 452*4kB (UME) 384*8kB (UME) 332*16kB (UME) 199*32kB (UME) 119*64kB (UME) 52*128kB (ME) 19*256kB (M) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39792kB [ 497.029482][T11573] Node 0 Normal: 963*4kB (UME) 404*8kB (UM) 153*16kB (UM) 58*32kB (UM) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11644kB [ 497.044501][T11573] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 497.054223][T11573] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 497.063689][T11573] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 497.073462][T11573] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 497.082956][T11573] 26827 total pagecache pages [ 497.087679][T11573] 0 pages in swap cache [ 497.092033][T11573] Swap cache stats: add 0, delete 0, find 0/0 [ 497.098133][T11573] Free swap = 0kB [ 497.102154][T11573] Total swap = 0kB [ 497.105923][T11573] 1965979 pages RAM [ 497.109890][T11573] 0 pages HighMem/MovableOnly [ 497.114620][T11573] 1433455 pages reserved [ 497.118901][T11573] 0 pages cma reserved [ 497.123173][T11573] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=11569,uid=0 [ 497.138194][T11573] Out of memory: Killed process 11570 (syz-executor.4) total-vm:93044kB, anon-rss:2188kB, file-rss:35748kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 497.157541][ T1904] oom_reaper: reaped process 11570 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 11:53:24 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) 11:53:24 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x20000002) 11:53:24 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:24 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) 11:53:24 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 498.610028][T11446] syz-executor.4 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 498.622816][T11446] CPU: 1 PID: 11446 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 498.631547][T11446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 498.641651][T11446] Call Trace: [ 498.645039][T11446] dump_stack+0x21c/0x280 [ 498.649469][T11446] dump_header+0x1c5/0xcf0 [ 498.653975][T11446] oom_kill_process+0x388/0xb00 [ 498.658896][T11446] out_of_memory+0x117f/0x16a0 [ 498.663742][T11446] __alloc_pages_slowpath+0x303a/0x3d10 [ 498.669414][T11446] __alloc_pages_nodemask+0xbb1/0x1030 [ 498.674950][T11446] alloc_pages_current+0x685/0xb50 [ 498.680140][T11446] ion_page_pool_alloc+0x73d/0x8f0 [ 498.685313][T11446] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 498.691448][T11446] ? __list_add_valid+0xb8/0x420 [ 498.696448][T11446] ? kmsan_get_metadata+0x116/0x180 [ 498.701721][T11446] ion_system_heap_allocate+0x509/0x16b0 [ 498.707444][T11446] ? ion_system_contig_heap_create+0x230/0x230 [ 498.713676][T11446] ion_ioctl+0x8cd/0x2140 [ 498.718097][T11446] ? debug_shrink_set+0x240/0x240 [ 498.723208][T11446] compat_ptr_ioctl+0xe2/0x150 [ 498.728053][T11446] ? __ia32_sys_ioctl+0x70/0x70 [ 498.732967][T11446] __se_compat_sys_ioctl+0x55f/0x1100 [ 498.738442][T11446] ? kmsan_get_metadata+0x116/0x180 [ 498.743707][T11446] __ia32_compat_sys_ioctl+0x4a/0x70 [ 498.749063][T11446] __do_fast_syscall_32+0x2af/0x480 [ 498.754337][T11446] do_fast_syscall_32+0x6b/0xd0 [ 498.759254][T11446] do_SYSENTER_32+0x73/0x90 [ 498.763836][T11446] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 498.770204][T11446] RIP: 0023:0xf7f4a549 [ 498.774291][T11446] Code: Bad RIP value. [ 498.778390][T11446] RSP: 002b:00000000f55440cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 498.786862][T11446] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 498.795056][T11446] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 498.803066][T11446] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 498.811072][T11446] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 498.819079][T11446] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 498.827694][T11446] Mem-Info: [ 498.831124][T11446] active_anon:106229 inactive_anon:4875 isolated_anon:0 [ 498.831124][T11446] active_file:2692 inactive_file:19616 isolated_file:0 [ 498.831124][T11446] unevictable:0 dirty:9 writeback:17 [ 498.831124][T11446] slab_reclaimable:6595 slab_unreclaimable:20665 [ 498.831124][T11446] mapped:58200 shmem:5064 pagetables:2785 bounce:0 [ 498.831124][T11446] free:180031 free_pcp:0 free_cma:0 [ 498.868271][T11446] Node 0 active_anon:406808kB inactive_anon:19444kB active_file:4kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118184kB dirty:4kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 249856kB writeback_tmp:0kB all_unreclaimable? no [ 498.895727][T11446] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 498.924776][T11446] lowmem_reserve[]: 0 896 1124 1124 1124 [ 498.930609][T11446] Node 0 DMA32 free:40856kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:383504kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:672kB pagetables:2076kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 498.961835][T11446] lowmem_reserve[]: 0 0 228 228 228 [ 498.967133][T11446] Node 0 Normal free:9484kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:23644kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2928kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 498.999353][T11446] lowmem_reserve[]: 0 0 0 0 0 [ 499.004136][T11446] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 499.016215][T11446] Node 0 DMA32: 468*4kB (ME) 379*8kB (ME) 328*16kB (ME) 196*32kB (ME) 119*64kB (UME) 53*128kB (UME) 20*256kB (UM) 8*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 41064kB [ 499.033217][T11446] Node 0 Normal: 897*4kB (UME) 362*8kB (UM) 128*16kB (UM) 37*32kB (UM) 2*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9844kB [ 499.048054][T11446] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 499.057762][T11446] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 499.067202][T11446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 499.076907][T11446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 499.086316][T11446] 26840 total pagecache pages [ 499.091121][T11446] 0 pages in swap cache [ 499.095330][T11446] Swap cache stats: add 0, delete 0, find 0/0 [ 499.101522][T11446] Free swap = 0kB [ 499.105294][T11446] Total swap = 0kB [ 499.109073][T11446] 1965979 pages RAM [ 499.113003][T11446] 0 pages HighMem/MovableOnly [ 499.117718][T11446] 1433455 pages reserved [ 499.122088][T11446] 0 pages cma reserved [ 499.126206][T11446] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=11589,uid=0 [ 499.141156][T11446] Out of memory: Killed process 11589 (syz-executor.5) total-vm:93044kB, anon-rss:2188kB, file-rss:35680kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 499.160317][ T1904] oom_reaper: reaped process 11589 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 11:53:26 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:26 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, 0x0, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:26 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x20000002) 11:53:26 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) 11:53:26 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:26 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:27 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0), 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:27 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x20000002) 11:53:27 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) [ 501.328323][ T1904] oom_reaper: reaped process 11623 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 11:53:28 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:28 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:28 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x20000002) 11:53:28 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) 11:53:28 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 502.204727][T11636] syz-executor.1 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 502.217544][T11636] CPU: 1 PID: 11636 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 502.226285][T11636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 502.236398][T11636] Call Trace: [ 502.239798][T11636] dump_stack+0x21c/0x280 [ 502.244257][T11636] dump_header+0x1c5/0xcf0 [ 502.248801][T11636] oom_kill_process+0x388/0xb00 [ 502.253760][T11636] out_of_memory+0x117f/0x16a0 [ 502.258663][T11636] __alloc_pages_slowpath+0x303a/0x3d10 [ 502.264375][T11636] __alloc_pages_nodemask+0xbb1/0x1030 [ 502.269975][T11636] alloc_pages_current+0x685/0xb50 [ 502.275215][T11636] ion_page_pool_alloc+0x73d/0x8f0 [ 502.280430][T11636] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 502.286583][T11636] ? __list_add_valid+0xb8/0x420 [ 502.291770][T11636] ? kmsan_get_metadata+0x116/0x180 [ 502.297091][T11636] ion_system_heap_allocate+0x509/0x16b0 [ 502.302854][T11636] ? ion_system_contig_heap_create+0x230/0x230 [ 502.309103][T11636] ion_ioctl+0x8cd/0x2140 [ 502.313563][T11636] ? debug_shrink_set+0x240/0x240 [ 502.318668][T11636] compat_ptr_ioctl+0xe2/0x150 [ 502.323540][T11636] ? __ia32_sys_ioctl+0x70/0x70 [ 502.328477][T11636] __se_compat_sys_ioctl+0x55f/0x1100 [ 502.333972][T11636] ? kmsan_get_metadata+0x116/0x180 [ 502.339264][T11636] __ia32_compat_sys_ioctl+0x4a/0x70 [ 502.344652][T11636] __do_fast_syscall_32+0x2af/0x480 [ 502.349969][T11636] do_fast_syscall_32+0x6b/0xd0 [ 502.354943][T11636] do_SYSENTER_32+0x73/0x90 [ 502.359573][T11636] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 502.365966][T11636] RIP: 0023:0xf7f85549 [ 502.370074][T11636] Code: Bad RIP value. [ 502.374210][T11636] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 502.382728][T11636] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 502.390768][T11636] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 502.398804][T11636] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 502.406834][T11636] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 502.414860][T11636] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 502.423705][T11636] Mem-Info: [ 502.427015][T11636] active_anon:102838 inactive_anon:4876 isolated_anon:0 [ 502.427015][T11636] active_file:2692 inactive_file:20504 isolated_file:0 [ 502.427015][T11636] unevictable:0 dirty:10 writeback:0 [ 502.427015][T11636] slab_reclaimable:6595 slab_unreclaimable:20685 [ 502.427015][T11636] mapped:58228 shmem:5064 pagetables:2815 bounce:0 [ 502.427015][T11636] free:179323 free_pcp:62 free_cma:0 [ 502.464163][T11636] Node 0 active_anon:396620kB inactive_anon:19444kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118244kB dirty:4kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 245760kB writeback_tmp:0kB all_unreclaimable? yes [ 502.492239][T11636] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 502.522180][T11636] lowmem_reserve[]: 0 896 1124 1124 1124 11:53:29 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x20000002) 11:53:29 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) [ 502.527918][T11636] Node 0 DMA32 free:39560kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:373016kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:656kB pagetables:1904kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 502.559544][T11636] lowmem_reserve[]: 0 0 228 228 228 [ 502.564930][T11636] Node 0 Normal free:9520kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:23644kB inactive_anon:18572kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2928kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 502.596362][T11636] lowmem_reserve[]: 0 0 0 0 0 [ 502.601336][T11636] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 502.613514][T11636] Node 0 DMA32: 492*4kB (ME) 337*8kB (ME) 289*16kB (UME) 184*32kB (UME) 107*64kB (ME) 49*128kB (ME) 18*256kB (M) 11*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 39560kB [ 502.630668][T11636] Node 0 Normal: 891*4kB (UME) 353*8kB (UM) 118*16kB (M) 33*32kB (M) 3*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9524kB [ 502.645386][T11636] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 502.655140][T11636] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 502.664625][T11636] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 502.674358][T11636] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 502.683902][T11636] 26848 total pagecache pages [ 502.688630][T11636] 0 pages in swap cache [ 502.692978][T11636] Swap cache stats: add 0, delete 0, find 0/0 [ 502.699087][T11636] Free swap = 0kB [ 502.703495][T11636] Total swap = 0kB [ 502.707260][T11636] 1965979 pages RAM [ 502.711236][T11636] 0 pages HighMem/MovableOnly [ 502.715960][T11636] 1433455 pages reserved [ 502.720357][T11636] 0 pages cma reserved [ 502.724478][T11636] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=11626,uid=0 [ 502.739434][T11636] Out of memory: Killed process 11627 (syz-executor.0) total-vm:93044kB, anon-rss:160kB, file-rss:35740kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 502.758122][ T1904] oom_reaper: reaped process 11627 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 11:53:29 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0), 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:30 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x0) 11:53:30 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0), 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:30 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) 11:53:30 executing program 4: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:30 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 504.368666][T11446] syz-executor.4 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 504.381680][T11446] CPU: 0 PID: 11446 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 504.390415][T11446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 504.400631][T11446] Call Trace: [ 504.404025][T11446] dump_stack+0x21c/0x280 [ 504.408452][T11446] dump_header+0x1c5/0xcf0 [ 504.412978][T11446] oom_kill_process+0x388/0xb00 [ 504.417942][T11446] out_of_memory+0x117f/0x16a0 [ 504.422834][T11446] __alloc_pages_slowpath+0x303a/0x3d10 [ 504.428540][T11446] __alloc_pages_nodemask+0xbb1/0x1030 [ 504.434116][T11446] alloc_pages_current+0x685/0xb50 [ 504.439321][T11446] ion_page_pool_alloc+0x73d/0x8f0 [ 504.444523][T11446] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 504.450645][T11446] ? __list_add_valid+0xb8/0x420 [ 504.455641][T11446] ? kmsan_get_metadata+0x116/0x180 [ 504.460919][T11446] ion_system_heap_allocate+0x509/0x16b0 [ 504.466647][T11446] ? ion_system_contig_heap_create+0x230/0x230 [ 504.472862][T11446] ion_ioctl+0x8cd/0x2140 [ 504.477300][T11446] ? debug_shrink_set+0x240/0x240 [ 504.482400][T11446] compat_ptr_ioctl+0xe2/0x150 [ 504.487223][T11446] ? __ia32_sys_ioctl+0x70/0x70 [ 504.492131][T11446] __se_compat_sys_ioctl+0x55f/0x1100 [ 504.497580][T11446] ? kmsan_get_metadata+0x116/0x180 [ 504.502839][T11446] __ia32_compat_sys_ioctl+0x4a/0x70 [ 504.508190][T11446] __do_fast_syscall_32+0x2af/0x480 [ 504.513477][T11446] do_fast_syscall_32+0x6b/0xd0 [ 504.518417][T11446] do_SYSENTER_32+0x73/0x90 [ 504.524461][T11446] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 504.530822][T11446] RIP: 0023:0xf7f4a549 [ 504.534907][T11446] Code: Bad RIP value. [ 504.539003][T11446] RSP: 002b:00000000f55440cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 504.547556][T11446] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 504.555567][T11446] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 504.563576][T11446] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 504.571588][T11446] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 504.579600][T11446] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 504.588262][T11446] Mem-Info: [ 504.591628][T11446] active_anon:100332 inactive_anon:4875 isolated_anon:0 [ 504.591628][T11446] active_file:2693 inactive_file:21863 isolated_file:0 [ 504.591628][T11446] unevictable:0 dirty:17 writeback:0 [ 504.591628][T11446] slab_reclaimable:6595 slab_unreclaimable:20699 [ 504.591628][T11446] mapped:58235 shmem:5064 pagetables:2843 bounce:0 [ 504.591628][T11446] free:114260 free_pcp:0 free_cma:0 [ 504.628640][T11446] Node 0 active_anon:391824kB inactive_anon:19444kB active_file:4kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118272kB dirty:4kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 243712kB writeback_tmp:0kB all_unreclaimable? no [ 504.656114][T11446] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 504.685147][T11446] lowmem_reserve[]: 0 896 1124 1124 1124 [ 504.690975][T11446] Node 0 DMA32 free:39336kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:372996kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:656kB pagetables:1904kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 504.722312][T11446] lowmem_reserve[]: 0 0 228 228 228 [ 504.727612][T11446] Node 0 Normal free:10792kB min:11944kB low:14416kB high:16888kB reserved_highatomic:0KB active_anon:19100kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2928kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 504.759238][T11446] lowmem_reserve[]: 0 0 0 0 0 [ 504.764019][T11446] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 504.776077][T11446] Node 0 DMA32: 492*4kB (ME) 338*8kB (UME) 288*16kB (UME) 185*32kB (UME) 107*64kB (ME) 49*128kB (ME) 18*256kB (M) 11*512kB (UM) 1*1024kB (M) 0*2048kB 0*4096kB = 39584kB [ 504.793229][T11446] Node 0 Normal: 912*4kB (UME) 395*8kB (UM) 148*16kB (UM) 54*32kB (UM) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11160kB [ 504.808220][T11446] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 504.818020][T11446] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 504.827559][T11446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 504.837308][T11446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 504.846739][T11446] 26854 total pagecache pages [ 504.851567][T11446] 0 pages in swap cache [ 504.855780][T11446] Swap cache stats: add 0, delete 0, find 0/0 [ 504.861996][T11446] Free swap = 0kB [ 504.865754][T11446] Total swap = 0kB [ 504.869616][T11446] 1965979 pages RAM [ 504.873461][T11446] 0 pages HighMem/MovableOnly [ 504.878170][T11446] 1433455 pages reserved [ 504.882551][T11446] 0 pages cma reserved [ 504.886704][T11446] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=11635,uid=0 [ 504.901606][T11446] Out of memory: Killed process 11636 (syz-executor.1) total-vm:93044kB, anon-rss:152kB, file-rss:35752kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 504.921770][ T1904] oom_reaper: reaped process 11636 (syz-executor.1), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 11:53:32 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:32 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x0) 11:53:32 executing program 5: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) 11:53:32 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:32 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:32 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:32 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:32 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'streebog512-generic\x00'}, 0x58) r2 = accept4$alg(r1, 0x0, 0x0, 0x0) sendfile(r2, r0, 0x0, 0x0) 11:53:32 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) [ 506.225478][T11697] warn_alloc: 10 callbacks suppressed [ 506.225549][T11697] syz-executor.2: page allocation failure: order:4, mode:0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0,cpuset=/,mems_allowed=0-1 [ 506.245817][T11697] CPU: 0 PID: 11697 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 506.254544][T11697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 506.264629][T11697] Call Trace: [ 506.267992][T11697] dump_stack+0x21c/0x280 [ 506.272415][T11697] warn_alloc+0x4cc/0x680 [ 506.276837][T11697] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 506.282714][T11697] __alloc_pages_slowpath+0x3cb6/0x3d10 [ 506.288333][T11697] ? kmsan_get_metadata+0x116/0x180 [ 506.293608][T11697] ? kmsan_get_metadata+0x116/0x180 [ 506.298880][T11697] __alloc_pages_nodemask+0xbb1/0x1030 [ 506.304420][T11697] alloc_pages_current+0x685/0xb50 [ 506.309618][T11697] ion_page_pool_alloc+0x73d/0x8f0 [ 506.314788][T11697] ? __msan_poison_alloca+0xf0/0x120 [ 506.320133][T11697] ? kmsan_get_metadata+0x116/0x180 [ 506.325416][T11697] ion_system_heap_allocate+0x5a2/0x16b0 [ 506.331148][T11697] ? ion_system_contig_heap_create+0x230/0x230 [ 506.337361][T11697] ion_ioctl+0x8cd/0x2140 [ 506.341809][T11697] ? debug_shrink_set+0x240/0x240 [ 506.346891][T11697] compat_ptr_ioctl+0xe2/0x150 [ 506.351716][T11697] ? __ia32_sys_ioctl+0x70/0x70 [ 506.356640][T11697] __se_compat_sys_ioctl+0x55f/0x1100 [ 506.362123][T11697] ? kmsan_get_metadata+0x116/0x180 [ 506.367395][T11697] __ia32_compat_sys_ioctl+0x4a/0x70 [ 506.372753][T11697] __do_fast_syscall_32+0x2af/0x480 [ 506.378028][T11697] do_fast_syscall_32+0x6b/0xd0 [ 506.382946][T11697] do_SYSENTER_32+0x73/0x90 [ 506.387525][T11697] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 506.393904][T11697] RIP: 0023:0xf7f05549 [ 506.397991][T11697] Code: Bad RIP value. [ 506.402089][T11697] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 506.410558][T11697] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 506.418571][T11697] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 506.426587][T11697] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 506.434594][T11697] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 506.442611][T11697] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 506.451201][T11697] Mem-Info: [ 506.454508][T11697] active_anon:99247 inactive_anon:4876 isolated_anon:0 [ 506.454508][T11697] active_file:2693 inactive_file:21878 isolated_file:3 [ 506.454508][T11697] unevictable:0 dirty:10 writeback:0 [ 506.454508][T11697] slab_reclaimable:6595 slab_unreclaimable:20699 [ 506.454508][T11697] mapped:58241 shmem:5064 pagetables:2857 bounce:0 [ 506.454508][T11697] free:114137 free_pcp:3 free_cma:0 [ 506.491665][T11697] Node 0 active_anon:387512kB inactive_anon:19444kB active_file:4kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):12kB mapped:118296kB dirty:0kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 237568kB writeback_tmp:0kB all_unreclaimable? no [ 506.519425][T11697] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 506.548493][T11697] lowmem_reserve[]: 0 896 1124 1124 1124 [ 506.554401][T11697] Node 0 DMA32 free:40056kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:368708kB inactive_anon:872kB active_file:0kB inactive_file:92kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:656kB pagetables:1904kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 506.585852][T11697] lowmem_reserve[]: 0 0 228 228 228 [ 506.591274][T11697] Node 0 Normal free:9900kB min:11944kB low:14416kB high:16888kB reserved_highatomic:0KB active_anon:18804kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2928kB bounce:0kB free_pcp:60kB local_pcp:0kB free_cma:0kB [ 506.622707][T11697] lowmem_reserve[]: 0 0 0 0 0 [ 506.627488][T11697] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 506.640371][T11697] Node 0 DMA32: 493*4kB (UME) 338*8kB (UME) 274*16kB (ME) 169*32kB (ME) 107*64kB (ME) 51*128kB (UME) 18*256kB (M) 10*512kB (M) 0*1024kB 1*2048kB (M) 0*4096kB = 39620kB [ 506.657475][T11697] Node 0 Normal: 840*4kB (UME) 355*8kB (UM) 125*16kB (UM) 46*32kB (UM) 3*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9864kB [ 506.672460][T11697] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 506.682226][T11697] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 506.691687][T11697] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 506.701408][T11697] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 506.710844][T11697] 26860 total pagecache pages [ 506.715565][T11697] 0 pages in swap cache [ 506.719883][T11697] Swap cache stats: add 0, delete 0, find 0/0 [ 506.725990][T11697] Free swap = 0kB [ 506.729852][T11697] Total swap = 0kB [ 506.733261][T11694] syz-executor.1 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 506.733634][T11697] 1965979 pages RAM [ 506.746242][T11694] CPU: 1 PID: 11694 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 506.750041][T11697] 0 pages HighMem/MovableOnly [ 506.758726][T11694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 506.763423][T11697] 1433455 pages reserved [ 506.773522][T11694] Call Trace: [ 506.773604][T11694] dump_stack+0x21c/0x280 [ 506.773704][T11694] dump_header+0x1c5/0xcf0 [ 506.777900][T11697] 0 pages cma reserved [ 506.781229][T11694] oom_kill_process+0x388/0xb00 [ 506.781322][T11694] out_of_memory+0x117f/0x16a0 [ 506.803843][T11694] __alloc_pages_slowpath+0x303a/0x3d10 [ 506.809557][T11694] __alloc_pages_nodemask+0xbb1/0x1030 [ 506.815139][T11694] alloc_pages_current+0x685/0xb50 [ 506.820374][T11694] ion_page_pool_alloc+0x73d/0x8f0 [ 506.825602][T11694] ? __msan_poison_alloca+0xf0/0x120 [ 506.830978][T11694] ? kmsan_get_metadata+0x116/0x180 [ 506.836294][T11694] ion_system_heap_allocate+0x509/0x16b0 [ 506.842060][T11694] ? ion_system_contig_heap_create+0x230/0x230 [ 506.848308][T11694] ion_ioctl+0x8cd/0x2140 [ 506.852780][T11694] ? debug_shrink_set+0x240/0x240 [ 506.857888][T11694] compat_ptr_ioctl+0xe2/0x150 [ 506.862747][T11694] ? __ia32_sys_ioctl+0x70/0x70 [ 506.867687][T11694] __se_compat_sys_ioctl+0x55f/0x1100 [ 506.873173][T11694] ? kmsan_get_metadata+0x116/0x180 [ 506.878469][T11694] __ia32_compat_sys_ioctl+0x4a/0x70 [ 506.883882][T11694] __do_fast_syscall_32+0x2af/0x480 [ 506.889187][T11694] do_fast_syscall_32+0x6b/0xd0 [ 506.894136][T11694] do_SYSENTER_32+0x73/0x90 [ 506.898744][T11694] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 506.905132][T11694] RIP: 0023:0xf7f85549 [ 506.909234][T11694] Code: Bad RIP value. [ 506.913356][T11694] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 506.921850][T11694] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 506.929890][T11694] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 506.937926][T11694] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 506.945962][T11694] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 506.954001][T11694] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 506.962966][T11694] Mem-Info: [ 506.966268][T11694] active_anon:99182 inactive_anon:4876 isolated_anon:0 [ 506.966268][T11694] active_file:2693 inactive_file:21882 isolated_file:0 [ 506.966268][T11694] unevictable:0 dirty:4 writeback:0 [ 506.966268][T11694] slab_reclaimable:6595 slab_unreclaimable:20700 [ 506.966268][T11694] mapped:58241 shmem:5064 pagetables:2842 bounce:0 [ 506.966268][T11694] free:179535 free_pcp:169 free_cma:0 [ 507.003353][T11694] Node 0 active_anon:387240kB inactive_anon:19444kB active_file:4kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118296kB dirty:0kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 237568kB writeback_tmp:0kB all_unreclaimable? yes [ 507.031140][T11694] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 507.060282][T11694] lowmem_reserve[]: 0 896 1124 1124 1124 [ 507.066040][T11694] Node 0 DMA32 free:39620kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:368708kB inactive_anon:872kB active_file:0kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:656kB pagetables:1904kB bounce:0kB free_pcp:616kB local_pcp:616kB free_cma:0kB [ 507.097754][T11694] lowmem_reserve[]: 0 0 228 228 228 [ 507.103156][T11694] Node 0 Normal free:10224kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:18804kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2928kB bounce:0kB free_pcp:60kB local_pcp:60kB free_cma:0kB [ 507.134694][T11694] lowmem_reserve[]: 0 0 0 0 0 [ 507.139564][T11694] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 507.151799][T11694] Node 0 DMA32: 493*4kB (UME) 338*8kB (UME) 274*16kB (ME) 169*32kB (ME) 107*64kB (ME) 51*128kB (UME) 18*256kB (M) 10*512kB (M) 0*1024kB 1*2048kB (M) 0*4096kB = 39620kB [ 507.169414][T11694] Node 0 Normal: 840*4kB (UME) 355*8kB (UM) 125*16kB (UM) 46*32kB (UM) 3*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9864kB [ 507.184435][T11694] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 507.194210][T11694] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 507.203758][T11694] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 507.213529][T11694] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 507.222997][T11694] 26860 total pagecache pages [ 507.227713][T11694] 0 pages in swap cache [ 507.232085][T11694] Swap cache stats: add 0, delete 0, find 0/0 [ 507.238193][T11694] Free swap = 0kB [ 507.242149][T11694] Total swap = 0kB [ 507.245916][T11694] 1965979 pages RAM [ 507.249889][T11694] 0 pages HighMem/MovableOnly [ 507.254613][T11694] 1433455 pages reserved [ 507.258898][T11694] 0 pages cma reserved [ 507.263169][T11694] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=11679,uid=0 [ 507.278180][T11694] Out of memory: Killed process 11682 (syz-executor.0) total-vm:93044kB, anon-rss:2204kB, file-rss:35740kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 507.306069][ T1904] oom_reaper: reaped process 11682 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 11:53:34 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:34 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:35 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) [ 508.567586][T11446] syz-executor.4 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 508.580894][T11446] CPU: 0 PID: 11446 Comm: syz-executor.4 Not tainted 5.8.0-rc5-syzkaller #0 [ 508.589642][T11446] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 508.599752][T11446] Call Trace: [ 508.603140][T11446] dump_stack+0x21c/0x280 [ 508.607566][T11446] dump_header+0x1c5/0xcf0 [ 508.612090][T11446] oom_kill_process+0x388/0xb00 [ 508.617043][T11446] out_of_memory+0x117f/0x16a0 [ 508.621931][T11446] __alloc_pages_slowpath+0x303a/0x3d10 [ 508.627640][T11446] __alloc_pages_nodemask+0xbb1/0x1030 [ 508.633232][T11446] alloc_pages_current+0x685/0xb50 [ 508.638461][T11446] ion_page_pool_alloc+0x73d/0x8f0 [ 508.643691][T11446] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 508.649840][T11446] ? __list_add_valid+0xb8/0x420 [ 508.654869][T11446] ? kmsan_get_metadata+0x116/0x180 [ 508.660183][T11446] ion_system_heap_allocate+0x509/0x16b0 [ 508.665953][T11446] ? ion_system_contig_heap_create+0x230/0x230 [ 508.672241][T11446] ion_ioctl+0x8cd/0x2140 [ 508.676699][T11446] ? debug_shrink_set+0x240/0x240 [ 508.681808][T11446] compat_ptr_ioctl+0xe2/0x150 [ 508.686656][T11446] ? __ia32_sys_ioctl+0x70/0x70 [ 508.691585][T11446] __se_compat_sys_ioctl+0x55f/0x1100 [ 508.697063][T11446] ? kmsan_get_metadata+0x116/0x180 [ 508.702344][T11446] __ia32_compat_sys_ioctl+0x4a/0x70 [ 508.707737][T11446] __do_fast_syscall_32+0x2af/0x480 [ 508.713041][T11446] do_fast_syscall_32+0x6b/0xd0 [ 508.717979][T11446] do_SYSENTER_32+0x73/0x90 [ 508.722583][T11446] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 508.728974][T11446] RIP: 0023:0xf7f4a549 [ 508.733078][T11446] Code: Bad RIP value. [ 508.737198][T11446] RSP: 002b:00000000f55440cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 508.745691][T11446] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 508.753737][T11446] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 508.761770][T11446] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 508.769815][T11446] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 508.777846][T11446] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 508.785992][T11446] Mem-Info: [ 508.789341][T11446] active_anon:98608 inactive_anon:4876 isolated_anon:0 [ 508.789341][T11446] active_file:2691 inactive_file:21886 isolated_file:0 [ 508.789341][T11446] unevictable:0 dirty:2 writeback:0 [ 508.789341][T11446] slab_reclaimable:6595 slab_unreclaimable:20705 [ 508.789341][T11446] mapped:58235 shmem:5064 pagetables:2902 bounce:0 [ 508.789341][T11446] free:179068 free_pcp:76 free_cma:0 [ 508.826245][T11446] Node 0 active_anon:384824kB inactive_anon:19444kB active_file:0kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118324kB dirty:0kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 233472kB writeback_tmp:0kB all_unreclaimable? yes [ 508.853630][T11446] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 508.882666][T11446] lowmem_reserve[]: 0 896 1124 1124 1124 [ 508.888503][T11446] Node 0 DMA32 free:39084kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:366020kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:656kB pagetables:1904kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 508.920054][T11446] lowmem_reserve[]: 0 0 228 228 228 [ 508.925382][T11446] Node 0 Normal free:9376kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:18804kB inactive_anon:18572kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2928kB bounce:0kB free_pcp:56kB local_pcp:56kB free_cma:0kB [ 508.956860][T11446] lowmem_reserve[]: 0 0 0 0 0 [ 508.961714][T11446] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 508.973770][T11446] Node 0 DMA32: 508*4kB (UME) 349*8kB (ME) 285*16kB (UME) 171*32kB (ME) 111*64kB (UME) 52*128kB (UME) 19*256kB (UM) 11*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39112kB [ 508.990867][T11446] Node 0 Normal: 780*4kB (ME) 336*8kB (M) 119*16kB (UM) 46*32kB (UM) 3*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9376kB [ 509.005622][T11446] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 509.015318][T11446] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 509.024742][T11446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 509.034423][T11446] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 509.043816][T11446] 26872 total pagecache pages [ 509.048535][T11446] 0 pages in swap cache [ 509.052808][T11446] Swap cache stats: add 0, delete 0, find 0/0 [ 509.058989][T11446] Free swap = 0kB [ 509.062766][T11446] Total swap = 0kB [ 509.066529][T11446] 1965979 pages RAM [ 509.070442][T11446] 0 pages HighMem/MovableOnly [ 509.075154][T11446] 1433455 pages reserved [ 509.079504][T11446] 0 pages cma reserved [ 509.083631][T11446] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=11695,uid=0 [ 509.098499][T11446] Out of memory: Killed process 11697 (syz-executor.2) total-vm:93044kB, anon-rss:144kB, file-rss:35752kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 509.117336][ T1904] oom_reaper: reaped process 11697 (syz-executor.2), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 509.142397][T11715] syz-executor.1 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 509.155152][T11715] CPU: 1 PID: 11715 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 509.163882][T11715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 509.174070][T11715] Call Trace: [ 509.177436][T11715] dump_stack+0x21c/0x280 [ 509.181838][T11715] dump_header+0x1c5/0xcf0 [ 509.186326][T11715] oom_kill_process+0x388/0xb00 [ 509.191249][T11715] out_of_memory+0x117f/0x16a0 [ 509.196105][T11715] __alloc_pages_slowpath+0x303a/0x3d10 [ 509.201771][T11715] __alloc_pages_nodemask+0xbb1/0x1030 [ 509.207314][T11715] alloc_pages_current+0x685/0xb50 [ 509.212519][T11715] ion_page_pool_alloc+0x73d/0x8f0 [ 509.217690][T11715] ? __msan_poison_alloca+0xf0/0x120 [ 509.223038][T11715] ? kmsan_get_metadata+0x116/0x180 [ 509.228314][T11715] ion_system_heap_allocate+0x509/0x16b0 [ 509.234037][T11715] ? ion_system_contig_heap_create+0x230/0x230 [ 509.240272][T11715] ion_ioctl+0x8cd/0x2140 [ 509.244692][T11715] ? debug_shrink_set+0x240/0x240 [ 509.249890][T11715] compat_ptr_ioctl+0xe2/0x150 [ 509.254798][T11715] ? __ia32_sys_ioctl+0x70/0x70 [ 509.259703][T11715] __se_compat_sys_ioctl+0x55f/0x1100 [ 509.265144][T11715] ? kmsan_get_metadata+0x116/0x180 [ 509.270403][T11715] __ia32_compat_sys_ioctl+0x4a/0x70 [ 509.275757][T11715] __do_fast_syscall_32+0x2af/0x480 [ 509.281029][T11715] do_fast_syscall_32+0x6b/0xd0 [ 509.285953][T11715] do_SYSENTER_32+0x73/0x90 [ 509.290562][T11715] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 509.296925][T11715] RIP: 0023:0xf7f85549 [ 509.301014][T11715] Code: Bad RIP value. [ 509.305112][T11715] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 509.313584][T11715] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 509.321604][T11715] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 509.329635][T11715] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 509.337646][T11715] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 509.345656][T11715] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 509.355782][T11715] Mem-Info: [ 509.359177][T11715] active_anon:98489 inactive_anon:4876 isolated_anon:0 [ 509.359177][T11715] active_file:2691 inactive_file:21886 isolated_file:0 [ 509.359177][T11715] unevictable:0 dirty:2 writeback:0 [ 509.359177][T11715] slab_reclaimable:6595 slab_unreclaimable:20705 [ 509.359177][T11715] mapped:58235 shmem:5064 pagetables:2877 bounce:0 [ 509.359177][T11715] free:179147 free_pcp:82 free_cma:0 [ 509.396212][T11715] Node 0 active_anon:384484kB inactive_anon:19444kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118328kB dirty:4kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 233472kB writeback_tmp:0kB all_unreclaimable? no [ 509.423596][T11715] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 509.452705][T11715] lowmem_reserve[]: 0 896 1124 1124 1124 [ 509.458443][T11715] Node 0 DMA32 free:39344kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:365680kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:656kB pagetables:1904kB bounce:0kB free_pcp:316kB local_pcp:316kB free_cma:0kB [ 509.490078][T11715] lowmem_reserve[]: 0 0 228 228 228 [ 509.495382][T11715] Node 0 Normal free:9432kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:18804kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2928kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 509.526759][T11715] lowmem_reserve[]: 0 0 0 0 0 [ 509.531686][T11715] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 509.543796][T11715] Node 0 DMA32: 508*4kB (UME) 350*8kB (UME) 286*16kB (ME) 171*32kB (ME) 111*64kB (UME) 52*128kB (UME) 18*256kB (M) 10*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 39392kB [ 509.561046][T11715] Node 0 Normal: 780*4kB (ME) 337*8kB (UM) 122*16kB (UM) 46*32kB (UM) 3*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9432kB [ 509.575944][T11715] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 509.585707][T11715] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 509.595204][T11715] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 509.604961][T11715] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 509.614444][T11715] 26882 total pagecache pages [ 509.619282][T11715] 0 pages in swap cache [ 509.623493][T11715] Swap cache stats: add 0, delete 0, find 0/0 [ 509.629711][T11715] Free swap = 0kB [ 509.633467][T11715] Total swap = 0kB [ 509.637230][T11715] 1965979 pages RAM [ 509.641209][T11715] 0 pages HighMem/MovableOnly [ 509.645931][T11715] 1433455 pages reserved [ 509.650317][T11715] 0 pages cma reserved [ 509.654442][T11715] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=11700,uid=0 11:53:36 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 509.669384][T11715] Out of memory: Killed process 11701 (syz-executor.4) total-vm:93044kB, anon-rss:144kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 509.734824][ T1904] oom_reaper: reaped process 11701 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 11:53:36 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xff0f, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0) 11:53:36 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 509.967703][T11719] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 11:53:36 executing program 4: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 510.105713][T11754] bond1: (slave macvlan2): Opening slave failed [ 510.453712][T11721] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 510.524935][T11754] device bond1 entered promiscuous mode [ 510.532251][T11754] 8021q: adding VLAN 0 to HW filter on device macvlan2 11:53:37 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) [ 510.751835][T11754] device bond1 left promiscuous mode 11:53:37 executing program 4: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 511.424055][T11721] bond1: (slave macvlan2): Error -98 calling set_mac_address 11:53:38 executing program 5: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) 11:53:38 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xff0f, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0) 11:53:38 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:38 executing program 4: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 512.306690][T11797] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 512.547453][T11798] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 512.560432][T11798] CPU: 1 PID: 11798 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 512.569170][T11798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 512.579282][T11798] Call Trace: [ 512.582676][T11798] dump_stack+0x21c/0x280 [ 512.587114][T11798] dump_header+0x1c5/0xcf0 [ 512.591647][T11798] oom_kill_process+0x388/0xb00 [ 512.596603][T11798] out_of_memory+0x117f/0x16a0 [ 512.601495][T11798] __alloc_pages_slowpath+0x303a/0x3d10 [ 512.607211][T11798] __alloc_pages_nodemask+0xbb1/0x1030 [ 512.612792][T11798] alloc_pages_current+0x685/0xb50 [ 512.618035][T11798] ion_page_pool_alloc+0x73d/0x8f0 [ 512.623255][T11798] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 512.629400][T11798] ? __list_add_valid+0xb8/0x420 [ 512.634431][T11798] ? kmsan_get_metadata+0x116/0x180 [ 512.639744][T11798] ion_system_heap_allocate+0x509/0x16b0 [ 512.645533][T11798] ? ion_system_contig_heap_create+0x230/0x230 [ 512.651783][T11798] ion_ioctl+0x8cd/0x2140 [ 512.656254][T11798] ? debug_shrink_set+0x240/0x240 [ 512.661367][T11798] compat_ptr_ioctl+0xe2/0x150 [ 512.666227][T11798] ? __ia32_sys_ioctl+0x70/0x70 [ 512.671162][T11798] __se_compat_sys_ioctl+0x55f/0x1100 [ 512.676648][T11798] ? kmsan_get_metadata+0x116/0x180 [ 512.681938][T11798] __ia32_compat_sys_ioctl+0x4a/0x70 [ 512.687323][T11798] __do_fast_syscall_32+0x2af/0x480 [ 512.692633][T11798] do_fast_syscall_32+0x6b/0xd0 [ 512.697584][T11798] do_SYSENTER_32+0x73/0x90 [ 512.702192][T11798] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 512.708601][T11798] RIP: 0023:0xf7f05549 [ 512.712707][T11798] Code: Bad RIP value. [ 512.716835][T11798] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 512.725333][T11798] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 512.733394][T11798] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 512.741433][T11798] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 512.749479][T11798] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 512.757620][T11798] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 512.766242][T11798] Mem-Info: [ 512.769643][T11798] active_anon:95312 inactive_anon:4876 isolated_anon:0 [ 512.769643][T11798] active_file:2693 inactive_file:22430 isolated_file:0 [ 512.769643][T11798] unevictable:0 dirty:52 writeback:0 [ 512.769643][T11798] slab_reclaimable:6595 slab_unreclaimable:20832 [ 512.769643][T11798] mapped:58271 shmem:5064 pagetables:2939 bounce:0 [ 512.769643][T11798] free:113395 free_pcp:113 free_cma:0 [ 512.806859][T11798] Node 0 active_anon:371416kB inactive_anon:19444kB active_file:4kB inactive_file:1868kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118384kB dirty:4kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 233472kB writeback_tmp:0kB all_unreclaimable? no [ 512.834782][T11798] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 512.863938][T11798] lowmem_reserve[]: 0 896 1124 1124 1124 [ 512.869791][T11798] Node 0 DMA32 free:39856kB min:40940kB low:50660kB high:60380kB reserved_highatomic:0KB active_anon:352636kB inactive_anon:872kB active_file:0kB inactive_file:1876kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:656kB pagetables:1904kB bounce:0kB free_pcp:552kB local_pcp:56kB free_cma:0kB [ 512.901574][T11798] lowmem_reserve[]: 0 0 228 228 228 [ 512.906916][T11798] Node 0 Normal free:9432kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:18804kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3520kB pagetables:2928kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 512.938283][T11798] lowmem_reserve[]: 0 0 0 0 0 [ 512.943253][T11798] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 512.955422][T11798] Node 0 DMA32: 539*4kB (UME) 376*8kB (UME) 305*16kB (ME) 180*32kB (UME) 117*64kB (UME) 54*128kB (ME) 18*256kB (M) 11*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 40444kB [ 512.972423][T11798] Node 0 Normal: 780*4kB (ME) 337*8kB (M) 122*16kB (M) 46*32kB (M) 3*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9432kB [ 512.987085][T11798] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 512.996843][T11798] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 513.006335][T11798] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 513.016083][T11798] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 513.025558][T11798] 26895 total pagecache pages [ 513.030506][T11798] 0 pages in swap cache [ 513.034738][T11798] Swap cache stats: add 0, delete 0, find 0/0 [ 513.040994][T11798] Free swap = 0kB [ 513.044754][T11798] Total swap = 0kB [ 513.048517][T11798] 1965979 pages RAM [ 513.052454][T11798] 0 pages HighMem/MovableOnly [ 513.057163][T11798] 1433455 pages reserved [ 513.060039][T11801] device bond2 entered promiscuous mode [ 513.061513][T11798] 0 pages cma reserved [ 513.068430][T11801] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 513.071184][T11798] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=11446,uid=0 11:53:39 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:39 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:39 executing program 5: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) [ 513.092860][T11798] Out of memory: Killed process 11446 (syz-executor.4) total-vm:93044kB, anon-rss:144kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 513.132466][ T1904] oom_reaper: reaped process 11446 (syz-executor.4), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 513.216595][ T8723] Bluetooth: hci3: command 0x0406 tx timeout 11:53:40 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 513.607576][T11801] device bond2 left promiscuous mode 11:53:40 executing program 5: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000280)={0x1f, 0xffff, 0x2}, 0x6) 11:53:40 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:40 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 514.071928][T11834] bond2: (slave macvlan2): Error -98 calling set_mac_address 11:53:41 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, 0x0, 0x0) 11:53:41 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xff0f, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0) 11:53:41 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:41 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, 0x0, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:41 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:41 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 515.090211][T11876] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 515.195459][T11879] device bond3 entered promiscuous mode [ 515.202806][T11879] 8021q: adding VLAN 0 to HW filter on device macvlan2 11:53:42 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, 0x0, 0x0) 11:53:42 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, 0x0, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 515.507941][T11879] device bond3 left promiscuous mode 11:53:42 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:43 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, 0x0, 0x0) 11:53:43 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:43 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:43 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0xff0f, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x4c}}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0) 11:53:43 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0x0, 0x2}, 0x6) 11:53:43 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, 0x0, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 517.300984][T11950] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 11:53:44 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) [ 517.629994][T11953] device bond4 entered promiscuous mode [ 517.637297][T11953] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 517.776306][T11953] device bond4 left promiscuous mode [ 517.784192][T11921] warn_alloc: 4 callbacks suppressed [ 517.784277][T11921] syz-executor.2: page allocation failure: order:4, mode:0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0,cpuset=/,mems_allowed=0-1 [ 517.804349][T11921] CPU: 1 PID: 11921 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 517.813082][T11921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 517.823203][T11921] Call Trace: [ 517.826598][T11921] dump_stack+0x21c/0x280 [ 517.831046][T11921] warn_alloc+0x4cc/0x680 [ 517.835532][T11921] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 517.841449][T11921] __alloc_pages_slowpath+0x3cb6/0x3d10 [ 517.847110][T11921] ? kmsan_get_metadata+0x116/0x180 [ 517.852427][T11921] ? kmsan_get_metadata+0x116/0x180 [ 517.857737][T11921] __alloc_pages_nodemask+0xbb1/0x1030 [ 517.863312][T11921] alloc_pages_current+0x685/0xb50 [ 517.868560][T11921] ion_page_pool_alloc+0x73d/0x8f0 [ 517.873769][T11921] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 517.879913][T11921] ? __list_add_valid+0xb8/0x420 [ 517.884945][T11921] ? kmsan_get_metadata+0x116/0x180 [ 517.890265][T11921] ion_system_heap_allocate+0x5a2/0x16b0 [ 517.896033][T11921] ? ion_system_contig_heap_create+0x230/0x230 [ 517.902281][T11921] ion_ioctl+0x8cd/0x2140 [ 517.906740][T11921] ? debug_shrink_set+0x240/0x240 [ 517.911847][T11921] compat_ptr_ioctl+0xe2/0x150 [ 517.916700][T11921] ? __ia32_sys_ioctl+0x70/0x70 [ 517.921630][T11921] __se_compat_sys_ioctl+0x55f/0x1100 [ 517.927111][T11921] ? kmsan_get_metadata+0x116/0x180 [ 517.932396][T11921] __ia32_compat_sys_ioctl+0x4a/0x70 [ 517.937782][T11921] __do_fast_syscall_32+0x2af/0x480 [ 517.943088][T11921] do_fast_syscall_32+0x6b/0xd0 [ 517.948063][T11921] do_SYSENTER_32+0x73/0x90 [ 517.952665][T11921] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 517.959051][T11921] RIP: 0023:0xf7f05549 [ 517.963156][T11921] Code: Bad RIP value. [ 517.967282][T11921] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 517.975776][T11921] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 517.983813][T11921] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 517.991849][T11921] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 517.999882][T11921] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 518.007921][T11921] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 518.017991][T11921] Mem-Info: [ 518.021392][T11921] active_anon:94534 inactive_anon:4859 isolated_anon:31 [ 518.021392][T11921] active_file:2698 inactive_file:21945 isolated_file:0 [ 518.021392][T11921] unevictable:0 dirty:76 writeback:0 [ 518.021392][T11921] slab_reclaimable:6599 slab_unreclaimable:20911 [ 518.021392][T11921] mapped:58269 shmem:5064 pagetables:3064 bounce:0 [ 518.021392][T11921] free:114218 free_pcp:38 free_cma:0 [ 518.058496][T11921] Node 0 active_anon:368424kB inactive_anon:19376kB active_file:12kB inactive_file:200kB unevictable:0kB isolated(anon):124kB isolated(file):0kB mapped:118428kB dirty:12kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 233472kB writeback_tmp:0kB all_unreclaimable? no [ 518.086442][T11921] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 518.115564][T11921] lowmem_reserve[]: 0 896 1124 1124 1124 [ 518.121432][T11921] Node 0 DMA32 free:39392kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:349632kB inactive_anon:872kB active_file:8kB inactive_file:124kB unevictable:0kB writepending:8kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:720kB pagetables:2268kB bounce:0kB free_pcp:204kB local_pcp:0kB free_cma:0kB [ 518.153068][T11921] lowmem_reserve[]: 0 0 228 228 228 [ 518.158370][T11921] Node 0 Normal free:13196kB min:11944kB low:14416kB high:16888kB reserved_highatomic:0KB active_anon:18972kB inactive_anon:18536kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3664kB pagetables:3104kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 518.189817][T11921] lowmem_reserve[]: 0 0 0 0 0 [ 518.194649][T11921] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 518.206768][T11921] Node 0 DMA32: 655*4kB (UME) 459*8kB (UME) 374*16kB (UME) 249*32kB (UME) 111*64kB (ME) 45*128kB (UME) 19*256kB (M) 4*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 40020kB [ 518.223675][T11921] Node 0 Normal: 721*4kB (UME) 394*8kB (UM) 180*16kB (UM) 112*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12500kB [ 518.238401][T11921] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 518.248160][T11921] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 518.257683][T11921] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 518.267441][T11921] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 518.276907][T11921] 26905 total pagecache pages [ 518.281749][T11921] 0 pages in swap cache [ 518.285963][T11921] Swap cache stats: add 0, delete 0, find 0/0 [ 518.292196][T11921] Free swap = 0kB [ 518.295965][T11921] Total swap = 0kB [ 518.299869][T11921] 1965979 pages RAM [ 518.303745][T11921] 0 pages HighMem/MovableOnly [ 518.308459][T11921] 1433455 pages reserved [ 518.312879][T11921] 0 pages cma reserved 11:53:45 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:45 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:45 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0x0, 0x2}, 0x6) 11:53:45 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) [ 518.819624][T11974] bond4: (slave macvlan2): Error -98 calling set_mac_address 11:53:45 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140), 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 519.545792][T12011] syz-executor.1 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 519.558974][T12011] CPU: 1 PID: 12011 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 519.567802][T12011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 519.577917][T12011] Call Trace: [ 519.581315][T12011] dump_stack+0x21c/0x280 [ 519.585757][T12011] dump_header+0x1c5/0xcf0 [ 519.590280][T12011] oom_kill_process+0x388/0xb00 [ 519.595240][T12011] out_of_memory+0x117f/0x16a0 [ 519.600142][T12011] __alloc_pages_slowpath+0x303a/0x3d10 [ 519.605848][T12011] __alloc_pages_nodemask+0xbb1/0x1030 [ 519.611434][T12011] alloc_pages_current+0x685/0xb50 [ 519.616670][T12011] ion_page_pool_alloc+0x73d/0x8f0 [ 519.621875][T12011] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 519.628022][T12011] ? __list_add_valid+0xb8/0x420 [ 519.633063][T12011] ? kmsan_get_metadata+0x116/0x180 [ 519.638374][T12011] ion_system_heap_allocate+0x509/0x16b0 [ 519.644230][T12011] ? ion_system_contig_heap_create+0x230/0x230 [ 519.650500][T12011] ion_ioctl+0x8cd/0x2140 [ 519.654965][T12011] ? debug_shrink_set+0x240/0x240 [ 519.660085][T12011] compat_ptr_ioctl+0xe2/0x150 [ 519.664943][T12011] ? __ia32_sys_ioctl+0x70/0x70 [ 519.669876][T12011] __se_compat_sys_ioctl+0x55f/0x1100 [ 519.675366][T12011] ? kmsan_get_metadata+0x116/0x180 [ 519.680662][T12011] __ia32_compat_sys_ioctl+0x4a/0x70 [ 519.686052][T12011] __do_fast_syscall_32+0x2af/0x480 [ 519.691477][T12011] do_fast_syscall_32+0x6b/0xd0 [ 519.696431][T12011] do_SYSENTER_32+0x73/0x90 [ 519.701041][T12011] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 519.707437][T12011] RIP: 0023:0xf7f85549 [ 519.711545][T12011] Code: Bad RIP value. [ 519.715664][T12011] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 519.724154][T12011] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 519.732187][T12011] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 519.740212][T12011] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 519.748221][T12011] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 519.756229][T12011] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 519.764436][T12011] Mem-Info: [ 519.767720][T12011] active_anon:94450 inactive_anon:4876 isolated_anon:0 [ 519.767720][T12011] active_file:2697 inactive_file:21919 isolated_file:0 [ 519.767720][T12011] unevictable:0 dirty:27 writeback:0 [ 519.767720][T12011] slab_reclaimable:6599 slab_unreclaimable:20912 11:53:46 executing program 3: write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000480)={0x0, 0xdc, "1cf3ae6d7eb87979ad633885e6ed9593f0844b27fee2f90e1f94cd685c762b0978f409b18cd964f341ea74fe444f3097d7773d6bd3215b232d069949e3b518c3ba85b0e1b4a7efa37b957d9730def0a6045029d9eb8647e2544660afadefe1ea454cd66133ad53e50de30be228e6bf4b0ad2c95576b05b3c1bdb07a3bfe0425c2d82344520fe70634e3d5705faded6c18f2bb2fcaedba80b4cd51b55eb83cab971e1732bfd01202aca7d3e26dc1162abcd1f92cd66ff017e9dd8e98b26a3a97ca2c171d8edbed840f3efd002879c31e4a020fc5b4035c9959266d2b5"}, &(0x7f0000000000)=0xe4) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 519.767720][T12011] mapped:58286 shmem:5064 pagetables:3063 bounce:0 [ 519.767720][T12011] free:47857 free_pcp:40 free_cma:0 [ 519.804702][T12011] Node 0 active_anon:368116kB inactive_anon:19444kB active_file:8kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118444kB dirty:8kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 233472kB writeback_tmp:0kB all_unreclaimable? no [ 519.832196][T12011] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 519.861318][T12011] lowmem_reserve[]: 0 896 1124 1124 1124 [ 519.867057][T12011] Node 0 DMA32 free:39416kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:349128kB inactive_anon:872kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:4kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:720kB pagetables:2188kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 519.898319][T12011] lowmem_reserve[]: 0 0 228 228 228 [ 519.903766][T12011] Node 0 Normal free:9536kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:19056kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3616kB pagetables:3228kB bounce:0kB free_pcp:152kB local_pcp:56kB free_cma:0kB [ 519.935289][T12011] lowmem_reserve[]: 0 0 0 0 0 11:53:46 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0x0, 0x2}, 0x6) [ 519.940181][T12011] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 519.952304][T12011] Node 0 DMA32: 634*4kB (UME) 426*8kB (UME) 344*16kB (UME) 230*32kB (UME) 102*64kB (ME) 38*128kB (ME) 18*256kB (UM) 5*512kB (UM) 0*1024kB 1*2048kB (M) 0*4096kB = 39416kB [ 519.969638][T12011] Node 0 Normal: 421*4kB (ME) 188*8kB (UM) 177*16kB (UM) 112*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9604kB [ 519.984241][T12011] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 519.993990][T12011] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 520.003480][T12011] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 520.013331][T12011] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 520.022814][T12011] 26911 total pagecache pages [ 520.027535][T12011] 0 pages in swap cache [ 520.031882][T12011] Swap cache stats: add 0, delete 0, find 0/0 [ 520.037987][T12011] Free swap = 0kB [ 520.041894][T12011] Total swap = 0kB [ 520.045652][T12011] 1965979 pages RAM [ 520.049618][T12011] 0 pages HighMem/MovableOnly [ 520.054330][T12011] 1433455 pages reserved [ 520.058745][T12011] 0 pages cma reserved [ 520.062862][T12011] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=11921,uid=0 [ 520.077819][T12011] Out of memory: Killed process 11921 (syz-executor.2) total-vm:93176kB, anon-rss:2192kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 520.099937][ T1904] oom_reaper: reaped process 11921 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 11:53:46 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) [ 520.537661][T12021] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 520.551155][T12021] CPU: 0 PID: 12021 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 520.559898][T12021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 520.570019][T12021] Call Trace: [ 520.573430][T12021] dump_stack+0x21c/0x280 [ 520.577867][T12021] dump_header+0x1c5/0xcf0 [ 520.582394][T12021] oom_kill_process+0x388/0xb00 [ 520.587359][T12021] out_of_memory+0x117f/0x16a0 [ 520.592251][T12021] __alloc_pages_slowpath+0x303a/0x3d10 [ 520.597967][T12021] __alloc_pages_nodemask+0xbb1/0x1030 [ 520.603561][T12021] alloc_pages_current+0x685/0xb50 [ 520.608802][T12021] ion_page_pool_alloc+0x73d/0x8f0 [ 520.614023][T12021] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 520.620181][T12021] ? __list_add_valid+0xb8/0x420 [ 520.625213][T12021] ? kmsan_get_metadata+0x116/0x180 [ 520.630513][T12021] ion_system_heap_allocate+0x509/0x16b0 [ 520.636276][T12021] ? ion_system_contig_heap_create+0x230/0x230 [ 520.642490][T12021] ion_ioctl+0x8cd/0x2140 [ 520.646913][T12021] ? debug_shrink_set+0x240/0x240 [ 520.651991][T12021] compat_ptr_ioctl+0xe2/0x150 [ 520.656814][T12021] ? __ia32_sys_ioctl+0x70/0x70 [ 520.661720][T12021] __se_compat_sys_ioctl+0x55f/0x1100 [ 520.667166][T12021] ? kmsan_get_metadata+0x116/0x180 [ 520.672437][T12021] __ia32_compat_sys_ioctl+0x4a/0x70 [ 520.677787][T12021] __do_fast_syscall_32+0x2af/0x480 [ 520.683062][T12021] do_fast_syscall_32+0x6b/0xd0 [ 520.687977][T12021] do_SYSENTER_32+0x73/0x90 [ 520.692551][T12021] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 520.698913][T12021] RIP: 0023:0xf7f05549 [ 520.702996][T12021] Code: Bad RIP value. [ 520.707094][T12021] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 520.715561][T12021] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 520.723574][T12021] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 520.731598][T12021] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 520.739605][T12021] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 520.747609][T12021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 520.755853][T12021] Mem-Info: [ 520.759218][T12021] active_anon:93971 inactive_anon:4875 isolated_anon:0 [ 520.759218][T12021] active_file:2696 inactive_file:21925 isolated_file:0 [ 520.759218][T12021] unevictable:0 dirty:43 writeback:17 [ 520.759218][T12021] slab_reclaimable:6599 slab_unreclaimable:20932 [ 520.759218][T12021] mapped:58292 shmem:5064 pagetables:3073 bounce:0 [ 520.759218][T12021] free:113292 free_pcp:139 free_cma:0 [ 520.796378][T12021] Node 0 active_anon:366012kB inactive_anon:19444kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118468kB dirty:4kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 231424kB writeback_tmp:0kB all_unreclaimable? yes [ 520.823775][T12021] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 520.852814][T12021] lowmem_reserve[]: 0 896 1124 1124 1124 [ 520.858613][T12021] Node 0 DMA32 free:39804kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:346972kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:720kB pagetables:2184kB bounce:0kB free_pcp:356kB local_pcp:260kB free_cma:0kB [ 520.890146][T12021] lowmem_reserve[]: 0 0 228 228 228 [ 520.895446][T12021] Node 0 Normal free:9604kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:19040kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3568kB pagetables:3116kB bounce:0kB free_pcp:200kB local_pcp:144kB free_cma:0kB [ 520.926978][T12021] lowmem_reserve[]: 0 0 0 0 0 11:53:47 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 520.931829][T12021] Node 0 DMA: 0*4kB 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 1*2048kB (U) 0*4096kB = 4088kB [ 520.946749][T12021] Node 0 DMA32: 571*4kB (UME) 426*8kB (UME) 344*16kB (UME) 230*32kB (UME) 102*64kB (ME) 39*128kB (UME) 18*256kB (UM) 4*512kB (M) 1*1024kB (U) 1*2048kB (M) 0*4096kB = 39804kB [ 520.964372][T12021] Node 0 Normal: 421*4kB (ME) 188*8kB (UM) 177*16kB (UM) 112*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9604kB [ 520.978910][T12021] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 520.988639][T12021] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 520.997991][T12021] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 521.007719][T12021] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 521.017155][T12021] 26916 total pagecache pages [ 521.022006][T12021] 0 pages in swap cache [ 521.026220][T12021] Swap cache stats: add 0, delete 0, find 0/0 [ 521.032436][T12021] Free swap = 0kB [ 521.036198][T12021] Total swap = 0kB [ 521.040088][T12021] 1965979 pages RAM [ 521.043933][T12021] 0 pages HighMem/MovableOnly [ 521.048759][T12021] 1433455 pages reserved [ 521.053041][T12021] 0 pages cma reserved [ 521.057163][T12021] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=12010,uid=0 [ 521.072192][T12021] Out of memory: Killed process 12011 (syz-executor.1) total-vm:93044kB, anon-rss:152kB, file-rss:35748kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:53:47 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff}, 0x6) [ 521.091665][ T1904] oom_reaper: reaped process 12011 (syz-executor.1), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 11:53:47 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, 0x0, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:47 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff}, 0x6) 11:53:48 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000080)={0x0, 0x3}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, 0x0, &(0x7f0000000000)=0x8) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0xffffffffffff964d, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:53:49 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:49 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff}, 0x6) 11:53:49 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:49 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, 0x0, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:49 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000080)={0x0, 0x3}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, 0x0, &(0x7f0000000000)=0x8) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0xffffffffffff964d, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:53:49 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140), 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:50 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000000), 0x6) socket$tipc(0x1e, 0x2, 0x0) socket$bt_rfcomm(0x1f, 0x1, 0x3) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = socket(0xf, 0xd, 0xffffffff) bind$bt_hci(r3, &(0x7f0000000000)={0x1f, 0x3, 0x3}, 0x6) ioctl$BTRFS_IOC_RM_DEV(r1, 0x5000940b, &(0x7f0000001180)={{r2}, "5716fe11a13039209220b3fdd8d2cd49ad618ab938d29724a27c271b88cb3740e6c111c9e86ff55ec334ad9f0132d6b8ec28e8f8917d7fa135e553cc75bfa1d75bcaf4c0f172a9a5874d6c50bf898c9bfa1ac42f1bb6ab32ab84a5e8362db6a9e86364b94f8c214725de1f499b19b19da068d6eafa5d25e0fd9a38068d2f5ee1a99a4be4be92ade03b201017e091225d29653d5c4d509d14256fe8f8cf3b76fb3c895458b14b7dd103ea412a3e0570bb85137ca7091c553462045e2bc52b6566a40c16a8ecbc65c45098a41d2d50c7f17fb7996ed7a06125bea6febcc38317db4630e92681ffb25178c4b77534dfb95038bfcbfc1bcae5e29ccc29a0ea162857783eebba277cfe143dddba11db2b3798c49db661fc1535df727b085bc022c6e24fed397241f18c983f9c192f2bc98277465875ebecee95989e0b80358de79e5ca5bbb0aaddde0d8f4bd41e8262dc33116fa5938bf1288f274d5142eea0eff70bed80daa016987e41c9742c48726ad2ab9a2a3af98ac7540eb7d3d263e69c3f9051fe94015c90346778bf2d651b67eba830f6c805e0da04f4db84b85bfb9bdc6431af8307c098c6b93a7a1024ac41e769e349e0516bb627b9f75c0429f6e95cd279d740a7cb90990685780b4899048bd95db105967e863646e43c6c0dfb2c3cd28a495a1a5caa8263025b3076a311a2226edd4f35fe0bf594ee6ece9a13676901682350763a64a87691ed0ede3616c178170751a8703288968e7bf887672c528282cd6c98ac50a134742be8e142965df1f0416d1fef9df7cdb7065f591381889038ff87e0496683979297edf2f6721d3a32420382255885446e29857dc0a3a48b286db734bb2a492247014f1ac16e38a56d783a1373adbd20bdf090b513a9abb96dacf322697f2617426573d395bd552cb836f6267fdc316a4ccb8ca325bd3f477224b7b9788a808b4147d478e48837d67ff6de9ebd6bca723edf63465263ead0cd47032fde8dfd4d9717a6a042a787fc3b4fc13b05f17096a0bd7f9977f8e63474a996c4282b677166f5544c9f1d896538c8a5a76afabea8d3ea53ffb11a0cdfabc33500817cdcf87f30980ca08322ef15e4ca5a9290980b7af019d30a9b7c65842eb03d65d6f6d92e329925d72f1dd13a1b3b43390d765fda72e7ab645a72a421da67ee1ea1ee70926f7c9338ccd2c15003fba2ab2f491f64bb37d7091ec995781efd2afe236cc222283b60a9f73b6928deceb349f109bb9e505c103d88508892a6eb7b040045fcbdd720bb7e9621f111e298e010fe18c423c39a00bb3419fae869e1d4048d6b7d3e6b4dee7f58ceaeec06b0a8e208b1cddd84357567dc9324575996f4373cad93e66a27d5b0250f85fb07418df7329bb4206a7a8c3c8237d4fad0511ecb3958e856ce229a0063a1162b3caf769f2c2042f61f504ee77b82bb14bbd0654031b4f822e30f00419984ef288b15a0b6a835d35583598ff5fc569cc6568b95ea2c961d838538b3d89575da178ac42ec49c1cda159a4094521402a81b943598eebc7179bb0ae98bbc067ce081700f66f913360753a5da0d729a6eedca96e19dcac76d5c87b9fb3e1aafa38dfb7abd3694777b04eb267ee786319ea79a7941caffc6d619fbcefd031c31333d072659f099c3e1469396aa5c10b59073d86e4c3decec062c89d1daa6c4e90e9124e4f61ba43a6cd32c2af9ce2c9ff7e3a081009d926c09a2f45d6a8477203b7e5bdeaff00af0f6d0fafda3a4b3e27147573fab133be2f627011fb86189cb9735d81e5201b1f35a8ed10aa4f2d8862a62632c6a51372bbbf32eb3f5cdebfb249c367cf891eb879190865ac337db031eb0abbfcae984ad4eec9b2b0e82cf6ae7dfb2db793a71c03ca092ac6444640f0a9ba6c9e527a3b77190e2d60cb50d776caa131e91e41eaefc0cc7a05e20ca2746a5096a301b0f4d072c435360e72ed84087d2aacdb4d971d8b0887b4a00f1cf3195f8193f9b1b32eee57c086b606d7fb06a000fc8775dec3b6e118fb3fa6694e8beaf3c6ee66a3a16ea2a994cf402e2249205cd8d0cd5ea57845ddde8c8492a3ddc7f342814a7880e700ae8f11a42a5329fd1a04df05ec9cf3aa926e16da1b395f845638c985aecc5fa5d667ae21001d1f1a026ee9819eb8ad92fb2ec95e6bf41fe116b43a95a47e779b9b225c96816376687611f6e51f3623da55dcadf431905fe9d1f134cd5f5263324ed197a6e04a220bacf5b34978ef741267cd247a58728730f4b342ab90eb3b858283917aa6139670662a66aba583aa944e6385ebee2a503da1f3a7f4547a6d37cccc85f2d76826e6d929bd453e8490f09c66dfaf4060bda5bee9c75fac00c2b98e8f8b3e54ac1770fab0ccf49ac19d62342c2b76ac16c0002d689461d0bb031a87372e3958b0eb285b18e808bc3a14d665c6f835bd04e7bc9e477f975f2146e63276cd8e6f43673d96fa6f8fa3d8921ab16ce3fd03e7d574408d1b3afca8446f2f1842f4021a6f90f6315851d093c54575d055aabbbc285b7249e936ce03bc7518a8627e923027d3ada3666eee2548324c6d06fa781aa7476d0f3cf5e5ce4580da05a6e84f6fc7746f55ebf6011d71c5b250dd1dcf8d0395592edad36488151cff78776397d0d52d573789f7cf0396fac86db2ee4955c5e043cde9ffca6dfcc3aca41fb9599e5c4b386de0569c9f5f4c0d6f8d7e2fde06a4e206e150fc5a885b09c73d13e5815157601b7829d9e777dbc7abe0569f3c12d2123ca9eb3675b15e2eae321d734e8b3a50c40ba622d59b85decc7d3cbc3644f3a575c5b3465357afeeed8ba844ca08010c2feb69491240253df2fd7395374e7ded97e6e6f572ac590bca5823937d26615f3453f9a19059b301d8ba391f3f494d8b53bee23f5e6ff623659c7a7146849375b7377412cc8341c0c7a83564dab23becdecb2dc49353f6dbb338067b848a9526b06d45194f7cd68e61b4c577afc62f68bd7fa67c3b8113866fe3156919068e39a762501967d692d5de62904d56af222d15044441cfbe4bf23aa30925ee3852905aa84159b9783e3c7d2b4fa8ffc19e2da5066db841d9a39a95405a30606ce0282e3195966cc2461ab2c70905157d0a5f5926866a35ac890c88d84f6ee109ffb1b49a1037d38c3d3e08b85020801d585264bf4494e32d2e2d62cb0437d743e406be8ccc18f27fb6ead37f877a1bcbdeb4c931521facb8492eaa9c71b882e4e0852731044a638d43c9f3a634b4b4aad0ea300205c33f4887d1995bb6633405af0483996be7170afe3d930cfbabb82cc71a334596c78a0a1a4c20475c1e06f56398d0cbdf05aa079483f6fe24aebfe3b9bd69b46f6f78d06307e6c395693ce54c0fce583b529486f36d7fa6a129258e1f369c160480313b74363c3d40c58598eb9f240f8c5ee9172b4b3f3098c76b6f12684732e7b1212dd78428633c5d2ac583eefab2d5eacbe722c27578b4d2457d6c689f81d9667b9a297d94aa961c9c00356812376fec3025f056f67892ad6ba4b6a3d17de3ae941eb49b2e598511893a05c12a62ef229b880f250eb3c75ec0324dbb43d2725d6a59efd262fd597ef1e7837a951fd09e328eda75d895d2e769d1139eb734b452d5adee07c599c90a504a899d676cce3c0822ee0d975c9209bad3f49c803bee35ff28171e18fc460dfbed5aba07b6dade05f7e7b233174cceca6ff13df1046f4c2c0b66d8d7f09fc50862f5826a7bf88f9c3191b6121fd2c4b27a70afbea08799b29aba6909ea17f7bdc903d66e1038d11382fc3bee71a22b77b175ca5a51d41fa2eff2ee8335bc1d420095c2c59c4c272df7ac4948fddadc235a2e316e912f016bef6d92a58ad1cdd8d3a703daffab313d0e6ff7e034e7eccbce2d5a6c56792faa7c183b09ffae80e5ce45014c12c79d16c25b31b66e0844b10df9bfce3d9b310c3f12a47568e437cbb06a6bfcd978ef2fa07492a97bf26efbfc46dc912b7a064abb8b535e1804b3f15992c828c77c87df05d986b025ba5917a89cee5cbbf1a159364040c8ab84795daeeaa3295c44e0b5a612ea9da07661c9ca9213fb69d687864f26924eb4cfdfb3aae5286ef54ec2c96fc55a7f0cb5446fd95d3594704f27d814033b11d87316ca617f04392a97aea4a0d84d65f595d02474d3471c04d7b2db2ddf2c833a8fa910eb5a569639577e174763e9ecb7d46c00fbbe0f8724fbc507910f930cde6717c16f59ec89a9f3c3986f5cdd4956b4074bf80a4329ff8fdc7cb1449c2530fa7d75a75d5159f8b56246d5b7476b92b719eff8268c3423c3f8baee568394f2cb3b21f4ecf472a42867183f01881d2a3b39a5382909fdc64fe479492e194d3f889e7f315469140117aa2c3b0271dbf0c56068a80d64360c6600a6839dfa4605153a2532606cc14bdebd39685b5f049ffa54bb9b6a2e85abb9af3a958885d7e72f68495d453733cbf8090660c4ff2811ac39a0c749ac6d23481470a7779af44807059ef976b49252ac575ac621aa87a3d23deabf0e0f30175086d6bbcef149bbf381cd7f3eeafdf6d2edbac2e00233c0094a1912194b5af57583898e104bda8c7cdcdf067e188b8fb48806995721a2efa31982320f189d1133a66e42c856c7515e61c04fde785352b0936f78fd230dc75c723efb71b7a33e0868564d82f41d17bff91a75cafc28805af1f067279f717fceee8d38765b95a1a5944685c1b712fee8140d5c4bf3f999078cf2d9310e4e351c545c9c8bc0cf9d30b22644660c718a71ab3ebdb949870da98cd301a554685e49d6382ef23eaa5c7cdadc4c1cc0b7f8c7c60516075707fe8ad95fbf3821f1da562b549039e662adc232c491b413172cd5ad93439f6263e9ab17274c9e27c0be912ebe2be7d3609404058dab16ea461c2d3fecc562376b8501103ce9a66ca1b01dbd5c5f932a54d47e693cd1552ec7039fbcf50e4a8840a9c84ef35ed88f488fd0ecb63c3c1298caa79cac09d468fa25f67d8b0136483324cfd85746903e4c6d3172d6a386fa7d3b159c2fafc613a0f25183b0e4c885422114555282f00a247dd887805de7250ff589753df393630b0dc6f6241c17af65e38975744e3765663f48a291fbb9fde5b9750f7787dd9bd1af289451936549fd7d5af6646b29855a473381541b251374d2d2c39519ddd429eaf3227cfe2e10052d57e2f4128dc875518a68c55cb9094df77a57fe6dd7139003ec9d4e5590b7c57ed9fa51aab546e43ce5e8b6611e88a91f4f314d7dd90a1b8a4070d8db46f3f7d3253432abb56f8e53d118671aa196c6f64ced84c9f1d08d40633d40843eaaa7ab88ce38f66ae9dcd75f956fd63cf0ce6535120252cdb46c1cdc63d13c8910766f93bb96942637d9fa3fef0ee2158e84e15018c05ea140c94066e7999f76d4ad0d668e25adb001fe2d7f3e62b762e100c1d5ac5bfbea21ad0410f209c26cffb221293fe380cbea3a6c5c28c673ea9002c8942cd4ed3b6a733d9bbad19d7d71a113c1dd51a14c2818f95f11bed75e51627dc84ce6db82c906da16220e8c9170b91688670a2aeb84e728c3172fd93a22099e24d4e5cd539c16aa7ddec561e879c8db383c7e42d3e3851a8587dbfc0eea3ed31856cd536009bf3276c4420675eed24e0be65dfe93f1d3d76158a9fc7d074487f974c88fa2100"}) ioctl$sock_SIOCSIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000080)) bind$bt_hci(r0, &(0x7f0000000000), 0x6) bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000580)={0xa, 0x0, 0x0, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x1c) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f00000002c0)=[@in={0x2, 0x4e23, @empty}, @in6={0xa, 0x4e21, 0x1000, @private1, 0x3}], 0x2c) ioctl$sock_bt_cmtp_CMTPCONNADD(0xffffffffffffffff, 0x400443c8, &(0x7f0000000240)={0xffffffffffffffff, 0x7}) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r3, 0x89f9, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'sit0\x00', 0x0, 0x29, 0x8, 0x3c, 0x4293, 0x2, @private0={0xfc, 0x0, [], 0x1}, @private0={0xfc, 0x0, [], 0x1}, 0x20, 0x20, 0x91b9}}) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000000c0)={'security\x00'}, &(0x7f0000000280)=0x54) ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000040)='\'') [ 523.929306][T12092] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 523.942255][T12092] CPU: 1 PID: 12092 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 523.951080][T12092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 523.961171][T12092] Call Trace: [ 523.964537][T12092] dump_stack+0x21c/0x280 [ 523.968934][T12092] dump_header+0x1c5/0xcf0 [ 523.973419][T12092] oom_kill_process+0x388/0xb00 [ 523.978339][T12092] out_of_memory+0x117f/0x16a0 [ 523.983196][T12092] __alloc_pages_slowpath+0x303a/0x3d10 [ 523.988865][T12092] __alloc_pages_nodemask+0xbb1/0x1030 [ 523.994406][T12092] alloc_pages_current+0x685/0xb50 [ 523.999604][T12092] ion_page_pool_alloc+0x73d/0x8f0 [ 524.004780][T12092] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 524.010900][T12092] ? __list_add_valid+0xb8/0x420 [ 524.015896][T12092] ? kmsan_get_metadata+0x116/0x180 [ 524.021170][T12092] ion_system_heap_allocate+0x509/0x16b0 [ 524.026894][T12092] ? ion_system_contig_heap_create+0x230/0x230 [ 524.033108][T12092] ion_ioctl+0x8cd/0x2140 [ 524.037534][T12092] ? debug_shrink_set+0x240/0x240 [ 524.042608][T12092] compat_ptr_ioctl+0xe2/0x150 [ 524.047428][T12092] ? __ia32_sys_ioctl+0x70/0x70 [ 524.052330][T12092] __se_compat_sys_ioctl+0x55f/0x1100 [ 524.057779][T12092] ? kmsan_get_metadata+0x116/0x180 [ 524.063031][T12092] __ia32_compat_sys_ioctl+0x4a/0x70 [ 524.068385][T12092] __do_fast_syscall_32+0x2af/0x480 [ 524.073657][T12092] do_fast_syscall_32+0x6b/0xd0 [ 524.078583][T12092] do_SYSENTER_32+0x73/0x90 [ 524.083155][T12092] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 524.089520][T12092] RIP: 0023:0xf7f05549 [ 524.093605][T12092] Code: Bad RIP value. [ 524.097704][T12092] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 524.106175][T12092] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 524.114188][T12092] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 524.122198][T12092] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 524.130208][T12092] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 524.138216][T12092] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 524.146649][T12092] Mem-Info: [ 524.150051][T12092] active_anon:94974 inactive_anon:4876 isolated_anon:0 [ 524.150051][T12092] active_file:2700 inactive_file:21951 isolated_file:0 [ 524.150051][T12092] unevictable:0 dirty:13 writeback:17 [ 524.150051][T12092] slab_reclaimable:6601 slab_unreclaimable:20953 [ 524.150051][T12092] mapped:58294 shmem:5064 pagetables:3064 bounce:0 [ 524.150051][T12092] free:78434 free_pcp:301 free_cma:0 [ 524.187208][T12092] Node 0 active_anon:370176kB inactive_anon:19448kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118512kB dirty:4kB writeback:0kB shmem:20156kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 231424kB writeback_tmp:0kB all_unreclaimable? yes [ 524.214685][T12092] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 524.246047][T12092] lowmem_reserve[]: 0 896 1124 1124 1124 [ 524.251900][T12092] Node 0 DMA32 free:39776kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:351072kB inactive_anon:872kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:704kB pagetables:2084kB bounce:0kB free_pcp:716kB local_pcp:136kB free_cma:0kB [ 524.283557][T12092] lowmem_reserve[]: 0 0 228 228 228 [ 524.288949][T12092] Node 0 Normal free:11756kB min:11944kB low:14416kB high:16888kB reserved_highatomic:0KB active_anon:19116kB inactive_anon:18576kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3632kB pagetables:3320kB bounce:0kB free_pcp:608kB local_pcp:328kB free_cma:0kB [ 524.320717][T12092] lowmem_reserve[]: 0 0 0 0 0 [ 524.325600][T12092] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 524.337808][T12092] Node 0 DMA32: 619*4kB (UME) 415*8kB (UME) 340*16kB (UME) 228*32kB (UME) 111*64kB (UME) 39*128kB (UME) 18*256kB (UM) 8*512kB (UM) 1*1024kB (U) 0*2048kB 0*4096kB = 40356kB [ 524.355316][T12092] Node 0 Normal: 672*4kB (UME) 337*8kB (UM) 175*16kB (UM) 112*32kB (UM) 3*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12088kB [ 524.370796][T12092] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 524.380530][T12092] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 524.390006][T12092] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 524.399892][T12092] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 524.409304][T12092] 26946 total pagecache pages [ 524.414026][T12092] 0 pages in swap cache [ 524.418236][T12092] Swap cache stats: add 0, delete 0, find 0/0 [ 524.424435][T12092] Free swap = 0kB [ 524.428197][T12092] Total swap = 0kB [ 524.432058][T12092] 1965979 pages RAM [ 524.435908][T12092] 0 pages HighMem/MovableOnly [ 524.440697][T12092] 1433455 pages reserved [ 524.444984][T12092] 0 pages cma reserved [ 524.449203][T12092] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=12082,uid=0 [ 524.464093][T12092] Out of memory: Killed process 12085 (syz-executor.1) total-vm:93044kB, anon-rss:2196kB, file-rss:35748kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:53:51 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000080)={0x0, 0x3}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, 0x0, &(0x7f0000000000)=0x8) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0xffffffffffff964d, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 11:53:51 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 524.539660][ T1904] oom_reaper: reaped process 12085 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 11:53:51 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:51 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, 0x0, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:51 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0x0, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:51 executing program 3: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000), 0x6) ioctl$sock_bt_hci(r0, 0x400448e7, &(0x7f0000000040)='\'') 11:53:51 executing program 5: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000), 0x6) ioctl$sock_bt_hci(r0, 0x400448e6, &(0x7f0000000040)='\'') 11:53:52 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0x0, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:52 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0), 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:53 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140), 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:53 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010000d0700000000ff03000000000010", @ANYRES32=r2, @ANYBLOB="00000000e60000001c0012000c000100626f6e64"], 0x3c}}, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000250800000000000000000a000000", @ANYRES32=r5, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00\r'], 0x28}}, 0x0) [ 526.874563][T12136] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 526.978801][T12136] bridge0: port 3(bond5) entered blocking state [ 526.985353][T12136] bridge0: port 3(bond5) entered disabled state [ 526.995622][T12136] device bond5 entered promiscuous mode 11:53:53 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:53 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0x0, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:53 executing program 5: r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_QP_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x18, 0x140a, 0x307, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}}, 0x0) 11:53:53 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0), 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 527.247295][T12174] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 527.553124][T12172] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 527.565820][T12172] CPU: 0 PID: 12172 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 527.574551][T12172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 527.584660][T12172] Call Trace: [ 527.588060][T12172] dump_stack+0x21c/0x280 [ 527.592498][T12172] dump_header+0x1c5/0xcf0 [ 527.597035][T12172] oom_kill_process+0x388/0xb00 [ 527.602002][T12172] out_of_memory+0x117f/0x16a0 [ 527.606893][T12172] __alloc_pages_slowpath+0x303a/0x3d10 [ 527.612610][T12172] __alloc_pages_nodemask+0xbb1/0x1030 [ 527.618195][T12172] alloc_pages_current+0x685/0xb50 [ 527.623433][T12172] ion_page_pool_alloc+0x73d/0x8f0 [ 527.628672][T12172] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 527.634822][T12172] ? __list_add_valid+0xb8/0x420 [ 527.639866][T12172] ? kmsan_get_metadata+0x116/0x180 [ 527.645189][T12172] ion_system_heap_allocate+0x509/0x16b0 [ 527.650949][T12172] ? ion_system_contig_heap_create+0x230/0x230 [ 527.657204][T12172] ion_ioctl+0x8cd/0x2140 [ 527.661684][T12172] ? debug_shrink_set+0x240/0x240 [ 527.666789][T12172] compat_ptr_ioctl+0xe2/0x150 [ 527.671672][T12172] ? __ia32_sys_ioctl+0x70/0x70 [ 527.676613][T12172] __se_compat_sys_ioctl+0x55f/0x1100 [ 527.682097][T12172] ? kmsan_get_metadata+0x116/0x180 [ 527.687399][T12172] __ia32_compat_sys_ioctl+0x4a/0x70 [ 527.692778][T12172] __do_fast_syscall_32+0x2af/0x480 [ 527.698089][T12172] do_fast_syscall_32+0x6b/0xd0 [ 527.703041][T12172] do_SYSENTER_32+0x73/0x90 [ 527.707639][T12172] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 527.714032][T12172] RIP: 0023:0xf7f05549 [ 527.718137][T12172] Code: Bad RIP value. [ 527.722262][T12172] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 527.730757][T12172] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 527.738799][T12172] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 527.746845][T12172] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 527.754879][T12172] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 527.762909][T12172] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 527.771411][T12172] Mem-Info: [ 527.774747][T12172] active_anon:94445 inactive_anon:4876 isolated_anon:0 [ 527.774747][T12172] active_file:2700 inactive_file:21952 isolated_file:0 [ 527.774747][T12172] unevictable:0 dirty:16 writeback:0 [ 527.774747][T12172] slab_reclaimable:6599 slab_unreclaimable:20954 [ 527.774747][T12172] mapped:58312 shmem:5064 pagetables:3075 bounce:0 [ 527.774747][T12172] free:112803 free_pcp:464 free_cma:0 [ 527.811896][T12172] Node 0 active_anon:368056kB inactive_anon:19448kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118536kB dirty:8kB writeback:0kB shmem:20156kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 233472kB writeback_tmp:0kB all_unreclaimable? no [ 527.839431][T12172] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 527.868541][T12172] lowmem_reserve[]: 0 896 1124 1124 1124 [ 527.874273][T12172] Node 0 DMA32 free:39384kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:349048kB inactive_anon:872kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:720kB pagetables:2092kB bounce:0kB free_pcp:1408kB local_pcp:1128kB free_cma:0kB [ 527.906194][T12172] lowmem_reserve[]: 0 0 228 228 228 [ 527.911636][T12172] Node 0 Normal free:9408kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:19052kB inactive_anon:18576kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3648kB pagetables:3164kB bounce:0kB free_pcp:448kB local_pcp:108kB free_cma:0kB [ 527.943282][T12172] lowmem_reserve[]: 0 0 0 0 0 [ 527.948072][T12172] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 527.960252][T12172] Node 0 DMA32: 426*4kB (UME) 354*8kB (UME) 339*16kB (UME) 228*32kB (UME) 104*64kB (ME) 39*128kB (UME) 17*256kB (M) 6*512kB (M) 1*1024kB (U) 1*2048kB (M) 0*4096kB = 39400kB [ 527.977891][T12172] Node 0 Normal: 427*4kB (UME) 379*8kB (UM) 76*16kB (UM) 107*32kB (UM) 2*64kB (M) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9636kB [ 527.993150][T12172] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 528.002913][T12172] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 528.012416][T12172] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 528.022169][T12172] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 528.031638][T12172] 26947 total pagecache pages [ 528.036362][T12172] 0 pages in swap cache [ 528.040688][T12172] Swap cache stats: add 0, delete 0, find 0/0 [ 528.046864][T12172] Free swap = 0kB [ 528.050749][T12172] Total swap = 0kB 11:53:54 executing program 5: syz_emit_ethernet(0x66, &(0x7f0000000140)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "d64d4d", 0x30, 0x3a, 0x0, @remote, @mcast2, {[], @dest_unreach={0x2, 0x0, 0x0, 0x0, [], {0x0, 0x6, "499140", 0x0, 0x0, 0x0, @loopback, @mcast2}}}}}}}, 0x0) [ 528.054510][T12172] 1965979 pages RAM [ 528.058477][T12172] 0 pages HighMem/MovableOnly [ 528.063189][T12172] 1433455 pages reserved [ 528.067472][T12172] 0 pages cma reserved [ 528.071785][T12172] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=12171,uid=0 [ 528.086817][T12172] Out of memory: Killed process 12172 (syz-executor.2) total-vm:93044kB, anon-rss:2188kB, file-rss:35752kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 11:53:54 executing program 3: openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS3\x00', 0x1140, 0x0) [ 528.106252][ T1904] oom_reaper: reaped process 12172 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 11:53:55 executing program 0: syz_io_uring_setup(0x60c9, &(0x7f0000000280), &(0x7f00006d7000/0x3000)=nil, &(0x7f00006d9000/0x4000)=nil, 0x0, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x5522, 0x0) [ 528.513611][T12186] warn_alloc: 6 callbacks suppressed [ 528.513685][T12186] syz-executor.1: page allocation failure: order:4, mode:0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0,cpuset=/,mems_allowed=0-1 [ 528.533860][T12186] CPU: 0 PID: 12186 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 528.542599][T12186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 528.552705][T12186] Call Trace: [ 528.556096][T12186] dump_stack+0x21c/0x280 [ 528.560543][T12186] warn_alloc+0x4cc/0x680 [ 528.565014][T12186] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 528.570939][T12186] __alloc_pages_slowpath+0x3cb6/0x3d10 [ 528.576603][T12186] ? kmsan_get_metadata+0x116/0x180 [ 528.581924][T12186] ? kmsan_get_metadata+0x116/0x180 [ 528.587222][T12186] __alloc_pages_nodemask+0xbb1/0x1030 [ 528.592772][T12186] alloc_pages_current+0x685/0xb50 [ 528.597992][T12186] ion_page_pool_alloc+0x73d/0x8f0 [ 528.603170][T12186] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 528.609291][T12186] ? __list_add_valid+0xb8/0x420 [ 528.614298][T12186] ? kmsan_get_metadata+0x116/0x180 [ 528.619593][T12186] ion_system_heap_allocate+0x5a2/0x16b0 [ 528.625329][T12186] ? ion_system_contig_heap_create+0x230/0x230 [ 528.631542][T12186] ion_ioctl+0x8cd/0x2140 [ 528.635967][T12186] ? debug_shrink_set+0x240/0x240 [ 528.641042][T12186] compat_ptr_ioctl+0xe2/0x150 [ 528.645860][T12186] ? __ia32_sys_ioctl+0x70/0x70 [ 528.650762][T12186] __se_compat_sys_ioctl+0x55f/0x1100 [ 528.656210][T12186] ? kmsan_get_metadata+0x116/0x180 [ 528.661472][T12186] __ia32_compat_sys_ioctl+0x4a/0x70 [ 528.666837][T12186] __do_fast_syscall_32+0x2af/0x480 [ 528.672129][T12186] do_fast_syscall_32+0x6b/0xd0 [ 528.677043][T12186] do_SYSENTER_32+0x73/0x90 [ 528.681612][T12186] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 528.687973][T12186] RIP: 0023:0xf7f85549 [ 528.692158][T12186] Code: Bad RIP value. [ 528.696256][T12186] RSP: 002b:00000000f555e0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 528.704720][T12186] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 528.712902][T12186] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 528.720912][T12186] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 528.728921][T12186] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 528.736929][T12186] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 528.745380][T12186] Mem-Info: [ 528.748733][T12186] active_anon:93950 inactive_anon:4875 isolated_anon:0 [ 528.748733][T12186] active_file:2700 inactive_file:21961 isolated_file:0 [ 528.748733][T12186] unevictable:0 dirty:9 writeback:0 [ 528.748733][T12186] slab_reclaimable:6605 slab_unreclaimable:20936 [ 528.748733][T12186] mapped:58332 shmem:5064 pagetables:3070 bounce:0 [ 528.748733][T12186] free:78084 free_pcp:522 free_cma:0 [ 528.785689][T12186] Node 0 active_anon:365900kB inactive_anon:19440kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118548kB dirty:8kB writeback:0kB shmem:20152kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 231424kB writeback_tmp:0kB all_unreclaimable? yes [ 528.815731][T12186] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 528.844792][T12186] lowmem_reserve[]: 0 896 1124 1124 1124 [ 528.850639][T12186] Node 0 DMA32 free:39784kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:347000kB inactive_anon:868kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:704kB pagetables:2084kB bounce:0kB free_pcp:1416kB local_pcp:1128kB free_cma:0kB [ 528.882391][T12186] lowmem_reserve[]: 0 0 228 228 228 [ 528.887717][T12186] Node 0 Normal free:10684kB min:11944kB low:14416kB high:16888kB reserved_highatomic:0KB active_anon:18900kB inactive_anon:18572kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3568kB pagetables:3028kB bounce:0kB free_pcp:672kB local_pcp:348kB free_cma:0kB [ 528.919684][T12186] lowmem_reserve[]: 0 0 0 0 0 [ 528.924467][T12186] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 528.936584][T12186] Node 0 DMA32: 426*4kB (UME) 354*8kB (UME) 339*16kB (UME) 228*32kB (UME) 104*64kB (ME) 38*128kB (ME) 17*256kB (M) 7*512kB (UM) 1*1024kB (U) 1*2048kB (M) 0*4096kB = 39784kB [ 528.954208][T12186] Node 0 Normal: 625*4kB (UME) 394*8kB (UM) 94*16kB (UM) 109*32kB (UM) 1*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 10708kB [ 528.969179][T12186] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 528.978915][T12186] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 528.988377][T12186] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 528.997994][T12186] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 529.007435][T12186] 26956 total pagecache pages [ 529.012314][T12186] 0 pages in swap cache [ 529.016530][T12186] Swap cache stats: add 0, delete 0, find 0/0 [ 529.022760][T12186] Free swap = 0kB [ 529.026519][T12186] Total swap = 0kB [ 529.030392][T12186] 1965979 pages RAM [ 529.034281][T12186] 0 pages HighMem/MovableOnly [ 529.039098][T12186] 1433455 pages reserved [ 529.043377][T12186] 0 pages cma reserved 11:53:56 executing program 3: r0 = socket$kcm(0xa, 0x922000000003, 0x11) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340), 0xc) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100), 0xc) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={0x0, 0x16800000, 0x8}, 0xc) socket$kcm(0x29, 0x2, 0x0) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xa7, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x248000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x4030582a, &(0x7f0000000040)) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_type(r1, &(0x7f0000000140)='threaded\x00', 0x12000005f) 11:53:56 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0xc, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x18, 0xffffffd4, 0x0, 0x0, 0x10}}, &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48) 11:53:57 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0), 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:57 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:57 executing program 0: bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000340), 0xc) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xa7, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$cgroup_type(r0, &(0x7f0000000140)='threaded\x00', 0x12000005f) 11:53:57 executing program 3: sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f00000000c0), 0x4) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x32, 0x285) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) accept4$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @private0}, &(0x7f0000000100)=0x1c, 0x1000) getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) 11:53:57 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:58 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:59 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:59 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:59 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x420000015001}) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000240)={0x0, 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000200)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @private1}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000080)={'syztnl1\x00', 0x0}) 11:53:59 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:53:59 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 533.247567][T12240] syz-executor.1 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 533.260616][T12240] CPU: 0 PID: 12240 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 533.269357][T12240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 533.279469][T12240] Call Trace: [ 533.282883][T12240] dump_stack+0x21c/0x280 [ 533.287322][T12240] dump_header+0x1c5/0xcf0 [ 533.291868][T12240] oom_kill_process+0x388/0xb00 [ 533.296835][T12240] out_of_memory+0x117f/0x16a0 [ 533.301730][T12240] __alloc_pages_slowpath+0x303a/0x3d10 [ 533.307437][T12240] __alloc_pages_nodemask+0xbb1/0x1030 [ 533.313023][T12240] alloc_pages_current+0x685/0xb50 [ 533.318265][T12240] ion_page_pool_alloc+0x73d/0x8f0 [ 533.323476][T12240] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 533.329634][T12240] ? __list_add_valid+0xb8/0x420 [ 533.334667][T12240] ? kmsan_get_metadata+0x116/0x180 [ 533.339977][T12240] ion_system_heap_allocate+0x509/0x16b0 [ 533.345730][T12240] ? ion_system_contig_heap_create+0x230/0x230 [ 533.352068][T12240] ion_ioctl+0x8cd/0x2140 [ 533.356527][T12240] ? debug_shrink_set+0x240/0x240 [ 533.361631][T12240] compat_ptr_ioctl+0xe2/0x150 [ 533.366479][T12240] ? __ia32_sys_ioctl+0x70/0x70 [ 533.371416][T12240] __se_compat_sys_ioctl+0x55f/0x1100 [ 533.376893][T12240] ? kmsan_get_metadata+0x116/0x180 [ 533.382170][T12240] __ia32_compat_sys_ioctl+0x4a/0x70 [ 533.387557][T12240] __do_fast_syscall_32+0x2af/0x480 [ 533.392854][T12240] do_fast_syscall_32+0x6b/0xd0 [ 533.397798][T12240] do_SYSENTER_32+0x73/0x90 [ 533.402399][T12240] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 533.408781][T12240] RIP: 0023:0xf7f85549 [ 533.412885][T12240] Code: Bad RIP value. [ 533.416998][T12240] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 533.425487][T12240] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 533.433540][T12240] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 533.441579][T12240] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 533.449606][T12240] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 533.457636][T12240] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 533.466612][T12240] Mem-Info: [ 533.469984][T12240] active_anon:95102 inactive_anon:4876 isolated_anon:0 [ 533.469984][T12240] active_file:2734 inactive_file:21969 isolated_file:0 [ 533.469984][T12240] unevictable:0 dirty:15 writeback:0 [ 533.469984][T12240] slab_reclaimable:6611 slab_unreclaimable:20922 [ 533.469984][T12240] mapped:58349 shmem:5064 pagetables:3198 bounce:0 [ 533.469984][T12240] free:76192 free_pcp:336 free_cma:0 [ 533.506989][T12240] Node 0 active_anon:370328kB inactive_anon:19440kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118616kB dirty:4kB writeback:0kB shmem:20148kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 233472kB writeback_tmp:0kB all_unreclaimable? no [ 533.534680][T12240] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 533.563729][T12240] lowmem_reserve[]: 0 896 1124 1124 1124 [ 533.569582][T12240] Node 0 DMA32 free:39332kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:351160kB inactive_anon:868kB active_file:0kB inactive_file:64kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:720kB pagetables:2248kB bounce:0kB free_pcp:1012kB local_pcp:452kB free_cma:0kB [ 533.601607][T12240] lowmem_reserve[]: 0 0 228 228 228 [ 533.606911][T12240] Node 0 Normal free:9772kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:19224kB inactive_anon:18572kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3648kB pagetables:3404kB bounce:0kB free_pcp:332kB local_pcp:252kB free_cma:0kB [ 533.638532][T12240] lowmem_reserve[]: 0 0 0 0 0 [ 533.643314][T12240] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 533.655404][T12240] Node 0 DMA32: 345*4kB (UME) 324*8kB (UME) 340*16kB (UME) 229*32kB (UME) 105*64kB (UME) 38*128kB (ME) 27*256kB (UM) 8*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39332kB [ 533.672518][T12240] Node 0 Normal: 367*4kB (UME) 398*8kB (UM) 97*16kB (UM) 112*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9788kB [ 533.687058][T12240] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 533.696840][T12240] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 533.706336][T12240] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 533.716087][T12240] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 533.725642][T12240] 27015 total pagecache pages [ 533.730497][T12240] 0 pages in swap cache [ 533.734713][T12240] Swap cache stats: add 0, delete 0, find 0/0 [ 533.740935][T12240] Free swap = 0kB [ 533.744715][T12240] Total swap = 0kB [ 533.748602][T12240] 1965979 pages RAM [ 533.752450][T12240] 0 pages HighMem/MovableOnly [ 533.757175][T12240] 1433455 pages reserved [ 533.761578][T12240] 0 pages cma reserved [ 533.765733][T12240] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=12242,uid=0 [ 533.780771][T12240] Out of memory: Killed process 12242 (syz-executor.2) total-vm:93176kB, anon-rss:2192kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:112kB oom_score_adj:1000 [ 533.809068][ T1904] oom_reaper: reaped process 12242 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 11:54:02 executing program 5: syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f00000001c0)={[{@filestreams='filestreams'}, {@grpquota='grpquota'}]}) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 11:54:02 executing program 3: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x8d, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f00000041c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x120, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r3, &(0x7f0000000000)=[{&(0x7f0000000080)=""/111, 0x6f}, {0x0}, {&(0x7f0000000200)=""/67, 0x43}], 0x3, 0x7400, 0x0) 11:54:02 executing program 0: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x8d, 0x400000008d}, 0x0) getpid() r0 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r0, &(0x7f00000041c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x120, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_GET_FPEXC(0xb, 0x0) fcntl$setpipe(r1, 0x407, 0x0) write(r1, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r2, &(0x7f0000000000)=[{&(0x7f0000000080)=""/111, 0x6f}, {0x0}, {&(0x7f0000000200)=""/67, 0x43}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:02 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0x0) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:02 executing program 2: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:02 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 536.380373][T12291] XFS (loop5): Invalid superblock magic number 11:54:03 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88882, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0xa732}) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r3, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @multicast2}}) write$tun(r1, &(0x7f0000000140)={@val, @void, @eth={@empty, @remote, @val={@void}, {@ipv6={0x86dd, @generic={0x0, 0x6, "f46f8c", 0x10, 0x0, 0x0, @local, @empty, {[@hopopts={0x0, 0x0, [], [@pad1]}]}}}}}}, 0x4e) splice(r0, 0x0, r2, 0x0, 0x18100, 0x0) 11:54:03 executing program 0: socketpair(0x1e, 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @private1}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x20000009}, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_control\x00', 0x2, 0x0) bind(0xffffffffffffffff, &(0x7f00000000c0)=@in6={0xa, 0x0, 0x4, @local}, 0x80) r1 = open(&(0x7f0000002000)='./bus\x00', 0x46042, 0x0) r2 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x10082, 0x0) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="90000000051400012cbd7000fbdbdf250800010000000000080003000100000008000100020000000800030000000000000000000000000008000300030000000800010002000000080003000100000008000100000000000800030000000000080001000100000008000300000000000800010000000000080003000000000008000100000000000800030000000000942c4fe901955f596b411969f12e0a2afa8df91bb18a0b6f1454abeb66d3126f74bc8522872965044adff92607b196163c1b1da46b3047c6a4e13d41a6c36710b07a1e2554f8e3e7247d3cbb5e204491497c514d6f27cd5b1dbf075bf0"], 0x90}, 0x1, 0x0, 0x0, 0x8e0}, 0x0) creat(&(0x7f0000000440)='./bus\x00', 0x98) ftruncate(r1, 0x2008002) sendfile(r0, r1, 0x0, 0x200fff) 11:54:03 executing program 5: syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f00000001c0)={[{@filestreams='filestreams'}, {@grpquota='grpquota'}]}) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 11:54:03 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 536.995890][ T28] audit: type=1800 audit(1598356443.632:10): pid=12314 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15781 res=0 [ 537.280910][ T28] audit: type=1800 audit(1598356443.912:11): pid=12314 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=15781 res=0 11:54:04 executing program 2: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:04 executing program 0: socketpair(0x1e, 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @private1}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x20000009}, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bluetooth/6lowpan_control\x00', 0x2, 0x0) bind(0xffffffffffffffff, &(0x7f00000000c0)=@in6={0xa, 0x0, 0x4, @local}, 0x80) r1 = open(&(0x7f0000002000)='./bus\x00', 0x46042, 0x0) r2 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x10082, 0x0) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="90000000051400012cbd7000fbdbdf250800010000000000080003000100000008000100020000000800030000000000000000000000000008000300030000000800010002000000080003000100000008000100000000000800030000000000080001000100000008000300000000000800010000000000080003000000000008000100000000000800030000000000942c4fe901955f596b411969f12e0a2afa8df91bb18a0b6f1454abeb66d3126f74bc8522872965044adff92607b196163c1b1da46b3047c6a4e13d41a6c36710b07a1e2554f8e3e7247d3cbb5e204491497c514d6f27cd5b1dbf075bf0"], 0x90}, 0x1, 0x0, 0x0, 0x8e0}, 0x0) creat(&(0x7f0000000440)='./bus\x00', 0x98) ftruncate(r1, 0x2008002) sendfile(r0, r1, 0x0, 0x200fff) 11:54:04 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:04 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 537.726947][T12328] XFS (loop5): Invalid superblock magic number [ 538.035309][ T28] audit: type=1800 audit(1598356444.672:12): pid=12341 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=16082 res=0 11:54:04 executing program 5: getpid() socket$inet6(0xa, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000041c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_GET_FPEXC(0xb, 0x0) fcntl$setpipe(r0, 0x407, 0x0) write(r0, &(0x7f0000000340), 0x41395527) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r1, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000200)=""/67, 0x43}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x3, 0x7400, 0x0) [ 538.404499][T12340] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 538.417421][T12340] CPU: 1 PID: 12340 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 538.426156][T12340] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 538.436268][T12340] Call Trace: [ 538.439669][T12340] dump_stack+0x21c/0x280 [ 538.444102][T12340] dump_header+0x1c5/0xcf0 [ 538.448637][T12340] oom_kill_process+0x388/0xb00 [ 538.453592][T12340] out_of_memory+0x117f/0x16a0 [ 538.458484][T12340] __alloc_pages_slowpath+0x303a/0x3d10 [ 538.464167][T12340] __alloc_pages_nodemask+0xbb1/0x1030 [ 538.469714][T12340] alloc_pages_current+0x685/0xb50 [ 538.474950][T12340] ion_page_pool_alloc+0x73d/0x8f0 [ 538.480132][T12340] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 538.486260][T12340] ? __list_add_valid+0xb8/0x420 [ 538.491258][T12340] ? kmsan_get_metadata+0x116/0x180 [ 538.496536][T12340] ion_system_heap_allocate+0x509/0x16b0 [ 538.502267][T12340] ? ion_system_contig_heap_create+0x230/0x230 [ 538.508505][T12340] ion_ioctl+0x8cd/0x2140 [ 538.512935][T12340] ? debug_shrink_set+0x240/0x240 [ 538.518021][T12340] compat_ptr_ioctl+0xe2/0x150 [ 538.522842][T12340] ? __ia32_sys_ioctl+0x70/0x70 [ 538.527747][T12340] __se_compat_sys_ioctl+0x55f/0x1100 [ 538.533207][T12340] ? kmsan_get_metadata+0x116/0x180 [ 538.538469][T12340] __ia32_compat_sys_ioctl+0x4a/0x70 [ 538.543824][T12340] __do_fast_syscall_32+0x2af/0x480 [ 538.549099][T12340] do_fast_syscall_32+0x6b/0xd0 [ 538.554021][T12340] do_SYSENTER_32+0x73/0x90 [ 538.558594][T12340] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 538.564958][T12340] RIP: 0023:0xf7f05549 [ 538.569046][T12340] Code: Bad RIP value. [ 538.573146][T12340] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 538.581616][T12340] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 538.589633][T12340] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 538.597642][T12340] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 538.605653][T12340] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 538.613663][T12340] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 538.622527][T12340] Mem-Info: [ 538.625820][T12340] active_anon:94184 inactive_anon:4875 isolated_anon:0 [ 538.625820][T12340] active_file:2740 inactive_file:21970 isolated_file:0 [ 538.625820][T12340] unevictable:0 dirty:25 writeback:0 [ 538.625820][T12340] slab_reclaimable:6615 slab_unreclaimable:22588 [ 538.625820][T12340] mapped:58369 shmem:5064 pagetables:3143 bounce:0 [ 538.625820][T12340] free:110713 free_pcp:771 free_cma:0 [ 538.663713][T12340] Node 0 active_anon:366012kB inactive_anon:19440kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118696kB dirty:8kB writeback:0kB shmem:20148kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 233472kB writeback_tmp:0kB all_unreclaimable? yes [ 538.691230][T12340] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 538.720378][T12340] lowmem_reserve[]: 0 896 1124 1124 1124 [ 538.726146][T12340] Node 0 DMA32 free:39572kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:347364kB inactive_anon:868kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:704kB pagetables:2084kB bounce:0kB free_pcp:2444kB local_pcp:1240kB free_cma:0kB [ 538.757980][T12340] lowmem_reserve[]: 0 0 228 228 228 [ 538.763373][T12340] Node 0 Normal free:11008kB min:11944kB low:14416kB high:16888kB reserved_highatomic:0KB active_anon:18648kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3552kB pagetables:2928kB bounce:0kB free_pcp:640kB local_pcp:316kB free_cma:0kB [ 538.795142][T12340] lowmem_reserve[]: 0 0 0 0 0 [ 538.799993][T12340] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 538.812072][T12340] Node 0 DMA32: 523*4kB (UME) 353*8kB (UME) 308*16kB (UME) 233*32kB (UME) 108*64kB (UME) 40*128kB (UME) 18*256kB (UM) 7*512kB (UM) 2*1024kB (U) 0*2048kB 0*4096kB = 39572kB [ 538.829538][T12340] Node 0 Normal: 654*4kB (UME) 397*8kB (UM) 102*16kB (UM) 112*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11008kB [ 538.844200][T12340] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 538.853909][T12340] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 538.863352][T12340] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 538.873054][T12340] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 538.882470][T12340] 27005 total pagecache pages [ 538.887201][T12340] 0 pages in swap cache [ 538.891500][T12340] Swap cache stats: add 0, delete 0, find 0/0 [ 538.897694][T12340] Free swap = 0kB [ 538.901548][T12340] Total swap = 0kB [ 538.905312][T12340] 1965979 pages RAM [ 538.909229][T12340] 0 pages HighMem/MovableOnly [ 538.913946][T12340] 1433455 pages reserved [ 538.918320][T12340] 0 pages cma reserved [ 538.922444][T12340] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=12185,uid=0 [ 538.937549][T12340] Out of memory: Killed process 12185 (syz-executor.0) total-vm:93308kB, anon-rss:168kB, file-rss:35744kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 11:54:05 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:05 executing program 0: perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) setresuid(0x0, 0x0, 0x0) semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000100)) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$tun(0xffffffffffffffff, &(0x7f00000005c0)=ANY=[@ANYBLOB], 0x7e) [ 538.975656][ T1904] oom_reaper: reaped process 12185 (syz-executor.0), now anon-rss:0kB, file-rss:34820kB, shmem-rss:0kB 11:54:05 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f00000000c0)='msdos\x00', &(0x7f0000000000)='./file0\x00', 0xffc00007, 0x2, &(0x7f0000000100)=[{&(0x7f0000000080)="040800090000ff01e66174000404090a0200027400f8", 0x16}, {&(0x7f0000000040)="dbed7d4cac17", 0x6, 0x1f}], 0x0, &(0x7f0000000140)={[{@fat=@umask={'umask'}}, {@fat=@codepage={'codepage', 0x3d, '1255'}}]}) 11:54:05 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, 0x0, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:06 executing program 0: perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_type(r0, &(0x7f0000000140)='threaded\x00', 0x12000005f) [ 539.595011][T12360] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1) [ 539.776288][T12368] warn_alloc: 5 callbacks suppressed [ 539.776422][T12368] syz-executor.1: page allocation failure: order:4, mode:0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0,cpuset=/,mems_allowed=0-1 [ 539.796779][T12368] CPU: 0 PID: 12368 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 539.805519][T12368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 539.815618][T12368] Call Trace: [ 539.818984][T12368] dump_stack+0x21c/0x280 [ 539.823389][T12368] warn_alloc+0x4cc/0x680 [ 539.827817][T12368] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 539.833706][T12368] __alloc_pages_slowpath+0x3cb6/0x3d10 [ 539.839341][T12368] ? kmsan_get_metadata+0x116/0x180 [ 539.844617][T12368] ? kmsan_get_metadata+0x116/0x180 [ 539.849892][T12368] __alloc_pages_nodemask+0xbb1/0x1030 [ 539.855436][T12368] alloc_pages_current+0x685/0xb50 [ 539.860644][T12368] ion_page_pool_alloc+0x73d/0x8f0 [ 539.865828][T12368] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 539.871954][T12368] ? __list_add_valid+0xb8/0x420 [ 539.876957][T12368] ? kmsan_get_metadata+0x116/0x180 [ 539.882236][T12368] ion_system_heap_allocate+0x5a2/0x16b0 [ 539.887978][T12368] ? ion_system_contig_heap_create+0x230/0x230 [ 539.894197][T12368] ion_ioctl+0x8cd/0x2140 [ 539.898658][T12368] ? debug_shrink_set+0x240/0x240 [ 539.903733][T12368] compat_ptr_ioctl+0xe2/0x150 [ 539.908557][T12368] ? __ia32_sys_ioctl+0x70/0x70 [ 539.913467][T12368] __se_compat_sys_ioctl+0x55f/0x1100 [ 539.918925][T12368] ? kmsan_get_metadata+0x116/0x180 [ 539.924180][T12368] __ia32_compat_sys_ioctl+0x4a/0x70 [ 539.929550][T12368] __do_fast_syscall_32+0x2af/0x480 [ 539.934826][T12368] do_fast_syscall_32+0x6b/0xd0 [ 539.939742][T12368] do_SYSENTER_32+0x73/0x90 [ 539.944316][T12368] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 539.950681][T12368] RIP: 0023:0xf7f85549 [ 539.954768][T12368] Code: Bad RIP value. [ 539.958862][T12368] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 539.967324][T12368] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 539.975340][T12368] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 539.983361][T12368] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 539.991369][T12368] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 539.999378][T12368] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 540.007578][T12368] Mem-Info: [ 540.010929][T12368] active_anon:94134 inactive_anon:4876 isolated_anon:0 [ 540.010929][T12368] active_file:2740 inactive_file:22062 isolated_file:0 [ 540.010929][T12368] unevictable:0 dirty:35 writeback:0 [ 540.010929][T12368] slab_reclaimable:6615 slab_unreclaimable:21042 [ 540.010929][T12368] mapped:58431 shmem:5064 pagetables:3131 bounce:0 [ 540.010929][T12368] free:112308 free_pcp:799 free_cma:0 [ 540.048043][T12368] Node 0 active_anon:365976kB inactive_anon:19440kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118720kB dirty:4kB writeback:0kB shmem:20148kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 233472kB writeback_tmp:0kB all_unreclaimable? yes [ 540.075487][T12368] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 540.104543][T12368] lowmem_reserve[]: 0 896 1124 1124 1124 [ 540.110382][T12368] Node 0 DMA32 free:39776kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:347364kB inactive_anon:868kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:704kB pagetables:2084kB bounce:0kB free_pcp:2520kB local_pcp:1280kB free_cma:0kB [ 540.142166][T12368] lowmem_reserve[]: 0 0 228 228 228 [ 540.147465][T12368] Node 0 Normal free:11040kB min:11944kB low:14416kB high:16888kB reserved_highatomic:0KB active_anon:18612kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3552kB pagetables:2928kB bounce:0kB free_pcp:676kB local_pcp:340kB free_cma:0kB [ 540.179220][T12368] lowmem_reserve[]: 0 0 0 0 0 [ 540.183997][T12368] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 540.196068][T12368] Node 0 DMA32: 530*4kB (UME) 356*8kB (UME) 321*16kB (UME) 233*32kB (UME) 108*64kB (UME) 40*128kB (UME) 18*256kB (UM) 7*512kB (UM) 2*1024kB (U) 0*2048kB 0*4096kB = 39832kB [ 540.213533][T12368] Node 0 Normal: 654*4kB (UME) 397*8kB (UM) 102*16kB (UM) 113*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 11040kB [ 540.228211][T12368] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 540.237944][T12368] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 540.247313][T12368] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 540.257064][T12368] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 540.266560][T12368] 27118 total pagecache pages [ 540.271403][T12368] 0 pages in swap cache 11:54:06 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:06 executing program 3: socket$kcm(0xa, 0x0, 0x11) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100), 0xc) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={0x0, 0x16800000, 0x8}, 0xc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x248000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1000000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040)) [ 540.275621][T12368] Swap cache stats: add 0, delete 0, find 0/0 [ 540.281845][T12368] Free swap = 0kB [ 540.285629][T12368] Total swap = 0kB [ 540.289554][T12368] 1965979 pages RAM [ 540.293431][T12368] 0 pages HighMem/MovableOnly [ 540.298299][T12368] 1433455 pages reserved [ 540.302605][T12368] 0 pages cma reserved 11:54:08 executing program 2: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:08 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:08 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:08 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, 0x0, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:08 executing program 0: perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_type(r0, &(0x7f0000000140)='threaded\x00', 0x12000005f) 11:54:08 executing program 3: pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) fcntl$getflags(r0, 0x0) [ 541.980949][T12396] skbuff: bad partial csum: csum=52428/52428 headroom=64 headlen=64827 11:54:08 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f00000001c0)={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x8) 11:54:08 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:08 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:09 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:09 executing program 3: r0 = eventfd(0xfbfffff8) timer_create(0x0, &(0x7f0000000780)={0x0, 0x12}, &(0x7f00009b1ffc)) fcntl$dupfd(r0, 0x0, r0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e5d, @dev}, 0x10) add_key$user(0x0, 0x0, 0x0, 0x0, 0x0) keyctl$revoke(0x3, 0x0) r2 = dup(r1) sendmmsg$unix(r2, &(0x7f0000002380)=[{0x0, 0x0, 0x0}], 0x1, 0x0) write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0x28) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8) add_key$user(0x0, 0x0, 0x0, 0x0, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="6c6dfcffffefffffffff74667320757365723a2f6465762f3030303030303030303030303030db06ac23aac7faf106af9bae60030c9e7fda5facd2fcb2bb22bd656ff37fd2258a757579fb76e78c4ebfe9d17147252ff78855fdf7b6fb056feb03b73504d9dfe0f578c0d323845e971c9d7300"/137], 0x3a, 0x0) keyctl$describe(0x6, 0x0, 0x0, 0x0) close(r2) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x765442, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=0x0) timer_settime(r3, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x989680}}, 0x0) [ 543.427010][T12431] skbuff: bad partial csum: csum=52428/52428 headroom=64 headlen=64827 11:54:10 executing program 0: perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_type(r0, &(0x7f0000000140)='threaded\x00', 0x12000005f) 11:54:10 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, 0x0, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:10 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 11:54:10 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) [ 544.468448][T12438] syz-executor.1 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 544.481446][T12438] CPU: 1 PID: 12438 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 544.490195][T12438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 544.500305][T12438] Call Trace: [ 544.503710][T12438] dump_stack+0x21c/0x280 [ 544.508153][T12438] dump_header+0x1c5/0xcf0 [ 544.512689][T12438] oom_kill_process+0x388/0xb00 11:54:11 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) [ 544.517667][T12438] out_of_memory+0x117f/0x16a0 [ 544.522565][T12438] __alloc_pages_slowpath+0x303a/0x3d10 [ 544.528287][T12438] __alloc_pages_nodemask+0xbb1/0x1030 [ 544.533869][T12438] alloc_pages_current+0x685/0xb50 [ 544.539103][T12438] ion_page_pool_alloc+0x73d/0x8f0 [ 544.544310][T12438] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 544.550469][T12438] ? __list_add_valid+0xb8/0x420 [ 544.555510][T12438] ? kmsan_get_metadata+0x116/0x180 [ 544.560830][T12438] ion_system_heap_allocate+0x509/0x16b0 [ 544.566600][T12438] ? ion_system_contig_heap_create+0x230/0x230 [ 544.572853][T12438] ion_ioctl+0x8cd/0x2140 [ 544.577319][T12438] ? debug_shrink_set+0x240/0x240 [ 544.582437][T12438] compat_ptr_ioctl+0xe2/0x150 [ 544.587294][T12438] ? __ia32_sys_ioctl+0x70/0x70 [ 544.592231][T12438] __se_compat_sys_ioctl+0x55f/0x1100 [ 544.597725][T12438] ? kmsan_get_metadata+0x116/0x180 [ 544.603032][T12438] __ia32_compat_sys_ioctl+0x4a/0x70 [ 544.608433][T12438] __do_fast_syscall_32+0x2af/0x480 [ 544.613710][T12438] do_fast_syscall_32+0x6b/0xd0 [ 544.618629][T12438] do_SYSENTER_32+0x73/0x90 [ 544.623199][T12438] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 544.629565][T12438] RIP: 0023:0xf7f85549 [ 544.633652][T12438] Code: Bad RIP value. [ 544.637751][T12438] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 544.646221][T12438] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 544.654236][T12438] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 544.662250][T12438] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 544.670262][T12438] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 544.678273][T12438] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 544.686788][T12438] Mem-Info: [ 544.690140][T12438] active_anon:95734 inactive_anon:4876 isolated_anon:0 [ 544.690140][T12438] active_file:2743 inactive_file:22333 isolated_file:0 [ 544.690140][T12438] unevictable:0 dirty:11 writeback:323 [ 544.690140][T12438] slab_reclaimable:6611 slab_unreclaimable:21038 11:54:11 executing program 3: r0 = eventfd(0x0) r1 = fcntl$dupfd(r0, 0x0, r0) close(r1) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e5e, @dev}, 0x10) write$P9_RXATTRCREATE(r1, 0x0, 0x0) [ 544.690140][T12438] mapped:58436 shmem:5064 pagetables:3117 bounce:0 [ 544.690140][T12438] free:111448 free_pcp:611 free_cma:0 [ 544.727421][T12438] Node 0 active_anon:372460kB inactive_anon:19440kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118756kB dirty:4kB writeback:0kB shmem:20148kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 237568kB writeback_tmp:0kB all_unreclaimable? no [ 544.754785][T12438] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 544.783861][T12438] lowmem_reserve[]: 0 896 1124 1124 1124 [ 544.789733][T12438] Node 0 DMA32 free:39396kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:354252kB inactive_anon:868kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:816kB pagetables:2280kB bounce:0kB free_pcp:2164kB local_pcp:724kB free_cma:0kB [ 544.821445][T12438] lowmem_reserve[]: 0 0 228 228 228 [ 544.826749][T12438] Node 0 Normal free:9660kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:18208kB inactive_anon:18572kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3552kB pagetables:2928kB bounce:0kB free_pcp:388kB local_pcp:76kB free_cma:0kB [ 544.858288][T12438] lowmem_reserve[]: 0 0 0 0 0 [ 544.863060][T12438] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 544.875161][T12438] Node 0 DMA32: 450*4kB (UME) 371*8kB (UME) 298*16kB (UME) 173*32kB (UME) 116*64kB (UME) 44*128kB (ME) 17*256kB (M) 6*512kB (UM) 4*1024kB (U) 0*2048kB 0*4096kB = 39648kB [ 544.892510][T12438] Node 0 Normal: 465*4kB (UME) 305*8kB (UM) 105*16kB (UM) 116*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9692kB [ 544.907147][T12438] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 544.916909][T12438] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 544.926411][T12438] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 544.936165][T12438] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 544.945640][T12438] 27490 total pagecache pages [ 544.950511][T12438] 0 pages in swap cache [ 544.954727][T12438] Swap cache stats: add 0, delete 0, find 0/0 [ 544.960977][T12438] Free swap = 0kB [ 544.964775][T12438] Total swap = 0kB [ 544.968659][T12438] 1965979 pages RAM [ 544.972503][T12438] 0 pages HighMem/MovableOnly [ 544.977218][T12438] 1433455 pages reserved [ 544.981636][T12438] 0 pages cma reserved [ 544.985845][T12438] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=12414,uid=0 [ 545.000831][T12438] Out of memory: Killed process 12414 (syz-executor.2) total-vm:93176kB, anon-rss:2192kB, file-rss:35748kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 545.065564][T12451] skbuff: bad partial csum: csum=52428/52428 headroom=64 headlen=64827 11:54:11 executing program 0: perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x4030582a, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_type(r0, &(0x7f0000000140)='threaded\x00', 0x12000005f) 11:54:12 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) [ 545.658194][T12465] skbuff: bad partial csum: csum=52428/52428 headroom=64 headlen=64827 11:54:12 executing program 3: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f00000041c0), 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r3, &(0x7f0000000000)=[{&(0x7f0000000080)=""/111, 0x6f}, {0x0}, {&(0x7f0000000200)=""/67, 0x43}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:12 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:12 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, 0x0) 11:54:12 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:13 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:14 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140), 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:14 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:14 executing program 0: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)) write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:14 executing program 3: prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f00000041c0), 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r3, &(0x7f0000000000)=[{&(0x7f0000000080)=""/111, 0x6f}, {0x0}, {&(0x7f0000000200)=""/67, 0x43}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:14 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:14 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:14 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:14 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:14 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x0, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:15 executing program 0: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)) write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) [ 548.524666][T12521] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 548.537381][T12521] CPU: 0 PID: 12521 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 548.546122][T12521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 548.556226][T12521] Call Trace: [ 548.559591][T12521] dump_stack+0x21c/0x280 [ 548.563987][T12521] dump_header+0x1c5/0xcf0 [ 548.568478][T12521] oom_kill_process+0x388/0xb00 [ 548.573420][T12521] out_of_memory+0x117f/0x16a0 [ 548.578271][T12521] __alloc_pages_slowpath+0x303a/0x3d10 [ 548.583942][T12521] __alloc_pages_nodemask+0xbb1/0x1030 [ 548.589486][T12521] alloc_pages_current+0x685/0xb50 [ 548.594682][T12521] ion_page_pool_alloc+0x73d/0x8f0 [ 548.599862][T12521] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 548.605982][T12521] ? __list_add_valid+0xb8/0x420 [ 548.610980][T12521] ? kmsan_get_metadata+0x116/0x180 [ 548.616256][T12521] ion_system_heap_allocate+0x509/0x16b0 [ 548.621983][T12521] ? ion_system_contig_heap_create+0x230/0x230 [ 548.628201][T12521] ion_ioctl+0x8cd/0x2140 [ 548.632622][T12521] ? debug_shrink_set+0x240/0x240 [ 548.637704][T12521] compat_ptr_ioctl+0xe2/0x150 [ 548.642526][T12521] ? __ia32_sys_ioctl+0x70/0x70 [ 548.647426][T12521] __se_compat_sys_ioctl+0x55f/0x1100 [ 548.652883][T12521] ? kmsan_get_metadata+0x116/0x180 [ 548.658146][T12521] __ia32_compat_sys_ioctl+0x4a/0x70 [ 548.663519][T12521] __do_fast_syscall_32+0x2af/0x480 [ 548.668796][T12521] do_fast_syscall_32+0x6b/0xd0 [ 548.673715][T12521] do_SYSENTER_32+0x73/0x90 [ 548.678313][T12521] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 548.684679][T12521] RIP: 0023:0xf7f05549 [ 548.688765][T12521] Code: Bad RIP value. [ 548.692863][T12521] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 548.701425][T12521] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 548.709436][T12521] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 548.717448][T12521] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 548.725472][T12521] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 548.733484][T12521] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 548.742858][T12521] Mem-Info: [ 548.746169][T12521] active_anon:94703 inactive_anon:4876 isolated_anon:0 [ 548.746169][T12521] active_file:2745 inactive_file:22040 isolated_file:0 [ 548.746169][T12521] unevictable:0 dirty:1 writeback:8 [ 548.746169][T12521] slab_reclaimable:6610 slab_unreclaimable:21042 [ 548.746169][T12521] mapped:58474 shmem:5064 pagetables:3220 bounce:0 [ 548.746169][T12521] free:112135 free_pcp:122 free_cma:0 [ 548.783176][T12521] Node 0 active_anon:368388kB inactive_anon:19460kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118800kB dirty:0kB writeback:4kB shmem:20168kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 239616kB writeback_tmp:0kB all_unreclaimable? no [ 548.810494][T12521] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 548.839535][T12521] lowmem_reserve[]: 0 896 1124 1124 1124 [ 548.845270][T12521] Node 0 DMA32 free:39592kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:350160kB inactive_anon:888kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:816kB pagetables:2508kB bounce:0kB free_pcp:412kB local_pcp:0kB free_cma:0kB [ 548.876693][T12521] lowmem_reserve[]: 0 0 228 228 228 [ 548.882120][T12521] Node 0 Normal free:9864kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:18228kB inactive_anon:18572kB active_file:76kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3552kB pagetables:2928kB bounce:0kB free_pcp:196kB local_pcp:112kB free_cma:0kB [ 548.913802][T12521] lowmem_reserve[]: 0 0 0 0 0 [ 548.918743][T12521] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 548.930864][T12521] Node 0 DMA32: 608*4kB (UME) 451*8kB (UME) 372*16kB (UME) 261*32kB (UME) 107*64kB (ME) 43*128kB (UME) 17*256kB (UM) 3*512kB (M) 1*1024kB (U) 0*2048kB 0*4096kB = 39608kB [ 548.948182][T12521] Node 0 Normal: 366*4kB (UME) 374*8kB (UM) 106*16kB (UM) 116*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9864kB [ 548.962975][T12521] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 548.972781][T12521] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 548.982268][T12521] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 548.992006][T12521] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 549.001453][T12521] 27098 total pagecache pages [ 549.006189][T12521] 0 pages in swap cache [ 549.010512][T12521] Swap cache stats: add 0, delete 0, find 0/0 [ 549.016628][T12521] Free swap = 0kB [ 549.020506][T12521] Total swap = 0kB [ 549.024268][T12521] 1965979 pages RAM [ 549.028220][T12521] 0 pages HighMem/MovableOnly [ 549.032936][T12521] 1433455 pages reserved [ 549.037205][T12521] 0 pages cma reserved [ 549.041438][T12521] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=12507,uid=0 [ 549.056457][T12521] Out of memory: Killed process 12507 (syz-executor.2) total-vm:93176kB, anon-rss:2192kB, file-rss:35748kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 11:54:15 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140), 0xfd45) 11:54:15 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0x0, 0x0, 0xffffffffffffffff, 0x3000500}) [ 549.079447][ T1904] oom_reaper: reaped process 12507 (syz-executor.2), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 11:54:15 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140), 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:15 executing program 3: 11:54:16 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140), 0xfd45) 11:54:16 executing program 3: 11:54:16 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0x0, 0x0, 0xffffffffffffffff, 0x3000500}) [ 550.080708][T12537] warn_alloc: 5 callbacks suppressed [ 550.080781][T12537] syz-executor.1: page allocation failure: order:4, mode:0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0,cpuset=/,mems_allowed=0-1 [ 550.101104][T12537] CPU: 1 PID: 12537 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 550.109846][T12537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 550.119954][T12537] Call Trace: [ 550.123365][T12537] dump_stack+0x21c/0x280 [ 550.127813][T12537] warn_alloc+0x4cc/0x680 [ 550.132288][T12537] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 550.138218][T12537] __alloc_pages_slowpath+0x3cb6/0x3d10 [ 550.143879][T12537] ? kmsan_get_metadata+0x116/0x180 [ 550.149224][T12537] ? kmsan_get_metadata+0x116/0x180 [ 550.154538][T12537] __alloc_pages_nodemask+0xbb1/0x1030 [ 550.160119][T12537] alloc_pages_current+0x685/0xb50 [ 550.165374][T12537] ion_page_pool_alloc+0x73d/0x8f0 [ 550.170591][T12537] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 550.176745][T12537] ? __list_add_valid+0xb8/0x420 [ 550.181778][T12537] ? kmsan_get_metadata+0x116/0x180 [ 550.187097][T12537] ion_system_heap_allocate+0x5a2/0x16b0 [ 550.192870][T12537] ? ion_system_contig_heap_create+0x230/0x230 [ 550.199120][T12537] ion_ioctl+0x8cd/0x2140 [ 550.203589][T12537] ? debug_shrink_set+0x240/0x240 [ 550.208698][T12537] compat_ptr_ioctl+0xe2/0x150 [ 550.213556][T12537] ? __ia32_sys_ioctl+0x70/0x70 [ 550.218496][T12537] __se_compat_sys_ioctl+0x55f/0x1100 [ 550.223979][T12537] ? kmsan_get_metadata+0x116/0x180 11:54:16 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140), 0xfd45) [ 550.229276][T12537] __ia32_compat_sys_ioctl+0x4a/0x70 [ 550.234666][T12537] __do_fast_syscall_32+0x2af/0x480 [ 550.239973][T12537] do_fast_syscall_32+0x6b/0xd0 [ 550.244922][T12537] do_SYSENTER_32+0x73/0x90 [ 550.249534][T12537] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 550.255929][T12537] RIP: 0023:0xf7f85549 [ 550.260045][T12537] Code: Bad RIP value. [ 550.264165][T12537] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 550.272665][T12537] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 550.280703][T12537] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 550.288742][T12537] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 550.296779][T12537] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 550.304826][T12537] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 550.314420][T12537] Mem-Info: [ 550.317800][T12537] active_anon:95224 inactive_anon:4876 isolated_anon:0 [ 550.317800][T12537] active_file:2744 inactive_file:22074 isolated_file:0 [ 550.317800][T12537] unevictable:0 dirty:12 writeback:0 [ 550.317800][T12537] slab_reclaimable:6610 slab_unreclaimable:21043 [ 550.317800][T12537] mapped:58495 shmem:5064 pagetables:3160 bounce:0 [ 550.317800][T12537] free:112600 free_pcp:9 free_cma:0 [ 550.355166][T12537] Node 0 active_anon:370380kB inactive_anon:19464kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118804kB dirty:0kB writeback:8kB shmem:20172kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 235520kB writeback_tmp:0kB all_unreclaimable? no [ 550.382546][T12537] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 550.411753][T12537] lowmem_reserve[]: 0 896 1124 1124 1124 [ 550.417616][T12537] Node 0 DMA32 free:39772kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:352172kB inactive_anon:892kB active_file:0kB inactive_file:136kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:816kB pagetables:2264kB bounce:0kB free_pcp:36kB local_pcp:16kB free_cma:0kB [ 550.449227][T12537] lowmem_reserve[]: 0 0 228 228 228 [ 550.454529][T12537] Node 0 Normal free:11992kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:18208kB inactive_anon:18572kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3552kB pagetables:2928kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 550.485899][T12537] lowmem_reserve[]: 0 0 0 0 0 [ 550.490803][T12537] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 550.502916][T12537] Node 0 DMA32: 598*4kB (UME) 449*8kB (UME) 369*16kB (UME) 250*32kB (UME) 107*64kB (ME) 42*128kB (ME) 16*256kB (M) 3*512kB (M) 0*1024kB 1*2048kB (U) 0*4096kB = 39792kB [ 550.520246][T12537] Node 0 Normal: 816*4kB (UME) 443*8kB (UM) 106*16kB (UM) 116*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12216kB [ 550.534956][T12537] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 550.544706][T12537] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 550.554203][T12537] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 550.563950][T12537] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 550.573424][T12537] 27147 total pagecache pages [ 550.578260][T12537] 0 pages in swap cache [ 550.582473][T12537] Swap cache stats: add 0, delete 0, find 0/0 [ 550.588744][T12537] Free swap = 0kB [ 550.592510][T12537] Total swap = 0kB [ 550.596275][T12537] 1965979 pages RAM [ 550.600262][T12537] 0 pages HighMem/MovableOnly [ 550.604977][T12537] 1433455 pages reserved [ 550.609400][T12537] 0 pages cma reserved 11:54:17 executing program 0: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)) write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:17 executing program 3: 11:54:18 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x0, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:18 executing program 4: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000000)={0x10010005, 0x0, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:18 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:18 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140), 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:18 executing program 3: 11:54:18 executing program 0: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)) write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:19 executing program 3: 11:54:19 executing program 4: 11:54:19 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) [ 552.650367][T12578] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 552.663082][T12578] CPU: 0 PID: 12578 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 552.671821][T12578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 552.681933][T12578] Call Trace: [ 552.685331][T12578] dump_stack+0x21c/0x280 [ 552.689773][T12578] dump_header+0x1c5/0xcf0 [ 552.694303][T12578] oom_kill_process+0x388/0xb00 [ 552.699256][T12578] out_of_memory+0x117f/0x16a0 [ 552.704109][T12578] __alloc_pages_slowpath+0x303a/0x3d10 [ 552.709786][T12578] __alloc_pages_nodemask+0xbb1/0x1030 [ 552.715345][T12578] alloc_pages_current+0x685/0xb50 [ 552.720552][T12578] ion_page_pool_alloc+0x73d/0x8f0 [ 552.725727][T12578] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 552.731851][T12578] ? __list_add_valid+0xb8/0x420 [ 552.736852][T12578] ? kmsan_get_metadata+0x116/0x180 [ 552.742131][T12578] ion_system_heap_allocate+0x509/0x16b0 [ 552.747858][T12578] ? ion_system_contig_heap_create+0x230/0x230 [ 552.754073][T12578] ion_ioctl+0x8cd/0x2140 [ 552.758503][T12578] ? debug_shrink_set+0x240/0x240 [ 552.763578][T12578] compat_ptr_ioctl+0xe2/0x150 [ 552.768399][T12578] ? __ia32_sys_ioctl+0x70/0x70 [ 552.773301][T12578] __se_compat_sys_ioctl+0x55f/0x1100 [ 552.778748][T12578] ? kmsan_get_metadata+0x116/0x180 [ 552.784005][T12578] __ia32_compat_sys_ioctl+0x4a/0x70 [ 552.789358][T12578] __do_fast_syscall_32+0x2af/0x480 [ 552.794630][T12578] do_fast_syscall_32+0x6b/0xd0 [ 552.799565][T12578] do_SYSENTER_32+0x73/0x90 [ 552.804132][T12578] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 552.810498][T12578] RIP: 0023:0xf7f05549 [ 552.814600][T12578] Code: Bad RIP value. [ 552.818696][T12578] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 552.827165][T12578] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 552.835307][T12578] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 552.843318][T12578] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 552.851330][T12578] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 552.859341][T12578] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 552.868957][T12578] Mem-Info: [ 552.872255][T12578] active_anon:95224 inactive_anon:4876 isolated_anon:0 [ 552.872255][T12578] active_file:2753 inactive_file:22070 isolated_file:0 [ 552.872255][T12578] unevictable:0 dirty:5 writeback:0 [ 552.872255][T12578] slab_reclaimable:6610 slab_unreclaimable:21051 [ 552.872255][T12578] mapped:58484 shmem:5064 pagetables:3190 bounce:0 [ 552.872255][T12578] free:177576 free_pcp:109 free_cma:0 [ 552.909304][T12578] Node 0 active_anon:370424kB inactive_anon:19464kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118828kB dirty:0kB writeback:0kB shmem:20172kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 239616kB writeback_tmp:0kB all_unreclaimable? no [ 552.936622][T12578] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 552.965736][T12578] lowmem_reserve[]: 0 896 1124 1124 1124 [ 552.971544][T12578] Node 0 DMA32 free:39316kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:351944kB inactive_anon:892kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:704kB pagetables:2084kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 553.003087][T12578] lowmem_reserve[]: 0 0 228 228 228 [ 553.008459][T12578] Node 0 Normal free:9420kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:18544kB inactive_anon:18572kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3712kB pagetables:3456kB bounce:0kB free_pcp:200kB local_pcp:180kB free_cma:0kB [ 553.039995][T12578] lowmem_reserve[]: 0 0 0 0 0 [ 553.044768][T12578] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 553.056981][T12578] Node 0 DMA32: 532*4kB (UME) 438*8kB (UME) 368*16kB (UME) 253*32kB (UME) 108*64kB (UME) 44*128kB (UME) 17*256kB (UM) 6*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39584kB [ 553.074124][T12578] Node 0 Normal: 342*4kB (ME) 365*8kB (UM) 104*16kB (UM) 117*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9696kB [ 553.088643][T12578] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 553.098363][T12578] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 553.107879][T12578] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 553.117682][T12578] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 553.127003][T12578] 27108 total pagecache pages [ 553.131840][T12578] 0 pages in swap cache [ 553.136055][T12578] Swap cache stats: add 0, delete 0, find 0/0 [ 553.142265][T12578] Free swap = 0kB [ 553.146020][T12578] Total swap = 0kB [ 553.149909][T12578] 1965979 pages RAM [ 553.153748][T12578] 0 pages HighMem/MovableOnly [ 553.158572][T12578] 1433455 pages reserved [ 553.162853][T12578] 0 pages cma reserved [ 553.166971][T12578] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=12558,uid=0 [ 553.181891][T12578] Out of memory: Killed process 12564 (syz-executor.1) total-vm:93044kB, anon-rss:2196kB, file-rss:35748kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 553.200915][ T1904] oom_reaper: reaped process 12564 (syz-executor.1), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB 11:54:19 executing program 0: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)) write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:20 executing program 3: 11:54:20 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:21 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x0, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:21 executing program 4: 11:54:21 executing program 3: 11:54:21 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:21 executing program 0: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)) write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:21 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:21 executing program 3: 11:54:21 executing program 4: 11:54:21 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:21 executing program 5: sendmsg(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:22 executing program 3: 11:54:22 executing program 0: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)) write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:22 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:22 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:22 executing program 5: sendmsg(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:22 executing program 4: 11:54:23 executing program 3: 11:54:23 executing program 0: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)) write(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) [ 556.707426][T12645] syz-executor.1 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 556.720167][T12645] CPU: 0 PID: 12645 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 556.728907][T12645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 556.739016][T12645] Call Trace: [ 556.742410][T12645] dump_stack+0x21c/0x280 [ 556.746846][T12645] dump_header+0x1c5/0xcf0 [ 556.751379][T12645] oom_kill_process+0x388/0xb00 11:54:23 executing program 4: [ 556.756341][T12645] out_of_memory+0x117f/0x16a0 [ 556.761239][T12645] __alloc_pages_slowpath+0x303a/0x3d10 [ 556.766954][T12645] __alloc_pages_nodemask+0xbb1/0x1030 [ 556.772534][T12645] alloc_pages_current+0x685/0xb50 [ 556.777768][T12645] ion_page_pool_alloc+0x73d/0x8f0 [ 556.782969][T12645] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 556.789113][T12645] ? __list_add_valid+0xb8/0x420 [ 556.794147][T12645] ? kmsan_get_metadata+0x116/0x180 [ 556.799454][T12645] ion_system_heap_allocate+0x509/0x16b0 [ 556.805188][T12645] ? ion_system_contig_heap_create+0x230/0x230 [ 556.811407][T12645] ion_ioctl+0x8cd/0x2140 [ 556.815832][T12645] ? debug_shrink_set+0x240/0x240 [ 556.820911][T12645] compat_ptr_ioctl+0xe2/0x150 [ 556.825734][T12645] ? __ia32_sys_ioctl+0x70/0x70 [ 556.830639][T12645] __se_compat_sys_ioctl+0x55f/0x1100 [ 556.836088][T12645] ? kmsan_get_metadata+0x116/0x180 [ 556.841352][T12645] __ia32_compat_sys_ioctl+0x4a/0x70 [ 556.846713][T12645] __do_fast_syscall_32+0x2af/0x480 [ 556.851984][T12645] do_fast_syscall_32+0x6b/0xd0 [ 556.856899][T12645] do_SYSENTER_32+0x73/0x90 [ 556.861472][T12645] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 556.867834][T12645] RIP: 0023:0xf7f85549 [ 556.871917][T12645] Code: Bad RIP value. [ 556.876114][T12645] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 556.884583][T12645] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 556.892593][T12645] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 556.900601][T12645] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 556.908609][T12645] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 556.916632][T12645] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 556.925171][T12645] Mem-Info: [ 556.928534][T12645] active_anon:95778 inactive_anon:4876 isolated_anon:0 [ 556.928534][T12645] active_file:2751 inactive_file:22070 isolated_file:0 [ 556.928534][T12645] unevictable:0 dirty:16 writeback:0 [ 556.928534][T12645] slab_reclaimable:6610 slab_unreclaimable:21032 [ 556.928534][T12645] mapped:58479 shmem:5064 pagetables:3200 bounce:0 [ 556.928534][T12645] free:177418 free_pcp:76 free_cma:0 [ 556.965593][T12645] Node 0 active_anon:372468kB inactive_anon:19464kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118860kB dirty:8kB writeback:0kB shmem:20172kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 245760kB writeback_tmp:0kB all_unreclaimable? no [ 556.992946][T12645] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 557.022037][T12645] lowmem_reserve[]: 0 896 1124 1124 1124 [ 557.027883][T12645] Node 0 DMA32 free:39320kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:354528kB inactive_anon:868kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:720kB pagetables:2188kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB 11:54:23 executing program 5: sendmsg(0xffffffffffffffff, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) [ 557.059472][T12645] lowmem_reserve[]: 0 0 228 228 228 [ 557.064770][T12645] Node 0 Normal free:9512kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:17940kB inactive_anon:18596kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:8kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3568kB pagetables:3032kB bounce:0kB free_pcp:56kB local_pcp:56kB free_cma:0kB [ 557.096220][T12645] lowmem_reserve[]: 0 0 0 0 0 [ 557.101118][T12645] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 557.113215][T12645] Node 0 DMA32: 564*4kB (UME) 473*8kB (UME) 390*16kB (UME) 272*32kB (UME) 119*64kB (UME) 46*128kB (ME) 17*256kB (UM) 1*512kB (M) 0*1024kB 0*2048kB 0*4096kB = 39352kB [ 557.130209][T12645] Node 0 Normal: 445*4kB (ME) 292*8kB (UM) 111*16kB (UM) 114*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9540kB [ 557.144738][T12645] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 557.154466][T12645] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 557.163965][T12645] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 557.173699][T12645] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 557.183147][T12645] 27116 total pagecache pages [ 557.188013][T12645] 0 pages in swap cache [ 557.192229][T12645] Swap cache stats: add 0, delete 0, find 0/0 [ 557.198437][T12645] Free swap = 0kB [ 557.202194][T12645] Total swap = 0kB [ 557.205957][T12645] 1965979 pages RAM 11:54:23 executing program 3: [ 557.209928][T12645] 0 pages HighMem/MovableOnly [ 557.214643][T12645] 1433455 pages reserved [ 557.219042][T12645] 0 pages cma reserved [ 557.223177][T12645] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=12630,uid=0 [ 557.238149][T12645] Out of memory: Killed process 12630 (syz-executor.1) total-vm:93044kB, anon-rss:2196kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 557.257012][ T1904] oom_reaper: reaped process 12630 (syz-executor.1), now anon-rss:0kB, file-rss:34588kB, shmem-rss:0kB [ 557.405168][T12655] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 557.418141][T12655] CPU: 1 PID: 12655 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 557.426896][T12655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 557.437001][T12655] Call Trace: [ 557.440393][T12655] dump_stack+0x21c/0x280 [ 557.444838][T12655] dump_header+0x1c5/0xcf0 [ 557.449331][T12655] oom_kill_process+0x388/0xb00 [ 557.454250][T12655] out_of_memory+0x117f/0x16a0 [ 557.459106][T12655] __alloc_pages_slowpath+0x303a/0x3d10 [ 557.464765][T12655] __alloc_pages_nodemask+0xbb1/0x1030 [ 557.470323][T12655] alloc_pages_current+0x685/0xb50 [ 557.475525][T12655] ion_page_pool_alloc+0x73d/0x8f0 [ 557.480699][T12655] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 557.486822][T12655] ? __list_add_valid+0xb8/0x420 [ 557.491823][T12655] ? kmsan_get_metadata+0x116/0x180 [ 557.497121][T12655] ion_system_heap_allocate+0x509/0x16b0 [ 557.502850][T12655] ? ion_system_contig_heap_create+0x230/0x230 [ 557.509088][T12655] ion_ioctl+0x8cd/0x2140 [ 557.513544][T12655] ? debug_shrink_set+0x240/0x240 [ 557.518629][T12655] compat_ptr_ioctl+0xe2/0x150 [ 557.523457][T12655] ? __ia32_sys_ioctl+0x70/0x70 [ 557.528368][T12655] __se_compat_sys_ioctl+0x55f/0x1100 [ 557.533818][T12655] ? kmsan_get_metadata+0x116/0x180 [ 557.539088][T12655] __ia32_compat_sys_ioctl+0x4a/0x70 [ 557.544446][T12655] __do_fast_syscall_32+0x2af/0x480 [ 557.549733][T12655] do_fast_syscall_32+0x6b/0xd0 [ 557.554645][T12655] do_SYSENTER_32+0x73/0x90 [ 557.559215][T12655] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 557.565577][T12655] RIP: 0023:0xf7f05549 [ 557.569662][T12655] Code: Bad RIP value. [ 557.573760][T12655] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 557.582224][T12655] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 557.590234][T12655] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 557.598241][T12655] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 557.606246][T12655] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 557.614252][T12655] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 557.623074][T12655] Mem-Info: [ 557.626418][T12655] active_anon:95242 inactive_anon:4876 isolated_anon:0 [ 557.626418][T12655] active_file:2747 inactive_file:22074 isolated_file:0 [ 557.626418][T12655] unevictable:0 dirty:5 writeback:17 [ 557.626418][T12655] slab_reclaimable:6610 slab_unreclaimable:21032 [ 557.626418][T12655] mapped:58477 shmem:5064 pagetables:3143 bounce:0 [ 557.626418][T12655] free:177437 free_pcp:146 free_cma:0 [ 557.663533][T12655] Node 0 active_anon:370384kB inactive_anon:19464kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118868kB dirty:4kB writeback:0kB shmem:20172kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 243712kB writeback_tmp:0kB all_unreclaimable? yes [ 557.690994][T12655] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 557.720090][T12655] lowmem_reserve[]: 0 896 1124 1124 1124 [ 557.725826][T12655] Node 0 DMA32 free:39384kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:352460kB inactive_anon:868kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:720kB pagetables:2188kB bounce:0kB free_pcp:516kB local_pcp:268kB free_cma:0kB [ 557.757540][T12655] lowmem_reserve[]: 0 0 228 228 228 [ 557.762839][T12655] Node 0 Normal free:9540kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:17924kB inactive_anon:18596kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3568kB pagetables:3032kB bounce:0kB free_pcp:68kB local_pcp:12kB free_cma:0kB [ 557.794293][T12655] lowmem_reserve[]: 0 0 0 0 0 [ 557.799191][T12655] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 557.811309][T12655] Node 0 DMA32: 508*4kB (ME) 363*8kB (ME) 333*16kB (UME) 272*32kB (UME) 119*64kB (UME) 46*128kB (ME) 17*256kB (UM) 1*512kB (M) 0*1024kB 1*2048kB (M) 0*4096kB = 39384kB [ 557.828466][T12655] Node 0 Normal: 445*4kB (ME) 292*8kB (UM) 111*16kB (UM) 114*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9540kB [ 557.842965][T12655] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 557.852705][T12655] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 557.862185][T12655] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 557.871932][T12655] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 557.881389][T12655] 27116 total pagecache pages [ 557.886128][T12655] 0 pages in swap cache [ 557.890465][T12655] Swap cache stats: add 0, delete 0, find 0/0 [ 557.896584][T12655] Free swap = 0kB [ 557.900484][T12655] Total swap = 0kB [ 557.904247][T12655] 1965979 pages RAM [ 557.908228][T12655] 0 pages HighMem/MovableOnly [ 557.912950][T12655] 1433455 pages reserved [ 557.917358][T12655] 0 pages cma reserved [ 557.921507][T12655] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=12643,uid=0 [ 557.936455][T12655] Out of memory: Killed process 12645 (syz-executor.1) total-vm:93044kB, anon-rss:2196kB, file-rss:35756kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 557.957974][ T1904] oom_reaper: reaped process 12645 (syz-executor.1), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 11:54:25 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:25 executing program 3: 11:54:25 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:25 executing program 0: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000300)) r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:25 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:25 executing program 3: 11:54:25 executing program 4: 11:54:25 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:26 executing program 3: [ 559.505093][T12681] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 559.517957][T12681] CPU: 0 PID: 12681 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 559.526697][T12681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 559.536813][T12681] Call Trace: [ 559.540202][T12681] dump_stack+0x21c/0x280 [ 559.544639][T12681] dump_header+0x1c5/0xcf0 [ 559.549170][T12681] oom_kill_process+0x388/0xb00 [ 559.554130][T12681] out_of_memory+0x117f/0x16a0 [ 559.559024][T12681] __alloc_pages_slowpath+0x303a/0x3d10 [ 559.564738][T12681] __alloc_pages_nodemask+0xbb1/0x1030 [ 559.570323][T12681] alloc_pages_current+0x685/0xb50 [ 559.575566][T12681] ion_page_pool_alloc+0x73d/0x8f0 [ 559.580778][T12681] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 559.586926][T12681] ? __list_add_valid+0xb8/0x420 [ 559.591959][T12681] ? kmsan_get_metadata+0x116/0x180 [ 559.597276][T12681] ion_system_heap_allocate+0x509/0x16b0 [ 559.604778][T12681] ? ion_system_contig_heap_create+0x230/0x230 [ 559.611034][T12681] ion_ioctl+0x8cd/0x2140 [ 559.615509][T12681] ? debug_shrink_set+0x240/0x240 [ 559.620624][T12681] compat_ptr_ioctl+0xe2/0x150 [ 559.625487][T12681] ? __ia32_sys_ioctl+0x70/0x70 [ 559.630429][T12681] __se_compat_sys_ioctl+0x55f/0x1100 [ 559.635920][T12681] ? kmsan_get_metadata+0x116/0x180 [ 559.641207][T12681] __ia32_compat_sys_ioctl+0x4a/0x70 [ 559.646594][T12681] __do_fast_syscall_32+0x2af/0x480 [ 559.651905][T12681] do_fast_syscall_32+0x6b/0xd0 [ 559.656855][T12681] do_SYSENTER_32+0x73/0x90 [ 559.661464][T12681] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 559.667852][T12681] RIP: 0023:0xf7f05549 [ 559.671963][T12681] Code: Bad RIP value. [ 559.676085][T12681] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 559.684586][T12681] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 559.692622][T12681] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 559.700654][T12681] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 559.708690][T12681] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 559.716720][T12681] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 559.725100][T12681] Mem-Info: [ 559.728475][T12681] active_anon:95292 inactive_anon:4876 isolated_anon:0 [ 559.728475][T12681] active_file:2750 inactive_file:22102 isolated_file:0 [ 559.728475][T12681] unevictable:0 dirty:25 writeback:0 [ 559.728475][T12681] slab_reclaimable:6610 slab_unreclaimable:21100 [ 559.728475][T12681] mapped:58508 shmem:5064 pagetables:3207 bounce:0 [ 559.728475][T12681] free:177369 free_pcp:554 free_cma:0 [ 559.765646][T12681] Node 0 active_anon:370456kB inactive_anon:19464kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118908kB dirty:4kB writeback:0kB shmem:20172kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 243712kB writeback_tmp:0kB all_unreclaimable? yes [ 559.793087][T12681] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 559.822369][T12681] lowmem_reserve[]: 0 896 1124 1124 1124 [ 559.828238][T12681] Node 0 DMA32 free:39760kB min:38892kB low:48612kB high:58332kB reserved_highatomic:0KB active_anon:352552kB inactive_anon:868kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:752kB pagetables:2264kB bounce:0kB free_pcp:1852kB local_pcp:424kB free_cma:0kB [ 559.859925][T12681] lowmem_reserve[]: 0 0 228 228 228 [ 559.865227][T12681] Node 0 Normal free:9812kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:17904kB inactive_anon:18596kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3568kB pagetables:3060kB bounce:0kB free_pcp:364kB local_pcp:56kB free_cma:0kB [ 559.896840][T12681] lowmem_reserve[]: 0 0 0 0 0 [ 559.901989][T12681] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 559.914084][T12681] Node 0 DMA32: 466*4kB (UME) 415*8kB (UME) 348*16kB (UME) 273*32kB (UME) 119*64kB (UME) 47*128kB (UME) 16*256kB (M) 5*512kB (UM) 0*1024kB 0*2048kB 0*4096kB = 39776kB [ 559.931153][T12681] Node 0 Normal: 373*4kB (ME) 358*8kB (UM) 111*16kB (UM) 115*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9812kB [ 559.945723][T12681] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 559.955482][T12681] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 559.965014][T12681] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 559.974749][T12681] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 559.984222][T12681] 27151 total pagecache pages [ 559.991852][T12681] 0 pages in swap cache [ 559.996069][T12681] Swap cache stats: add 0, delete 0, find 0/0 [ 560.002279][T12681] Free swap = 0kB [ 560.006040][T12681] Total swap = 0kB [ 560.009907][T12681] 1965979 pages RAM [ 560.013756][T12681] 0 pages HighMem/MovableOnly [ 560.018580][T12681] 1433455 pages reserved [ 560.022864][T12681] 0 pages cma reserved [ 560.026984][T12681] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=12616,uid=0 11:54:26 executing program 4: [ 560.042027][T12681] Out of memory: Killed process 12616 (syz-executor.1) total-vm:93044kB, anon-rss:2196kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 [ 560.060189][ T1904] oom_reaper: reaped process 12616 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 11:54:27 executing program 0: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:27 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:27 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:27 executing program 4: [ 561.124340][T12713] warn_alloc: 5 callbacks suppressed [ 561.124430][T12713] syz-executor.1: page allocation failure: order:4, mode:0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), nodemask=0,cpuset=/,mems_allowed=0-1 [ 561.144769][T12713] CPU: 0 PID: 12713 Comm: syz-executor.1 Not tainted 5.8.0-rc5-syzkaller #0 [ 561.153502][T12713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 561.163610][T12713] Call Trace: [ 561.167018][T12713] dump_stack+0x21c/0x280 [ 561.171459][T12713] warn_alloc+0x4cc/0x680 [ 561.175926][T12713] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 561.181889][T12713] __alloc_pages_slowpath+0x3cb6/0x3d10 [ 561.187549][T12713] ? kmsan_get_metadata+0x116/0x180 [ 561.192861][T12713] ? kmsan_get_metadata+0x116/0x180 [ 561.198180][T12713] __alloc_pages_nodemask+0xbb1/0x1030 [ 561.203762][T12713] alloc_pages_current+0x685/0xb50 [ 561.208999][T12713] ion_page_pool_alloc+0x73d/0x8f0 [ 561.214202][T12713] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 561.220373][T12713] ? __list_add_valid+0xb8/0x420 [ 561.225458][T12713] ? kmsan_get_metadata+0x116/0x180 [ 561.230778][T12713] ion_system_heap_allocate+0x5a2/0x16b0 [ 561.236564][T12713] ? ion_system_contig_heap_create+0x230/0x230 [ 561.242819][T12713] ion_ioctl+0x8cd/0x2140 [ 561.247315][T12713] ? debug_shrink_set+0x240/0x240 [ 561.252436][T12713] compat_ptr_ioctl+0xe2/0x150 [ 561.257293][T12713] ? __ia32_sys_ioctl+0x70/0x70 [ 561.262237][T12713] __se_compat_sys_ioctl+0x55f/0x1100 [ 561.267724][T12713] ? kmsan_get_metadata+0x116/0x180 [ 561.273016][T12713] __ia32_compat_sys_ioctl+0x4a/0x70 [ 561.278421][T12713] __do_fast_syscall_32+0x2af/0x480 [ 561.283732][T12713] do_fast_syscall_32+0x6b/0xd0 [ 561.288697][T12713] do_SYSENTER_32+0x73/0x90 [ 561.293306][T12713] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 561.299733][T12713] RIP: 0023:0xf7f85549 [ 561.303839][T12713] Code: Bad RIP value. [ 561.307963][T12713] RSP: 002b:00000000f557f0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 561.316455][T12713] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 561.324584][T12713] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 561.332621][T12713] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 561.340661][T12713] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 561.348694][T12713] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 561.358412][T12713] Mem-Info: [ 561.361754][T12713] active_anon:94754 inactive_anon:4872 isolated_anon:0 [ 561.361754][T12713] active_file:2786 inactive_file:22089 isolated_file:0 [ 561.361754][T12713] unevictable:0 dirty:40 writeback:0 [ 561.361754][T12713] slab_reclaimable:6610 slab_unreclaimable:21059 [ 561.361754][T12713] mapped:58483 shmem:5064 pagetables:3212 bounce:0 [ 561.361754][T12713] free:178120 free_pcp:0 free_cma:0 [ 561.398670][T12713] Node 0 active_anon:368284kB inactive_anon:19440kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118920kB dirty:4kB writeback:0kB shmem:20164kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 241664kB writeback_tmp:0kB all_unreclaimable? no [ 561.426016][T12713] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 561.455094][T12713] lowmem_reserve[]: 0 896 1124 1124 1124 [ 561.460947][T12713] Node 0 DMA32 free:41448kB min:40940kB low:50660kB high:60380kB reserved_highatomic:0KB active_anon:350484kB inactive_anon:868kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:736kB pagetables:2264kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 561.492317][T12713] lowmem_reserve[]: 0 0 228 228 228 [ 561.497747][T12713] Node 0 Normal free:10444kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:17824kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3568kB pagetables:3056kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 561.529077][T12713] lowmem_reserve[]: 0 0 0 0 0 [ 561.533853][T12713] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 561.545988][T12713] Node 0 DMA32: 685*4kB (UME) 486*8kB (UME) 400*16kB (UME) 283*32kB (UME) 125*64kB (UME) 51*128kB (UME) 19*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 41476kB [ 561.562647][T12713] Node 0 Normal: 393*4kB (UME) 428*8kB (UM) 112*16kB (UM) 115*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 10468kB [ 561.577331][T12713] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 561.586947][T12713] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 561.596469][T12713] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 561.606265][T12713] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 561.615714][T12713] 27170 total pagecache pages [ 561.620590][T12713] 0 pages in swap cache [ 561.624813][T12713] Swap cache stats: add 0, delete 0, find 0/0 [ 561.631029][T12713] Free swap = 0kB [ 561.634791][T12713] Total swap = 0kB [ 561.638680][T12713] 1965979 pages RAM [ 561.642529][T12713] 0 pages HighMem/MovableOnly [ 561.647352][T12713] 1433455 pages reserved [ 561.651633][T12713] 0 pages cma reserved 11:54:28 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:28 executing program 3: 11:54:28 executing program 4: 11:54:28 executing program 0: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() sched_setattr(0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:28 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:28 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:29 executing program 4: 11:54:29 executing program 3: 11:54:29 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:29 executing program 0: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) [ 562.705031][T12730] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 562.717777][T12730] CPU: 0 PID: 12730 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 562.726518][T12730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 562.736632][T12730] Call Trace: [ 562.740021][T12730] dump_stack+0x21c/0x280 [ 562.744460][T12730] dump_header+0x1c5/0xcf0 [ 562.748990][T12730] oom_kill_process+0x388/0xb00 [ 562.753943][T12730] out_of_memory+0x117f/0x16a0 [ 562.758835][T12730] __alloc_pages_slowpath+0x303a/0x3d10 [ 562.764546][T12730] __alloc_pages_nodemask+0xbb1/0x1030 [ 562.770131][T12730] alloc_pages_current+0x685/0xb50 [ 562.775372][T12730] ion_page_pool_alloc+0x73d/0x8f0 [ 562.780593][T12730] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 562.786749][T12730] ? __list_add_valid+0xb8/0x420 [ 562.791788][T12730] ? kmsan_get_metadata+0x116/0x180 [ 562.797104][T12730] ion_system_heap_allocate+0x509/0x16b0 [ 562.802892][T12730] ? ion_system_contig_heap_create+0x230/0x230 [ 562.809176][T12730] ion_ioctl+0x8cd/0x2140 [ 562.813659][T12730] ? debug_shrink_set+0x240/0x240 [ 562.818773][T12730] compat_ptr_ioctl+0xe2/0x150 [ 562.823629][T12730] ? __ia32_sys_ioctl+0x70/0x70 [ 562.828573][T12730] __se_compat_sys_ioctl+0x55f/0x1100 [ 562.834062][T12730] ? kmsan_get_metadata+0x116/0x180 [ 562.839354][T12730] __ia32_compat_sys_ioctl+0x4a/0x70 [ 562.844745][T12730] __do_fast_syscall_32+0x2af/0x480 [ 562.850049][T12730] do_fast_syscall_32+0x6b/0xd0 [ 562.854999][T12730] do_SYSENTER_32+0x73/0x90 [ 562.859605][T12730] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 562.865995][T12730] RIP: 0023:0xf7f05549 [ 562.870103][T12730] Code: Bad RIP value. [ 562.874221][T12730] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 562.882725][T12730] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0184900 [ 562.890762][T12730] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 562.898797][T12730] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 562.906834][T12730] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 562.914873][T12730] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 562.923242][T12730] Mem-Info: [ 562.926567][T12730] active_anon:94696 inactive_anon:4876 isolated_anon:0 [ 562.926567][T12730] active_file:2751 inactive_file:22094 isolated_file:0 [ 562.926567][T12730] unevictable:0 dirty:0 writeback:0 [ 562.926567][T12730] slab_reclaimable:6610 slab_unreclaimable:21043 [ 562.926567][T12730] mapped:58481 shmem:5064 pagetables:3192 bounce:0 [ 562.926567][T12730] free:177604 free_pcp:248 free_cma:0 [ 562.963620][T12730] Node 0 active_anon:368196kB inactive_anon:19440kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118948kB dirty:4kB writeback:0kB shmem:20148kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 241664kB writeback_tmp:0kB all_unreclaimable? yes [ 562.991085][T12730] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 563.020390][T12730] lowmem_reserve[]: 0 896 1124 1124 1124 [ 563.026155][T12730] Node 0 DMA32 free:40476kB min:40940kB low:50660kB high:60380kB reserved_highatomic:0KB active_anon:350396kB inactive_anon:868kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:720kB pagetables:2188kB bounce:0kB free_pcp:600kB local_pcp:252kB free_cma:0kB [ 563.057868][T12730] lowmem_reserve[]: 0 0 228 228 228 [ 563.063152][T12730] Node 0 Normal free:9872kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:17800kB inactive_anon:18572kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3552kB pagetables:2928kB bounce:0kB free_pcp:392kB local_pcp:88kB free_cma:0kB [ 563.094829][T12730] lowmem_reserve[]: 0 0 0 0 0 [ 563.099759][T12730] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 563.111838][T12730] Node 0 DMA32: 559*4kB (UME) 486*8kB (UME) 401*16kB (UME) 283*32kB (UME) 123*64kB (UME) 50*128kB (UME) 18*256kB (UM) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 40476kB [ 563.128584][T12730] Node 0 Normal: 482*4kB (UME) 301*8kB (UM) 112*16kB (UM) 117*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9872kB [ 563.143191][T12730] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 563.153816][T12730] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 563.163340][T12730] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 563.173128][T12730] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 563.182585][T12730] 27140 total pagecache pages [ 563.187422][T12730] 0 pages in swap cache [ 563.191633][T12730] Swap cache stats: add 0, delete 0, find 0/0 [ 563.197848][T12730] Free swap = 0kB [ 563.201607][T12730] Total swap = 0kB [ 563.205374][T12730] 1965979 pages RAM [ 563.209379][T12730] 0 pages HighMem/MovableOnly [ 563.214109][T12730] 1433455 pages reserved [ 563.218518][T12730] 0 pages cma reserved [ 563.222640][T12730] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=12727,uid=0 [ 563.237587][T12730] Out of memory: Killed process 12727 (syz-executor.2) total-vm:93044kB, anon-rss:2148kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:116kB oom_score_adj:1000 11:54:29 executing program 4: [ 563.258210][ T1904] oom_reaper: reaped process 12727 (syz-executor.2), now anon-rss:0kB, file-rss:33892kB, shmem-rss:0kB 11:54:30 executing program 0: prlimit64(0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) [ 563.374085][ T1904] oom_reaper: reaped process 12729 (syz-executor.1), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 11:54:30 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:30 executing program 3: 11:54:30 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:30 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:30 executing program 4: 11:54:30 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) [ 564.387320][ T8716] Bluetooth: hci4: command 0x0406 tx timeout 11:54:31 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:31 executing program 0: r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:31 executing program 3: 11:54:31 executing program 4: 11:54:31 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 565.325355][T12756] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 565.338440][T12756] CPU: 1 PID: 12756 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 565.347187][T12756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 565.357299][T12756] Call Trace: [ 565.360708][T12756] dump_stack+0x21c/0x280 [ 565.365146][T12756] dump_header+0x1c5/0xcf0 [ 565.369670][T12756] oom_kill_process+0x388/0xb00 [ 565.374631][T12756] out_of_memory+0x117f/0x16a0 [ 565.379515][T12756] __alloc_pages_slowpath+0x303a/0x3d10 [ 565.385214][T12756] __alloc_pages_nodemask+0xbb1/0x1030 [ 565.390798][T12756] alloc_pages_current+0x685/0xb50 [ 565.396050][T12756] ion_page_pool_alloc+0x73d/0x8f0 [ 565.401440][T12756] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 565.407590][T12756] ? __list_add_valid+0xb8/0x420 [ 565.412622][T12756] ? kmsan_get_metadata+0x116/0x180 [ 565.417937][T12756] ion_system_heap_allocate+0x509/0x16b0 [ 565.423714][T12756] ? ion_system_contig_heap_create+0x230/0x230 [ 565.429969][T12756] ion_ioctl+0x8cd/0x2140 [ 565.434444][T12756] ? debug_shrink_set+0x240/0x240 [ 565.439549][T12756] compat_ptr_ioctl+0xe2/0x150 [ 565.444418][T12756] ? __ia32_sys_ioctl+0x70/0x70 [ 565.449354][T12756] __se_compat_sys_ioctl+0x55f/0x1100 [ 565.454845][T12756] ? kmsan_get_metadata+0x116/0x180 [ 565.460133][T12756] __ia32_compat_sys_ioctl+0x4a/0x70 [ 565.465547][T12756] __do_fast_syscall_32+0x2af/0x480 [ 565.470860][T12756] do_fast_syscall_32+0x6b/0xd0 11:54:32 executing program 0: r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) [ 565.475810][T12756] do_SYSENTER_32+0x73/0x90 [ 565.480426][T12756] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 565.486822][T12756] RIP: 0023:0xf7f05549 [ 565.490928][T12756] Code: Bad RIP value. [ 565.495054][T12756] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 565.503654][T12756] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 565.511694][T12756] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 565.519735][T12756] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 565.527856][T12756] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 565.535897][T12756] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 565.544135][T12756] Mem-Info: [ 565.547497][T12756] active_anon:94186 inactive_anon:4874 isolated_anon:0 [ 565.547497][T12756] active_file:2749 inactive_file:22099 isolated_file:0 [ 565.547497][T12756] unevictable:0 dirty:4 writeback:17 [ 565.547497][T12756] slab_reclaimable:6610 slab_unreclaimable:21055 [ 565.547497][T12756] mapped:58495 shmem:5064 pagetables:3165 bounce:0 [ 565.547497][T12756] free:141756 free_pcp:387 free_cma:0 [ 565.584612][T12756] Node 0 active_anon:366148kB inactive_anon:19440kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:118992kB dirty:4kB writeback:0kB shmem:20148kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 241664kB writeback_tmp:0kB all_unreclaimable? yes [ 565.612085][T12756] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 565.641189][T12756] lowmem_reserve[]: 0 896 1124 1124 1124 [ 565.647055][T12756] Node 0 DMA32 free:41768kB min:40940kB low:50660kB high:60380kB reserved_highatomic:0KB active_anon:348348kB inactive_anon:868kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:720kB pagetables:2188kB bounce:0kB free_pcp:1352kB local_pcp:1100kB free_cma:0kB [ 565.678966][T12756] lowmem_reserve[]: 0 0 228 228 228 [ 565.684274][T12756] Node 0 Normal free:9872kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:17800kB inactive_anon:18572kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3552kB pagetables:2928kB bounce:0kB free_pcp:196kB local_pcp:56kB free_cma:0kB [ 565.715819][T12756] lowmem_reserve[]: 0 0 0 0 0 [ 565.720722][T12756] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 565.732856][T12756] Node 0 DMA32: 496*4kB (UME) 423*8kB (UME) 401*16kB (UME) 283*32kB (UME) 123*64kB (UME) 50*128kB (UME) 18*256kB (UM) 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 41768kB [ 565.749956][T12756] Node 0 Normal: 480*4kB (ME) 302*8kB (UM) 112*16kB (UM) 117*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9872kB [ 565.764501][T12756] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 565.774265][T12756] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 565.783759][T12756] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 565.793514][T12756] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 565.802986][T12756] 27143 total pagecache pages [ 565.807821][T12756] 0 pages in swap cache [ 565.812043][T12756] Swap cache stats: add 0, delete 0, find 0/0 [ 565.818294][T12756] Free swap = 0kB [ 565.822059][T12756] Total swap = 0kB [ 565.825828][T12756] 1965979 pages RAM [ 565.829803][T12756] 0 pages HighMem/MovableOnly [ 565.834518][T12756] 1433455 pages reserved [ 565.838986][T12756] 0 pages cma reserved [ 565.843108][T12756] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=11512,uid=0 [ 565.858092][T12756] Out of memory: Killed process 11512 (syz-executor.5) total-vm:93176kB, anon-rss:148kB, file-rss:35680kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 565.877916][ T1904] oom_reaper: reaped process 11512 (syz-executor.5), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 566.567869][ T1904] oom_reaper: reaped process 12756 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 11:54:33 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:33 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:33 executing program 3: 11:54:33 executing program 4: 11:54:33 executing program 0: r0 = syz_open_procfs(0x0, 0x0) preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:33 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:33 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:33 executing program 3: 11:54:33 executing program 4: 11:54:34 executing program 0: syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:34 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, 0x0, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:34 executing program 3: 11:54:35 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:35 executing program 4: 11:54:35 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:35 executing program 0: syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:35 executing program 3: 11:54:35 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, 0x0, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:35 executing program 4: 11:54:35 executing program 0: syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x4, 0x7400, 0x0) 11:54:35 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:35 executing program 3: 11:54:36 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, 0x0, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 569.618877][T12818] syz-executor.2 invoked oom-killer: gfp_mask=0x140dc2(GFP_HIGHUSER|__GFP_COMP|__GFP_ZERO), order=0, oom_score_adj=1000 [ 569.631725][T12818] CPU: 0 PID: 12818 Comm: syz-executor.2 Not tainted 5.8.0-rc5-syzkaller #0 [ 569.640472][T12818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 569.650580][T12818] Call Trace: [ 569.653981][T12818] dump_stack+0x21c/0x280 [ 569.658405][T12818] dump_header+0x1c5/0xcf0 [ 569.662930][T12818] oom_kill_process+0x388/0xb00 [ 569.667855][T12818] out_of_memory+0x117f/0x16a0 [ 569.672710][T12818] __alloc_pages_slowpath+0x303a/0x3d10 [ 569.678376][T12818] __alloc_pages_nodemask+0xbb1/0x1030 [ 569.683919][T12818] alloc_pages_current+0x685/0xb50 [ 569.689118][T12818] ion_page_pool_alloc+0x73d/0x8f0 [ 569.694292][T12818] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 569.700417][T12818] ? __list_add_valid+0xb8/0x420 [ 569.705420][T12818] ? kmsan_get_metadata+0x116/0x180 [ 569.710702][T12818] ion_system_heap_allocate+0x509/0x16b0 [ 569.716427][T12818] ? ion_system_contig_heap_create+0x230/0x230 [ 569.722642][T12818] ion_ioctl+0x8cd/0x2140 [ 569.727073][T12818] ? debug_shrink_set+0x240/0x240 [ 569.732150][T12818] compat_ptr_ioctl+0xe2/0x150 [ 569.736970][T12818] ? __ia32_sys_ioctl+0x70/0x70 [ 569.741872][T12818] __se_compat_sys_ioctl+0x55f/0x1100 [ 569.747321][T12818] ? kmsan_get_metadata+0x116/0x180 [ 569.752574][T12818] __ia32_compat_sys_ioctl+0x4a/0x70 [ 569.757926][T12818] __do_fast_syscall_32+0x2af/0x480 [ 569.763198][T12818] do_fast_syscall_32+0x6b/0xd0 [ 569.768114][T12818] do_SYSENTER_32+0x73/0x90 [ 569.772686][T12818] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 569.779048][T12818] RIP: 0023:0xf7f05549 [ 569.783131][T12818] Code: Bad RIP value. [ 569.787230][T12818] RSP: 002b:00000000f54ff0cc EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 569.795711][T12818] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0184900 [ 569.803730][T12818] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 569.811741][T12818] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 569.819746][T12818] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 569.827756][T12818] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 569.837015][T12818] Mem-Info: [ 569.840315][T12818] active_anon:94128 inactive_anon:4876 isolated_anon:0 [ 569.840315][T12818] active_file:2751 inactive_file:22104 isolated_file:0 [ 569.840315][T12818] unevictable:0 dirty:16 writeback:17 [ 569.840315][T12818] slab_reclaimable:6610 slab_unreclaimable:21070 [ 569.840315][T12818] mapped:58513 shmem:5064 pagetables:3155 bounce:0 [ 569.840315][T12818] free:141720 free_pcp:496 free_cma:0 [ 569.877523][T12818] Node 0 active_anon:366044kB inactive_anon:19440kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:119012kB dirty:4kB writeback:0kB shmem:20148kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 241664kB writeback_tmp:0kB all_unreclaimable? yes 11:54:36 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) [ 569.904958][T12818] Node 0 DMA free:4096kB min:172kB low:212kB high:252kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:4096kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 569.934033][T12818] lowmem_reserve[]: 0 896 1124 1124 1124 [ 569.939881][T12818] Node 0 DMA32 free:41792kB min:40940kB low:50660kB high:60380kB reserved_highatomic:0KB active_anon:348244kB inactive_anon:868kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:921776kB mlocked:0kB kernel_stack:704kB pagetables:2080kB bounce:0kB free_pcp:1588kB local_pcp:356kB free_cma:0kB [ 569.971560][T12818] lowmem_reserve[]: 0 0 228 228 228 [ 569.976972][T12818] Node 0 Normal free:9840kB min:9896kB low:12368kB high:14840kB reserved_highatomic:0KB active_anon:17800kB inactive_anon:18572kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:4kB present:786432kB managed:233472kB mlocked:0kB kernel_stack:3552kB pagetables:2928kB bounce:0kB free_pcp:396kB local_pcp:56kB free_cma:0kB [ 570.008461][T12818] lowmem_reserve[]: 0 0 0 0 0 [ 570.013252][T12818] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (U) = 4096kB [ 570.025348][T12818] Node 0 DMA32: 496*4kB (UME) 424*8kB (UME) 400*16kB (UME) 284*32kB (UME) 121*64kB (UME) 51*128kB (UME) 18*256kB (UM) 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 41792kB [ 570.044184][T12818] Node 0 Normal: 480*4kB (ME) 302*8kB (UM) 112*16kB (UM) 116*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9840kB [ 570.058712][T12818] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 570.068440][T12818] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 570.077916][T12818] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 570.087642][T12818] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 570.097074][T12818] 27150 total pagecache pages [ 570.101794][T12818] 0 pages in swap cache [ 570.106008][T12818] Swap cache stats: add 0, delete 0, find 0/0 [ 570.112224][T12818] Free swap = 0kB [ 570.115984][T12818] Total swap = 0kB [ 570.119858][T12818] 1965979 pages RAM [ 570.123723][T12818] 0 pages HighMem/MovableOnly [ 570.128550][T12818] 1433455 pages reserved [ 570.132831][T12818] 0 pages cma reserved [ 570.137070][T12818] oom-kill:constraint=CONSTRAINT_MEMORY_POLICY,nodemask=0,cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=11064,uid=0 [ 570.152061][T12818] Out of memory: Killed process 11064 (syz-executor.3) total-vm:93044kB, anon-rss:148kB, file-rss:35680kB, shmem-rss:0kB, UID:0 pgtables:120kB oom_score_adj:1000 [ 570.522776][ T1904] oom_reaper: reaped process 12818 (syz-executor.2), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 11:54:37 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:37 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, 0x0, 0x0, 0x7400, 0x0) 11:54:37 executing program 4: 11:54:37 executing program 3: 11:54:37 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:37 executing program 4: 11:54:37 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:37 executing program 3: 11:54:37 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, 0x0, 0x0, 0x7400, 0x0) 11:54:38 executing program 4: 11:54:38 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0), 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:38 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:38 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:38 executing program 4: 11:54:38 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, 0x0, 0x0, 0x7400, 0x0) 11:54:38 executing program 3: 11:54:39 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:39 executing program 4: 11:54:39 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}], 0x3, 0x7400, 0x0) 11:54:39 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sendmmsg(r0, &(0x7f0000005440)=[{{0x0, 0xfffffffffffffcfb, 0x0}, 0x101d0}], 0xfb93a852dd518c, 0x0) 11:54:39 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:39 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0), 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:40 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}], 0x3, 0x7400, 0x0) 11:54:40 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_MTU={0x8, 0x37}]}, 0x30}}, 0x0) [ 573.853044][T12883] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 573.871663][T12883] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 573.881185][T12883] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 11:54:40 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x0, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:40 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0), 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:40 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)) write$cgroup_subtree(r0, &(0x7f0000000140), 0xfd45) 11:54:40 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}], 0x3, 0x7400, 0x0) 11:54:40 executing program 4: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040), 0x0) sendto$inet(r0, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) 11:54:41 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140), 0xfd45) 11:54:41 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x7400, 0x0) 11:54:42 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_sctp(0x2, 0x5, 0x84) dup3(0xffffffffffffffff, r0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x6c, &(0x7f000059aff8), 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(0xffffffffffffffff, 0x40082102, 0x0) sendto$inet(r0, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) 11:54:42 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140), 0xfd45) 11:54:42 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x7400, 0x0) 11:54:42 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, 0x0, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:42 executing program 4: syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @dccp_packet={0x0, 0x6, '=\x00', 0x10, 0x21, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x4, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, "78966f"}}}}}}}, 0x0) 11:54:42 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:42 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x7400, 0x0) [ 575.964933][T12922] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 576.051523][T12922] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 11:54:42 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140), 0xfd45) 11:54:43 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sysfs$1(0x1, &(0x7f0000000200)='system.posix_acl_access\x00') 11:54:43 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x3, 0x7400, 0x0) 11:54:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="850000002f0000001400000000fbff0f95000000000000004dd5488e8e00f79e80e42771c3790964665b3129d59c03230f08fe04e537a978ffffdbf614a4cb1cb8e19c68d5e65c865ce947bb5b5ccfe99565000000009f10ea235940a42c8d2247ea9551f6729a089fb3333a49456e76e20241e33512ef203942c734200e42f0e4b98de846ddeafa13e1f90a4c8a85f5318c04fb4f9cec81ce27689374e2d2f1cbe27ed469f8a64ee1a2a30473c0fcdd4e94f296ff030000302f136e1ac9e682607b8c6035119da50437d118510020137961d9bf16c38a09000000000000000000000000001e0000000000e30f8dd69e35b830529a298388f6e30c0e6d4e09333068ce837044cd51f4e2ced25531e07805000000d20a173ee89773e7c8f8198b3887422a829c5dfee0dee3b6e624b31fe1d4611283bc8c2669ef4344aa5a08657374e0183c4acc00cbd7dc1660317914d07da4418660515b80c4a86f0000001ba47b8bcf5749e3de2769e2f0cd7d4031a9e4000000cc6700040439662751a1cce28248f7b220ec96175f67a37957f2fd90627f14c0b80a974680907d0945f5d3df322a5265cf0e70167ef74da6b66c267defaff12a376440b8c54001fc846a20981b6e48c9dc29cf1de598c65a513ae9d15af10ad871fbd10eed890000f19f913800ca36fad21d46ea8b783057ddc49ea793c306269279253123f1c2501b8e5f0807abc941a7e9735d6c13b694e2167e811ac8ab42fe96e49244335d48132bcf09abb7a6ae3d79e377bd291d048328fdbb77617e09d6c7c7ee3db2938c6700bd0d0e06338e05556228aaf6c308f13944427efb62a84bd141dba0c8d2058c224095003b5ccad0557c26ee61f87699f41269ee01a29e752f5511bf4b86c6000000020000000000000000000000000000005516fee9f7fc6d04ac94fe5d640f1e84c0030000000000000000000000002945b52cc69854e28eb5913f1d82adb309b81d3823147d68c2c9daf559ff06951c8949f9050689de0edf324221b9cb5d3c930a2b9ab47ba01e70f940251b2f7916eb7458b9d9f2597163a1c11d0d4beaef73bd887905bc2354517caac2cdb1184ed74c637bd7813ceb60492bef83e7f0f6364c082b3f484182b738dc1e659106ea05ab18268759321209d9ed0503b6a7760e79c6cb87798777ec43798c6c135aaad66bc23125fbae19259a8f241d79e13dba19ba2f1696042861a80b97e7cea266f0287508bdd275236e1246b3d1b5c13fba5c18f4ec6d371af7ea8f80bb243789fe37e9c9265956e2d0958e487b7c0472bfdd55cd1fa5df0000a8dbe0ad3f5f32f6b796fe466acb27a377d6476a15b11655969fe325edddd2528d1dafb80cd86c94ea6606e13baced541f2b217f6f46049567175c4b8e670d000000009b482686af4a3257a6e4f81db50a411d08e7e793f0072617ecd3f025d2d189bd9ed7e1886d5ebb9ff86b299089bd5db225e10ccd587558ae5dad4c49eb38bcb725a34159a0c9c7713a5ef313f189b3e7737c843718e433c3209e9ba7ba5e64a2adafe14f0f8bf7b2061b8b6c50e3fcc86221b93847fbe6adb71eac24186cb4163a4a761a4391fda557a3cc3cdd220ba892db5f7d4641025d63dca014b4fe3d01c13e4025d1c094ada7bb10c1c3940c1aa54a2582573ca7b7587dbcfaba9949ff15107e5e2fc461431c243f47d5954782799d03fb534a53e23913b0c286527bbcfeceea413bfad320a05de47470f97459a175965e72c68c454b385330504a1414165eb1490ea4763341987011075162af9327d0057de6c35fa3b7d76fc6bc506540b09089e640e5366f6efed9b8e57bcce02df6e6b1e7a382846051c7f1440f6b682181634ee030e0a09bedd1540000000000000000000000000000000088692a5e955a11f72a120ce80c8cbf6468dd038ef5563558d0fa7c2ccdb9c5b681b3b7ff33cdcd8000c38b8b63baaf47b7c862510ad5ec754b3c6aaa81605bc75146645a21cb566dd87f6a20a1c416502608a91d71c01fc50798eeeb8cafadf1463268663994d5d2f1838db502e700000000000000000000000000006ac6b37eefd3ecd0d0d7dc1d67000000000000000000000000000000fe4ceb942ebfb54190423007c22e8a94cc0ecb7630dc0da58aa200d7e4c5519bd308189accf4b42c5ed47912f774833e25e574ab1745dafb2eef52e3828a3915c3634527b982270e3b16a3762189192165549313021f897fb2d871a1dbf241309384b1be78368b9498b17ed98a18d4de571e8a5eb2cc805904cc83c3a4e715277f4a765d55964c94c0e87d1cb3a8ef6d88975efa2b2cc18b5e3b313712f84902dddf22f2a0b6eaab2553fc86aa2264f1e65f516d6c604e50839cee5cf1eb61b80b0cbd3030c05f7c6a89b34a364e42ed617486284779b4121201943bad423873b1a5a4cc78cc60687902fb06f989c435e7f759298215d73ef77984dc5ab38b"], &(0x7f0000000240)='GPL\x00', 0x1, 0xc3, &(0x7f0000000300)=""/195}, 0x48) 11:54:43 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, 0x0, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:43 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, 0x0, 0x0) 11:54:43 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:43 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x28001) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'erspan0\x00', &(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYBLOB="00000000000000000000000044000050000000000000907800000000ffffffff830b00ac1414aaffffffff0002861200000000000a166936a13c9245240002441c00030000000000000000ac1414aa00000000e0000002"]}) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000000c0)) write$evdev(r0, &(0x7f0000000040)=[{}, {}], 0x52a) 11:54:44 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}], 0x3, 0x7400, 0x0) 11:54:44 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, 0x0, 0x0) 11:54:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000300)="580000001500192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd000000100001000c081000418e00000004fcff", 0x58}], 0x1) 11:54:44 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, 0x0, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:44 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}], 0x3, 0x7400, 0x0) 11:54:45 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:45 executing program 5: sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000140)=@x25={0x9, @remote={[], 0x0}}, 0x80, 0x0}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x6, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'\x00', 0x7132}) write$cgroup_subtree(r0, 0x0, 0x0) 11:54:46 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x38, 0x10, 0x759a6aa1fe41a567, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0xa, 0x9}]}}}]}, 0x38}}, 0x0) 11:54:46 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {0x0}], 0x3, 0x7400, 0x0) 11:54:46 executing program 4: r0 = socket(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa, 0x1, 'netem\x00'}, {0x1c}}]}, 0x4c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}}}, 0x24}}, 0x0) 11:54:46 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:46 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0), 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:46 executing program 5: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = socket(0x200000000000011, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x12) sendmmsg(r0, &(0x7f0000003480)=[{{&(0x7f0000000400)=@xdp={0x2c, 0x8, r3, 0x0, 0xfeffffff}, 0x80, 0x0}}], 0x1, 0x0) [ 580.307164][T12995] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 11:54:47 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000280)=""/4094, 0xffe}], 0x2, 0x7400, 0x0) 11:54:47 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 580.679387][T13010] netlink: 'syz-executor.3': attribute type 10 has an invalid length. [ 580.689333][T13005] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. 11:54:47 executing program 5: r0 = socket$inet6(0xa, 0x3, 0x7) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x3a, 0x22, 0x0, 0x0) 11:54:47 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f00000001c0)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={'nr', 0x0}, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @null, @null]}) 11:54:47 executing program 4: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x118, 0x482, 0x0, 0x0) 11:54:47 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:47 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2, 0x7400, 0x0) 11:54:48 executing program 4: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x118, 0x482, 0x0, 0x0) 11:54:48 executing program 5: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000001240)='/dev/null\x00', 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x5452, &(0x7f0000000080)={0x1, 'ip_vti0\x00'}) 11:54:48 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.controllers\x00', 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x2, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xf}, @exit={0x95, 0x0, 0x1200}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x12000000, 0xe, [], 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x70) 11:54:48 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0), 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:48 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2, 0x7400, 0x0) 11:54:48 executing program 4: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x118, 0x482, 0x0, 0x0) 11:54:48 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:48 executing program 5: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x11, 0x0, 0x300) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9ff296724b7537d9f1b9eb010018000000000000001800400018000000020000000000000000000002000000d5b34cd100000000040000001b0000"], &(0x7f00000002c0)=""/4096, 0x32, 0x1000, 0x1}, 0x20) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2, 0xa, 0x2) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/net\x00') bpf$BPF_PROG_QUERY(0x10, &(0x7f00000000c0)={r1, 0x11, 0x0, 0x0, &(0x7f0000000000), 0x64}, 0x20) ioctl$SIOCSIFHWADDR(r0, 0x8914, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x3}) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x336) 11:54:48 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}, {0x0}], 0x2, 0x7400, 0x0) 11:54:49 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) [ 582.606272][T13049] syz-executor.5 uses obsolete (PF_INET,SOCK_PACKET) 11:54:49 executing program 4: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x118, 0x482, 0x0, 0x0) 11:54:49 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0), 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:49 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000280)=""/4094, 0xffe}], 0x1, 0x7400, 0x0) 11:54:49 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_BULK(r0, 0xc0185502, &(0x7f00000000c0)={{}, 0x0, 0x0, 0x0}) 11:54:51 executing program 3: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cgroup.controllers\x00', 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x2, 0x6, &(0x7f0000000000)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xf}, @exit={0x95, 0x0, 0x1200}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x12000000, 0xe, [], 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0}, 0x70) 11:54:51 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:51 executing program 4: setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x118, 0x482, 0x0, 0x0) 11:54:51 executing program 5: r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/timer\x00', 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0xc0f85403, &(0x7f0000000000)) 11:54:51 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}], 0x1, 0x7400, 0x0) 11:54:51 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:52 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, 0x0) 11:54:52 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}], 0x1, 0x7400, 0x0) 11:54:52 executing program 5: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0) 11:54:52 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:52 executing program 4: setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x118, 0x482, 0x0, 0x0) 11:54:52 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, &(0x7f0000000040)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x1, @default}, 0x1c) 11:54:52 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{0x0}], 0x1, 0x7400, 0x0) 11:54:52 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, 0x0) 11:54:52 executing program 5: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0) 11:54:52 executing program 4: setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x118, 0x482, 0x0, 0x0) 11:54:52 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:53 executing program 3: r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x2, 0x0) read$FUSE(r1, &(0x7f00000042c0)={0x2020, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000001a80)={0x2020}, 0x2020) write$FUSE_DIRENTPLUS(r0, &(0x7f0000004200)={0x10, 0xfffffffffffffff5, r2}, 0x10) 11:54:53 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000280)=""/4094, 0xffe}], 0x1, 0x0, 0x0) 11:54:53 executing program 5: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, 0x0, 0x0) 11:54:53 executing program 4: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x118, 0x482, 0x0, 0x0) 11:54:53 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, 0x0) 11:54:53 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000280)=""/4094, 0xffe}], 0x1, 0x0, 0x0) 11:54:53 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f0000000040)) 11:54:54 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:54 executing program 5: 11:54:54 executing program 4: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x118, 0x482, 0x0, 0x0) 11:54:54 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000001280)='net/fib_trie\x00') preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000280)=""/4094, 0xffe}], 0x1, 0x0, 0x0) 11:54:54 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:54 executing program 3: 11:54:54 executing program 5: 11:54:54 executing program 4: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x118, 0x482, 0x0, 0x0) 11:54:54 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:54 executing program 0: 11:54:55 executing program 5: 11:54:55 executing program 3: 11:54:55 executing program 4: syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x118, 0x482, 0x0, 0x0) 11:54:55 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:55 executing program 0: 11:54:55 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:55 executing program 3: 11:54:55 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0x0, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:55 executing program 5: 11:54:55 executing program 4: syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x118, 0x482, 0x0, 0x0) 11:54:55 executing program 0: 11:54:56 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:56 executing program 3: 11:54:56 executing program 0: 11:54:56 executing program 5: 11:54:56 executing program 4: syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x118, 0x482, 0x0, 0x0) 11:54:56 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0x0, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:56 executing program 3: 11:54:56 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:57 executing program 5: 11:54:57 executing program 0: 11:54:57 executing program 4: 11:54:57 executing program 1: syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) setsockopt$MISDN_TIME_STAMP(r0, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000000)={0x10010005, 0x0, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:57 executing program 3: 11:54:57 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:57 executing program 5: 11:54:57 executing program 0: 11:54:57 executing program 4: 11:54:57 executing program 1: 11:54:58 executing program 3: 11:54:58 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f0000000000)={0x10010005, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:54:58 executing program 0: 11:54:58 executing program 5: 11:54:58 executing program 4: 11:54:58 executing program 1: 11:54:58 executing program 3: 11:54:58 executing program 5: 11:54:58 executing program 0: 11:54:58 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, 0x0) 11:54:58 executing program 4: 11:54:59 executing program 1: 11:54:59 executing program 3: 11:54:59 executing program 5: 11:54:59 executing program 0: 11:54:59 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, 0x0) 11:54:59 executing program 4: 11:54:59 executing program 1: 11:54:59 executing program 3: 11:54:59 executing program 5: 11:54:59 executing program 0: 11:55:00 executing program 4: 11:55:00 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, 0x0) 11:55:00 executing program 1: 11:55:00 executing program 3: 11:55:00 executing program 5: 11:55:00 executing program 0: 11:55:00 executing program 4: 11:55:00 executing program 1: 11:55:00 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:55:00 executing program 3: 11:55:01 executing program 5: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000140), 0x1008000, &(0x7f0000000180)={[], [{@dont_measure='dont_measure'}]}) 11:55:01 executing program 0: 11:55:01 executing program 4: 11:55:01 executing program 1: 11:55:01 executing program 3: 11:55:01 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:55:01 executing program 0: 11:55:01 executing program 5: perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000080)=[@in6={0xa, 0x4e24, 0x0, @private1}, @in6={0xa, 0x0, 0x0, @ipv4={[], [], @broadcast}}], 0x38) syz_genetlink_get_family_id$gtp(&(0x7f0000000200)='gtp\x00') setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e20, @local}, @in={0x2, 0x4e20, @multicast1}], 0x20) 11:55:02 executing program 4: syz_mount_image$gfs2(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x800c00, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='bpf\x00', 0x0, 0x0) umount2(&(0x7f0000000240)='./file0\x00', 0x4) 11:55:02 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000c40)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000000)) 11:55:02 executing program 1: r0 = socket$l2tp(0x2, 0x2, 0x73) setsockopt(r0, 0x0, 0x4, &(0x7f0000000040)="afed8bbceb22c9440f", 0x9) 11:55:02 executing program 3: r0 = socket(0xa, 0x2, 0x0) sendmsg$rds(r0, &(0x7f0000000640)={&(0x7f0000000000)={0x2, 0x4e21, @private}, 0x10, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000014010000020000000000000000000000180000000000000001"], 0x30}, 0x0) 11:55:02 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3000500}) 11:55:02 executing program 5: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x8004500f, &(0x7f0000000080)) 11:55:02 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = socket$inet(0x2, 0x3, 0x8c) setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) 11:55:02 executing program 4: r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg\x00', 0x0, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) dup3(r0, r1, 0x0) 11:55:02 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000c40)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000000)) 11:55:02 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCDELRT(r0, 0x890c, &(0x7f0000000140)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, @bcast, @rose={'rose', 0x0}, 0x0, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}) 11:55:02 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0x0, 0x0, 0xffffffffffffffff, 0x3000500}) 11:55:03 executing program 1: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000002940)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000001200130d"], 0x24}}, 0x0) 11:55:03 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000c40)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000000)) 11:55:03 executing program 4: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc028aa03, &(0x7f00000a0fe0)={{&(0x7f00005e3000/0x800000)=nil, 0x730000}, 0x200000}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000408000/0x3000)=nil, 0x3000}, 0x3}) 11:55:03 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) connect$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) 11:55:03 executing program 3: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$describe(0x3, r0, 0x0, 0xffffffffffffff17) keyctl$update(0x2, r0, 0x0, 0x0) 11:55:03 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0x0, 0x0, 0xffffffffffffffff, 0x3000500}) [ 596.845142][T13312] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 596.854646][T13312] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. 11:55:03 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000c40)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000000)) 11:55:03 executing program 1: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x10000000001077, 0x101001) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x5523, 0x0) 11:55:03 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x73) sendmsg$inet6(r0, &(0x7f0000000640)={&(0x7f0000000000)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x3]}}, 0x1c, 0x0}, 0x0) 11:55:03 executing program 5: setuid(0xee00) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xb}, 0x40) 11:55:04 executing program 3: r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) write$selinux_attr(r0, 0x0, 0x0) 11:55:04 executing program 2: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getsockopt$TIPC_IMPORTANCE(r1, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f0000000100)=0x4) setsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f0000000140)=0x1, 0x4) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000180)={'veth1\x00', {0x2, 0x4e22, @loopback}}) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x200000000000]}, 0x8, 0x0) set_mempolicy(0x2, &(0x7f00000000c0)=0x5, 0xd) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000000)={0x10010005, 0x0, 0x0, 0xffffffffffffffff, 0x3000500}) 11:55:04 executing program 0: ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045542, &(0x7f0000000000)) 11:55:04 executing program 1: r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000002600)={&(0x7f0000000000)=@phonet={0x23, 0x0, 0x0, 0x7}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd08}, 0x0) sendmsg$kcm(r0, &(0x7f0000000700)={&(0x7f0000000000)=@caif=@dbg={0x25, 0x8}, 0x80, 0x0}, 0x0) 11:55:04 executing program 5: setuid(0xee00) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xb}, 0x40) 11:55:04 executing program 4: bpf$MAP_CREATE(0x1d, 0x0, 0x0) 11:55:04 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x73) sendmsg$inet6(r0, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=[@dontfrag={{0x14}}], 0x18}, 0x20000010) 11:55:04 executing program 0: ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045542, &(0x7f0000000000)) 11:55:05 executing program 2: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_CMAP(r0, 0x5437, 0x0) 11:55:05 executing program 1: r0 = socket(0x2, 0x6, 0x0) bind$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="be313dc1844d"}, 0x14) 11:55:05 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x73) sendmsg$inet6(r0, &(0x7f0000000640)={&(0x7f0000000000)={0xa, 0x0, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}}, 0x1c, 0x0}, 0x0) 11:55:05 executing program 5: setuid(0xee00) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xb}, 0x40) 11:55:05 executing program 0: ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045542, &(0x7f0000000000)) 11:55:05 executing program 3: r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x2, 0xc) 11:55:05 executing program 2: r0 = socket(0x28, 0x1, 0x0) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x40}}, 0x44004011) 11:55:05 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newneigh={0x24, 0x1c, 0x1, 0x0, 0x0, {0xa}, [@NDA_DST_IPV4={0x8, 0x1, @multicast2}]}, 0x24}}, 0x0) 11:55:05 executing program 4: r0 = epoll_create1(0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000240)='/dev/video#\x00', 0x0, 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000002c0)) 11:55:06 executing program 5: setuid(0xee00) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xb}, 0x40) 11:55:06 executing program 0: r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000000)) 11:55:06 executing program 3: bpf$BPF_LSM_PROG_LOAD(0x5, &(0x7f0000000240)={0x1d, 0x1, &(0x7f0000000080)=@raw=[@jmp], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x2}, 0x78) 11:55:06 executing program 2: r0 = socket$kcm(0x11, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(0xffffffffffffffff, 0x89f7, &(0x7f00000003c0)={'ip6tnl0\x00', 0x0}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$SIOCGIFHWADDR(r1, 0x5411, &(0x7f00000001c0)) 11:55:06 executing program 4: r0 = epoll_create1(0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000240)='/dev/video#\x00', 0x0, 0x2) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000002c0)) 11:55:06 executing program 1: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x10000000001077, 0x0) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x5452, &(0x7f00000000c0)) 11:55:06 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xb}, 0x40) 11:55:06 executing program 0: r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000000)) [ 600.226342][ T27] Bluetooth: hci5: command 0x0406 tx timeout 11:55:07 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x3, 0x0, 0x0) 11:55:07 executing program 2: r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0xe, 0x4, 0x8, 0x4, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x40) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000001c0)={r0, &(0x7f0000000000), 0x0}, 0x20) 11:55:07 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x22, 0x0, 0x0) 11:55:07 executing program 1: r0 = io_uring_setup(0xac3, &(0x7f0000000080)) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x301940, 0x0) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000180)=[r1], 0x1) 11:55:07 executing program 0: r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000000)) 11:55:07 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @remote}}}, 0x32) 11:55:07 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xb}, 0x40) 11:55:07 executing program 2: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @remote, 0x5}, {0xa, 0x0, 0x0, @empty}, r1}}, 0x48) 11:55:07 executing program 4: r0 = syz_open_dev$rtc(&(0x7f0000000000)='/dev/rtc#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r0, 0x4024700a, 0x0) 11:55:08 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xb}, 0x40) 11:55:08 executing program 1: r0 = io_uring_setup(0xac3, &(0x7f0000000080)) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x301940, 0x0) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000180)=[r1], 0x1) 11:55:08 executing program 0: syz_open_dev$sndctrl(&(0x7f0000000c40)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045542, &(0x7f0000000000)) 11:55:08 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x7, 0x0, 0x0) 11:55:08 executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x10000000001077, 0x101001) ioctl$USBDEVFS_CLAIM_PORT(r0, 0xc0105502, 0x0) 11:55:08 executing program 5: setuid(0xee00) bpf$MAP_CREATE(0x0, 0x0, 0x0) 11:55:08 executing program 2: prctl$PR_CAPBSET_DROP(0x17, 0x0) 11:55:08 executing program 3: setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x40, &(0x7f0000002200)=0x1, 0x4) r0 = socket(0x22, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x1c, 0x0, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000040)=""/218, &(0x7f0000000140)=0xda) r1 = syz_open_dev$rtc(&(0x7f0000000000)='/dev/rtc#\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$rtc(0x0, 0x0, 0x0) ioctl$RTC_WKALM_SET(r2, 0x4028700f, &(0x7f0000000000)={0x0, 0x0, {0xfffffffe, 0x2, 0x80000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}}) ioctl$RTC_WIE_OFF(r2, 0x7010) write$FUSE_BMAP(0xffffffffffffffff, &(0x7f00000021c0)={0x18, 0xfffffffffffffff5, 0x0, {0xf4ab}}, 0x18) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r1, 0x7003, 0x0) 11:55:08 executing program 0: syz_open_dev$sndctrl(&(0x7f0000000c40)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045542, &(0x7f0000000000)) 11:55:08 executing program 1: perf_event_open(&(0x7f0000000180)={0x0, 0xffffffffffffff4f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 11:55:09 executing program 5: setuid(0xee00) bpf$MAP_CREATE(0x0, 0x0, 0x0) 11:55:09 executing program 2: r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x0, 0x0, 0x0) 11:55:09 executing program 4: r0 = perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semctl$GETNCNT(0x0, 0x2, 0xe, &(0x7f0000000140)=""/34) r1 = getpgid(0xffffffffffffffff) fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, &(0x7f0000000100)='rw\x00', 0x0, 0x0) r2 = gettid() perf_event_open(0x0, r2, 0x0, 0xffffffffffffffff, 0x7) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x1, 0x1, 0x9, 0x40, 0x0, 0x8, 0x0, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x7, 0x2, @perf_config_ext={0x52, 0x5}, 0x1420, 0xa6, 0x3, 0x0, 0xe9ca, 0x1, 0xfdb8}, r2, 0x5, r0, 0x2) r3 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x9, 0x400100) perf_event_open(&(0x7f0000000040)={0x3, 0x70, 0xff, 0x40, 0x1, 0xa, 0x0, 0x2, 0x4008, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000000), 0xe}, 0x8, 0x101, 0x800, 0x3, 0x1f, 0xfffffff7, 0xfff}, r1, 0x5, r3, 0x1) add_key$user(0x0, 0x0, &(0x7f0000000900), 0x0, 0xfffffffffffffffb) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv0\x00'}) r4 = io_uring_setup(0x545a, &(0x7f0000000280)={0x0, 0x701c, 0x10, 0x0, 0x2d, 0x0, r3}) io_uring_register$IORING_REGISTER_EVENTFD(r4, 0x4, &(0x7f0000000300)=r3, 0x1) 11:55:09 executing program 1: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000040)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) 11:55:09 executing program 3: waitid(0xc427ffc231d32a69, 0x0, 0x0, 0x8, 0x0) 11:55:09 executing program 0: syz_open_dev$sndctrl(&(0x7f0000000c40)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045542, &(0x7f0000000000)) 11:55:09 executing program 5: setuid(0xee00) bpf$MAP_CREATE(0x0, 0x0, 0x0) 11:55:09 executing program 2: r0 = socket(0x2a, 0x2, 0x0) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002080)={0x0}}, 0x40001) 11:55:10 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/anycast6\x00') read$char_usb(r0, 0x0, 0x0) 11:55:10 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x5, 0x0, 0x0) 11:55:10 executing program 1: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000040)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) 11:55:10 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000c40)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, 0x0) 11:55:10 executing program 5: setuid(0xee00) bpf$MAP_CREATE(0x0, &(0x7f00000000c0), 0x40) 11:55:10 executing program 2: r0 = socket(0x1, 0x2, 0x0) sendmsg$rds(r0, &(0x7f0000000640)={&(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10, 0x0}, 0x0) 11:55:10 executing program 4: syz_mount_image$iso9660(&(0x7f0000000000)='iso9660\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0), 0x0, &(0x7f0000000440)={[{@check_relaxed='check=relaxed'}]}) 11:55:10 executing program 3: bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x3}, 0x40) 11:55:10 executing program 1: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000040)={0x11, 0x10, 0xfa00, {0x0}}, 0x18) 11:55:10 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000c40)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, 0x0) 11:55:10 executing program 5: setuid(0xee00) bpf$MAP_CREATE(0x0, &(0x7f00000000c0), 0x40) 11:55:11 executing program 2: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x10000000001077, 0x101001) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x80045505, &(0x7f00000000c0)) [ 604.643824][T13489] ISOFS: Unable to identify CD-ROM format. 11:55:11 executing program 1: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcsa\x00', 0x0, 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\xabG\x97\xcbJ\xe9\xb9W-4qd\xfc-B\x8f\x80\x8ci\x8c\xffi\x00\xa2C\x8eAM\xabh\xc8\x8eI\xa1\xbc>\xa2a%\xb7\xfavx\'0#\x1e1\xff\b8f\x93\x89\xb9\xfa', &(0x7f00000013c0), 0x0) [ 604.902934][T13507] usb usb5: usbfs: interface 0 claimed by hub while 'syz-executor.2' sets config #0 11:55:11 executing program 3: clone3(&(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0xffffffffffffffff], 0x1}, 0x58) waitid$P_PIDFD(0x3, 0xffffffffffffffff, &(0x7f0000000300), 0x0, 0x0) 11:55:11 executing program 0: r0 = syz_open_dev$sndctrl(&(0x7f0000000c40)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, 0x0) 11:55:11 executing program 5: setuid(0xee00) bpf$MAP_CREATE(0x0, &(0x7f00000000c0), 0x40) [ 605.145354][T13489] ISOFS: Unable to identify CD-ROM format. 11:55:11 executing program 4: keyctl$KEYCTL_PKEY_VERIFY(0x17, &(0x7f00000000c0), &(0x7f0000000100)=ANY=[], 0x0, 0x0) 11:55:12 executing program 2: openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0x482, 0x0) 11:55:12 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x72, &(0x7f0000001340), &(0x7f0000001380)=0x20001344) 11:55:12 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, 0x0, &(0x7f0000000140)) 11:55:12 executing program 5: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x0, 0x0) ioctl$mixer_OSS_GETVERSION(r0, 0x80044d76, &(0x7f0000000140)) 11:55:12 executing program 4: msgctl$MSG_STAT_ANY(0xffffffffffffffff, 0xd, 0x0) 11:55:12 executing program 2: r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0xc0245720, 0x0) 11:55:12 executing program 3: openat$capi20(0xffffffffffffff9c, &(0x7f0000000040)='/dev/capi20\x00', 0x0, 0x0) 11:55:12 executing program 1: getgroups(0x1, &(0x7f0000001e40)=[0xee01]) 11:55:12 executing program 0: bpf$PROG_LOAD(0x5, 0x0, 0x0) 11:55:13 executing program 5: keyctl$KEYCTL_PKEY_VERIFY(0x17, &(0x7f00000000c0)={0x0, 0xfffffffb}, 0x0, 0x0, 0x0) 11:55:13 executing program 4: r0 = socket(0x1d, 0x2, 0x7) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, 0x0) 11:55:13 executing program 2: r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x2, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0xc0245720, 0x0) 11:55:13 executing program 3: bpf$BPF_LSM_PROG_LOAD(0x5, &(0x7f0000000240)={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) 11:55:13 executing program 1: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:55:13 executing program 0: r0 = socket(0x2, 0x2, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, 0x0, 0x0) 11:55:13 executing program 5: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x13, 0x0, 0x0) 11:55:13 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00') read$char_usb(r0, &(0x7f0000000080)=""/4084, 0xff4) read$char_usb(r0, 0x0, 0x0) 11:55:13 executing program 4: r0 = socket(0x22, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, 0x0) 11:55:14 executing program 3: syz_mount_image$gfs2(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x8}, &(0x7f0000000100), 0x0) 11:55:14 executing program 1: bpf$OBJ_PIN_MAP(0x13, 0x0, 0x0) 11:55:14 executing program 0: r0 = socket(0xa, 0x3, 0x1) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0xa}, 0x2000000c, &(0x7f0000000080)={0x0}}, 0x5000000) 11:55:14 executing program 5: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x401, 0x0) ioctl$SNDCTL_SEQ_GETOUTCOUNT(r0, 0x80045104, &(0x7f0000000000)) 11:55:14 executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNGETDEVNETNS(r0, 0x400454ca, 0x400030) ioctl$TUNSETGROUP(r0, 0x400454dc, 0xffffffffffffffff) 11:55:14 executing program 3: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, 0x0, &(0x7f0000000140)) 11:55:14 executing program 1: socketpair(0x1e, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x80108906, 0x0) 11:55:14 executing program 0: setuid(0xee01) socketpair(0x25, 0x0, 0x0, &(0x7f0000000240)) 11:55:14 executing program 2: socketpair(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000d80)={'sit0\x00', &(0x7f0000000d00)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private0={0xfc, 0x0, [], 0x1}, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}) 11:55:15 executing program 5: bind$qrtr(0xffffffffffffffff, 0x0, 0x0) 11:55:15 executing program 4: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x22, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{}]}, 0x10) 11:55:15 executing program 1: r0 = socket$can_j1939(0x1d, 0x2, 0x7) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, 0x0, 0x0) 11:55:15 executing program 3: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, 0x0, &(0x7f0000000140)) 11:55:15 executing program 0: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22a41, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x80044d5c, 0x0) 11:55:15 executing program 2: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPAN_DISPLAY(r0, 0x4601, 0x0) 11:55:15 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$fou(0x0) sendmsg$FOU_CMD_ADD(r0, 0x0, 0x0) sendmsg$FOU_CMD_DEL(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0}, 0xc0000) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = fsmount(0xffffffffffffffff, 0x0, 0x0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x24, 0x0, 0x0, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x0) add_key$user(0x0, 0x0, &(0x7f0000000900), 0x0, 0xfffffffffffffffb) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, r2, 0x1, 0x0, 0x25dfdbfe, {}, [@FOU_ATTR_IPPROTO={0x5, 0x3, 0x82}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008080}, 0x2004c890) 11:55:15 executing program 4: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000002940)={&(0x7f0000000140)=ANY=[@ANYBLOB="24000000328a5b"], 0x24}}, 0x0) 11:55:15 executing program 3: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, 0x0, &(0x7f0000000140)) 11:55:16 executing program 1: r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000280)={0x10, 0x30, 0xfa00, {0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x38) 11:55:16 executing program 5: r0 = socket(0xf, 0x3, 0x2) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0xf) 11:55:16 executing program 0: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22a41, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x80044d5c, 0x0) 11:55:16 executing program 2: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, 0x0, 0x0) [ 609.698009][T13599] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=35378 sclass=netlink_route_socket pid=13599 comm=syz-executor.4 [ 609.900147][T13602] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=48 sclass=netlink_tcpdiag_socket pid=13602 comm=syz-executor.1 11:55:16 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHG6RD(r0, 0x89fb, 0x0) 11:55:16 executing program 3: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, 0x0, &(0x7f0000000140)) 11:55:16 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x7d, &(0x7f0000001340), &(0x7f0000001380)=0x20001344) 11:55:17 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x1d, 0x0, &(0x7f0000000040)=0x700) 11:55:17 executing program 2: r0 = socket(0x23, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r0, 0x8931, &(0x7f00000001c0)={'ip6tnl0\x00', 0x0}) 11:55:17 executing program 3: getsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, &(0x7f0000000140)) 11:55:17 executing program 0: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22a41, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x80044d5c, 0x0) 11:55:17 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSREP(r0, 0x80004518, 0x0) 11:55:17 executing program 5: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080)) read$dsp(r0, &(0x7f0000000000)=""/147, 0x93) 11:55:17 executing program 2: socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$TIPC_NODE_RECVQ_DEPTH(r0, 0x10f, 0x83, 0x0, 0x0) 11:55:18 executing program 1: r0 = socket(0x2b, 0x1, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002080)={0x0}, 0x1, 0x0, 0x3f00}, 0x0) 11:55:18 executing program 3: getsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, &(0x7f0000000140)) 11:55:18 executing program 4: r0 = socket(0xf, 0x3, 0x2) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xf0ff7f}}, 0x0) 11:55:18 executing program 0: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x22a41, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x80044d5c, 0x0) 11:55:18 executing program 2: ioctl$BTRFS_IOC_QGROUP_CREATE(0xffffffffffffffff, 0x5421, 0x0) syz_open_dev$amidi(0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00') read$char_usb(r0, &(0x7f0000000080)=""/4084, 0xff4) 11:55:18 executing program 3: getsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, &(0x7f0000000140)) 11:55:18 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00') sendmsg$DEVLINK_CMD_TRAP_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01"], 0x58}}, 0x0) 11:55:18 executing program 4: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x11, 0x23, 0x0, 0x0) 11:55:18 executing program 5: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080)) read$dsp(r0, &(0x7f0000000000)=""/147, 0x93) 11:55:19 executing program 0: ioctl$SNDCTL_DSP_GETIPTR(0xffffffffffffffff, 0x80044d5c, 0x0) 11:55:19 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080)) read$dsp(r0, &(0x7f0000000000)=""/147, 0x93) 11:55:19 executing program 3: syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, &(0x7f0000000140)) 11:55:19 executing program 1: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080)) read$dsp(r0, &(0x7f0000000000)=""/147, 0x93) 11:55:19 executing program 4: r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) write$sequencer(r0, 0x0, 0x0) 11:55:19 executing program 0: ioctl$SNDCTL_DSP_GETIPTR(0xffffffffffffffff, 0x80044d5c, 0x0) 11:55:20 executing program 5: r0 = socket(0x1, 0x1, 0x0) sendmmsg(r0, &(0x7f0000002e80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{0x10}], 0x10}}], 0x1, 0x0) 11:55:20 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080)) read$dsp(r0, &(0x7f0000000000)=""/147, 0x93) 11:55:20 executing program 3: syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, &(0x7f0000000140)) 11:55:20 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x2, &(0x7f00000004c0)={'erspan0\x00', 0x0}) 11:55:20 executing program 0: ioctl$SNDCTL_DSP_GETIPTR(0xffffffffffffffff, 0x80044d5c, 0x0) 11:55:20 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000001bc0)={'team0\x00'}) 11:55:20 executing program 5: r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/renderD128\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0x5451, 0x0) 11:55:20 executing program 3: syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, &(0x7f0000000140)) 11:55:20 executing program 4: r0 = socket(0xa, 0x3, 0x9) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x8000}) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0xa, 0x900, 0x0, 0xf5ffffff}, 0x2000000c, &(0x7f0000000080)={0x0}}, 0x0) 11:55:21 executing program 0: r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x22a41, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x80044d5c, 0x0) 11:55:21 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080)) read$dsp(r0, &(0x7f0000000000)=""/147, 0x93) 11:55:21 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r0, 0x8982, &(0x7f00000000c0)={0x9, 'vlan0\x00'}) 11:55:21 executing program 4: keyctl$update(0x2, 0x0, &(0x7f0000000000), 0xfffffffffffffff9) 11:55:21 executing program 5: bpf$OBJ_PIN_MAP(0x3, 0x0, 0x0) 11:55:21 executing program 3: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, 0x0, 0x0) 11:55:21 executing program 0: r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x22a41, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x80044d5c, 0x0) 11:55:22 executing program 1: prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x14) 11:55:22 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000080)) 11:55:22 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) recvmsg(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) 11:55:22 executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x10000000001077, 0x101001) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x5514, 0x0) 11:55:22 executing program 3: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, 0x0, 0x0) 11:55:22 executing program 0: r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x22a41, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x80044d5c, 0x0) 11:55:22 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r0, &(0x7f0000000640)={&(0x7f0000000000)={0xa, 0x700, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}}, 0x1c, 0x0}, 0x0) 11:55:22 executing program 4: perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 11:55:22 executing program 0: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r0, 0x80044d5c, 0x0) 11:55:22 executing program 3: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, 0x0, 0x0) 11:55:23 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) 11:55:23 executing program 1: r0 = fsopen(&(0x7f0000000000)='gfs2\x00', 0x0) fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000040)='\xcb\x00', &(0x7f0000000080)='./file0\x00', 0xffffffffffffff9c) 11:55:23 executing program 4: r0 = socket(0xa, 0x5, 0x0) setsockopt$packet_fanout(r0, 0x84, 0x18, 0x0, 0x0) 11:55:23 executing program 3: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, r0) keyctl$invalidate(0x15, r1) request_key(&(0x7f0000000280)='syzkaller\x00', &(0x7f0000000140)={'syz', 0x2}, 0x0, r1) 11:55:23 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x10000000001077, 0x0) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x5421, 0x0) 11:55:24 executing program 0: openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_GETIPTR(0xffffffffffffffff, 0x80044d5c, 0x0) 11:55:24 executing program 1: r0 = socket(0x2b, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00'}) 11:55:24 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) 11:55:24 executing program 4: keyctl$dh_compute(0x17, &(0x7f00000012c0), 0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000001340)={'hmac(wp512-generic)\x00'}}) 11:55:24 executing program 3: r0 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000000)) 11:55:24 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x8927, &(0x7f00000004c0)={'erspan0\x00', 0x0}) 11:55:24 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) 11:55:24 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0xd, 0x0, 0x0) 11:55:24 executing program 3: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x29, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{}]}, 0x10) 11:55:24 executing program 0: openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_GETIPTR(0xffffffffffffffff, 0x80044d5c, 0x0) 11:55:25 executing program 4: r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_PREPARE_BUF(r0, 0x4020940d, &(0x7f00000000c0)={0x0, 0x0, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "08df5196"}, 0x0, 0x0, @planes=0x0}) 11:55:25 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) 11:55:25 executing program 5: r0 = socket(0xa, 0x3, 0x9) r1 = io_uring_setup(0x4a4f, &(0x7f0000000000)) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x4, 0x13, r1, 0x0) syz_io_uring_submit(r2, 0x0, 0x0, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000100)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x77359400}, 0x1, 0x1}, 0x802) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000140)='./file0\x00', 0x8000000) ioctl$CAPI_GET_SERIAL(0xffffffffffffffff, 0xc0044308, &(0x7f00000001c0)=0x800) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0xa, 0x900}, 0x2000000c, &(0x7f0000000080)={0x0}}, 0x0) 11:55:25 executing program 1: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x0, 0x0) fsetxattr(r0, &(0x7f0000000080)=@known='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) 11:55:25 executing program 3: bpf$MAP_CREATE(0x7, &(0x7f0000ed1000), 0x40) 11:55:25 executing program 0: openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_GETIPTR(0xffffffffffffffff, 0x80044d5c, 0x0) 11:55:25 executing program 4: r0 = socket$can_raw(0x1d, 0x3, 0x1) recvmsg$can_raw(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f00000006c0)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x2060) 11:55:25 executing program 2: ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000000c0)) 11:55:25 executing program 1: syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_rdma(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x0, &(0x7f0000000100)={'trans=rdma,', {'port'}, 0x2c, {[{@common=@version_9p2000='version=9p2000'}]}}) 11:55:25 executing program 5: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)=0x40000) 11:55:26 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_CMAP(r0, 0x5412, 0x0) 11:55:26 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_CMAP(r0, 0x4b3c, 0x0) 11:55:26 executing program 2: ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000000c0)) 11:55:26 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000001b40)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAP(r0, 0x5460, 0x0) 11:55:26 executing program 1: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x2, 0x0, 0x0) 11:55:26 executing program 3: r0 = socket(0x2, 0x3, 0x1) bind$phonet(r0, &(0x7f0000000200)={0x23, 0x0, 0x0, 0xca}, 0x10) 11:55:26 executing program 0: r0 = socket(0xa, 0x3, 0x102) sendmmsg(r0, &(0x7f0000003540)=[{{&(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @empty}, 0x80, 0x0}}], 0x1, 0x0) 11:55:27 executing program 4: r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/renderD128\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0x400454ca, &(0x7f0000000040)) 11:55:27 executing program 5: r0 = socket(0x2b, 0x1, 0x0) connect$pppl2tp(r0, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x2e) 11:55:27 executing program 2: ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000000c0)) 11:55:27 executing program 3: r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'}) 11:55:27 executing program 1: add_key$keyring(&(0x7f00000001c0)='keyring\x00', 0x0, 0x0, 0x2, 0x0) 11:55:27 executing program 0: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x0, 0x0) read$char_usb(r0, &(0x7f0000000080)=""/222, 0xde) 11:55:27 executing program 4: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x71, 0x0, &(0x7f0000000040)) 11:55:27 executing program 5: r0 = socket$kcm(0x29, 0x5, 0x0) sendmmsg$sock(r0, 0x0, 0x0, 0x0) 11:55:27 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) 11:55:27 executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x2e, &(0x7f0000000080)={0x0, 0x0}, 0x10) 11:55:27 executing program 3: r0 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000000)={[], 0x0, 0x4, 0x0, 0x0, 0x0, 0xffffffffffffffff}) 11:55:27 executing program 1: socketpair(0x0, 0x400, 0x0, 0x0) 11:55:28 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x10000000001077, 0x101001) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x5522, 0x0) 11:55:28 executing program 4: r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_PREPARE_BUF(r0, 0x5450, 0x0) 11:55:28 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) 11:55:28 executing program 0: r0 = socket(0x1, 0x3, 0x0) bind$phonet(r0, 0x0, 0x0) 11:55:28 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$isdn_base(r0, 0x0, 0x0) 11:55:28 executing program 1: r0 = socket(0x2b, 0x1, 0x1) sendmmsg(r0, &(0x7f0000006a00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x24000080) 11:55:28 executing program 5: r0 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f00000010c0)={&(0x7f0000000840)=@phonet={0x23, 0x0, 0x0, 0x5}, 0x80, &(0x7f0000000f40)=[{&(0x7f00000007c0)="18eb01d4d0471422231c", 0xa}, {&(0x7f0000000ac0)="f97186dd", 0x4}], 0x2}, 0x0) 11:55:28 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) 11:55:28 executing program 4: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740)='/dev/ppp\x00', 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000780)) ioctl$PPPIOCGDEBUG(r0, 0x80047441, &(0x7f0000000000)) 11:55:29 executing program 0: r0 = socket(0xf, 0x3, 0x2) sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x300}, 0x0) 11:55:29 executing program 3: r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) connect$ax25(r0, &(0x7f0000000040)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}, 0x48) 11:55:29 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/schedstat\x00', 0x0, 0x0) read$fb(r0, &(0x7f0000000300)=""/4096, 0x1000) read$fb(r0, 0x0, 0x0) 11:55:29 executing program 5: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) fanotify_mark(r0, 0x11, 0x4800000a, 0xffffffffffffff9c, 0x0) 11:55:29 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) [ 622.988180][T13885] ax25_connect(): syz-executor.3 uses autobind, please contact jreuter@yaina.de 11:55:29 executing program 0: syz_mount_image$gfs2(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$bpf(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='bpf\x00', 0x0, 0x0) mount$bpf(0x0, &(0x7f0000003e40)='./file0\x00', 0x0, 0x40020, &(0x7f0000003f80)={[{@mode={'mode', 0x3d, 0xfffffffffffffc00}}]}) 11:55:29 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000200)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, 0x0) 11:55:29 executing program 3: r0 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e2, 0x0) 11:55:30 executing program 1: r0 = syz_open_dev$vcsa(&(0x7f0000000200)='/dev/vcsa#\x00', 0x0, 0x0) mq_getsetattr(r0, 0x0, 0x0) 11:55:30 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_ifreq(r0, 0x8919, &(0x7f0000000000)={'bond_slave_0\x00', @ifru_hwaddr=@link_local}) 11:55:30 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) [ 623.641036][T13896] bpf: Bad value for 'mode' [ 623.679934][T13899] bpf: Bad value for 'mode' 11:55:30 executing program 0: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x23, 0x24, 0xf0b}, 0x24}}, 0x0) 11:55:30 executing program 4: r0 = socket(0x1d, 0x3, 0x1) setsockopt$netlink_NETLINK_TX_RING(r0, 0x65, 0x2, 0x0, 0x0) 11:55:30 executing program 3: r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0xf, 0x4, 0x4, 0xeb5d, 0x0, 0x1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x40) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000380)={r0, 0x0, 0x0}, 0x20) 11:55:30 executing program 1: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_TIOCINQ(r0, 0x890c, &(0x7f0000000000)) 11:55:30 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000380)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc0505510, 0x0) 11:55:31 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000000)=0x27) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) 11:55:31 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0xa, 0x0, 0x0) 11:55:31 executing program 0: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_LEAVE_MESH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x1c, r0, 0x1, 0x0, 0x0, {0x2}, [@NL80211_ATTR_WIPHY={0x8, 0x5, 0x117}]}, 0x1c}}, 0x0) 11:55:31 executing program 3: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0xe0102, 0x0) ioctl$SNDCTL_DSP_GETTRIGGER(r0, 0x80045010, &(0x7f0000000200)) 11:55:31 executing program 1: syz_mount_image$iso9660(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 11:55:31 executing program 5: r0 = socket(0x2b, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1, &(0x7f0000000000), 0x4) 11:55:31 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) 11:55:32 executing program 4: r0 = socket(0x1d, 0x3, 0x1) setsockopt$netlink_NETLINK_TX_RING(r0, 0x65, 0x7, 0x0, 0x0) 11:55:32 executing program 0: r0 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$sock_ifreq(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', @ifru_data=0x0}) 11:55:32 executing program 1: perf_event_open(&(0x7f0000000100)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 11:55:32 executing program 3: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) 11:55:32 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) 11:55:32 executing program 5: r0 = socket(0x10, 0x80002, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000002640)={'syztnl0\x00', 0x0}) 11:55:32 executing program 4: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x7}, {0x6}]}, 0x10) 11:55:32 executing program 0: socketpair(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000000)={'ip6_vti0\x00', 0x0}) 11:55:32 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0xa, 0x0, 0x0) 11:55:32 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) 11:55:33 executing program 1: socket(0x21, 0x0, 0x0) 11:55:33 executing program 0: syz_mount_image$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$9p_rdma(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x0, &(0x7f0000000100)={'trans=rdma,', {'port'}, 0x2c, {[{@common=@version_9p2000='version=9p2000', 0x39}]}}) 11:55:33 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x2a, 0x0, 0x0) 11:55:33 executing program 1: r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/zoneinfo\x00', 0x0, 0x0) read$fb(r0, &(0x7f0000000040)=""/136, 0x88) read$fb(r0, &(0x7f0000000300)=""/4096, 0x1000) 11:55:33 executing program 3: shmctl$IPC_SET(0x0, 0x3, &(0x7f0000000280)={{0x3, 0xee00, 0xffffffffffffffff}}) 11:55:33 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f00000000c0)) [ 627.082561][T13962] 9pnet: Unknown protocol version 9p20009 11:55:33 executing program 0: r0 = socket(0xa, 0x3, 0x102) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x5411, &(0x7f0000000880)={'team0\x00'}) 11:55:34 executing program 5: r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/renderD128\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x0}) 11:55:35 executing program 4: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_CTRLRATE(r0, 0xc0045103, &(0x7f0000000040)) 11:55:35 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) recvmsg(r0, &(0x7f0000001c00)={0x0, 0x0, 0x0}, 0x40) 11:55:35 executing program 1: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f00000000c0)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}], 0x10) 11:55:35 executing program 0: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcsa\x00', 0x2, 0x0) write$char_usb(r0, &(0x7f0000000240)="a0", 0x1) 11:55:35 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000000c0)) 11:55:35 executing program 5: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETS(r0, 0x5402, 0x0) 11:55:36 executing program 1: syz_open_dev$usbfs(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x10000000001077, 0x145703) 11:55:36 executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x87}, {0x6}]}, 0x10) 11:55:36 executing program 5: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x10000000001077, 0x101001) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x10, 0x0) 11:55:36 executing program 3: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000019c0)='/dev/sequencer\x00', 0x0, 0x0) ioctl$SNDCTL_SEQ_CTRLRATE(r0, 0xc08c5102, 0x0) 11:55:36 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000000c0)) 11:55:36 executing program 4: r0 = socket(0x23, 0x2, 0x0) getsockname(r0, 0x0, &(0x7f0000000140)) 11:55:36 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x2, 0x10, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x0, 0x0, 0x0, 0x0, @in={0x2, 0x0, @remote}}]}, 0x28}}, 0x0) 11:55:37 executing program 1: syz_open_dev$rtc(&(0x7f0000000000)='/dev/rtc#\x00', 0xffffffffffffffff, 0x42) 11:55:37 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000001400)=@ipv6_newroute={0x24, 0x18, 0x1, 0x0, 0x0, {0xa, 0x0, 0x14}, [@RTA_PRIORITY={0x8}]}, 0x24}}, 0x0) 11:55:37 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f00000000c0)) 11:55:37 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000002c80)={0x0, 0x0, &(0x7f0000002c40)={&(0x7f0000002000)=ANY=[@ANYBLOB="040c0000", @ANYRES16, @ANYBLOB="01"], 0xc04}}, 0x0) 11:55:37 executing program 3: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_CMAP(r0, 0x4b69, 0x0) 11:55:37 executing program 1: r0 = socket(0x1e, 0x4, 0x0) getsockopt$sock_timeval(r0, 0x1, 0x0, &(0x7f0000000000), &(0x7f0000000040)=0xffffffe9) 11:55:38 executing program 0: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x100060, &(0x7f0000000140)) 11:55:38 executing program 5: r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) connect$ax25(r0, &(0x7f0000000300)={{0x3, @bcast, 0x4}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @default, @default, @default]}, 0x48) 11:55:38 executing program 4: bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000280)={@map=0x1, 0xffffffffffffffff, 0x4}, 0x10) 11:55:38 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) 11:55:38 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x73) sendmsg$inet6(r0, &(0x7f00000005c0)={&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000001680)=[@tclass={{0x14}}], 0x18}, 0x0) 11:55:38 executing program 1: keyctl$KEYCTL_PKEY_VERIFY(0xa, 0x0, &(0x7f0000000100)=ANY=[], 0x0, 0x0) [ 631.898016][T14041] ax25_connect(): syz-executor.5 uses autobind, please contact jreuter@yaina.de 11:55:38 executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x10000000001077, 0x101001) ioctl$USBDEVFS_CLAIM_PORT(r0, 0x80045519, &(0x7f00000000c0)) 11:55:38 executing program 1: perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc8f0396b62ad16ec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) 11:55:38 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) 11:55:38 executing program 3: syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x44101) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) 11:55:38 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x5}, 0x4) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040)='ethtool\x00') 11:55:39 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x6d, 0x0, &(0x7f0000000040)=0x700) 11:55:39 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x73) ioctl$IMADDTIMER(r0, 0x80044940, 0x0) 11:55:39 executing program 4: r0 = socket$pppoe(0x18, 0x1, 0x0) accept4$packet(r0, 0x0, 0x0, 0x0) 11:55:39 executing program 5: r0 = socket(0x2b, 0x1, 0x0) bind$phonet(r0, &(0x7f0000000000), 0x10) 11:55:39 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000001480)={&(0x7f0000001400)=@ipv6_newroute={0x28, 0x18, 0x1, 0x0, 0x0, {}, [@RTA_MULTIPATH={0xc, 0x9, {0x8}}]}, 0x28}}, 0x0) 11:55:39 executing program 2: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) 11:55:39 executing program 0: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x41, &(0x7f0000000080)={0x0, 0x0}, 0x10) 11:55:40 executing program 1: r0 = socket(0xa, 0x5, 0x0) setsockopt$packet_fanout(r0, 0x84, 0x76, 0x0, 0x0) 11:55:40 executing program 5: syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x1, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$user(&(0x7f0000000340)='user\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000640)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c", 0x5a, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000400)={0x0, r0}, 0x0, 0x0, 0x0) 11:55:40 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000040)={'ip6gre0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @mcast2}}) 11:55:40 executing program 4: r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x6, 0x0, 0x0) 11:55:40 executing program 0: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fb0\x00', 0x1, 0x0) read$fb(r0, 0x0, 0x0) 11:55:40 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/route\x00') read$char_usb(r0, &(0x7f00000011c0)=""/71, 0x47) read$char_usb(r0, 0x0, 0xfffffd63) 11:55:40 executing program 1: io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x7, 0x0, 0x1) 11:55:40 executing program 4: r0 = socket(0x29, 0x2, 0x0) sendmsg$rds(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000040)=""/130, 0x82}], 0x1}, 0x0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x44004) sendmsg$rds(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) 11:55:41 executing program 3: socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) 11:55:41 executing program 5: r0 = fsopen(&(0x7f0000000000)='configfs\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x93) 11:55:41 executing program 0: socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r0, 0x89f7, &(0x7f0000003bc0)={'ip6gre0\x00', 0x0}) 11:55:41 executing program 2: syz_mount_image$f2fs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) getxattr(&(0x7f00000007c0)='./file0\x00', 0x0, 0x0, 0x0) 11:55:41 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x0, 0x0, 0x0, 0x0) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@ipv6_newaddr={0x54, 0x14, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r2}, [@IFA_ADDRESS={0x14, 0x1, @local}, @IFA_CACHEINFO={0x14}, @IFA_CACHEINFO={0x14, 0x6, {0xfffffff7, 0xf0, 0x6, 0x2}}]}, 0x54}}, 0x0) 11:55:41 executing program 3: r0 = socket(0x1d, 0x3, 0x1) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14) 11:55:41 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9c0300001000010027bd7000fbdbdf2500000000", @ANYRES32=r1, @ANYBLOB="100004008001000024002b80080003000600000008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="080003000000000005001100000000000a000100aa"], 0x39c}}, 0x0) 11:55:41 executing program 0: r0 = socket$rds(0x15, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000000)={'wg0\x00'}) 11:55:41 executing program 5: syz_open_dev$audion(0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$user(&(0x7f0000000340)='user\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000640)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce003d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539fdade178e654", 0xc0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000100)='user\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000900)="13", 0x1, 0xfffffffffffffffb) r2 = add_key$user(&(0x7f00000001c0)='user\x00', &(0x7f0000000200)={'syz', 0x3}, &(0x7f0000000240)='t', 0x1, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000400)={r2, r0, r1}, 0x0, 0x0, 0x0) 11:55:41 executing program 2: r0 = socket(0x2c, 0x3, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, 0x0, 0x0) 11:55:41 executing program 1: r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, 0x0, 0x0) [ 635.506409][T14122] netlink: 836 bytes leftover after parsing attributes in process `syz-executor.4'. 11:55:42 executing program 0: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/autofs\x00', 0x0, 0x0) ioctl$FIONREAD(r0, 0x541b, 0x0) 11:55:42 executing program 3: fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) [ 635.630864][T14126] netlink: 836 bytes leftover after parsing attributes in process `syz-executor.4'. 11:55:42 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00') sendmsg$NL80211_CMD_LEAVE_MESH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r1, 0x1, 0x0, 0x0, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x6}]}, 0x1c}}, 0x0) 11:55:42 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x9, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) 11:55:42 executing program 5: r0 = socket(0x28, 0x1, 0x0) recvmmsg(r0, &(0x7f0000003ec0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 11:55:42 executing program 4: r0 = syz_open_dev$dri(&(0x7f0000000200)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_ADD_MAP(r0, 0x5452, &(0x7f0000000240)={&(0x7f0000ffd000/0x3000)=nil}) [ 636.209888][T14136] netlink: 'syz-executor.1': attribute type 6 has an invalid length. [ 636.276452][T14139] netlink: 'syz-executor.1': attribute type 6 has an invalid length. 11:55:43 executing program 0: syz_io_uring_setup(0x2d6c, &(0x7f0000000000)={0x0, 0x0, 0x8}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0), &(0x7f0000000100)) 11:55:43 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f00000001c0)={0x0, @l2tp={0x2, 0x0, @loopback}, @sco, @can}) 11:55:43 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r0, 0x10c, 0x8, &(0x7f0000000300), &(0x7f0000000340)=0x4) 11:55:43 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000380)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r0, 0xc1105511, &(0x7f0000000080)) 11:55:43 executing program 2: r0 = syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x3, 0x2001) write$qrtrtun(r0, &(0x7f0000000280)="80", 0x1) 11:55:43 executing program 4: bpf$MAP_CREATE(0x3, &(0x7f0000000040), 0x40) 11:55:43 executing program 3: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$SIOCRSGL2CALL(r0, 0x89e5, &(0x7f0000000140)=@bcast) 11:55:43 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r0, 0x10c, 0x8, &(0x7f0000000300), &(0x7f0000000340)=0x4) 11:55:43 executing program 0: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB='P\x00\x00\x00 \x00;'], 0x50}}, 0x0) 11:55:43 executing program 2: r0 = socket(0x2b, 0x1, 0x0) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002080)={0x0}, 0x1, 0x50f202, 0x24}, 0x0) 11:55:43 executing program 4: r0 = socket(0x1d, 0x3, 0x1) bind$packet(r0, 0x0, 0x0) 11:55:43 executing program 5: r0 = socket(0x23, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADD6RD(r0, 0x5421, &(0x7f00000001c0)={'ip6tnl0\x00', 0x0}) 11:55:44 executing program 3: r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000380)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f00000003c0)={0x0, 0x2, 0x4, 0x0, 0x0, {0x0, 0xea60}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "df7e1516"}}) 11:55:44 executing program 2: r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dri/renderD128\x00', 0x0, 0x0) ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0xc0045878, 0x0) 11:55:44 executing program 0: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f0000000080)={0xfffc, 0x0, &(0x7f0000000100)="c90690e6bfc470c9f11f23dd4e4d74869665267278aa6705dede5bb3110357a356a127bc7ca514b271e98661188a8174093d85eeb8c753035daadec067222f8669c70b160b461d069907e0f4c7fbe742dc085212a96d28282a17eedcce876d9a8f7b16444835cf5b689a95f670f4a7d499f75489f7c5438c51d10dfec0548695828efc3bf5f37b22adc590308e0d2a579b185f34c8b936a8d99abc57c2385557588cb117271f094e94aee3766912a35b9d54b90ddf96ae344e46e2ae91c5fce04ff67c3c50444b8546fe21cc3eee11c5a3d930199b8617980f84c5cfc3f2d102a0a74722465e59570e619d7c1a0a61fbbf8af6990f3f4c7abb4148a5a5bce784b219a82ac9e5d30135f22cf93c126bfffa1c4d6b60b8edc2b7254e003daa12f49c7aa9f1466d8082ec8a31d078cb2321fefaf2020f77d2ecbc40ee7ec700095be94a73d200c3b5ddd6f152eadac01a05a55004518aa0a54e1d060ec1f182edca560836e3f2745239f290d590c2ada017cb115c5faf6c2923d554b417156af908c0e0c123e1e404f8582f1da34694eaed485c5e0afb5308a21363505ca6c87547e2fefa1177fcf1005eeb20232cecd18a3d8c5803c3b3796f1caa1a440d7d9b67ff91d242be0c6e762d43de46b73a861895d66b61c9a0c83ff1dc163ba8fc552961de3b3227da44875f94125fdeec8b0ead515e828cfeb0b42d2bbf46c7409bf637414208b98e35b8c20dc3c31963e7a59767522195e2a489749a08f01e332029c2e9856bd0d0d5715ed5b40d82a424f51dbf735ddb2df29cfdf91c8ddb68c9dd2ec2d10612296cfd7cb8ecbb4d31bdfeb7edbb4785ae681ad466e21f7614e7e30c3536c415fa6a976d40e35d0e6609842f7c7aaf8d5a7931184e43e7931a50f7b9f2ced904c31e9b0d5bb5cda197df024546cf7aea34e862a236ef84c5761a53b4547269511859a1aaf45817578e0a514f3510a37f9f251c174cc7eeaa9a86610554d1a139920fe109b2a18a39b551355f541ac9070298c0473b419e9a3dd009a79111605544c37605810ca549d254f142c01303eb5e821d211bebd5983443e39a5e6986a1954c456210a228586a9c394af14f229f67c284fea5bb55891644379c14a4a365e168eb88956646df30f9c402f20320f1e869e5f623a578ff54a7c49c65e1b9bb358501fd9b7636983c638868255be1465fa3283ec55e927735b570175f18852c58b09e0d01601e32e213e2ff59a1967c02bd21bcbc412108215aa6ffd86ec11c0edc66bc4a1ebcb2b73b4ff1abf4dd50d7afdbdbfbda7dcdabf2c94cb918d03d9f12be53f520ca45df7bc0a3b9a6fc0af76776a8b9b54a9a4559605985180318d1d918aceddd8a9b4bb2517362b4800d62b6e536becab6f532bd12162077fcad0bfaf0ef65de8833852b1866059c0db35de7d6d955deb36dbe1936"}) 11:55:44 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r0, 0x10c, 0x8, &(0x7f0000000300), &(0x7f0000000340)=0x4) 11:55:44 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000000140)=0x8, 0x4) 11:55:44 executing program 5: r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) read$proc_mixer(r0, 0x0, 0x0) read$proc_mixer(r0, 0x0, 0x0) 11:55:44 executing program 3: pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r0) 11:55:44 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r0, 0x10c, 0x8, &(0x7f0000000300), &(0x7f0000000340)=0x4) 11:55:44 executing program 2: r0 = syz_open_dev$rtc(&(0x7f0000000180)='/dev/rtc#\x00', 0x0, 0x0) ioctl$RTC_IRQP_READ(r0, 0x8008700b, &(0x7f0000000000)) 11:55:45 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000005200b32e"], 0x14}}, 0x0) 11:55:45 executing program 4: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_LEAVE_MESH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x1c, r0, 0x1, 0x0, 0x0, {0x2}, [@NL80211_ATTR_WIPHY={0x8, 0x3, 0x3}]}, 0x1c}}, 0x0) 11:55:45 executing program 5: r0 = socket(0x2b, 0x1, 0x0) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002080)={0x0}, 0x1, 0x70f402, 0xf00}, 0x0) 11:55:45 executing program 3: r0 = socket(0xa, 0x2, 0x0) connect$rds(r0, &(0x7f0000000040)={0x2, 0x0, @empty}, 0x10) sendmsg$rds(r0, &(0x7f0000000640)={0x0, 0x0, 0x0}, 0x0) 11:55:45 executing program 2: r0 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r0, &(0x7f0000000b00)={&(0x7f0000000180)={0xa}, 0x20000190, 0x0}, 0x0) 11:55:45 executing program 1: getsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x8, &(0x7f0000000300), &(0x7f0000000340)=0x4) 11:55:45 executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, 0x0, 0x0) 11:55:45 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x12, 0x0, 0x0) 11:55:45 executing program 4: r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt(r0, 0x0, 0x5, &(0x7f00000000c0)="dd157f01", 0x4) 11:55:46 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={&(0x7f0000000040)={0xa, 0x2}, 0xc, &(0x7f0000000300)={0x0}}, 0x0) 11:55:46 executing program 1: getsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x8, &(0x7f0000000300), &(0x7f0000000340)=0x4) 11:55:46 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNGETDEVNETNS(r0, 0x400454ca, 0x400030) ioctl$TUNSETGROUP(r0, 0x400454ce, 0x0) 11:55:46 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x8980, &(0x7f0000000180)={'tunl0\x00', @ifru_data=0x0}) 11:55:46 executing program 2: keyctl$dh_compute(0x17, &(0x7f0000000040), 0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={'cmac(cast6)\x00'}}) 11:55:46 executing program 4: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x402, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x27) write$dsp(r0, &(0x7f0000000000)='c', 0x1) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) 11:55:46 executing program 3: sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000640)={&(0x7f0000000080)=ANY=[@ANYBLOB="84050000", @ANYRES16=0x0, @ANYBLOB="00022dbd7000fcdbdf250e000000040005015d0091006b5661c763a0e0193cfa51744e756f6f495e3702c27985c742d5d965b15c249ddf1c58afe373f8fa98a00bc80531373c71f780bd6cb233ef5b921045d709c68ec342e6a3ba4c62dd54945caa3b5dfe81fea5c33e6b2c81ec8200000008007e000200000004050e00fc2213aa323ea41674eba8f8d370210e11297ff8b0040d665f4db9d98590f59ecce0e49e99867d8f400f536303c58c9b5c66bfeb558d9736c2b42d97c8f0f21362fa65a606e97de6d02f421ce45dc0fb1caead02e7eaf9573a8ea92309af51d48d7bd756e85fe5349978c08e6eecf129607d33884c0f8dba2df843e962e4c9931e0cabc7a76a19215627c9f4298222bd87adebc50c582e3aee836b52d55b80d2ef06540e12453d8e304254d098530615db029f1491cb8b7075e2839a546aa09e273ca0ed4e478cd4f043532e74b75e275667d82dc4675e48f44004aaa100074c3b887a53557a47098c76d1c1f3a5a6a017ad1a33378fd4718bcde62d0943a592732e4c4c167e9c32269052fb2f95489a68546d90fda72def0eb7f2d83d7055dfbfed51882b3ed4d770cb133acae508b2f78c5671ee47503e910497815f98fbafdbc474623affc614b9ef216da1a4a65e21ed586fec901df4d740729766848caa615326af196feddc71f5b6485a830b53555f843d53269701c2e1fb39c08833fb5367643be7cd5cf46d659ef0f631c8b60b877ce16dfa20801c2cab2153043f6d18b9cc2456171eccd3c333ee3695db18cbe0793c13b92f3ffd2943955c6ea892afcaf5c0676caec8ada03da16db178158c6f61bd28bd717722d7775ce09c1e599041739539f292b7b40a36e704198b46649b72e5a9b642abaa6c8f0ebc441af415861c64926e9297eb10952902e2a956ef98cc2c696e2e80a61e8beb9b3b5d4ecb9f91df877e6499a142a64d6b4eb52de8857c15cb12e28f23d3a967ce268f4310f50e5416b286bc6a12f1195cc2308a9da41e7c49bb32e6537ac279c55c06a38135978bad91a792df8039450888929ed4e04bd6b326d54c2a2ace3bd84f22d83339fe1dc4d1b6d8101545ffff4d238f621253b9c97e031ea89bfd67e0e8442ab1712e83cbeae1f1b05f488f7e14005b1cc5bcb30e4f6e585a7de63d9d876a6893a237619bf9eec8b8bdb7b1824e98090fe25242cff427dbc1f1899f86374497213836082742dec79eeccca1df025aa5077b067fed682d803b1f5d0b4384eb7b4cb8a9852be64572eefe3c2761c259f5f7b59aae2f1ddf07796eabea93a380d1938f851a73f5431ec4f94d00a2fa62b3b6a4cc5547e5c759d9a6ed474d729af0b563d8d18f131b6e05f5959c0d75c7a6f12a2845e4ea2312895040fa5d0154a3b9eaf034fae6ed5877a676f20f0ef66ef8efc59532da80b549d25876b55e67528b2669761587fe46183d649821e102196589abec65140f47dda897a598fbfcff54d6748db98f93bd0eca089e0b8747661809e01b13e9dfb83222f7af140bbf61af4274d523062cdf4d10c541c1a9dbc0c717e08a8833fab0aab4f77839b54aeb70741e3a0f2ce8944160e280d14eed501f9e1aa40348c2fbf34a0d20a51e6f725fd39f5c960b3401446e0e93a11e9db65bc6f4bd3f5b26439b329499960a5409bfed75021adde58da8b610189b0cb80d40f44daed8e56d66f63b562d9dc054f3f529390648d99d7b63108ef161d9b9ff8c28498188d2bfc5da940351e02769dc2d0e8ebab476810f231e7943dd0758443b861659a3296793770291112d6c5dc20e89ce4c13967422f7f01fc3c46b8b50d7073b3489f716221ac1a533bfb125120e73dec19eebd0795acec2f467c8859aa37252be49eb75e737d044cefa112bc89baf948dacba7bbf386b67ff37a7a99342fa1927fcf84856091c4c9e90e3820efac635a45c3e0b0bc6f0b3f6c65d45acfec42ee7b9134b912f3ec7c36815799e"], 0x584}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000004a80)=ANY=[@ANYBLOB="800e000030003dfa0000000000002b00000000006c0e0100680e01000a0001007065646974"], 0xe80}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)=@ipv4_getroute={0x1c, 0x1a, 0x200, 0x70bd2c, 0x25dfdbfd, {0x2, 0x0, 0x10, 0xfd, 0xfe, 0x4, 0xfd, 0xa}}, 0x1c}, 0x1, 0x0, 0x0, 0xc004}, 0x0) ioctl$sock_ifreq(r0, 0x8923, &(0x7f0000000000)={'veth1_macvtap\x00', @ifru_mtu=0x6}) 11:55:46 executing program 0: ioprio_get$uid(0x2, 0xee01) 11:55:47 executing program 1: getsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x8, &(0x7f0000000300), &(0x7f0000000340)=0x4) 11:55:47 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000003e00)={0x0, 0x0, &(0x7f0000003dc0)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100ffffff9e0000000000000002"], 0x5c}}, 0x0) [ 640.664534][T14235] netlink: 3672 bytes leftover after parsing attributes in process `syz-executor.3'. 11:55:47 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000000340)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_AUTH_MAGIC(r0, 0x40046411, &(0x7f00000000c0)) [ 640.743244][T14239] netlink: 3672 bytes leftover after parsing attributes in process `syz-executor.3'. 11:55:47 executing program 0: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000400)={0x0, 0x8, 0x4}) 11:55:47 executing program 1: r0 = syz_init_net_socket$llc(0x1a, 0x0, 0x0) getsockopt$llc_int(r0, 0x10c, 0x8, &(0x7f0000000300), &(0x7f0000000340)=0x4) 11:55:47 executing program 3: r0 = socket(0x1d, 0x2, 0x7) getsockname(r0, &(0x7f00000001c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, &(0x7f0000000180)=0x80) connect$l2tp6(r1, 0x0, 0x0) 11:55:47 executing program 4: r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180)='/dev/adsp1\x00', 0x402, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000000)=0x27) write$dsp(r0, &(0x7f0000000000)='c', 0x1) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) 11:55:47 executing program 5: r0 = socket(0x2b, 0x1, 0x0) sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0xffffff1f, 0x0, 0x3f00}, 0x0) 11:55:48 executing program 2: socketpair(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) recvmsg$can_raw(r0, &(0x7f0000001500)={0x0, 0x0, 0x0}, 0x160) [ 641.397292][T14250] ===================================================== [ 641.404276][T14250] BUG: KMSAN: kernel-infoleak in kmsan_copy_to_user+0x81/0x90 [ 641.411728][T14250] CPU: 0 PID: 14250 Comm: syz-executor.3 Not tainted 5.8.0-rc5-syzkaller #0 [ 641.420386][T14250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 641.430429][T14250] Call Trace: [ 641.433714][T14250] dump_stack+0x21c/0x280 [ 641.438042][T14250] kmsan_report+0xf7/0x1e0 [ 641.442455][T14250] kmsan_internal_check_memory+0x238/0x3d0 [ 641.448270][T14250] ? kmsan_get_metadata+0x116/0x180 [ 641.453459][T14250] ? kmsan_get_metadata+0x116/0x180 [ 641.458662][T14250] kmsan_copy_to_user+0x81/0x90 [ 641.463505][T14250] _copy_to_user+0x18e/0x260 [ 641.468095][T14250] move_addr_to_user+0x3de/0x670 [ 641.473037][T14250] __sys_getsockname+0x407/0x5e0 [ 641.478152][T14250] ? put_old_timespec32+0x231/0x2d0 [ 641.483431][T14250] ? kmsan_get_metadata+0x116/0x180 [ 641.488629][T14250] ? kmsan_get_metadata+0x116/0x180 [ 641.493826][T14250] ? kmsan_get_metadata+0x116/0x180 [ 641.499018][T14250] __se_sys_getsockname+0x91/0xb0 [ 641.504039][T14250] __ia32_sys_getsockname+0x4a/0x70 [ 641.509230][T14250] __do_fast_syscall_32+0x2af/0x480 [ 641.514435][T14250] do_fast_syscall_32+0x6b/0xd0 [ 641.519283][T14250] do_SYSENTER_32+0x73/0x90 [ 641.523782][T14250] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 641.530112][T14250] RIP: 0023:0xf7f95549 [ 641.534158][T14250] Code: Bad RIP value. [ 641.538214][T14250] RSP: 002b:00000000f558f0cc EFLAGS: 00000296 ORIG_RAX: 000000000000016f [ 641.546635][T14250] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0 [ 641.554594][T14250] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 641.562550][T14250] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 641.570507][T14250] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 641.578468][T14250] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 641.586433][T14250] [ 641.588745][T14250] Local variable ----address@__sys_getsockname created at: [ 641.595931][T14250] __sys_getsockname+0x91/0x5e0 [ 641.600767][T14250] __sys_getsockname+0x91/0x5e0 [ 641.605596][T14250] [ 641.607910][T14250] Bytes 2-3 of 24 are uninitialized [ 641.613102][T14250] Memory access of size 24 starts at ffff88808dd03d50 [ 641.619842][T14250] Data copied to user address 00000000200001c0 [ 641.625975][T14250] ===================================================== [ 641.632887][T14250] Disabling lock debugging due to kernel taint [ 641.639019][T14250] Kernel panic - not syncing: panic_on_warn set ... [ 641.645597][T14250] CPU: 0 PID: 14250 Comm: syz-executor.3 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 641.655639][T14250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 641.665676][T14250] Call Trace: [ 641.668963][T14250] dump_stack+0x21c/0x280 [ 641.673356][T14250] panic+0x4d7/0xef7 [ 641.677258][T14250] ? add_taint+0x17c/0x210 [ 641.681673][T14250] kmsan_report+0x1df/0x1e0 [ 641.686175][T14250] kmsan_internal_check_memory+0x238/0x3d0 [ 641.691972][T14250] ? kmsan_get_metadata+0x116/0x180 [ 641.697161][T14250] ? kmsan_get_metadata+0x116/0x180 [ 641.702352][T14250] kmsan_copy_to_user+0x81/0x90 [ 641.707191][T14250] _copy_to_user+0x18e/0x260 [ 641.711783][T14250] move_addr_to_user+0x3de/0x670 [ 641.716722][T14250] __sys_getsockname+0x407/0x5e0 [ 641.721655][T14250] ? put_old_timespec32+0x231/0x2d0 [ 641.726843][T14250] ? kmsan_get_metadata+0x116/0x180 [ 641.732029][T14250] ? kmsan_get_metadata+0x116/0x180 [ 641.737217][T14250] ? kmsan_get_metadata+0x116/0x180 [ 641.742424][T14250] __se_sys_getsockname+0x91/0xb0 [ 641.747445][T14250] __ia32_sys_getsockname+0x4a/0x70 [ 641.752725][T14250] __do_fast_syscall_32+0x2af/0x480 [ 641.757919][T14250] do_fast_syscall_32+0x6b/0xd0 [ 641.762759][T14250] do_SYSENTER_32+0x73/0x90 [ 641.767257][T14250] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 641.773576][T14250] RIP: 0023:0xf7f95549 [ 641.777637][T14250] Code: Bad RIP value. [ 641.781689][T14250] RSP: 002b:00000000f558f0cc EFLAGS: 00000296 ORIG_RAX: 000000000000016f [ 641.790085][T14250] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0 [ 641.798043][T14250] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 641.805999][T14250] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 641.813955][T14250] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 641.821913][T14250] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 641.831158][T14250] Kernel Offset: disabled [ 641.835492][T14250] Rebooting in 86400 seconds..